CCPA PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This “CCPA Privacy Notice for California Residents” (this “CCPA Notice” or “Notice”) supplements the information contained in the general Privacy Policy on this Website for Citrusbyte, LLC, dba TheoremOne, LLC This CCPA Notice applies solely to visitors, users, and others who reside in the State of California (”Consumers” or “you”). We adopt this CCPA Notice to comply with the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100-1798.199 (the “CCPA”). Any terms defined in the CCPA have the same meaning when used in this CCPA Notice, and any terms defined in our general Privacy Policy that are not otherwise defined in this CCPA Notice have the same meaning as defined in our general Privacy Policy.
Until January 1, 2023, this CCPA Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. Also, where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (”B2B personal information”) from some of its requirements.
Personal information we collect
Our Website collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (”personal information”). Please note that personal information does not include information about you that is:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s scope, such as, for example, health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Specifically, as for the categories of personal information defined in the CCPA (in Section 1798.140), Our Website collects, or has collected within the last twelve (12) months, the following categories of personal information from its consumers (natural persons who are California residents):
A. Identifiers: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Collected
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some of the personal information that is included in this category may overlap with other categories.
Collected
C. Protected classification characteristics under other California laws or under U.S. federal law. Information regarding age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Not collected
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Not collected
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
Not collected
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
Collected
G. Geolocation data. Physical location or movements.
Not collected
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.
Not collected
I. Professional or employment-related information. Current or past job history or performance evaluations.
Collected
J. Education information that is not publicly available information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
Not collected
K. Inferences drawn from other personal information. Profile created from inferences drawn from other personal information where the profile reflects a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Not collected
We obtain the categories of personal information listed above:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on Our Website.
For more about how We collect your personal information, see the section “What personal data do we collect?” in our general Privacy Policy.
Use of personal information
We will collect and/or process your personal information only when We have a legal basis to do so. We may use, sell, or disclose the personal information We collect for one or more of the following purposes (in all cases with consent where required by law):
- To fulfill or meet the reasons you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about Our products or services, We will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, We will use that information to process your payment and facilitate delivery. In connection with using some of Our products or services, such, as for example, Our training services, or Our products like Overwatch, Mission Control, Contour, or Honesto, We will need certain information from you for you to utilize the products or obtain the services. We also may save your information to facilitate new product orders or to process returns.
- To provide, support, personalize, and develop Our Website, products, and services, including troubleshooting, data analysis, testing, system maintenance, and setting default options for you (such as, for example, for language and currency).
- To use data analytics to improve Our Website, products, services, marketing, and your customer experience, and to undertake testing, analysis, market research, product research, and product development, including for general statistical and survey purposes.
- To create, maintain, customize, and secure your account with Us and to register you as a new customer.
- To process your requests, purchases, transactions, and payments, and prevent transactional fraud, including recording your order details, keeping you informed of order status, processing payments and refunds, etc.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve Our responses.
- To manage our relationship with you, including providing you with any information that you may request, informing or reminding you (by e-mail) of any task carried out via our website that remains uncompleted such as an incomplete download, notifying you of any changes to our service, terms, conditions, or privacy policy, and asking you to leave a review or take a survey.
- To personalize your website experience and to deliver content and product and service offerings relevant to your particular interests, including targeted offers and ads through Our Website, third-party sites, and via e-mail or text message, and to measure the effectiveness of any advertisements provided.
- To enable you to take part in a competition, event, or survey, or to receive a reward for engaging with Us.
- To help maintain the safety, security, and integrity of Our Website, products and services, databases, and other technology assets, and business, including to protect our customers and ourselves from fraud or theft.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.As specifically described to you at or before we collect your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or to transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Us about Our Website users or other consumers is among the assets transferred.
We will not collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes without providing you notice. When We collect personal information from you, We will notify you at or before the time of collection.
For more about how we may use your personal information, see “Why do we collect this information?” and “What do we do with your information?” in Our general Privacy Policy.
Sharing your personal information
We may disclose your personal information to a third party for a business purpose or sell your personal information, subject to your right to opt-out of those sales (see “Personal information sales opt-out and opt-in rights,” below). When We disclose personal information for a business purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except for performing the contract. The CCPA prohibits third parties who purchase the personal information We hold from reselling it unless you have received notice and an opportunity to opt-out of further sales.We share your personal information with the following categories of third parties:
- Service providers.
- Data aggregators.
- Advertisers.
- Affiliates or partners.
- Parent or subsidiary organizations.
- Social media companies.Internet cookie data recipients, like for example, Google Analytics.
Disclosures of your personal information for a business purpose
In the preceding twelve (12) months, We have disclosed personal information for a “business purpose” as that term is defined in the CCPA:
- Category A: Identifiers.
- Category B: Personal information categories listed in the California Customer Records statute.
- Category D: Commercial information.
- Category F: Internet or other similar network activity.
- Category I: Professional or employment-related information.
When your personal information is used for a “business purpose,” as defined in the CCPA, We disclose or have disclosed during the past twelve (12) months your personal information to the following categories of third parties:
- Service providers.
- Data aggregators.
- Advertisers.
- Affiliates or partners.
- Parent or subsidiary organizations.
- Social media companies.
- Internet cookie data recipients, like for example, Google Analytics.
Sales of personal information
During the preceding twelve (12) months, we have sold the following categories of personal information (note that a transfer of personal information to, for example data aggregators or cookie data recipients (like Google Analytics, which we use) qualify as a "Sale" under the CCPA):
- Category F: Internet or other similar network activity.
We sell your personal information to the following categories of third parties:
- Data aggregators
- Analytics providers
Your rights and choices regarding your personal information
The CCPA provides consumers who are California residents with specific rights regarding their personal information. This section describes your various rights under the CCPA and explains how you can exercise those rights.
Your right to access to specific information and your data portability rights
You have the right to request that We disclose to you certain information about Our collection and use of your personal information over the past twelve (12) months. Once We receive and confirm your verifiable consumer request, We will disclose to you:
- The categories of personal information that We have collected about you.
- The categories of sources for the personal information that We have collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom We share that personal information.
- The specific pieces of personal information We collected about you (also called a data portability request).
- If We sold or disclosed your personal information for a business purpose, We also will disclose to you two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Until January 1, 2023, We do not provide these access and data portability rights for B2B personal information
Your deletion request rights
You have the right to request that We delete any of your personal information that We collected from you and retained, subject to certain exceptions. Once We receive and confirm your verifiable consumer request, We will delete, and direct Our service providers to delete, your personal information from Our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for Us or for our service provider(s):
- To complete any transaction for which We collected the personal information, to provide a good or service that you requested, to take actions reasonably anticipated within the context of Our ongoing business relationship with you, to fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise to perform Our contract with you.
- To detect security incidents, to protect against malicious, deceptive, fraudulent, or illegal activity, or to prosecute those responsible for any such activities.
- To debug products and identify and repair errors that impair existing intended functionality.To exercise free speech, to ensure the right of another consumer to exercise their free speech rights, or to exercise another right provided for by law.To comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- To engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- To enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with Us.
- To comply with a legal obligation.
- To make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Until January 1, 2023, We do not provide these deletion rights for B2B personal information.
Exercising your access, data portability, and deletion rights
To exercise the access, data portability, and deletion rights that you have under the CCPA, as described above, please submit a verifiable consumer request to Us by either:
Calling Us at (888) 969-2983
E-mailing Us at privacy-request@theoremone.co
Submitting a request online
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. (However, since We do not knowingly collect personal information from minors, if You are aware that personal information of a minor has been submitted to Us, please let us know immediately so that We can delete it.)
If you wish to designate an authorized agent to make such a request on your behalf, please provide the following information about that agent so that We can verify that person’s identity and authorization:
- Name:
- Email:
- Phone:
- Relationship to User:
-
Please realize that you may make a verifiable consumer request for access or data portability only twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom We collected personal information from or an authorized representative, which may include: Email sent from the address we have on file, a copy of government issued ID.
- Describe your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if We cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Thus, be prepared to have to provide additional information to Us so that We can verify your identity and/or your authority to make the request, but rest assured that such additional information will be used only for this verification purpose. If We are unable to verify your identify or authority, We cannot abide by the request, and We are permitted by law to deny the request. We also may deny your request if it is deemed manifestly unfounded or excessive. Making a verifiable consumer request does not require you to create an account with Us.
For instructions on exercising sales opt-out rights, see “Personal information sales opt-out and opt-in rights.”
Response timing and format
We will do our best to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will deliver Our written response by mail or electronically, at your option.
Any disclosures We provide will cover only the 12-month period preceding the verifiable consumer request’s receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically a CSV or Excel file.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell you why We made that decision, and We will provide you with a cost estimate before completing your request.
Personal information sales opt-out and opt-in rights
If you are 16 years of age or older, under applicable law, you have the right to direct Us to not sell your personal information at any time (the “right to opt-out”). We do not knowingly collect the personal information of minors such that this right is not applicable to anyone under the age of 18 in connection with Our Website, but users of Our Website who are over 18 may exercise their right to opt-out as provided in this section.
Under California law, minors who are at least 13 but not yet 16, have additional rights. A business shall not sell the personal information of consumers who are younger than 16, unless it receives the affirmative authorization (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. However, since We do not knowingly collect the personal information of consumers who are younger than 18 years of age, We do not sell the personal information of consumers we actually know are less than 16 years of age. Thus, the right to opt-out and the right to opt-in are not applicable to Our Website for users under the age of 18. If these sections ever did apply to Our Website, you should know that consumers who opt-in to personal information sales as set forth here may opt-out of future sales at any time.
To exercise the right to opt-out (for any users who are over the age of 18), you (or your authorized representative) may submit a request to Us by visiting this online request form.
Once you have made an opt-out request, We will wait at least twelve (12) months before asking you to reauthorize any sales of personal information. However, you may change your mind and opt back in to personal information sales at any time by emailing us at privacy-request@theoremone.co
You do not need to create an account with Us to exercise your opt-out rights. We will use personal information that you provide in an opt-out request only for purposes of reviewing and complying with the request.
Non-discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, We will not:
- Deny you any goods or services as a result of your exercise of these rights.
- Charge you different prices or rates for goods or services as a result of your exercise of these rights, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services as a result of your exercise of these rights.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, as a result of your exercise of these rights.
However, We may offer you certain financial incentives permitted by the CCPA that may result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive that We offer will reasonably relate to your personal information’s value and will contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. We currently do not provide any financial incentives.
Other California privacy rights
California’s “Shine the Light” law, Cal. Civil Code Section § 1798.83, permits users of Our Website who are California residents to request certain information regarding Our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to privacy-request@theoremone.co or write us at: Citrusbyte, LLC (d/b/a TheoremOne, LLC), 21550 Oxnard Street, 3rd Floor #11, Woodland Hills, California, 91367, USA
Changes to this CCPA Notice
We reserve the right to amend this CCPA Notice (and/or to our general Privacy Policy) at any time. When we make changes to this CCPA Notice (or to our general Privacy Policy), we will post the updated and revised notice on Our Website and update the effective date/last revised date set forth in the Privacy Policy and/or CCPA Notice.
If there are any significant changes to this CCPA Notice or to our general Privacy Policy, We will post a description of the updates on Our Website or applications, or We will let you know by e-mail.
Your continued use of Our Website after We post any changes to this CCPA Notice or our general Privacy Policy constitutes your acceptance of such changes. If you do not agree with any changes, your only option is not to use Our Website.