Chicago - Spring 2021
Effective Date: 7/01/2020
- TYPES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW IT IS COLLECTED
- HOW WE USE YOUR PERSONAL INFORMATION
- YOUR PRIVACY RIGHTS AND CHOICES
- USE OUTSIDE THE UNITED STATES
- CALIFORNIA PRIVACY RIGHTS
- CHILDREN’S PRIVACY
- OUR DATA SECURITY PROCEDURES
- HOW TO CONTACT US
TYPES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW IT IS COLLECTED
- Log Information: Log information is data about your use of the Service, such as IP address, browser type, Internet service provider, referring/exiting pages, operating system, date/time stamps, and related data, which may be stored in log files or otherwise.
- Information Collected by Cookies and Other Tracking Technologies: Cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, fingerprinting, device recognition technologies, in-app tracking methods and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about interactions with the Service or emails, including information about your browsing and activity behavior.
- Cookies: A cookie is a small text file that is stored on a user’s device which may be session ID cookies or tracking cookies. Session cookies make it easier for you to navigate the Service and expire when you close your browser. Tracking cookies remain longer and help in understanding how you use the Service, and enhance your user experience. Cookies may remain on your hard drive for an extended period of time. If you use your browser’s method of blocking or removing cookies, some, but not all types of cookies may be deleted and/or blocked and as a result, some features and functionalities of the Service may not work. A Flash cookie (or locally shared object) is a data file that may be placed on a device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your device. HTML5 cookies can be programmed through HTML5 local storage. Flash cookies and HTML5 cookies are locally stored on your device other than in the browser, and browser settings won’t control them. To identify certain types of locally shared objects on your computer, visit your settings and make adjustments. The Service may associate some or all of these types of cookies with your devices.
- Web Beacons (“Tracking Pixels”): Web beacons are small graphic images, also known as “Internet tags” or “clear gifs,” embedded in web pages and email messages. Web beacons may be used, without limitation, to count the number of visitors to our Service, to monitor how users navigate the Service, and to count how many particular articles or links were actually viewed.
- Embedded Scripts: An embedded script is programming code designed to collect information about your interactions with the Service. It is temporarily downloaded onto your computer from our web server, or from a third party with which we work, and is active only while you are connected to the Service, and deleted or deactivated thereafter.
- Location-identifying Technologies: GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting content based on your location. If you use our Services from your mobile device, that device will send us data about your location based on your phone settings. We will ask you to opt-in before we use GPS or other tools to identify your precise location.
- Fingerprinting: Collection and analysis of information from your device, such as, without limitation, your operating system, plug-ins, system fonts and other data, are for purposes of identification and/or tracking (note that we do NOT collect any fingerprints or other biometric data from you).
- Device Recognition Technologies: Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household).
- In-app Tracking Methods: There are a variety of Tracking Technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifiers, or other identifiers such as “Ad IDs” to associate app user activity to a particular app.
HOW WE USE YOUR PERSONAL INFORMATION
- Create and service your account;
- Fulfill, confirm, and communicate with you regarding your transactions;
- Respond to your comments, questions, and requests, and provide support;
- Send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages;
- Prevent and address fraud, breach of policies or terms, and threats or harm;
- Monitor and analyze trends, usage, and activities;
- Improve our Service or other BAYAN digital properties, mobile applications, marketing efforts, products and services; and
- Send you recommendations and communicate with you regarding our and third-party offerings, programs, services, offers, promotions, rewards and events we think you may be interested in (for information about how to manage these communications, see “Your Choices” below).
YOUR PRIVACY RIGHTS AND CHOICES
Accessing and Changing InformationYou may access, review, correct, and update certain account information you have submitted to us by contacting us here. We will make a good faith effort to make the changes in BAYAN then-active databases as soon as practicable, but it may not be possible to completely change your information. We reserve the right to retain data as required by applicable law; and for so long as reasonably necessary to fulfill the purposes for which the data is retained as permitted by applicable law (e.g., business records).
Tracking Technologies Generally Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. Also, tools from commercial browsers may not be effective with regard to Flash cookies (also known as locally shared objects), HTML5 cookies or other Tracking Technologies. For information on disabling Flash cookies, go to Adobe’s website here. Please be aware that if you disable or remove these technologies, some parts of the Service may not work and that when you revisit the Service, your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.
Tracking Technologies Generally Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. Also, tools from commercial browsers may not be effective with regard to Flash cookies (also known as locally shared objects), HTML5 cookies or other Tracking Technologies. For information on disabling Flash cookies, go to Adobe’s website here. Please be aware that if you disable or remove these technologies, some parts of the Service may not work and that when you revisit the Service, your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations. App-related Tracking Technologies in connection with non-browser usage (e.g., most functionality of a mobile app) can only be disabled by uninstalling the app. To uninstall an app, follow the instructions from your operating system or handset manufacturer. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you can visit here, but we are not responsible for the completeness or accuracy of this third party information. Some third parties, however, may offer you choices regarding their Tracking Technologies. One way to potentially identify cookies on our Site is to add the free Ghostery plug-in to your browser, which according to Ghostery will display for you traditional, browser-based cookies associated with the websites (but not mobile apps) you visit and privacy and opt-out policies and options of the parties operating those cookies. BAYAN is not responsible for the completeness or accuracy of this tool or third-party choice notices or mechanisms. For specific information on some of the choice options offered by third party analytics and advertising providers, see the next section.
- We will only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- We will not use this Gmail data for serving advertisements.
- We will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Service’s internal operations and even then only when the data have been aggregated and anonymized.
Retention of Data
We will keep hold of your data for no longer than necessary. The length of time we retain it will depend on any legal obligations we have (such as tax recording purposes), the nature of any contracts we have in place with you, the existence of your consent or our legitimate interests as a business.
You can opt out of receiving certain promotional email communications from us at any time by following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging into your account. Please note that your opt-out is limited to the email address and will not affect subsequent requests or accounts you set-up. If you opt-out of only certain communications, other communications may continue. Even if you opt out of receiving promotional communications, we may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or our ongoing business relations.
Our Mobile Applications
With respect to our mobile apps (“App(s)”), you can stop all collection of data generated by use of the App by uninstalling the App. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain location-based or other services, by adjusting the permissions in your mobile device or in App settings. However, other means of establishing or estimating location in connection with Service use (e.g., IP address, connecting to or proximity to wi-fi, Bluetooth, beacons, or networks, etc.) may persist. See also the prior section regarding the DAA’s mobile Interest-based Advertising choices.
USE OUTSIDE OF THE UNITED STATES
Your Rights as a European Union Resident Under GDPR
The General Data Protection Regulation (“GDPR”) sets forth certain rights for residents of the European Union countries. These rights are:
- The right of access – you have the right to access your personal data (e.g. data that is about you) that we hold. This is called a subject access request. We must respond to your request within one month. To request access to your data, please email firstname.lastname@example.org. It is very helpful if you tell us what of your personal data you are seeking when you inquire.
- The right to rectification – if you think the data we hold on you is incorrect, tell us so we can put it right. You can do this by logging into your BAYAN account or emailing us at email@example.com.
- The right to erasure – you have the right to request that we delete your data. We will do so, provided that we do not have a compelling reason for keeping it. To request this, please email firstname.lastname@example.org.
- The right to restrict processing – you can change your communication preferences (therefore restricting how we communicate with you) by logging into BAYAN. There are also certain other circumstances in which you can suppress the processing of your personal data. To request this, please email email@example.com.
- The right to data portability – As applicable, you can obtain and reuse your personal data for your own purposes across different services. To request this, please email firstname.lastname@example.org.
- The right to object – you have the right to object to a) Direct marketing from BAYAN or from third parties we have shared your data with for direct marketing purposes. You can opt out of direct marketing any time by logging into BAYAN or visiting our Opt-Out Form here. There will also be instructions on how to unsubscribe included in any direct marketing message that we send to you; b) Any processing where our lawful basis is legitimate interest. If you would like to formally object to any of our legitimate interest processing, please email email@example.com.
- Rights in relation to automated decision making and profiling – this is not something we do at BAYAN at this time. If that ever changes, this policy will be updated accordingly.
At BAYAN, we are committed to upholding your rights as an EU resident. If you think we have not done so, please contact firstname.lastname@example.org.
CALIFORNIA PRIVACY RIGHTS
“Shine the Light” LawCalifornia’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing. BAYAN provides California residents with the option to opt-out of sharing “personal information” as defined by California’s “Shine the Light” law with third parties for such third parties own direct marketing purposes. California residents may exercise that opt-out, and/or request information about BAYAN compliance with the “Shine the Light” law, by contacting BAYAN here, or by sending a written request to:
Bayan 2854 North Santiago Blvd Suite 201 Orange, CA 92867 email@example.com
Requests must include “California Privacy Rights Request” in the subject line of your request and include your name, street address, city, state, and ZIP code. Please note that BAYAN is not required to respond to requests made by means other than through the provided email address or mailing address. Any California residents under the age of eighteen (18) who have registered to use the Service, and who have posted content or information on the Service, can request removal by contacting us here, or by sending a written request to:
Bayan 2854 North Santiago Blvd Suite 201 Orange, CA 92867 firstname.lastname@example.org
Your written request should detail where the content or information is posted and attesting that you posted it. We will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. Please note that the removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished or archived content by search engines and others that we do not control. The Service discloses its tracking practices (including across time and third-party services) here and its practices regarding “Do not track” signals here.California Consumer Protection Act (“CCPA”)
Information we CollectBAYAN. obtains personal information from categories of sources as set forth in the TYPES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW IT IS COLLECTED above. BAYAN. will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you with additional notice.
Sharing Personal InformationBAYAN. may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we require that the recipient both keep that personal information confidential and not use it for any purpose except performing the contract. We share your personal information with categories of third parties set forth in HOW WE SHARE YOUR PERSONAL INFORMATION above.
Your Rights and ChoicesThe CCPA provides California residents with specific rights regarding their personal information. This subsection describes your CCPA rights and explains how to exercise those rights.
- Access to Specific Information and Data Portability Rights
You have the right to request that BAYAN. disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you
- The categories of sources for the personal information we collected about you
- Our business or commercial purpose for collecting that personal information
- The categories of third parties with whom we share that personal information
- The specific pieces of personal information we collected about you (also called a “data portability” request)
- If we disclosed your personal information for a business purpose, the personal information categories that each category of recipient obtained
- Deletion Request Rights
You have the right to request that BAYAN delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided by law
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. Seq.)
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us
- Comply with a legal obligation
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it
- Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights describe above, please submit a verifiable request to use by either emailing email@example.com or call (909) 447-6347, and provide the following information:
- First and last name
- Email address
- Mailing address, city, state and zipcode
- Request type (Information/Access Request and/or Data Deletion)
- Request details
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
- Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights.
Our Service is not intended for nor targeted toward children under the age of thirteen (13). We do not knowingly collect personal information as defined by the United States Children’s Online Privacy Protection Act (“COPPA”) from children under the age of thirteen (13), and if we learn that we have collected such information, we will delete the information in accordance with COPPA. If you are a child under the age of thirteen (13), you are not permitted to use the Service and should not send any information about yourself to us through the Service. If you are a parent or guardian and believe we have collected information in a manner not permitted by COPPA, please contact us here. Any California residents under the age of eighteen (18) who have registered to use the Service, and who posted content or information on the Service, can request removal by contacting BAYAN here or by sending a written request to:
Bayan 2854 North Santiago Blvd Suite 201 Orange, CA 92867 firstname.lastname@example.org
When you contact us detailing where the content or information is posted and attesting that you posted it. BAYAN will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished or archived content by search engines and others that BAYAN does not control.
OUR DATA SECURITY PROCEDURES
HOW YOU CAN CONTACT US
Bayan 2854 North Santiago Blvd Suite 201 Orange, CA 92867 email@example.com 909-447-6347