With respect to personal data processed in or from the EEA (as defined below) or UK (as defined below), the EU Addendum shall apply, which contains important additional information about the processing by Carbon Arc of personal data originating from or processed in those countries. *However, please note that Carbon Arc does not presently process personal data originating from or processed in the EEA and/or the UK.
With respect to personal information processed in or from California, the CA Addendum shall apply, which contains important additional information about the processing by Carbon Arc of personal information originating from or processed in California.
“European Economic Area” or “EEA” means the Member States of the European Union plus Iceland, Liechtenstein, Norway, and Switzerland.
“Processing” shall mean any operation or set of operations that is performed upon personal information or sets of personal information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction and the verb “to process” shall be construed accordingly.
“UK” means The United Kingdom of Great Britain and Northern Ireland.
Carbon Arc may collect or otherwise acquire:
This information may either be directly provided by the above individuals, provided by the legal entity for whom they work, and/or provided to Carbon Arc by a data vendor.
Carbon Arc, and service providers, vendors or processors acting on its behalf, process personal information for a specific purpose and only process the personal information that is relevant to achieve that purpose.
When processing personal information, Carbon Arc shall follow these principles:
Carbon Arc endeavors to collect, purchase, and/or use only personal information that has been collected in accordance with applicable notice and consent requirements. This includes notice and consent requirements related to (i) the purposes for which the collector collects and uses the personal information, (ii) the types of third parties to which the collector discloses (or may disclose) that personal information, and (iii) the choices and means the collector offers the subjects of the personal information for limiting the use and disclosure of their personal information.
Unless permitted by applicable law, no personal information is collected, purchased, or otherwise processed by Carbon Arc without first obtaining either (i) the consent of the individual for the collection, use and disclosure of that personal information or (ii) an enforceable contractual warranty or representation from the source of the personal information that such personal information has been collected in accordance with applicable notice and consent requirements. In some circumstances the consent for Carbon Arc to collect personal information may arise from the nature of the relationship between Carbon Arc and an individual or company, or an individual’s or company’s interaction with Carbon Arc, such as by using a Carbon Arc website or engaging in a transaction with Carbon Arc.
Carbon Arc, and third parties on its behalf, shall only use personal information for its business, products, and research purposes.
We may collect personal information from you directly, such as when you provide us information voluntarily or when information is collected automatically about your use of our Services (such as traffic data, IP address, system information and log file data), or we may collect the information indirectly, such as through a relationship with a business partner or data vendor.
The information that you voluntarily may provide to us includes contact information, information you provide by filling in forms that we make available, information you provide when you report an issue with our Site, or records or copies of your correspondence (including email addresses) if you contact us.
We may receive information about you from other sources and combine that information with the personal information we collect directly from you. In addition, we may purchase data from our data vendor partner(s), and analyze that data using advanced statistical methods, so as to provide reports for our customers to run targeted advertising campaigns by activating audiences through third parties. We rely on contractual assurances that specifies that the personal information is disclosed by the business pursuant to any legally required consents and only for limited and specified purposes, and to provide the same level of privacy protection as is required by this policy.
Subject to any stricter requirements under applicable law, Carbon Arc will endeavor to use personal information only in ways that are compatible with the purposes for which the personal information was collected or in ways that are authorized by law. Carbon Arc will endeavor to take reasonable steps to ensure that personal information is relevant to its intended use.
Carbon Arc may share masked/redacted personal information with customers and Carbon Arc and/or its customers may use personal information in connection with targeted advertising campaigns in accordance with applicable laws.
We may disclose personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Services users is among the assets transferred. You agree to and do hereby consent to our assignment or transfer of rights to your personal information.
We may also share personal information with our customers, subsidiaries and affiliates in order to provide our Services and to take actions based on your requests or the request of our customers, as well as for the purpose of management and analysis.
We may employ other companies and individuals to facilitate our Services, provide services on our behalf, perform service-related business activities, or assist us in analyzing how our Services are used. Such third-party service providers, vendors and processors include:
We may disclose your information if we believe that the disclosure is required by law, if we believe that the disclosure is necessary to enforce our agreements or policies, in response to valid requests by public authorities (e.g., a court or a government agency), or if we believe that the disclosure will help us protect the rights, property, or safety of Carbon Arc or our customers.
We may disclose your personal information for any purpose with your consent.
For personal information originating from or processed in the EEA and/or UK, please refer to the EU Addendum. Please note that Carbon Arc is not presently in the business of processing personal data originating from or processed in the EEA and/or the UK.
Because Carbon Arc may conduct business in many countries, personal information collected by Carbon Arc in one country may be processed in another country, the laws of which may provide different levels of protection from those in the country where the personal information was first collected. personal information gathered in one country may be subject to access by and disclosure to law enforcement agencies of jurisdictions other than the country where the personal information was first collected. As noted above, Carbon Arc also may share personal information with customers or with organizations and entities that perform services on its behalf, and these customers, organizations, and entities may be located in countries other than the country in which the personal information was first collected.
Carbon Arc has implemented reasonable measures designed to secure the personal information we hold from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of our Services, you are responsible for keeping this password confidential. You should not share your password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we strive to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Service. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services. If you believe that any of your personal information held by Carbon Arc has possibly been compromised, please contact us immediately as described in the “Contact Us” section below.
Cookies are small web files that a site or its provider transfers to your device’s hard drive through your web browser that enables the site’s or provider’s server to recognize your browser and remember certain information. We use first-party and third-party cookies for the following purposes: to make our Services function properly, to improve our Services, to make login to our Site or Services easier (such as by remembering your User ID), to recognize you when you return to our Site, to track your interaction with the Site, to enhance your experience with the Site, to remember information you have already provided, to collect information about your activities over time and across third party websites or other online services in order to deliver content and advertising tailored to your interests; and to provide a secure browsing experience during your use of our Site. The length of time a cookie will stay on your browsing device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your browsing device until they expire or are deleted.
Your browser may provide you with the option to refuse some or all browser cookies. You may also be able to remove cookies from your browser. You can exercise your preferences in relation to cookies served on our Site by taking the steps outlined below.
We do not control third parties’ collection or use of your information to serve interest-based advertising. You can decide whether to accept cookies. If you do not want us to deploy cookies in your browser, you may exercise your preference by modifying your web browser setting to either (1) refuse some or all cookies, or (2) notify you and ask for your permission when a website tries to set a cookie. If you want to learn the correct way to modify your browser settings, please use the “Help,” “Tools” or “Edit” menu in your browser or review the instructions provided by the following browsers:
If you disable or remove cookies, some parts of the Services may not function properly. Information may still be collected and used for other purposes, such as research, online services analytics or internal operations, and to remember your opt-out preferences.
We may work with a third-party provider(s) and use MAIDs, including Apple’s “IDFAs,” Android’s “AAIDs,” and Google’s “GAIDs.” We, along with our third-party providers, may use MAIDs to measure marketing campaigns, value ads, find new app users, and segment users, or aggregate access to ads. We may use this information to assist our customers in making better business decisions by developing customized dashboards relevant to their specific business process. For example, if our customer is interested in evaluating consumer preference data, like who attends their sports events, in which stadium, or what food or drink they have purchased, etc., we may gather the data of users who opted-in for the personal data collection into a database so that if our customers want to re-target specific audiences, we can run an analysis on the data/device panel and send the MAIDs to our third-party provider(s) to run the campaign.
You have the right to access, correct, and delete your personal information that you directly shared with us on our Services or through other means. We are committed so that your personal information is kept accurate and up to date. However, it is up to you to update it with any changes. You may also notify us via the information in the “Contact Us” section below to request access to, or to correct any personal information that you have provided to us. We may not accommodate a request to delete or change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If you no longer wish to have your personal information processed, you may request that we delete your personal information, subject to certain limitations, by contacting us as described below.
In order to provide service to you, we may send you communications related to your transactions, security, or the administration of this website. From time to time, we may also send you other messages or updates about Carbon Arc, our website, and our other products and offerings. If you do not wish to receive non-transaction or security-related communications from us, you may opt-out by clicking the “unsubscribe” link in the communication or by contacting us as specified in the “Contact Us” section below.
Please note that "opt-out" and "unsubscribe" requests may not take effect immediately and may take a reasonable amount of time to receive, process and apply, during which time your information shall remain subject to the prior privacy settings.
Carbon Arc Services are not directed toward children under the age of 18, and we do not knowingly collect any personal information from children under the age of 18. If a child under 18 provided our Services with personal information, we ask that a parent or guardian contact us as described below so that we may promptly delete the child’s information from our records.
The California Consumer Privacy Act (the “CCPA”), applicable in the State of California as of January 1, 2020, provides additional rights to Consumers in the State of California with regard to the information Carbon Arc gathers about them.
Consumer: For purposes of this California Addendum, a Consumer is a natural person who is a California resident, as defined in Section 17104 of Title 18 of the California Code of Regulations. Information about a person relating to their status as an employee or prospective employee, or as a participant in a business-to-business relationship or transaction, will be considered information about a Consumer within the meaning of the California Privacy Rights Act (the “CPRA”), which becomes effective on January 1, 2023.
Personal Information: For purposes of this California Addendum, Personal Information means any information covered by the definition of “Personal Information” under the CCPA and CPRA. Specifically, personal information shall mean any information, except Publicly Available personal information, that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It includes, but is not limited to:
Publicly Available Information: Publicly Available information is personal information that is lawfully made available from federal, state, or local government records.
California Consumers have certain rights under the CCPA & CPRA, which Carbon Arc will endeavor to comply with as required. These include:
Carbon Arc will not discriminate against Consumers who exercise their rights under California law. However, Carbon Arc may offer financial incentives for the collection, sale, or deletion of personal information. Any such offer will reasonably relate to the value of the personal information. Participation by individuals in such a financial incentive program requires prior opt-in consent, which may be revoked at any time.
Access to Specific Information and Data Portability Rights – Subject to certain exceptions, if you are a California resident you have the right to request a copy of the personal information that we collected about you during the 12 months before your request. Once we receive your request and verify your identity, we will disclose to you:
Deletion Request Rights – You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
Exercising Access, Data Portability, and Deletion Rights –To exercise the access, data portability, and deletion rights described above as a California resident, please submit a verifiable consumer request to us by contacting us as described in the “Contact Us” section.
Use of an Authorized Agent to Submit a Request – Only you or a person you formally authorize to act on your behalf, may make a verifiable consumer request related to your personal information as a California consumer. If you use an authorized agent to submit such a request, we will require written proof that the authorized agent has been authorized to act on your behalf or a copy of the power-of-attorney document granting that right.
Direct Marketing – If you are a California resident, you can request a notice disclosing the categories of personal information we have shared with third parties for the third parties’ direct marketing purposes. To request a notice, please submit your request by email to firstname.lastname@example.org.
The purpose of this EU Addendum is to provide the information required under the General Data Protection Regulation, applicable in the EEA as from May 25, 2018 (as amended from time to time, the “GDPR”), including:
For the purposes of this EU Addendum, the following definitions shall apply:
Controller: generally means the legal entity that determines the purposes (i.e. why) and the means (i.e. how) of the processing of personal data under this EU Addendum.
Personal data or personal data: means any information that constitutes “personal data” under the GDPR, namely any information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processor: means a natural or legal person that processes personal data on behalf of the Controller. Carbon Arc’s processors may be Carbon Arc subsidiaries, affiliates or third-party suppliers and service providers.
When we mention “Carbon Arc,” “we,” “us,” or “our” in this addendum, we are referring to the relevant Carbon Arc legal entity that determines the purposes and means of processing personal data under this EU Addendum, Carbon Arc Corporation.
Carbon Arc is not allowed to process personal data without a valid legal ground. Therefore, Carbon Arc will only process personal data if:
Examples of such ‘legitimate interests’ are:
Carbon Arc may transfer personal data to its subsidiaries and other affiliates. We may also disclose personal data to third-party business partners or service providers. Such other companies will either act as another controller or only process personal data on behalf of us and pursuant to our instructions (thereby acting as a Processor).
Such third-party Processors include:
Personal data may also be disclosed to:
The personal data transferred within or outside Carbon Arc may also be processed in a country outside the EEA/UK.
If Carbon Arc itself (as opposed to a data vendor with whom Carbon Arc has a contractual relationship) transfers personal data outside the EEA/UK, Carbon Arc will enter into EU standard contractual clauses approved by the European Commission prior to such transfer to ensure the required level of protection for the transferred personal data.
Carbon Arc will retain personal data for as long as necessary to fulfill the purposes for which Carbon Arc collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria Carbon Arc uses to determine retention periods for personal data include: the purposes for which the personal data is collected, legal statutory limitation periods, retention periods imposed by law, applicable contractual requirements and relevant industry standards.
Under certain circumstances, by law you have the right to:
To exercise any of these rights, please contact us as set forth in the “Contact Us” section below and specify which GDPR privacy right(s) you wish to exercise. We must verify your identity in order to honor your request, which we will respond to within 30 days of receipt.
If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority (link). We would, however, appreciate the opportunity to first address your concerns and would welcome you directing an inquiry first to us per the “Contact Us” section.