Opus Guard

Supplemental Notices to the Opus Guard Privacy Policy

California privacy notice

This notice describes our collection, use and disclosure of Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to their Personal Information. For purposes of this notice, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA.

‍

Information practices. The following describes our practices currently and during the past 12 months:

Collection and disclosure. The chart below describes the Personal Information we collect by reference to the statutory categories of Personal Information specified in the definition of “Personal Information” in the CCPA, and the categories of third parties to whom we disclose it. The terms in the chart refer to the categories of information and third parties described above under Information We Collect. We use Personal Information for the business/commercial purposes described in the “Privacy Policy”. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of Personal Information not described below. We may also disclose Personal Information to professional advisors, law enforcement and government authorities, and business transferees as described in the How We Use and Share Information section of the Privacy Policy.

Statutory category/ Personal Information we collect	Categories of third parties to whom we disclose the Personal Information for a business purpose
Identifiers • Contact data • Profile data • Communications data • Device data	• Counterparties • Your organization • Affiliates • Service providers
California Customer Records (as defined in California Civil Code §1798.80) • Contact data • Profile data • Communications data	• Counterparties • Your organization • Affiliates • Service providers
Commercial Information • Device data • Online activity data	• Affiliates • Service providers
Internet or Network Information • Device data • Online activity data	• Affiliates • Service providers
Professional or Employment Information • Contact data • Profile data	• Counterparties • Your organization • Affiliates • Service providers
Education Information • Contact data • Profile data	• Your organization • Affiliates • Service providers
Inferences May be derived from all of the above	• Affiliates • Service providers
Sensitive Personal Information • Profile data (Service account username/password)	• Affiliates • Service providers

Statutory category/ Personal Information we collect

Categories of third parties to whom we disclose the Personal Information for a business purpose

Identifiers

• Contact data

• Profile data

• Communications data

• Device data

• Counterparties

• Your organization

• Affiliates

• Service providers

California Customer Records (as defined in California Civil Code §1798.80)

• Contact data

• Profile data

• Communications data

• Counterparties

• Your organization

• Affiliates

• Service providers

Commercial Information

• Device data

• Online activity data

• Affiliates

• Service providers

Internet or Network Information

• Device data

• Online activity data

• Affiliates

• Service providers

Professional or Employment Information

• Contact data

• Profile data

• Counterparties

• Your organization

• Affiliates

• Service providers

Education Information

• Contact data

• Profile data

• Your organization

• Affiliates

• Service providers

Inferences

May be derived from all of the above

• Affiliates

• Service providers

Sensitive Personal Information

• Profile data (Service account username/password)

• Affiliates

• Service providers

Sales and sharing of Personal Information. We do not “sell” or “share” Personal Information as those terms are defined in the CCPA and have no actual knowledge that we have sold or shared the Personal Information of California residents under 16 years of age. Accordingly, we do not process requests to opt-out of “sales” or “sharing” of Personal Information transmitted by opt-out signals.
Sensitive Personal Information. We do not use or disclose sensitive Personal Information for purposes subject to the right to limit under the CCPA.

Your privacy rights. As a California resident, you have the following rights under the CCPA:

Right to know. You can request information about the categories of Personal Information that we have collected; the categories of sources from which we collected Personal Information; the business or commercial purpose for collecting, sharing and/or selling Personal Information; the categories of any Personal Information that we sold or disclosed for a business purpose; and the categories of any third parties with whom Personal Information was sold, shared or disclosed for a business purpose.
Right to access. You can request a copy of certain Personal Information that we have collected about you.
Right to deletion. You can request that we delete Personal Information that we collected from you.
Right to correction. You can request that we correct inaccurate Personal Information that we have collected about you.
Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.

Exercising your rights. You may submit requests to exercise your right to know, access, deletion and correction by contacting us per the Contact Us section of the Privacy Policy. The rights described above are not absolute, and in certain cases, we may decline your request as permitted by law. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

Identity verification. We need to verify your identity to process your requests to exercise your rights to know, access, deletion, and correction, and we reserve the right to confirm your California residency. To verify your identity, we may require you to log into a Service account if you have one, provide identifiers we can match against information we may have collected from you previously, confirm your request using the email address or telephone number that we have on record, provide government identification, or provide a declaration under penalty of perjury, where permitted by law.

Authorized agents. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable state law. If you have not provided your agent with such a power of attorney, we may ask you and/or your agent to take additional steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request.

‍

Notice to European users

The information provided in this notice applies only to individuals in the United Kingdom (“UK”), the European Economic Area (“EEA”) and Switzerland (we collectively refer this group of countries as “Europe”).

The Personal Information that we collect from you is identified and described in greater detail in the section of the “Privacy Policy” entitled Information We Collect.

Controller. Opus Guard, Inc. is the controller of your Personal Information described in the Privacy Policy. See the Contact Us section of the Privacy Policy for contact details.

Legal bases for processing. European data protection law requires that we have a “legal basis” for each purpose for which we process your Personal Information. Depending on the purpose for collecting your information, we may rely on one of the following legal bases:

The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
The processing is necessary to pursue our legitimate interests or those of a third party and we are confident that your privacy rights will be appropriately protected (“Legitimate Interests”).
We need to comply with laws or to fulfill certain legal obligations (“Compliance with Law”).
We have your specific consent to carry out the processing for the purpose in question (“Consent”). Generally, we do not rely on Consent as a legal basis for using your Personal Information other than in the context of direct marketing communications where required by applicable law.

The table below identifies the legal bases we rely on in respect of the relevant purposes for which we use your Personal Information. For more information on these purposes and the categories of Personal Information involved, see the section in the “Privacy Policy” entitled “How We Use and Share Information”.

Processing purpose	Types of Personal Information processed	Legal basis
Service delivery	• Contact data • Profile data • Communication data • Device data • Online activity data	Contractual Necessity. If we have not entered into a contract with you, we process your Personal Information based our Legitimate Interests (in providing the Services you access or request)
Business operations	• Contact data • Profile data • Communication data • Device data • Online activity data	Contractual Necessity. If we have not entered into a contract with you, we process your Personal Information based our Legitimate Interests (in operating, providing and improving our business)
Research and development	• Contact data • Profile data • Communication data • Device data • Online activity data	Our Legitimate Interests (in analyzing and improving our Services and our business).
Marketing	• Contact data • Profile data • Communication data	Our Legitimate Interests (in promoting our products and services through marketing communications). In circumstances or in jurisdictions where consent is required under applicable data protection laws, we rely on your Consent to send marketing communications.
Sharing your Personal Information as described in this Privacy Policy	• Contact data • Profile data • Communication data	We use the original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the Personal Information was collected. Otherwise, we rely on your Consent.
Compliance and Protection	• All data relevant in the circumstances	Compliance with Law (where processing is necessary to comply with our legal obligations). Otherwise, we rely on our Legitimate Interests (in protecting our, your or others’ rights, privacy, safety or property).

Use for new purposes. We may use your Personal Information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your Personal Information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive Personal Information. We do not collect sensitive Personal Information (e.g., social security (or equivalent) numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) and ask that you do not provide us with any such information.

Your rights. European data protection laws give individuals in Europe the following rights regarding their Personal Information:

Right of access: You can ask us to provide you with information about our processing of your Personal Information and give you access to your Personal Information.
Right to rectification: If the Personal Information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
Right to erasure: You can ask us to delete or remove your Personal Information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law.
Right to restrict processing: You can ask us to suspend the processing of your Personal Information:
- if you want us to establish the information’s accuracy;
- where our use of the information proves to be unlawful but you do not want us to erase it;
- where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- if you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
Right to object: You can object to our processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) to do so and you believe it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes.
Right to data portability: You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format.
Right to withdraw consent at any time: Where we are relying on consent to process your Personal Information you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

‍

Exercising those rights. Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the Personal Information or where certain exemptions apply. If we decline your request, we will tell you why, subject to legal restrictions.

To exercise any of these rights, please contact us via the method listed in the Contact Us section of the Privacy Policy. We may request specific information from you to help us confirm your identity and process your request.

‍

Your Right to Lodge a Complaint with your Supervisory Authority. If you are not satisfied with our response to a request you make, or how we process your Personal Information, you can make a complaint to the data protection regulator in your habitual place of residence.

For users in the EEA: The contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en

For users in the UK: The contact information for the UK data protection regulator is below:

The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/

‍

International data transfers.

We are headquartered in the United States and may use service providers that operate in the United States and other countries. Therefore, we may transfer your Personal Information to recipients outside of the European Economic Area and/or the UK. Some of these recipients are located in countries which have been formally recognized as providing an adequate level of protection for Personal Information by the European Commission and Secretary of State in the UK, in which case, we rely on the relevant “adequacy decisions”.

Where the transfer is not subject to an adequacy decision or regulations, we take appropriate safeguards to ensure your Personal Information remains protected in accordance with this Privacy Policy and applicable laws by entering into appropriate data transfer mechanism permitted under Article 46 of the GDPR / UK GDPR (as applicable), such as the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum (as applicable).