Legility will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Information We Share
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for one or more business purposes:
- California Customer Records Personal Information categories;
- Internet or other network activity information;
- Commercial information;
- Internet or other similar network activity;
- Employment; and
- Geolocation Data.
We Do Not Sell Personal Information As Such Activity Would Be Defined Under CCPA
In the preceding twelve (12) months, we have not sold Personal Information.
Your Rights and Choices Under CCPA
The CCPA provides California residents with specific rights regarding their Personal Information. This section describes those rights and explains how Californians may exercise those rights.
1. Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
2. Right to Data Portability. You have the right to a “portable” copy of your Personal Information that you have submitted to us. Generally, this means you have a right to request that we move, copy or transmit your Personal Information stored on our servers or information technology environment to another service provider’s servers or information technology environment.
3. Right to Delete Your Data. You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
4. Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for exercising your privacy rights conferred by the California Consumer Privacy Act.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
1. Complete the transaction for which we collected the Personal Information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
7. Comply with a legal obligation and any instructions from courts of lawful jurisdiction.
8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising CCPA Rights
This section explains how California residents can exercise their rights. To exercise your rights under the CCPA to access, data portability, and data deletion as described above, please submit a verifiable consumer request to us by either:
Only you, or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Our Response to Your Request
Upon receiving your request, we will confirm receipt of your request by sending you an email confirming receipt. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete Personal Information, we may first separately confirm that you would like for us to in fact delete your Personal Information before acting on your request.
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the Services you have requested. Where this is the case, we will inform you of specific details in response to your request.
HONG KONG RESIDENTS
Legility is required to comply with the Hong Kong law in respect of its operations there. Legility seeks to comply with the requirements of Hong Kong’s Personal Data (Privacy) Ordinance (“PDPO”).
Use of Personal Data for Direct Marketing in Hong Kong
As in other jurisdictions, Legility intends to use Personal Data collected from Hong Kong residents to send them marketing communications offering or advertising the availability of our Services (“Direct Marketing”). Under the PDPO, we may not use such Personal Data for Direct Marketing unless we have received consent from these individuals for that intended use.
1. Types of Personal Data
We may use your name, email address, mailing address and phone number and information about your preferences for Direct Marketing. These preferences may relate to both the business lines which you prefer for receiving Direct Marketing from us and the types of Services in which you are interested.
2. Classes of Marketing Subjects
Your Personal Data may be used for Direct Marketing in relation to the following:
- News and information, including Legility publications;
- Professional development offerings and opportunities;
- Job opportunities;
- Services offered by Legility
3. Communication of Your Consent
You may communicate your consent to our use of your Personal Data for Direct Marketing when:
- Providing us with your Personal Data through our website, clicking on the button indicating your consent;
- Providing us with your Personal Data through a form, signing the form to indicate your consent;
- Following the instructions in the document on which you are providing your Personal Data to us.
Retention of Personal Data
All Personal Data that has been collected from you will only be kept for as long as required under applicable law. Our data retention periods are based on the requirements of applicable data protection laws and the purpose for which your Personal Data is to be used and for as long as required by applicable law.
Your Rights and Choices Under PDPO
The PDPO grants Hong Kong residents with specific rights regarding their Personal Data. This section describes PDPO rights and explains how to exercise those rights if they apply to you.
1. Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection and use of your Personal Data. We have 40 days to produce this information. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
2. The right to rectification: If the individual discovers that the information we hold on them is inaccurate or incomplete, they can request that it be updated. As with the right to access, we have 40 days to do this, and the same exceptions apply.
Exercising PDPO Rights
To exercise your rights, please submit your request to firstname.lastname@example.org or by using the contact information provided above and we will consider your request in accordance with applicable law. For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Site, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
We endeavor to respond to a verifiable consumer request within forty (40) days of its receipt consistent with applicable law.
We may charge a reasonable administrative fee to process or respond to your verifiable consumer request. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.