This Privacy Policy Addendum for California Residents (this “California Privacy Addendum”) supplements the information contained in SuppleStack, Inc.’s, including its subsidiaries and affiliates (“SuppCo,” “we”, “us” or “our”) Privacy Policy and applies solely to visitors, users, and others who reside in the State of California (“Consumers” or “you”). We adopt this California Privacy Addendum to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CPRA”). Any terms defined in the CPRA have the same meaning when used in this California Privacy Addendum.
This California Privacy Addendum applies to information that we collect through our Services that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device (“Personal Information”). This California Privacy Addendum does not apply to: * Personal Information collected from or about our California-based job applicants, employees, independent contractors, or similar individuals (“Personnel”). Please contact your local human resources department if you are part of our California Personnel and would like additional information about how we process your Personal Information. * Publicly available information lawfully made available to the general public from government records, widely distributed media, or otherwise by you. * Deidentified, aggregated, or anonymized information that is maintained in a form not capable of being associated with or linked to you. * Other information excluded from the CPRA, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996, the California Confidentiality of Medical Information Act, or clinical trial data.
Our Services collect, and over the prior twelve (12) months have collected, the following categories of Personal Information:
Identifiers. A real name; postal address; unique personal identifier; online identifier; email address; account name; phone number; and other similar identifiers.
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name; address; telephone number; credit card number, debit card number, or any other financial information. Some Personal Information included in this category may overlap with other categories.
Protected classification characteristics under California or federal law. Age (40 years or older) and gender
Commercial Information. Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric information. Genetic, physiological, behavioral, and biological characteristics; or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints; iris or retina scans; keystroke, gait, or other physical patterns; and sleep, health, or exercise data.
Internet or other similar network activity. Browsing history; search history; information on a Consumer’s interaction with a website, application, or advertisement.
Geolocation data. We collect IP-based information about your physical location or movements. This IP-based information can only identify your physical location or movements to a geographic region, such as town, city, state, and country, but cannot be used to identify your precise physical location or movements.
Sensory data. Audio; electronic; visual; thermal; olfactory; or similar information.
Inferences drawn from other Personal Information. Profile reflecting a person’s preferences; characteristics; predispositions; behavior; attitudes; abilities; and aptitudes.
Sensitive Personal Information (“Sensitive Personal Information”) Health information, such as self-report health conditions or health goals
SuppCo will not collect additional categories of Personal Information without providing you with notice.
As further described in To Whom Do We Sell or Share Your Personal Information, we may “sell” categories of Personal Information for monetary or other valuable consideration and we may “share” categories of Personal Information for cross-context behavioral advertising.
We collect Personal Information about you from the sources described in our Privacy Policy.
We may use, “sell” for monetary or other valuable consideration, “share” for the purposes of cross-context behavioral advertising, or disclose the Personal Information we collect and, over the prior twelve (12) months, have used, shared for the purpose of cross-context behavioral advertising, or disclosed the Personal Information we have collected, for the purposes described in our Privacy Policy as well as the following additional purposes:
Short-term, transient use, provided the Personal Information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction, including but not limited to, contextual customization of ads shown as part of the same interaction.
Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, advertising or marketing services, analytic services, or similar services on behalf of the business or service provider. SuppCo will not use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
SuppCo will not use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
SuppCo may disclose your Personal Information to third parties for one or more business purposes. When we disclose Personal Information to non-affiliated third-parties for a business purpose, where required by CPRA we enter a contract that describes the purpose, requires the recipient to both keep that Personal Information confidential and not use it for any purpose except for the specific business purposes for which the Personal Information was disclosed or as otherwise permitted by law, and requires the recipient to otherwise comply with the requirements of the CPRA.
In the preceding twelve (12) months, SuppCo may have disclosed the following categories of Personal Information for one or more of the business purposes described below to the following categories of third parties:
Personal Information Category:
Identifiers. Business partners; and affiliates of SuppCo.
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Business partners; and affiliates of SuppCo.
Protected classification characteristics under California or federal law. Business partners; and affiliates of SuppCo.
Commercial Information. Business partners; and affiliates of SuppCo.
Biometric information. Business partners; and affiliates of SuppCo.
Internet or other similar network activity. Business partners; and affiliates of SuppCo; Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services.
Geolocation data. Business partners; and affiliates of SuppCo.
Sensory data. Business partners; and affiliates of SuppCo.
Inferences drawn from other Personal Information. Business partners; and affiliates of SuppCo.
Sensitive Personal Information Category:
We may disclose your Personal Information to the categories of third parties listed above for one or more of the following business purposes:
Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
Helping to ensure security and integrity of our Services and IT infrastructure to the extent the use of the Personal Information is reasonably necessary and proportionate for these purposes.
Debugging to identify and repair errors that impair existing intended functionality.
Short–term, transient use, including but not limited to, nonpersonalized advertising shown as part of your current interaction with us. Our agreements with third parties generally prohibit your Personal Information from disclosure to another third-party and from using your Personal Information to build a profile about you or otherwise alter your experience outside your current interaction with us.
Performing services on behalf of us, including maintaining or servicing accounts, providing customer service, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of us.
Providing advertising and marketing services, except for cross-context behavioral advertising, to Consumers. In addition to the above, we may disclose any category of Personal Information to third parties, including government or law enforcement agencies, as necessary to comply with applicable laws, court orders, or subpoenas; respond to legal investigations or regulatory inquiries; cooperate with law enforcement regarding potential unlawful activities; or to exercise or defend legal claims.
In addition to the above, we may disclose any category of Personal Information to third parties, including government or law enforcement agencies, as necessary to comply with applicable laws, court orders, or subpoenas; respond to legal investigations or regulatory inquiries; cooperate with law enforcement regarding potential unlawful activities; or to exercise or defend legal claims.
“Sale” of Your Personal Information for Monetary or Other Valuable Consideration
We do not sell Personal Information as the term “sell” is commonly understood to mean an exchange for money. However, the use of advertising and analytics cookies on our Services is considered a “sale” of Personal Information as the term “sale” is broadly defined in the CPRA to include both monetary and other valuable consideration. Using this broad definition, our “sale” is limited to our use of third-party advertising and analytics cookies for behavioral advertising and understanding interactions with our Services. These “sales” of your Personal Information are subject to your right to opt out (see Your Choices Regarding our “Sale” or “Sharing” of your Personal Information).
“Sharing” of Your Personal Information for Cross-Context Behavioral Advertising
SuppCo may “share” your Personal Information for the purpose of cross-context behavioral advertising, subject to your right to opt-out of that sharing (see Your Choices Regarding our “Sale” or “Sharing” of your Personal Information).
In the preceding twelve (12) months, SuppCo has “sold” for monetary or other valuable consideration and “shared” for the purpose of cross-context behavioral advertising, the above categories of Personal Information to the following categories of third parties:
| Personal Information Category | Sold or Shared | Categories of Third-Party Recipients |
|---|---|---|
| Identifiers | Sold and Shared | Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services. |
| Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Sold and Shared | Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services. |
| Protected classification characteristics under California or federal law | Sold and Shared | Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services. |
| Commercial Information | Sold and Shared | Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services. |
| Biometric information | Not Sold or Shared | N/A |
| Internet or other similar network activity | Sold and Shared | Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services. |
| Geolocation data | Sold and Shared | Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services. |
| Sensory data | Sold and Shared | Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services. |
| Inferences drawn from other Personal Information | Sold and Shared | Advertisers and advertising networks; Internet cookie information recipients, such as analytics and behavioral advertising services. |
| Sensitive Personal Information Category | Categories of Third-Party Recipients |
|---|---|
| Health information, such as self-report health conditions or health goals | Not sold or shared. |
Sale or Sharing of Personal Information of Minors Under the Age of 16
We do not have any actual knowledge that we “sell” the Personal Information of minors under the age of 16 for monetary or other valuable consideration and we do not have any actual knowledge that we “share” such Personal Information for cross-context behavioral advertising without affirmative consent as required by the CPRA. More information on how minors under the age of 16 may change their choice regarding the “sale” or “sharing” of their Personal Information can be found in Your Choices Regarding our “Sale” or “Sharing” of your Personal Information.
The CPRA provides California residents with specific rights regarding their Personal Information. This section describes your CPRA rights and explains how to exercise those rights. You may exercise these rights yourself or through your Authorized Agent. For more information on how you or your Authorized Agent can exercise your rights, please see Exercising Your CPRA Privacy Rights.
Right to Know. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months (a “Right to Know” request). This includes: (i) the categories of Personal Information we have collected about you; (ii) the categories of sources from which that Personal Information is collected; (iii) our purposes for collecting this Personal Information; (iv) the categories of third parties with whom we have shared your Personal Information; and (v) if we have “sold” or “shared” or disclosed your Personal Information, a list of categories of third parties to whom we “sold” or “shared” your Personal Information, and a separate list of the categories of third parties to whom we disclosed your Personal Information. You must specifically describe whether you are making a Right to Know request or a Data Portability request (defined below). If you would like to make both such requests, you must make them clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. You may make a Right to Know request a total of two (2) times within a twelve (12)-month period at no charge.
Access to Specific Pieces of Information. You also have the right to request that we provide you with a copy of the specific pieces of Personal Information that we have collected about you, including any Personal Information that we have created or otherwise received from a third party about you (a “Data Portability” request). If you make a Data Portability request electronically, we will provide you with a copy of your Personal Information in a portable and, to the extent technically feasible, readily reusable format that allows you to transmit the Personal Information to another third party. You must specifically describe if you are making a Right to Know or Data Portability request. If you would like to make both such requests, you must make them clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. We will not provide this information if the disclosure would create a substantial, articulable, and unreasonable risk to your Personal Information or the security of our systems or networks. We will also not disclose any Personal Information that may be subject to another exception under the CPRA. If we are unable to disclose certain pieces of your Personal Information, we will describe generally the types of Personal Information that we were unable to disclose and provide you with a description of the reason we are unable to disclose it. You may make a Data Portability request a total of two (2) times within a twelve (12)-month period at no charge.
Correction. You have the right to request that we correct any incorrect Personal Information about you to ensure that it is complete, accurate, and as current as possible. You may request that we correct the Personal Information we have about you as described below under Exercising Your CPRA Privacy Rights. In some cases, we may require you to provide reasonable documentation to show that the Personal Information we have about you is incorrect and what the correct Personal Information may be. We may also not be able to accommodate your request if (i) we believe it would violate any law or legal requirement or cause the information to be incorrect, or (ii) the Personal Information at issue is subject to another exception under the CPRA.
Deletion. You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your Consumer Request (see Exercising Your CPRA Privacy Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies pursuant to the CPRA. Some exceptions to your right to delete include, but are not limited to, if we are required to retain your Personal Information to complete the transaction for which we collected the Personal Information, provide a good or service requested by you or otherwise perform under our contract with you and to comply with our legal obligations.
Non-Discrimination. We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not do any of the following as a result of you exercising your CPRA rights: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you with a different level or quality of goods or services; or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
To exercise the rights described above, please submit a request (a “Consumer Request”) to us by either:
Filling out our online webform, available https://supp.co/?ketch_show=preferences
Emailing us at privacy@supp.co
If you (or your Authorized Agent) submit a Consumer Request to delete your information online, we will use a two-step process in order to confirm that you want your Personal Information deleted. This process may include verifying your request through your email address on record. By making a Consumer Request, you consent to us contacting you in one or more of these ways.
If you fail to make your Consumer Request in accordance with the ways described above, we may either treat your request as if it had been submitted in accordance with our methods described above or provide you with information on how to submit the request or remedy any deficiencies with your request.
Only you, or your Authorized Agent that you authorize to act on your behalf, may make a Consumer Request related to your Personal Information. You may also make a Consumer Request on behalf of your minor child. To designate an Authorized Agent, see Authorized Agents below.
All Consumer Requests must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an Authorized Agent of such a person; and
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm which Personal Information relates to you or the individual for whom you are making the request as their Authorized Agent.
Making a Consumer Request does not require you to create an account with us.
We will only use Personal Information provided in a Consumer Request to verify the requestor’s identity or authority to make the request. For instructions on exercising sale or sharing opt-out rights, see Your Choices Regarding our “Sale” or “Sharing” of your Personal Information.
You may authorize your agent to exercise your rights under the CPRA on your behalf by providing them with written authorization or with power of attorney to exercise your rights in accordance with applicable laws (an “Authorized Agent”). We may request that your Authorized Agent submit proof of identity and that they have been authorized exercise your rights on your behalf. We may deny a request from your Authorized Agent if they fail to submit adequate proof of identity or adequate proof that they have the authority to exercise your rights.
“Sale” of Your Personal Information
If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information for monetary or other valuable consideration at any time (the “right to opt-out”). We do not sell the Personal Information of Consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.
“Sharing” of Your Personal Information
If you are 16 years of age or older, you have the right to direct us to not share your Personal Information for the purposes of cross-context behavioral advertising, which is showing advertising on other websites or other media based on your browsing history with our Services (the “right to opt-out”). We do not share the Personal Information of Consumers we actually know are less than 16 years of age for this purpose, unless we receive affirmative authorization from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to our sharing of Personal Information for these purposes may opt-out of future such sharing at any time.
How You May Opt-Out of Our Sale or Sharing of Your Personal Information
To exercise the right to opt-out of the “sale” of your Personal Information for monetary or other valuable consideration and of “sharing” your Personal Information for the purposes of cross-context behavioral advertising, you (or your Authorized Agent) may submit a request to us by visiting the “Do Not Sell or Share My Personal Information” link below, by configuring your browser to send us a privacy signal as described in more detail below or by setting your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you do not consent to our use of cookies or select this setting you may be unable to access certain parts of our Services or other websites. You can find more information about cookies at http://www.allaboutcookies.org and http://youronlinechoices.eu.
Do Not Sell or Share My Personal Information
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize our “sale” and “sharing” of your Personal Information.
However, you may change your mind and opt back into the “sale” and “sharing” of Personal Information at any time at: https://supp.co/?ketch_show=preferences
You do not need to create an account with us to exercise your opt-out rights. You may be required to provide us with additional contact information so that we may verify your request to opt-in to the sale of your Personal Information. We will only use Personal Information provided in an opt-out request to review and comply with the request.
Browser Privacy Control Signals
You may also exercise your right to opt-out of the “sale” of your Personal Information for monetary or other valuable consideration and “sharing” your Personal Information for the purposes of cross-context behavioral advertising by setting the privacy control signal on your browser, if your browser supports it. We currently recognize and support Global Privacy Control (for more information on how to configure your browser to send this signal, please see https://globalprivacycontrol.org/).
When we receive one of these privacy control signals, we will opt you out of any further “sale” or “sharing” of your Personal Information when you interact with our Services through that browser and on that device. However, you may change your mind and opt back into the “sale” or “sharing” of Personal Information at any time by adjusting your cookie preferences to accept all or certain cookies.
In the event you have affirmatively opted in to our “sale” and “sharing” of your Personal Information as described above and we receive a privacy control signal from your browser, we will request further instructions from you before you are opted out of any further “sale” or “sharing.”
We will keep your Personal Information for no longer than is necessary for the purpose(s) it was provided for. Further details of the periods for which we retain Personal Information are available on request. However, we may retain any or all categories of Personal Information when your information is subject to one of the following exceptions:
When stored in our backup and disaster recovery systems. Your Personal Information will be deleted when the backup media your Personal Information is stored on expires or when our disaster recovery systems are updated;
When necessary for us to exercise or defend legal claims;
When necessary to comply with a legal obligation; or
When necessary to help ensure the security and integrity of our Services and IT systems.
Shine the light law. Under California’s Shine the Light law (California Civil Code Section 1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes, and the categories of personal information disclosed. You may send us requests for this information to privacy@supp.co. In your request, you must include the statement “Shine the Light Request,” and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
We reserve the right to amend this California Privacy Addendum at our discretion and at any time. When we make changes to this California Privacy Addendum, we will post the updated Addendum on our Services and revise the effective date accordingly. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
If you have any questions or comments about this California Privacy Addendum, the ways in which SuppCo collects and uses your information described above and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at privacy@supp.co.
These statements have not been evaluated by the Food and Drug Administration. Any products and informational content displayed on this page are not intended to diagnose, treat, cure, or prevent any disease.