Last Updated: 02/01/2023
Article 1 – DEFINITIONS:
- b) DATA CONTROLLER: Data Controller is the publisher, owner, and operator of the Services and is the Party responsible for the collection of information described herein. If Data Controller or Data Controller’s property shall be referred to through first-person pronouns, it shall be through the use of the following: us, we, our, ours, etc.
- d) SERVICES: “Services” means any services that we make available for purchase on the App or Site.
- e) PERSONAL DATA: “Personal Data” means personal data and information that we obtain from you in connection with your use of the Services that is capable of identifying you in any manner.
Article 2 – GENERAL INFORMATION:
We are committed to the protection of your privacy while you use our Services.
Article 3 – CHILDREN:
The Services are not intended for use by children under the age of 13. Real Authentication does not allow individuals under the age of 13 to create an account, nor do we knowingly collect or use any Personal Data from such children under the age of 13. If you are under the age of 13, do not submit any information to our App or Site. If we learn that we collected Personal Data from children under the age of 13, we will take steps to delete that information as soon as possible. If you are under the age of 18, please have an adult or guardian create an account and purchase any Services on your behalf.
Article 4 – CONTACT AND LOCATION:
Please be advised the data processing activities take place in the United States, outside the European Economic Area. Data may also be transferred to companies within the United States, but will only be done so in a manner that complies with the EU’s General Data Protection Regulation or GDPR. The location where the data processing activities take place is as follows: US East (N. Virginia) region – Availability Zones 1a and 1b.
Article 5 – MODIFICATIONS AND REVISIONS:
Article 6 – THE PERSONAL DATA WE RECEIVE FROM YOU:
Depending on how you use our Services, you will be subject to different types of Personal Data collected and different manners of collection:
- Registered and Guest Checkout users: You, as a user of the Services, may be asked to register an account in order to use the Services or to purchase the Services available for purchase.
During the process of your registration or guest checkout, we will collect some of the following Personal Data from you through your voluntary disclosure:
Name, Email Address, Username, Password and Mailing Address
Personal Data may be asked for in relation to:
- I) Interaction with our representatives in any way;
- II) making purchases and the Services;
III) receiving notifications by text message or email about marketing;
- IV) receiving general emails from us; or
- V) mailing official documentation, such as purchased authenticity cards.
While using the Site or App, in order to provide features of Services, we may collect, with your prior permission:
- Pictures and other information from your device’s camera and photo library
We use this information to provide features of our Service. The information may be uploaded to the Company’s servers and/or a Third Party Service Provider’s server or it may be simply stored on your device. You can enable or disable access to this information at any time, through your device settings.
- b) Unregistered users: If you are a passive user of the Services and do not register for any purchases or other service, you may still be subject to certain passive data collection (“Passive Data Collection”). Such Passive Data Collection may include through cookies, as described below, IP address information, location information, and certain browser data, such as history and/or session information.
- c) All users: The Passive Data Collection that applies to Unregistered users shall also apply to all other users and/or visitors of our Services.
- d) Payment & Billing Information: In order to purchase any of the Services on the Services, you will be asked to provide certain credit card or paypal information, billing address information, and possibly additional specific information so that you may be properly charged for your purchases. This payment and billing information will not be stored by us and will be used exclusively to assist with your purchase of the Services. However, you may elect to store credit card information in your Account, which will be stored directly with Paypal Braintree.
- e) Related Entities: We may share your Personal Data, including Personal Data that identifies you personally, with any of our parent companies, subsidiary companies, affiliates or other trusted related entities.
- f) Email Marketing: You may be asked to provide certain Personal Data, such as your name and email address, for the purpose of receiving email marketing communications. This information will only be obtained through your voluntary disclosure and you will be asked to affirmatively opt-in to email marketing communications.
- g) User Experience: From time to time we may request information from you to assist us in improving our Services, and the Services we sell, such as demographic information or your particular preferences.
- h) Combined or Aggregated Information: We may combine or aggregate some of your Personal Data in order to better serve you and to better enhance and update our Services for your and other consumers’ use.
Cookies: We may collect information from you through automatic tracking systems (such as information about your browsing preferences) as well as through information that you volunteer to us (such as information that you provide during a registration process or at other times while using the Services, as described above).
A cookie consists of a reduced set of data transferred to your browser from a web server and it can only be read by the server that made the transfer. This is not executable code and does not transmit viruses.
Technical cookies: Technical cookies, which can also sometimes be called HTML cookies, are used for navigation and to facilitate your access to and use of the Services. They are necessary for the transmission of communications on the network or to supply services requested by you. The use of technical cookies allows the safe and efficient use of the Services.
You can manage or request the general deactivation or cancelation of cookies through your browser. If you do this though, please be advised this action might slow down or prevent access to some parts of the Services.
Cookies may also be retransmitted by an analytics or statistics provider to collect aggregated information on the number of users and how they visit the Services. These are also considered technical cookies when they operate as described.
Temporary session cookies are deleted automatically at the end of the browsing session – these are mostly used to identify you and ensure that you don’t have to log in each time – whereas permanent cookies remain active longer than just one particular session.
Third-party cookies: We may also utilize third-party cookies, which are cookies sent by a third-party to your computer. Permanent cookies are often third-party cookies. The majority of third-party cookies consist of tracking cookies used to identify online behavior, understand interests and then customize advertising for users.
Third-party analytical cookies may also be installed. They are sent from the domains of the aforementioned third parties external to the Services. Third-party analytical cookies are used to detect information on user behavior on our Services. This place anonymously, in order to monitor the performance and improve the usability of the Services. Third-party profiling cookies are used to create profiles relating to users, in order to propose advertising in line with the choices expressed by the users themselves.
Support in configuring your browser: You can manage cookies through the settings of your browser on your device. However, deleting cookies from your browser may remove the preferences you have set for this Services.
For further information and support, you can also visit the specific help page of the web browser you are using:
– Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
– Firefox: https://support.mozilla.org/en-us/kb/enable-and-disable-cookies-website-preferences
– Safari: http://www.apple.com/legal/privacy/
– Chrome: https://support.google.com/accounts/answer/61416?hl=en
Log Data: Like all websites and mobile applications, this Services also makes use of log files that store automatic information collected during user visits. The different types of log data could be as follows:
– internet protocol (IP) address;
– type of browser and device parameters used to connect to the Services;
– name of the Internet Service Provider (ISP);
– date and time of visit;
– web page of origin of the user (referral) and exit;
– possibly the number of clicks.
The aforementioned information is processed in an automated form and collected in an exclusively aggregated manner in order to verify the correct functioning of the Services, and for security reasons. This information will be processed according to the legitimate interests of the Data Controller.
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may also possibly include Personal Data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the Services or damage to other users, or in the case of harmful activities or crime. Such data are never used for the identification or profiling of the user, but only for the protection of the Services and our users. Such information will be treated according to the legitimate interests of the Data Controller.
Article 8 – THIRD PARTIES:
We may utilize third-party service providers (“Third-Party Service Providers”), from time to time or all the time, to help us with our Services, and to help serve you.
We may use Third-Party Service Providers to assist with information storage (such as cloud storage).
We use Third-Party Service Providers to process payment through the Services. In this instance, the Third-Party Service Provider will have access to your Personal Data.
We may provide some of your Personal Data to Third-Party Service Providers in order to help us track usage data, such as referral websites, dates and times of page requests, etc. We use this information to understand patterns of usage of, and to improve, the Services.
When you click on links through our Services or visit affiliate websites or mobile applications, they may direct you away from our Services. We are not responsible for the privacy practices of other websites, virtual servers or mobile applications and encourage you to read their individual privacy policies. If you visit a third-party website, virtual server or application link from our Services, you do so at your own risk.
We may use Third-Party Service Providers to host the Services. In this instance, the Third-Party Service Provider will have access to your Personal Data.
Your Personal Data will not be sold or otherwise transferred to other third parties without your approval.
In general, you may request that we do not share your Personal Data with third parties. Please contact us via email, if so. Please be advised that you may lose access to certain services that we rely on third-party providers for.
Article 9 – HOW PERSONAL DATA IS STORED:
To protect your personal identifiable information, we take reasonable precautions and follow industry standard SSL/TLS end-to-end encryption of data in transit and limit internal access to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your financial or any other Personal Data, the information is encrypted using industry standard protections in our database. No payment information is ever stored in our database, as it is solely processed through Third Party Service Providers and is only temporarily stored during the processing of payment.
Although we have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, please be aware that despite our best efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Personal Data is stored throughout your relationship with us. We delete your Personal Data upon request for cancelation of your account or other general request for the deletion of data. However, we are not able to remove certain Personal Data, such as, authentication certificate related information because we require the storage of this information for business purposes.
In the event of a breach of your Personal Data, you will be notified in a reasonable time frame, but in no event later than two weeks, and we will follow all applicable laws regarding such breach.
Article 10 – PURPOSES OF PROCESSING OF PERSONAL DATA:
We primarily use your Personal Data to help us provide a better experience for you on our Services and to provide you the services and/or information you may have requested, such as use of our Services.
Information that does not identify you personally, but that may assist in providing us broad overviews of our customer base, will be used for market research or marketing efforts. Such information may include, but is not limited to, interests based on your cookies.
Personal Data that may be considering identifying may be used for the following:
- Improving your personal user experience
- Providing our Services
- b) Communicating with you about your user account with us
- c) Marketing and advertising to you, including via email
- d) Fulfilling your purchases
- e) Providing customer service to you
- f) Advising to you about updates to the Services or related Items
Article 11 – DISCLOSURE OF PERSONAL DATA:
Although our policy is to maintain the privacy of your Personal Data as described herein, we may disclose your Personal Data if we believe that it is reasonable to do so in certain cases, in our sole and exclusive discretion. Such cases may include, but are not limited to:
- a) To satisfy any local, state, or Federal laws or regulations
- b) To respond to requests, such discovery, criminal, civil, or administrative process, subpoenas, court orders, or writs from law enforcement or other governmental or legal bodies
- c) If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
- e) As may be necessary for the operation of our Services
- f) To generally cooperate with any lawful investigation about our users
- g) If we suspect any fraudulent activity on our Services or if we have noticed any activity which may violate our terms or other applicable rules
Article 12 – CAN-SPAM ACT AND OPTING OUT OF EMAILS:
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- We may also send you additional information related to your Account, your purchases and our Services.
- Market to our mailing list, if you provide us with such consent.
To be in accordance with CAN-SPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your Account or any other transactional or service-oriented request.
Article 13 – INTERNATIONAL DATA TRANSFER FOR RESIDENTS OF THE EUROPEAN UNION, SWITZERLAND OR THE UNITED KINGDOM:
WE WILL UPDATE THIS ONCE THE GDPR POLICIES ARE FINALIZED
EU data protection law through GDPR or the UK GDPR and UK Data Protection Act makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.
a) Legal Grounds for Processing your Personal Data
- you provided your consent;
- it is necessary for our contractual relationship;
- the processing is necessary for us to comply with our legal or regulatory obligations; and/or
- the processing is in our legitimate interest as an event organizing and content providing platform (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).
b) Real Authentication as a Data Controller
EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.
Real Authentication will act as a data controller concerning Personal Data. For example, if you create an account with us, make a purchase or access the message boards or forums, Real Authentication will be a data controller for the Personal Data you provide as part of your account.
We will also be a data controller of the Personal Data we may obtain through the use of the Services or our Services. We use this to conduct research and analysis to help better understand and serve users of the Services as well as to improve our Services.
d) Transfers of Personal Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
Data Access and Data Deletion
Data protection law provides you with rights regarding Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data, and unsubscribe from marketing communications.
There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation. If you have a complaint about how we handle your Personal Data, please get in touch with us as at [email protected] to receive further clarification. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.
ARTICLE 14 – USERS IN BRAZIL
LEGAL BASIS FOR PROCESSING YOUR INFORMATION
Depending on what information we collect from you and how we collect it, we process your information for the following reasons:
- In order to administer our contractual relationship, including setting up your requested Services, payments, renewals and processes;
- Because it is in our legitimate interest to run a successful and efficient business and provide you with the Services and other useful content;
- In order to fulfill any legal obligations we may have to collect this information from you; and/or
- Because you have provided your consent for us to do so.
SHARING WITH THIRD PARTY SERVICE PROVIDERS AND VENDORS
Occasionally, we enter into contracts with selected third parties to assist us in servicing you (for example, providing you with customer service, fraud detection and deterrence or access to advertising assets and providing us with information technology and storage services) or to assist us in our own marketing and advertising activities (including providing us with analytic information and search engine optimization services). Additional information about certain third-party service providers we share Personal Data with is available here. Our contracts with such third parties prohibit them from using any of your Personal Data for any purpose beyond the purpose for which it was shared.
In order for us to provide the Services to you and comply with our legal obligations, Personal Data you provide to us and information we collect about you, your usage and devices will be transferred to, stored and processed in the United States. Your information may also be processed by staff operating outside of the United States who work for one of our Third Party Service Providers. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Brazil Privacy Addendum.
You can select your cookie preferences upon your first visit to our App or Site. If you choose to change your preferences, you may do so at any time by clicking the “Cookie Preferences” link in the footer of our website homepage.
When you opt out of cookies, you will be opted out of all non-required cookies. You cannot opt out of required cookies because these cookies and tracking technologies are required to help our websites work correctly. These cookies allow you to navigate our Services and use essential features, including secure areas and authentication orders.
YOUR PRIVACY RIGHTS
As a user located in Brazil, you may be able to exercise the following rights with respect to your Personal Data that we have collected, subject to certain limitations:
To exercise your rights under the LGPD, please submit a request to us by:
- Sending an email to [email protected]
We will need to verify your identity before processing your request. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems.
If you have any questions about this Brazil Privacy Addendum or our data handling practices, or you wish to make a complaint, you may contact our Data Protection Officer at [email protected].
In addition to the rights outlined above, where the Lei Geral de Proteção de Dados (LGPD) applies, you may:
- Ask that we provide confirmation of the existence of the processing of your personal data.
- Access the personal data we hold about you and certain information about how we use it and who we share it with including information about any public and private entities.
- Request the deletion of Personal Data we have collected from you, subject to certain exceptions.
- Ask us to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD.
- Ask us to provide information about the possibility of denying consent for the processing of your personal data and the consequences of such denial.
Article 15 – YOUR RIGHTS:
You have many rights in relation to your Personal Data. Specifically, your rights are as follows:
– the right to be informed about the processing of your Personal Data
– the right to have access to your Personal Data
– the right to update and/or correct your Personal Data
– the right to portability of your Personal Data
– the right to oppose or limit the processing of your Personal Data
– the right to request that we stop processing and delete your Personal Data
– the right to block any Personal Data processing in violation of any applicable law
– the right to launch a complaint with the Federal Trade Commission (FTC) in the United States or applicable data protection authority in another jurisdiction
If you wish to modify or delete any information we may have about you, or you wish to simply access any information we have about you, you may do so from your account settings page.
Article 16 – CALIFORNIA RESIDENTS: CALIFORNIA CONSUMER PROTECTION ACT (“CCPA”)
The California Consumer Privacy Act (CCPA) provides consumers who are residents of the State of California with specific rights related to their Personal Data (which includes Personally Identifiable Information), subject to certain exceptions. It also requires us to disclose the information we collect, the purposes for which we collect it, and what we share and disclose.
The Personal Data We Collect and Why
The Personal Data We Share or Disclose
Right to Know
You have the right to ask us what Personal Data we have collected from you over the past 12 months. You may make such requests up to twice a year.
Right to Delete
You have the right to ask us to delete your Personal Data. In certain circumstances the law may not require or permit us to delete certain Personal Data, but if we cannot honor a deletion request, we will tell you.
Right to Opt-Out (“Do Not Sell”)
You have the right to tell us not to disclose or transfer your Personal Data to a third party in exchange for something of value. The CCPA refers to this as your right to say “Do Not Sell” my Personal Data. If you opt out of disclosure or transfer of your Personal Data, you may later opt-in again to having your Personal Data move more freely.
Exercising Your Rights
Right to Know and Right to Delete
You may ask us for the Personal Data we have about you, or ask us to delete your Personal Data, by emailing us at [email protected]. When you make a request online, we will verify your identity by sending you an email and asking you to respond.
If you ask what Personal Data, we have received from you, and we cannot verify your identity, or if providing the information you have requested creates a security risk, we will give you a general description of the type of Personal Data we have about you.
If you ask us to delete your Personal Data, and we can’t verify your identity and confirm that you made the request, we will not be able to honor it. Please ensure to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative and describe your request with sufficient detail that allows Us to properly understand, evaluate, and respond
Generally, though, if we can confirm your identity and your request, we will delete, de-identify, or aggregate your Personal Data so it can no longer be associated with you. There are some reasons that may require or permit us to keep your Personal Data, however.
We may deny your deletion request if retaining the information is necessary for us or our Third Party Service Providers to:
○ Complete the transaction for which we collected the Personal Data, provide a good or
service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
○ Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
○ Debug products to identify and repair errors that impair existing intended functionality.
○ Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
○ Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
○ Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
○ Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
○ Comply with a legal obligation.
○ Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
If you are an authorized agent, you must make your request by emailing us at [email protected] and put the words “CCPA Requests, Authorized Agents” in the subject field. You also need to attach to your email proof that you are registered with the Attorney General, as required by law, and proof you have written authority to act for the consumer. You shall also provide the email address of the consumer you are representing so we can verify their identity or provide documentation that you have power of attorney for the consumer pursuant to Probate Code sections 4000-4465. We will not be able to honor requests without sufficient documentation that you are authorized to represent the consumer.
Requests made on behalf of a “Household”
If you would like to request Personal Data about your household, you may make your request by emailing us at [email protected] and putting the words “CCPA Household Request” in the subject field of the email. We will need to verify the users of the household, and in some cases, if a request raises security concerns for any household member, we may not be able to honor the request.
We do not offer any financial incentives for consumers to take any action or make any choices in using our services.
California “Shine the Light” Law
Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.
California “Eraser” Law
If you are a California resident under the age of 18, and a user of the Services where this policy is posted, you may request removal of content or information you have publicly posted. Please be aware that such a request does not ensure complete removal from the Internet of the content or information you posted, and there may be circumstances in which the law does not require or allow removal.
Exercising these Rights
For all requests under the “Shine the Light” or “Eraser” Law, you must put the words “Your California Privacy Rights Shine the Light/Eraser Law” in the subject field of an email to [email protected]. You must also include your full name, street address, city, state, and zip code. We will accept requests to exercise these rights only by email with the proper subject line and complete and accurate information.