CCPA notice
This CCPA Notice (“CCPA Notice“) applies to Retailers, Buyers and Visitors (collectively “Consumers“) who interact with, access to, or otherwise use Shalem Platform Inc. (“Shalem” or “we“) Services or Website (collectively herein “Services“), who are California, Nevada and Virginia residents, in accordance with the following data protection laws as applies respectively – the California Consumer Privacy Act of 2018 as amended and revised by the California Privacy Rights Act of 2020 (“CPRA” and collectively “CCPA“), the Virginia Consumer Data Protection Act (“VCDPA”), the Nevada Privacy of Information Collected on the Internet from Consumers Act (“NPICICA“) and any other applicable data protection law (“Data Protection Laws“).
This CCPA Notice applies to Consumers’ Personal Information, which we collect directly or indirectly while using our Service or in order to provide our Services, and business-to-business Personal Information.
This CCPA Notice is an integral part of our Privacy Policy. Any capitalized terms not defined herein shall have the meaning ascribed to it under the Data Protection Laws or our Privacy Policy.
Part I: A Comprehensive Description of the Information Practices:
1. Categories of Personal Information We Collect
We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below.
Personal Information further includes Sensitive Personal Information (“SPI”) or Sensitive Data, as detailed in the table below.
Personal Information does not include: Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; and information which is excluded from the Data Protection Laws’, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.
Shalem has collected the following categories of personal information within the last twelve (12) months:
Category | Example | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | Yes: real name, postal address, email address, account name, Social Security number, driver’s license number, and passport number, IP address. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes: A name, signature, Social Security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, and additional financial information as provided by the Credit Check. |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | No |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Yes: Visitors’ interaction with our Website, marketing campaigns. |
G. Geolocation data. | Physical location, approximate location derived from IP address or movements. | Yes: approximate location derived from IP address. |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | No |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | Yes: As provided by the Credit Check |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
L. Sensitive personal information. | Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life. | Yes: financial records, social security number. |
2. Categories of Sources of Personal Information
Depending on the nature of your interaction with us, we may collect Personal Information as follows:
- Automatically – we use cookies or similar tracking technologies to gather some information automatically when you interact with our Services and Website.
- Provided by the Retailer – we will collect information as provided to us by the Retailer in order to obtain a Credit Check.
- From third parties who assist us in the performance of our Services – for example, from third party service providers who perform the Credit Check.
- Provided voluntarily by you – we collect information as provided to us by you, for example, when you, as a Retailer, create an account or contact us for support, or when you, as our Website Visitor, contact us directly through any online form available through the Website, etc.
3. Use of Personal Information
We may use the Personal Information collected as identified above, for the following purposes:
- To fulfill or meet the reason you provided the Personal Information (book a demo, support, respond to a query, etc.);
- To monitor and improve our Services;
- To provide the Services including a Credit Check;
- Direct marketing;
- To analyzing our Services and your use of the Services and website; or
- Respond to law enforcement; or otherwise as detailed in our Privacy Policy.
We will not collect additional categories of personal information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
4. Disclosures of Personal Information for A Business Purpose
We may disclose your Personal Information to a contractor or service provider for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We further restrict the contractor and service provider from selling or sharing your Personal Information.
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
Business Purpose (as defined under CCPA) | Category (corresponding with the table above) | Category of Recipient |
Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards. | Category A Category F Category G | Advertising networks; data analytics providers; social media networks. |
Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes. | Category A Category B Category D Category F Category G Category I Category L | Debt collection agencies or credit bureaus, Operational partner, security and fraud prevention providers, operating systems. |
Debugging to identify and repair errors that impair existing intended functionality | Category A Category F Category G | Analytic providers, operational partner, security and fraud prevention providers, operating systems. |
Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction. | Advertising networks; data analytics providers; social media networks. | |
Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, verifying consumers’ information, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider | Operating systems, CRM, survey providers, customer support, cloud computing and storage vendors, etc. | |
Undertaking internal research for technological development and demonstration. | Developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools. | |
Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned or controlled by the business. | Category A Category B Category F Category G | Credit check providers, developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools. |
Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine the personal information of opted-out consumers that the service provider or contractor receives from, or on behalf of, the business with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers. | Category A Category F Category G | Advertising networks, data analytics providers, social media networks, marketing service providers and technical platforms such as CRM and tracking tools. |
5. Sale or Share of Personal Information
In the preceding twelve (12) months, we do not “sell” information as most people would commonly understand that term, we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment.
For retargeting and analytic purposes, when we promote our Services, we use third-party tools that are able to market our Services online, measure these marketing efforts, identify individuals that are interested in our Services, etc. This is done by placing cookies, pixel or other tracking technology on our website and sharing with these vendors the online identifiers and online behavior information. The CCPA defines these actions as “sharing” or “selling”.
In the preceding twelve (12) months, we did not “sell” or “share” any Personal Information
6. Children Under the Age of 16
We do not knowingly collect information from children under the age of 16.
7. Data Retention
We retain Personal Information we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.
In certain circumstances, we will retain your Personal Information for longer periods of time and mainly:
- Where we are required to retain Personal Information in accordance with legal, regulatory, tax, or accounting requirements;
- Where we deem retention is necessary to obtain an accurate record of your dealings with us in the event of any complaints or challenges (e.g., adverse event); or
- If we reasonably believe there is a prospect of litigation relating to your Personal Information.
Part II: Your Rights Under the Data Protection Laws
1. Your Rights
Depending on your interaction with us and your place of residence you might have certain rights regarding your Personal Information we process as detailed herein above.
Rights | Details |
The right to know what Personal Information Shalem has collected about you. | Including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information that Shalem has collected about you. |
Deletion Rights. | The right to delete Personal Information that Shalem has collected from you, subject to certain exceptions. We reserve the right to reject such request under certain circumstances, and will inform you of the basis for the denial, which may include, but is not limited to, ensure the security and integrity, provide the services, a legal obligation, etc. |
Correct Inaccurate Information | The right to correct inaccurate Personal Information that Shalem maintains about you. |
Opt-Out of Sharing for Cross-Contextual Behavioral Advertising | You have the right to opt-out of the “sharing” of your Personal Information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising.” |
Opt-out from selling | The right to opt-out of the sale or sharing of Personal Information by Shalem. |
Limit the Use or Disclosure of SPI | Under certain circumstances, if Shalem uses or discloses SPI, the right to limit the use or disclosure of SPI by Shalem. |
Opt-Out of the Use of Automated Decision Making | In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information, where applicable. |
Non-Discrimination | The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information. |
Data Portability | You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format. |
Note: You may only exercise this right, unless legally required otherwise, twice within 12 years.
2. How Can You Exercise Your Rights?
You may exercise your rights free of charge, except as otherwise permitted under applicable law, by contacting us at: privacy@shalemplatform.com. We may limit our response to your exercise of these privacy rights as permitted under applicable law.
We further provide a cookie banner and consent management that incorporate a browser setting that notifies our website of your privacy preferences. You may opt out of Sharing or Selling your Personal Information through the placeholder available on our Website’s footer.
We also are able to affirmatively respect the Global Privacy Control signals through Consent Management Platform on the Website.
3. Authorized Agents
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
4. Response Timing and Format
We endeavor to respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require additional time (as permitted by applicable laws), we will inform you of the reason and extension period in writing by mail or electronically, at your option. If we determine that the request warrants a fee, we will tell you why we made such decision and provide you with a cost estimate before completing your request.
For Virginia Residence: If you have an account with us, we may require you to use the account to submit the VCDPA request. We may require specific information from you to help us confirm your identity and process your VCDPA request. If we denied a request, you may appeal our decision, and within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.
Part III: Other State Laws and Rights
Do Not Track Settings: Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we so not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.
California’s “Shine the Light” law (Civil Code Section § 1798.83): permits employees that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at: privacy@shalemplatform.com.
Notice to Virginia Residents: The VCDPA provides Virginia residents with the right to receive certain disclosures regarding the personal data we process about them. This CCPA Notice provided any and all needed disclosures under the VCDPA. If you are a Virginia resident, the VCDPA grants you the right to: (1) confirm whether or not we are processing your personal data to access such personal data; (2) correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data; (3) delete personal data you have provided or we have obtained about you; (4) obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means; and (5) opt out of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. The rights and how to exercise them are detailed under this CCPA Notice and are applicable for Virginia residence as well and you may exercise your rights as detailed above.
Notice to Nevada Residents: Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to privacy@shalemplatform.com.
CONTACT US:
By email: privacy@shalemplatform.com.
By mail: Shalem platform Inc. 500 7th Ave, 8th Floor, Suite A102, New York, NY 10018 USA
UPDATES:
This notice was last updated on May 17, 2023. As required under the CCPA, we will update this CCPA Notice every 12 months. The last revision date will be reflected in the “Last Updated” heading at the top of this CCPA Notice.