This document explains our policies and practices regarding your information, and how we will treat it. Please read it carefully. By using the Service, you accept and agree with the terms of the Policy.
If you access the Service through any password-protected channel, including any such access we may provide or make available, you acknowledge and understand that you are solely responsible for maintaining the security of such access credentials (including any login and password) and for all activity that occurs under such credentials. If you become aware of any breach or disclosure of such information, please notify us immediately at email@example.com.
While we try to be good stewards of your data and information, and take commercially reasonable measures to protect it, we cannot guarantee that the Service is secure from intrusion or inadvertent disclosure.
Information We Collect
In order to provide and allow you to use the Service, we collect several types of information from you that identify, reference, or could reasonably be linked, directly or indirectly, with a you or your device (“personal information”). In particular, we have collected the following categories of information from our consumers within the last 12 months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information in this category may overlap with other categories.
C. Protected classification under California or federal law
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data
Physical location or movements.
H. Sensory data
Audio, electronic, visual, thermal, olfactory, or other similar information.
I. Professional or employment-related information
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 24 C.F.R. Part 99)
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
The term “personal information” does not include:
- publicly available information from government records;
- deidentified or aggregated consumer information; or
- information excluded from the California Consumer Privacy Act’s (“CCPA”) scope, like: (i) health or medical information covered by HIPPA and CMIA; and (ii) personal information covered by certain sector-specific privacy laws, including the FRCP, GLBA, FIPA, and the Driver’s Privacy Protection Act of 1994.
The information we collect on or through the Service may include:
- information that you provide by filling in forms through the Service (which may appear through Client sites), including information provided at the time of creating an account, posting material, requesting services, or when you report a problem the Service;
- records and copies of your correspondence (including email addresses), if you contact us;
- your responses to surveys we might ask you to complete; and
- details of transactions you carry out through the Service, and of the fulfillment of your orders.
We collect this information:
- directly from you when you provide it to us;
- automatically as you navigate through the site (which may include usage details, IP addresses, and information collected through cookies and other tracking technologies);
- from third parties, for example, Clients; and
- information you provide to us.
Information Collected Through Automatic Data Collection Technologies.
As you navigate through and interact with the Service, it may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- details of your interactions with the Service and other communication data and the resources that you access and use; and
- information about your computer and internet connection, including your IP address, operating Service, and browser type.
The information the Service collects automatically helps us to improve the Service, including by enabling us to:
- estimate usage volume and usage patterns;
- store information about your preferences and specific Client’s customer’s preference, allowing us to customize the Service;
- speed up searches; and
- recognize you when you return to the Service.
The technologies Starboard uses for this automatic data collection may include:
- Flash Cookies. Certain features of the Service may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on the Service. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see the section below entitled Choices About How We Use and Discloses Your Information.
- Web Beacons. Pages and aspects of the Service may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Service, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
How We Use Your Information
We may use or disclose the personal information that we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provide the information.
- To provide, support, personalize, and develop the Service.
- To create, maintain, customize and secure your account with us.
- To process your requests, purchases, transactions, and payments and to prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address concerns and monitor and improve our responses.
- For testing, research, analysis, and product development.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets in which personal information held by us about you is among the assets transferred.
- To present the Service and its content to users.
- To provide you with notices.
- To carry out obligations and enforce rights under agreements with you and/or Clients.
- To notify you about changes to the Service.
- To allow you to participate in interactive features.
- To enforce or apply agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our employees, clients, customers, or others.
- To our subsidiaries and affiliates.
- To our contractors, service providers, and other third parties we use to support our business.
- For any other purpose with your consent.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purpose without providing you notices. We may also use your information to contact you about goods and services that may be of interest to you. We may disclose aggregated information about users, and other information that does not identify any individual, without restriction.
Choices About How We Use and Disclose Your Information
We have created mechanisms to provide you with the following control over the information that you provide us:
Third-Party Services and Sharing Personal Information
Starboard utilizes and integrates various third parties and their platforms or services to power and support the Service, (collectively, “Third-Party Services”). We may disclose your personal information to a Third-Party Service for a business purpose. When we disclose personal information for a business purposes, we enter a contract that describes the purpose and requires that the recipient both keep that personal information confidential and not use it for any purpose except performing the contract. We share your information with the following Third-Party Services:
- For hosting, Amazon Web Services.
- For payment processing, the Service works with Stripe, Square and Authorize.net; however, each Client processes payments through their own merchant account with these payment providers, and Starboard does not have access to your payment information.
- To monitor usage, identify potential issues and provide technical support, Mixpanel, Intercom, UpScope, StatusPage, PagerDuty and Google Analytics.
- To send email, MailChimp and Mandrill.
- In order to communicate with you and to collect additional information related to your purchase, Clients are able to sync your data to their own accounts with third-party services, including MailChimp, Constant Contact, SmartWaiver, Google Analytics, Trip Advisor, Viator, Google Ads, AdRoll and Facebook.
The Third-Party Services and your provision of information to and storage of your data with such services are subject to their applicable terms and policies. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
Disclosures of Personal Information for a Business Purpose
In the preceding 12 months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers
Category B. Personal information categories
Category D: Commercial information
Category F: Internet or other similar network activity
Sale of Personal Information
In the preceding 12 months, we have not sold personal information.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, or take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform the Services.
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provide it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights, please submit a verifiable consumer request to us by emailing us at firstname.lastname@example.org
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12 month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person we collected personal information on.
- Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us.
You can review and change your personal information by logging into Service and visiting your account profile page or by emailing us at email@example.com. Except to the extent required by law, we will, upon your request, delete any personal information about you stored in our Service; provided, that you understand we may provide such data to the Client(s) from which you have purchased goods or services through the Service prior to doing so.
Response Timing and Format
We endeavor to respond to verifiable consumer requests within 45 days of receipt. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response to you by mail or electronically, at your option. Any disclosures we provide will only cover the 12 month period preceding the verifiable consumer request’s receipt. If applicable, we will also provide reasons we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information. We do not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or unfounded. If we determine a fee is warranted, we will provide you with an estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you with a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.
Children Under the Age of 13
The Service is not intended for children under 13 years of age, and no one under age 13 may provide any information to or through the Service. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on or through the Service, including any information about yourself (such as name, address, email or telephone number). If we learn that we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.
Your California Privacy Rights
California Civil Code Section §1798.83 permits users of the Service who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org with “Request for California Privacy Information” in the subject line and in the body of your message. We will provide the requested information to you in your email address in response.
October 21, 2019