California Privacy Notice

Effective Date: January 1, 2020

If you are not a resident of California, click here to be redirected to our General Privacy Policy.

 

ViscoSoft, Inc. California Privacy Notice

This notice reflects our good faith understanding of the law and our data practices as of the date posted (set forth above), but the CCPA’s implementing regulations are not yet final and there remain differing interpretations of the law. Accordingly, we may from time-to-time update information in this and other notices regarding our data practices and your rights, modify our methods for responding to your requests, and/or supplement our response to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.

This California Privacy Notice (“Notice”) applies to “Consumers” as defined by the California Consumer Privacy Act (“CCPA”) as a supplement to ViscoSoft Inc.’s (together with our subsidiaries and affiliates “Company” “us” “we” “our”) other privacy policies or notices. In the event of a conflict between any other Company policy, statement or notice and this Notice, this Notice will prevail as to California Consumers and their rights under the CCPA. Please see also any privacy policy or notice of general applicability posted or referenced on our websites, apps, products, or services, including, without limitation: viscosoft.com/pages/privacy-policy.

This Notice covers the collection, use, disclosure, and sale of California Consumers’ “Personal Information” (“PI”) as defined by the CCPA, except to the extent such PI is exempt from the notice obligations of the CCPA. This Notice also covers rights California Consumers have under the CCPA, as well other notices to Californians required by other laws. The description of our data practices in this Notice, as required by the CCPA, covers calendar year 2019 and will be updated annually. Our practices in calendar year 2020 may change, however, if materially different such that we think a Consumer would reasonably expect notice we will provide notice in connection with the applicable collection, which may include reference to other applicable privacy policies and notices.

Consistent with the CCPA, job applicants, current and former employees and independent contractors (“Personnel”), and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, are not considered “Consumers” for purposes of this California Privacy Notice or the rights described herein. However, our Personnel may obtain a separate privacy notice that is applicable to them by contacting their Human Resources department. Publicly available information is also not treated as PI under the CCPA, so this notice is not intended to apply to that data and your Consumer privacy rights do not apply to that data.

To aid in readability, in some places we have abbreviated or summarized CCPA terms or language and in some places in this Notice we cite to specific CCPA sections for your reference. Terms defined in the CCPA that are used in this Notice shall have the same meaning as in the CCPA. 

You can click on the links above to navigate to the different sections in this Notice.

1. PI WE COLLECT.

We collect, retain, use and disclose PI about California Consumers, including in calendar year 2019 as follows:

Category of PI Examples of PI Sources of PI Purposes for PI Collection Category of third parties with which the PI is shared, if shared.
1. Identifiers This may include but is not limited to: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, or other similar identifiers. Directly from Consumer, and Service Providers (e.g. marketing agency, chat software provider, customer service
/ review platform).
(1) Processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance;
(6) security; and
(7) debugging.

Including without limitation:
Selling products, fulfilling consumer orders, processing payments/financing, fulfilling your requests, advertising and incentivizing purchases.








Service Providers (e.g. delivery firms, customer service agencies, banking partners offering financing), Banking Partners (offering financing), Retailers, External Auditors, and Government Entities (upon valid request).
2. Personal Records This may include information such as: physical characteristics or description, signature, telephone number, employment, bank account number, credit card number, debit card number, or any other financial information, and medical information. Directly from Consumer, and Service Providers (e.g. marketing agency). (1) Processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance; and
(6) security.

Including without limitation:
Selling products, fulfilling consumer orders, processing payments/financing, advertising and incentivizing purchases, optimizing processes and the customer journey, and processing medical and government paperwork, including for reimbursements.






Service Providers (e.g. delivery firm, customer service agencies, banking partners offering financing), External Auditors, and Government Entities (upon valid request).
3. Consumer Characteristics This may include, but is not limited to: sex, marital status, veteran status, and disability. Directly from Consumer; and from third party sources. (1) Processing interactions and transactions;
(6) security.

Including without limitation:
Processing payments/financing, advertising and incentivizing purchases, and processing medical and government paperwork, including for reimbursements.

Service Providers, External Auditors and Government Entities (upon valid request).
4. Customer Account Details / Commercial Information This may include but is not limited to: records of personal products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Directly from Consumer, and Service Providers (e.g. marketing agency, chat software provider, customer service / review platform). (1) Processing interactions and transactions; and
(2) managing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance;
(6) security; and
(7) debugging.

Including without limitation:
Fulfilling consumer orders, processing payments/financing, advertising and incentivizing purchases.







Service Providers (e.g. delivery firm, customer service agencies), Business Partners (e.g. subsidiaries, banking partners offering financing), External Auditors, and Government Entities (upon valid request).
5. Internet Usage Information This may include, but is not limited to: browsing history, search history, and information regarding your interaction with an Internet Web site, application, or advertisement. Directly from Consumer, Service Providers (e.g. website provider, marketing agency), and Data Resellers. (1) Processing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance;
(6) security; and
(7) debugging.

Including without limitation:
Selling products, fulfilling consumer orders, advertising and incentivizing purchases.






Service Providers (e.g. website hosts, marketing agencies).
6. Geolocation Data This may include but is not limited to: precise physical location or travel patterns. Directly from Consumer, and Data Resellers (1) Processing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance;
(6) security; and
(7) debugging

Including without limitation:
Selling products, fulfilling consumer orders, advertising and incentivizing purchases.






Service Providers (e.g. website hosts, marketing agencies).
7. Sensory Data This may include, but is not limited to: audio recordings of customer care calls, in-store traffic pattern movement data and visual recordings (CCTV) Directly from Consumer, and Service Providers (e.g. call recording agency). (4) Research and development; and
(5) quality assurance.

Including without limitation:
Optimizing processes and the customer journey.

Service Providers (e.g. customer service / call recording agency)
8. Professional or Employment Information This may include, but is not limited to: professional, educational, or employment-related information. Directly from Consumer. (1) Processing interactions and transactions;
(3) performing services; and
(6) security.

Including without limitation:
Processing payments/financing.



Banking Partners (providing financing).
9. Inferences from PI Collected This may include, but is not limited to: creating a profile about a Consumer reflecting the Consumer’s preferences, characteristics, behavior, attitudes, and aptitudes. Directly from Consumer, Service Providers (e.g. marketing agency), Data Resellers (3) Performing services; and
(4) research and development.

Including without limitation:
Advertising and incentivizing purchases.

Service Providers (e.g. website hosts, marketing agencies).

As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information. We have no obligation to re-identify such information or keep it longer than we need it to respond to your requests. This helps us practice data minimization, which we consider to be a privacy best practice consistent with our mission to respect our customers.

A.  Sources of PI.

We may collect your PI directly from you or from Service Providers, vendors, our affiliates, or other individuals and businesses. For more specifics tied to each category of PI, see the chart above. 

B. Use of PI.

Generally, we collect, retain, use and disclose your PI to provide you services and as otherwise related to the operation of our business. For more specific detail on our collection of PI, and the purposes therefore, see the chart above at PI We Collect. For more detail on our disclosures of PI, see the next section Sharing of PI.

As more fully detailed in the chart above, we may collect, use and disclose the PI we collect for one or more of the following business purposes:

  • Processing Interactions and Transactions;
  • Managing Interactions and Transactions;
  • Performing Services;
  • Research and Development;
  • Quality Assurance;
  • Security;
  • andDebugging.

Subject to restrictions and obligations of the CCPA, our vendors may also use your PI for some or all of the above listed business purposes.

In addition, we may collect, use and disclose your PI for additional operational business purposes, as more fully detailed in the chart above. Our vendors may themselves engage services providers or subcontractors to enable them to perform services for us, which sub-processing is, for purposes of certainty, an additional business purpose for which we are providing you notice.

In addition, we may collect, use and disclose your PI as required or permitted by applicable law.

2. SHARING OF PI.

We may share PI with our Service Providers, affiliates, and/or third parties, including without limitation during calendar year 2019 as follows:

A. Disclosures:

We may share your PI (as described above in PI We Collect) with our Service Providers, Affiliates, External Auditors, and Government Entities for the same business purposes for which we collect such PI as described above in Use of PI and the PI WE COLLECT chart above, including in the calendar year 2019 as follows:

Category of PI Business Purposes for Disclosures, if Applicable Categories of Recipients of Business Purpose Disclosure, if Applicable
1. Identifiers (1) Processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance;
(6) security; and
(7) debugging





Service Providers, External Auditors, Insurance Companies and Government Entities
2. Personal Records (1) Processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance; and
(6) security




Service Providers, External Auditors, Insurance Companies and Government Entities
3. Consumer Characteristics (1) Processing interactions and transactions; and
(6) security
External Auditors, Insurance Companies and Government Entities
4. Customer Account Details / Commercial Information (1) Processing interactions and transactions;
(2) managing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance;
(6) security; and
(7) debugging





Service Providers, External Auditors, Insurance Companies and Government Entities
5. Internet Usage Information (1) Processing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance;
(6) security; and
(7) debugging




Service Providers
6. Geolocation Data (1) Processing interactions and transactions;
(3) performing services;
(4) research and development;
(5) quality assurance;
(6) security; and
(7) debugging




Service Providers
7. Sensory Data (4) Research and development; and
(5) quality assurance
Service Providers
8. Professional or Employment Information Not applicable Not applicable
9. Inferences from PI Collected (3) Performing services; and
(4) research and development
Service Providers

We also share PI when directed to do so by a Consumer, such as to Banking Partners (to provide financing) and Retailers. Our disclosures to External Auditors is done for the business purpose of complying with our obligations in connection with insurance and government reimbursement programs.

B.  Sales of PI:

We do not believe that in 2019/2020 we “sold” PI as we understand the term to be defined under the CCPA. To the extent that you have taken the position that we “sell” PI, please find more information on your do not sell rights in the Do Not Sell Data subsection of the California Privacy Rights section of this Privacy Notice (Section 3.B below). As further explained in that section, we do not believe that third party cookies or similar technology for advertising or analytics are a sale of PI by us. We transfer PI to Bank Partners and Retailers, but that is done at the Consumer’s direction and is consequently not a sale. We disclose PI to Government Entities (such as for reporting purposes), but that is also not considered a sale of PI.

3. CALIFORNIA PRIVACY RIGHTS

We provide California Consumers the privacy rights described in this section. You have the right to exercise these rights via an authorized agent who meets the agency requirements of the CCPA and related regulations. As permitted by the CCPA, any request submitted to us by you or your agent is subject to an identification verification process (“Verifiable Consumer Request”). We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI, and if applicable that your agent has authority to act for you. Please contact us here and respond to any follow up inquires we may make. You may also obtain information on how to make, and may submit, a request by asking a manager at any of our Company retail locations. Please note, however, that our products may be sold at independent retailers that we do not own or control and those retail locations do not represent us in connection with our privacy program. They may, however, have their own privacy programs that relate to their, not our, data practices.

Some PI we maintain about Consumers is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI when a Consumer request that requires verification pursuant to the CCPA’s verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA we do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. You are not required to create an account with us to make a Verifiable Consumer Request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose and otherwise use and to respond to your California Consumer privacy rights requests. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest that you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest or not. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Consistent with the CCPA and our interest in the security of your PI, we will not deliver to you your social security number, driver’s license number or other government-issued id number, financial account number, any medical identification, an account password, or security questions or answers in response to a CCPA request.

Your California Consumer privacy rights are as follows:

A.  The Right to Know:

  1. Information Rights:

You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:

  • The categories of PI we have collected about you.
  • The categories of sources from which we collected your PI.
  • The business or commercial purposes for our collecting or selling your PI.
  • The categories of third parties to whom we have shared your PI.
  • The specific pieces of PI we have collected about you.
  • A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
  • A list of the categories of PI sold about you in the prior 12 months, or that no sale occurred. If we sold your PI, we will explain:

o  The categories of your PI we have sold.

o  The categories of third parties to which we sold PI, by categories of PI sold for each third party.

To make a request, please contact us here, or call us at 1-844-888-4726. In order to verify your request and find your personal information in our databases, we may ask you to provide us with your first name, last name, email address and zip code. For your specific pieces of information, as required by the CCPA, we will apply the heightened verification standards set forth in subsection (ii) below.

Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.

ii.   Obtaining Copies of PI:

You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining. To make a request, please contact us here or call us at 1-844-888-4726 In order to verify your request and retrieve your personal information from our databases, we will ask you to provide us with your first name, last name, email address, zip code and a proof of address.

Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.

B.  Do Not Sell PI:

Under the CCPA, businesses that “sell” personal information must provide Californian residents the right to opt out from that sale. We do not believe that we sell your PI as we understand data sales to be defined in the legislation. Although there is not yet a consensus, we do not believe that the collection of data by third party cookies or similar technology for advertising or analytics constitutes a sale of your personal information by us. To the extent that you may consider ViscoSoft to have “sold” what the CCPA refers to as “identifiers” (e.g. IP addresses), “commercial information” (e.g. browser history of visiting a webpage directed at individuals considering the purchase of ViscoSoft products or services) and “internet or other electronic network activity information” (e.g. information about an individual’s browsing activity). See our Privacy Policy for certain choices you have regarding cookies, including information on how to exercise your rights to opt-out. We may disclose your PI for the following purposes, which are not considered a sale: (i) if you direct us to share PI; (ii) to comply with your requests under the CCPA; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.

C.  Delete:

Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and service you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your PI that we did not collect directly from you. To make a request, please contact us here or call us at 1-844-888-4726 In order to verify your request and delete your personal information from our databases, we will ask you to provide us with your first name, last name, email address, zip code.

However, you may alternatively exercise more limited control of your PI, e.g. unsubscribing from our marketing emails by visiting the last email communication and clicking ‘Unsubscribe’ at the bottom of the email. 

D.  Non-Discrimination and Financial Incentive Programs:

We do not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.

E.  Authorized Agents:

A Consumer can designate an authorized agent to make a request under the CCPA on the Consumer’s behalf. If a Consumer chooses to submit a request through an authorized agent, we require the Consumer to:

  • Provide the authorized agent written permission to submit a request, a copy of which must be provided to us;
  • Verify that instruction and their own identity directly with us (except where the agent has verified power of attorney).

If the authorized agent has a power of attorney issued under California Probate Code sections 4000 to 4465, then the written agreement is not necessary. In the absence of any of the two general conditions detailed above, we will reject any request submitted through an agent. In addition, the agent is subject to the verification standards applicable to the type of request(s) made.

F.  Limitation on Rights:

Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.

4. ADDITIONAL CALIFORNIA NOTICES.

In addition to CCPA rights, certain Californians are entitled to certain other notices, including:

A. Third Party Marketing and Your California Privacy Rights:

California's "Shine the Light" law permits California residents to request certain information regarding our disclosure of PI to third parties for their own direct marketing purposes.

We do not share personal information as defined by California Civil Code § 1798.83 (“Shine the Light law”) with third parties for their direct marketing purposes without either obtaining your consent (such as when you direct us to send your PI to Retailers) or giving you the ability to opt-out. To opt-out of future sharing with third parties for their direct marking purposes, contact us here. If you are a California resident, you may request information about our compliance with the Shine the Light law by sending a letter to 2923 S Tryon St STE 140, Charlotte, NC 28203 or by emailing support@viscosoft.com. Any such request must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address.

As these rights and your CCPA rights are not the same and exist under different laws, you must exercise your rights under each law separately.

B. Online Privacy Practices:

For more information on our online practices and your California rights specific to our online services see our online Privacy Policy. Without limitation, Californians that visit our online services and seek or acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights:

  • Tracking and Targeting:

When you visit our online services, we and third parties may use tracking technologies to collect usage information based on your device for a variety of purposes, including serving you advertising, based on your having visited our services or your activities across time and third-party locations. Some browsers may enable you to turn on or off a so-called “Do Not Track” signal. Because there is no industry consensus on what these signals should mean and how they should operate, we do not look for or respond to “Do Not Track” signals. For more information on tracking and targeting and your choices regarding these practices, see our online Privacy Policy.

  • California Minors:

Although our online service(s) are intended for an audience over the age of majority, any California residents under the age of eighteen (18) who have registered to use our online services, and who posted content or information on the service, can request removal by contacting us here, detailing where the content or information is posted and attesting that you posted it. We will then make reasonably good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.

C. eCommerce:

In accordance with California Business and Professions Code § 17538 et al., our online return and refund policy is available here. The legal names under which we conduct business online ViscoSoft Inc., and our business address is 2923 S Tryon St STE 140, Charlotte, NC 28203. Within five (5) days of our receipt of your request, California residents may receive verification of this information by emailing us at support@viscosoft.com.

Residents of California are also entitled to the following specific Consumer rights information: you may contact the Complaint Assistance Unit of the Division of Consumer Services of the Department of Consumer Affairs by mail at: 1625 North Market Blvd., Suite N 112, Sacramento, California, 95834, or by telephone at (916) 445-1254. Hearing-impaired users can reach the Complaint Assistance Unit at TDD (800) 326-2297 or TDD (916) 322-1700. Their website is located at: http://www.dca.ca.gov.

D. Supply Chain:

As required by CA Civil Code 1714.43, ViscoSoft (a) engages in verification of product supply chains to evaluate and address risks of human trafficking and slavery, which is verified by a third-party; (b) conducts independent and unannounced audits of suppliers to evaluate supplier compliance with company standards for trafficking and slavery in supply chains; (c) requires direct suppliers to certify that materials incorporated in the product comply with laws regarding slavery and human trafficking of the country or countries in which it is doing business; (d) maintains internal accountability standards and procedures for employees or contractors failing to meet company standards regarding slavery and trafficking; and (e) provides employees and management, who have direct responsibility for supply chain management, training on human trafficking and slavery, particularly with respect to mitigating risks within supply chains of products.

5. CONTACT US.

For more information on your California privacy rights contact us at email us at support@viscosoft.com. You may also write to us at: 2923 S Tryon St STE 140, Charlotte, NC 28203.

//End Privacy Policy//

© ViscoSoft Inc. 2020. All Rights Reserved.