Namecoach, Inc. Privacy Notice

Effective: August 19, 2023 

NameCoach, Inc., a Delaware corporation (“Namecoach,” “we,” “our,” “us”) respects your privacy and are committed to protecting it through this Privacy Notice (“Privacy Notice”). This Privacy Notice describes the type of information we may collect from you or that you may provide to us when you visit www.name-coach.com, our Internet website (“Site”) and use its interactive features and utilize or purchase our related services (collectively, the “Services”), and our policies and practices regarding how we collect, use, and disclose that information.  If you engage in Services offered by us, then you may be subject to other terms and conditions and disclosures relevant to the Services that are not included in this Privacy Notice.

BY ACCESSING OR BROWSING THE SITE OR USING THE SERVICES, YOU CONSENT TO THE COLLECTION AND USE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY NOTICE, AS MODIFIED FROM TIME TO TIME BY US.

This Privacy Notice is incorporated into and subject to the Terms of Service and, if applicable, the terms of your Master Services Agreement (“MSA”) with us. Any terms not defined herein are defined in our Terms of Service or our MSA.

This Privacy Notice applies to information we collect:

• From institutions, universities, colleges, schools, organizations, or business partners who enter into contracts with us (“Clients”).
• From employees of Clients or end users of our Clients (“Users”).
• From visitors to the Site or individuals that download our application(s) or utilize our name badges (collectively, with Clients and Users, “you”).
• In email, text, and other electronic messages between us.
• When you engage with us to use our Services or request information about our Services.

We reserve the right, at any time and without notice to you, to add to, change, update, or modify this Privacy Notice. If we decide to change our Privacy Notice, we will post a new notice on our Site and change the date at the top of the Privacy Notice. Any change, update or modification will be effective immediately upon posting on our Site and will apply to any Personal Information (as defined below) provided to us on and after that date. Your continued use of the Site or Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Notice periodically for updates.

If we make a material change to our Privacy Notice that affects how we collect or use your Personal Information, we will notify you via email, SMS text message, or other notification.  If you have any questions about this Privacy Notice or our use of your information, you can email us at [email protected].

I. THE TYPES OF INFORMATION WE COLLECT.

1. Personal Information 
   We collect “Personal Information,” which is information that can be used to identify you individually. For example, we collect an Internet Protocol (“IP”) Address from all visitors to our site, and, if the visitors choose to engage with us by submitting a form or requesting further information, we may also collect their names and e-mail addresses.
   
   We collect the following Personal Information from you: IP Address, full name, voice recording, email address, password, data from dashboard searches via the application, and/or interactions with the Site or application.
   
   
2. Registration and Transactional Data
   If you are using our Site or Services through our software platform, you are required to submit an email address, password, and additional Personal Information. We may collect and store access information related to your account.
   
   When you have an account with us, the combination of your email address and your password is the key to your account with our Services. We recommend that you use a unique combination of letters, numbers, and special characters to create your password. You are responsible for all actions taken in the name of your account. You should not disclose your password to anyone. You may be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason, you should immediately notify us at [email protected] and, if available, login to your account at the Site and change your password.
   
   We may also track and retain the details of all transactions and communications between clients, users, target audiences, and other visitors on our Site and Services such as emails, feedback, ratings, sale and purchase of Services, and any other forms of communications. We may use and display your name when you send an email or other communication through our Site or Services.
   
   
3. Contact Us Information and Feedback
   We may collect information that identifies you personally when you submit comments, questions, or suggestions to us or to the Services using the Contact Us form or by email, including attached files in an email sent to us. Any comments and any emails we receive from you are subject to this Privacy Notice.
   
   
4. Computer and Device Information 
   We use a variety of data collection platforms to obtain information from or about the computers and devices that you use to access the Services, as determined and allowed by the personal settings you have for those computers and devices. These platforms include but are not limited to: Google Analytics, Webeo, Hubspot, and Warmly. This list of platforms is subject to change by the Company.
   
   We collect the IP address, domain name, browser type, operating system, device settings, location, flash cookies, session cookies, application logs, and other code tracking devices from any device you use to access our Services and any pages at our Site. You can turn off and adjust settings on your computers and devices that will not allow us to collect information. For example, in many cellular devices, you can turn off location settings by selecting the “Settings” feature, choosing “Privacy” and turning off “Location.”
   
   
5. Transactions & Communications with Third Parties
   The Site contains applications, that enable you to connect to and from social networking sites and we may collect information about you from such social networking sites in order to provide you with a more personalized experience. Some content, email, or text message marketing campaigns from our Site and Services may be served by third-parties, including advertisers, ad-networks and servers, content providers, and application providers. These third-parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Services. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
   
   
   We may enable third parties to serve advertisements available through our Services, Site, or on third-party websites or other media (e.g., social networking platforms) that enable us and third parties to target advertisements to you for products and services in which you might be interested. Third-party ad network providers, advertisers, sponsors, or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), LSOs and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third-party cookies and other technologies are governed by each third-party specific privacy statement, not this one. We may provide these third-party advertisers with Personal Information.
   

II. How We Use And Share Information.

We do not control the third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

1. Provide our Services
   We use Personal Information to provide you with the features available through the Site and Services (including, to analyze the performance of your specific recording and/or account to make improvements, if needed), to respond to requests that you initiate through the Site or Services, to process requests and required actions pursuant to our Services, and to communicate with you. When we have location information, we may use it to tailor our services for you, to assist members of an institution in learning how to pronounce a student’s (or other individual’s) name, how to correctly address a student (or other individual), and learn other relevant information the student (or other individual) chooses to share. We do not share any of your contact information with an institution without your consent.  All student or other individual records obtained by Namecoach from an institution are the property of and are under the control of that institution. 
   
   Additionally, we may invite you to participate in surveys, questionnaires, contests, or to contact us with questions, comments, or to provide us with feedback, which due to the nature of some of these activities, may include the collection of Personal Information. By accessing or using the Services, we might collect additional data as set forth below in the “Aggregate Information” paragraph.
   
   We may use your Personal Information to contact you to deliver certain services, news, or information related to the Services, verify your authority to use our Services, and improve the content and general administration of the Services. If you do not wish for your Personal Information to be used as described in this Section, do not use the Services.  You may also opt out of receiving promotional notifications by following the opt-out instructions in the emails that are sent to you.
   
   
2. Contact By Mobile Phone
   By providing us with your mobile phone number, you hereby expressly consent to receive automated text messages (including SMS and MMS) from us at the mobile phone number you provided. You represent that you are 18 years of age or older and you have the consent of the wireless account holder associated with the mobile phone number you provided.
   
   You are responsible for all charges and fees associated with text messaging imposed by your wireless provider. Message and data rates may apply.
   
   Text messages may be sent using an automatic telephone dialing system or other technology. Your consent to receive automated text messages is not required as a condition of purchasing, or utilizing, any of our Solution services. If you have opted in (this decision and others detailed further below), we may provide updates via text messages through your wireless provider to the mobile number you provided. Message frequency varies.
   
   
3. Internal Analysis and Promotions
   We may use Personal Information, non-personal, and aggregate information to evaluate and improve our services, and for our own internal statistical, design, product development, or operational purposes, or, for example, to estimate our audience size, measure aggregate traffic patterns, and understand demographic and other trends among our Clients and Users. We transfer information to certain vendors and service providers who provide technical infrastructure services and other content, analyze our services, and measure the effectiveness of our services.
   
   We may outsource all (or some) of the tasks described in this Privacy Notice to third parties on a confidential basis, and would only share your Personal Information as needed for performance of those tasks, and only pursuant to appropriate confidentiality agreements. You agree that we may use your Personal Information, including your email address, to improve our Site and Services, and to customize the Services content and layout. These uses improve our Site and Services and better tailor it to meet your needs, so as to provide you with a smooth, efficient, and safe experience while using the Services.
   
   
4. Marketing Purposes
   If you provide us with feedback, we will collect that information and we may use it in our marketing materials, use it on our Site or to improve or enhance our Services, or disclose it for any purpose we choose. Your Personal Information will not be disclosed or associated with any feedback that we use or disclose unless you have given us permission to use your Personal Information for this purpose. We may use computer and device information for marketing purposes, to examine traffic to the Site and Services and improve the Site and Services to provide you a better experience.
   
   
5. Legal Requirement
   We may disclose Personal Information, non-personal information, and aggregate information:
   1. to comply with the law, cooperate and respond to requests and claims or comply with legal process served on us (e.g., a lawful subpoena, warrant, or court order);
   2. to enforce or apply policies, or agreements (including to initiate, render, bill, and collect for amounts owed to us);
   3. to protect and defend us or our user’s rights or property, the Site, Services, our employees, visitors, or the public, (including protecting and defending from fraudulent, abusive, or unlawful use of, the Site or Services); or
   4. if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay.
      
      
6. Company Sale
   Information collected through our Site or Services is considered our trade secret or proprietary information. As the owner of such information, we may disclose or sell such information as an asset of the company in conjunction with the sale to a third-party of our company or a portion of our assets.
   

III. How You Can Manage Your Information.

You may choose not to provide us with any Personal Information. In that case, you can still visit and browse our Site, however, you will not have access to or be able to use our Services.

1.  Account Settings
   Clients and Users who set up an account with us may elect to receive or stop receiving general and/or informational emails from us or any third-party as described by this Privacy Notice. If you receive email communications from our Services, you may use the unsubscribe link contained in the email. Please note that if you are currently receiving services from us and you have decided to opt-out of such general/informational emails, this will not impact the messages we send to you for purposes of delivering such services. Further, if you are a User, you also may not be able to unsubscribe from certain informational e-mails sent by your institution or employer during the course of your enrollment.  Please contact us at [email protected] if you need assistance, or if you have any questions about the different types of emails.
   
   You may have the opportunity to create a profile (e.g. a NameBadge), which consists of information about you, which may include Personal Information, photographs, and other information regarding your use of the Services (“Profile”).  Some or all of this information may be visible to third parties, depending on your account settings and the Services you are using. If you do not want your Profile to be visible to Third Parties, you may contact us at [email protected] to opt-out of this feature.
   
   
2. Request Changes
   You may also review and request changes to your Personal Information and obtain removal of content or information you have publicly posted at our Site by sending an email with a detailed description of the specific content or information to [email protected]. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
   
   Please be aware that we cannot always delete records of past interactions and transactions. For example, we are required to retain records relating to record retention laws, for financial reconciliations and reporting and other legal compliance reasons.
   
   
3. Manage Your Security Settings
   You may manage how your browser handles cookies and related technologies by adjusting its privacy and security settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available. You can opt-out of being targeted by certain third-party advertising companies online at http://www.networkadvertising.org/choices/.
   
   You may manage how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
   
   Users in the United States may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and your choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative’s (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and your choices regarding having information used by NAI members. The NAI’s main webpage is located at www.networkadvertising.org.
   
   Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through the Services. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt-out on the DAA or NAI websites, your opt-out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website.
   
   We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
   
   
4. Links to Other Websites
   Please be aware that we may provide links to third-party websites (“External Web Sites”) as a service to our visitors, and that we are not responsible for the content or information collection practices of those pages. Such links do not constitute an endorsement by Namecoach of those External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on the linked to External Web Sites. Please note that these websites’ privacy policies may differ from our Privacy Notice. We encourage you to review and understand the privacy practices at third-party websites before providing them with information.
   
   
5. Opt-Out
   You may opt out of receiving emails or text messages from us at any time either by texting the word “STOP” to any text message using the mobile device that is receiving the messages, by using the unsubscribe link contained in the email, or by contacting the sender. If you are unable to resolve this through these means, contact us at [email protected]. Despite your election to opt-out, if you are still receiving services from us or using our Services, we may send you emails or contact you by other means regarding your account, transactions, and your activities with the Services.
   

IV. What Else Should You Know About Our Privacy Practices.

1. Security
   We follow generally accepted industry standards to protect Personal Information, including your email address, submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.
   
   The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
   
   
2. Children
   The Children’s Online Privacy Protection Act (“COPPA”) requires that all online service providers, including Namecoach, obtain parental consent before knowingly collecting Personal Information from children under the age of 13.  Our Services are directed towards adults who are of the legal age to access them in their respective jurisdictions and by accessing and using our Services, you represent and warrant that you are of the legal age to form a binding contract with us in your respective jurisdiction and that you meet the foregoing eligibility requirements.  Namecoach does not knowingly collect or solicit any Personal Information from children under the age of 13.  Children under the age of 13 are prohibited from using the Services or creating an Account unless they are doing so with parental consent or with the consent of a teacher, school, or district who is providing such consent in compliance with COPPA.  If we learn that we have collected personal information from a person under the age of 13 that does not comply with COPPA, we will delete that information in a reasonably prudent amount of time.  If you believe that a child under the age of 13 has provided Personal Information to us, please contact us at [email protected].
   
   
3. Aggregate Information and De-Identified Information
   We may track the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, and IP addresses. We may also analyze this data for trends and statistics in the aggregate, but such information will be maintained, used and disclosed in aggregate form only and will not contain Personal Information. We may use such aggregate information to analyze trends, administer the Site, track users’ movement, and gather broad demographic information for aggregate use.
   
   Namecoach may use certain De-Identified Data obtained from you as a part of its product development process. De-Identified Data is content that has had all of direct and indirect personal identifiers removed, including, but not limited to, name, location information, and school ID. Namecoach agrees not to attempt to re-identify De-Identified Data.
   
   Note: Namecoach takes privacy extremely seriously, and strictly adheres to the Family Education Rights Protection Act of 1974 (“FERPA”). Namecoach works with institution(s) to ensure compliance with FERPA and applicable privacy laws, and one of the most important ways in which it ensures compliance with FERPA is by never storing any student Personal Information or student academic records in unencrypted form.  Refer to the FERPA Policy for more information.
   
   
4. Artificial Intelligence
   We utilize artificial intelligence (“AI”), for various reasons, including to enable us to provide our Services to you by allowing us to make our own voice recordings.  We have contracted with a third party (resemble.ai) with whom we will be sharing certain Personal Information to accomplish this goal. Resemble.ai has agreed not to process any of the data that we will be sharing as a part of the creation of the voice recordings, and it does not have any rights or ownership in such voice recordings.
   
   

V. Security.

We employ procedural and technological security measures that are reasonably designed to help protect your Personal Information from loss, unauthorized access, disclosure, alteration or destruction, which includes encryption and other security measures to help prevent unauthorized access to your Personal Information.

VI. Data Breach Notification.

Namecoach maintains an information security plan to protect the security, confidentiality, and integrity of Personal Information of users and institutions. As part of its information security plan, Namecoach will promptly notify affected individuals of a data security breach. Written notification will be sent by first-class mail to the address on record for the individual or institution.  Written notification will contain:

• A brief description of what occurred with respect to the breach, including, to the extent known, the date of the breach and the date on which the breach was discovered;
• A description of the types of Personal Information that were involved in the breach;
• A description of the steps the affected individual or institution should take to protect against potential harm from the breach;
• A description of what Namecoach is doing to investigate and mitigate the breach and to prevent future breaches; and
• Contact procedures for individuals to ask questions or learn additional information, which will include a toll-free telephone number, an email address, website or postal address.

If Namecoach determines individuals or an institution should be notified urgently of a breach because of possible imminent misuse of unsecured Personal Information, Namecoach may, in addition to providing notice as outlined above, contact the individual or institution by telephone or other means, as appropriate.

VII. California Privacy Rights; California Consumer Privacy Act (“CCPA”) as Amended by the California Privacy Rights Act (“CPRA”); other California Consumer Rights

California Civil Code Section § 1798.83 permits users of our Site that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not provide your Personal Information to any third parties for direct marketing purposes as defined in California Civil Code Section § 1798.83. Please contact us [email protected] for any questions regarding your Personal Information.

AB 1584 is a California law that defines student and educational agencies’ rights with regard to pupil records.  Namecoach maintains compliance with AB 1584 as described in this Privacy Notice and as described in, as applicable, a MSA with California institution(s).

1. Categories of Personal Information Collected
   Under the CCPA, as amended by the CPRA, you have the right to know what personal information we have collected about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of Personal Information we have collected about you.
   
   As set forth above, we collect the following categories of information: identifiers (such as your name, voice pronunciation, and email address), other personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (such as your name and contact information), internet or other similar network activity, geolocation data, and inferences drawn from the collected Personal Information.  This information is collected directly from you when you provide it to us (for example when you submit a form requesting more information, when you enter into a contract with us, or when you ask for us to create a NameBadge) or automatically as you navigate through the Site.  We use this information for one or more legitimate business purposes, including to provide our Services, improve our Services, and offer information about our Services to you, and allow you as the Client/User to purchase/use our Services. The specific pieces of information we have collected about you vary, depending on whether you are browsing the Site, a Client, or a User, but we have defined these different types of Personal Information in Section 1.A of this Privacy Notice. We also disclose certain Personal Information to third parties who are providing services to you, including AI.
   
   We do not sell or share Personal Information as defined by the CCPA, and have neither sold nor shared any of your Personal Information with third parties in the past twelve (12) months.
   
   
2. Rights of California Residents
   
   If you are a resident of California, you have other rights under the CCPA/CPRA:
   
   • Right of Access: You can access your collected personal information by contacting us at [email protected].
   • Right to correct, update, or delete: You can correct, update or request deletion of your personal information by contacting us at [email protected]. We can’t make changes to or delete your information in some situations where it is necessary for us to maintain your information, for example if we need the information to comply with applicable law.
   • Right to Request Disclosure of Information Collected: Please contact us at [email protected] to request further information about the categories of personal information we have collected about you, where we collected your personal information, and for what purpose we use your personal information.
   • Right to Disclosure of Information Sold or Shared and Right to Opt-Out of the Sale or Sharing of your Personal Information: You have the right to know what information of yours we have sold, and you have the right to opt-out of any sale of your information. We do not sell or share any of your information.  If you have any questions about these rights, please contact us at [email protected].
   • Rights to Disclosure of Sensitive Information: You have a right to know how we collect, process, and disclose “Sensitive Personal Information” (SPI). SPI includes highly sensitive data such as: social security number; driver’s license; passport number; financial account information and log-in credentials; precise geolocation data; genetic data; and ethnic origin. We collect and process the following types of SPI: log-in credentials and precise geolocation data through IP Addresses. We use the SPI to provide the Services to Users and to be able to process payment from Clients. Please note that Namecoach does not directly collect payment information and is not a money-services business. If this functionality is made available in the Services, it is provided by an unaffiliated third party, and like any other third-party service, subject to their terms of use. Notwithstanding the foregoing, Namecoach may send you invoices according to an applicable MSA. If you have any questions about the disclosure of SPI, please contact us at [email protected].
   • Right to Retention Details: You have a right to know the length of time we retain each category of Personal Information or if that is not feasible, the criteria we will use to determine that retention period. If you have any questions about this right or our data retention protocol, please contact us at [email protected]. Namecoach stores and retains data including Personal Information for so long as may be required under the terms of an applicable agreement, or for so long as may be required to comply with a legal obligation, resolve disputes, maintain security, prevent fraud and abuse, enforce our terms of service, or fulfill your request to “unsubscribe” from further messages from us.  Namecoach will also delete data upon any client request.  We may retain certain information that is considered “Directory Information” under FERPA, and/or De-Identified information to enable us to refine and hone our Services after you have discontinued your use of the Services.  Questions regarding data storage, recovery, and deletion should be directed to:
     
     Namecoach, Inc.
     Attn: Customer Success Manager
     2627 Hanover St
     Palo Alto, CA 94107
     Phone: (650) 394-6263
     Email: [email protected]
     
   • Right to Non-Discrimination: We do not and will not discriminate against you if you exercise your rights under the CCPA.

VIII. Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”), Nevada Privacy of Information Collected on the Internet from Consumers Act (“NPICICA”), Utah Consumer Privacy Act (“UCPA”), Virginia Consumer Data Protection Act (“VCDPA”), Disclosures

1. Categories of Personal Information Collected
   If you are a resident of Colorado, Connecticut, Nevada, Utah, or Virginia, you have other rights under your respective states’ consumer privacy statutes:
   
   • Right of Access: You can access your collected personal information by contacting us at [email protected].
   • Right to correct, update, or delete: You can correct, update or request deletion of your personal information by contacting us at [email protected]. We can’t make changes to or delete your information in some situations where it is necessary for us to maintain your information, for example if we need the information to comply with applicable law.
   • Right to Request Disclosure of Information Collected: Please contact us at [email protected] to request further information about the categories of personal information we have collected about you, where we collected your personal information, and for what purpose we use your personal information.
   • Right to Disclosure of Information Sold or Shared and Right to Opt-Out of the Sale or Sharing of your Personal Information: You have the right to know what information of yours we have sold, the categories of Personal Information shared, and you have the right to opt-out of any sale or sharing of your information. We do not sell or share any of your information.  If you have any questions about these rights, please contact us at [email protected].
   • Right to Disclosure of Targeted Advertising and Right to Opt-Out (Colorado, Connecticut, Utah, & Virginia): If you are a resident of Colorado, Connecticut, Utah, or Virginia, you have the right to know what information of yours we have processed for targeted advertising. We do not engage in targeted advertising. If you have any questions about these rights, please contact us at [email protected].
   • Right to Disclosure of Profiling (Colorado, Connecticut, Utah, & Virginia): If you are a resident of Colorado or Virginia, you have the right to know what information of yours we have processed for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. If you have any questions about these rights or wish to opt-out of any processing of your personal information as it relates to profiling, please contact us at [email protected].
   • Right to Non-Discrimination:We do not and will not discriminate against you if you exercise your rights under the CPA, CTDPA, NPICICA, UPA, or VCDPA.
     
     
2. Rights of Colorado, Connecticut, Nevada, Utah, and Virginia Residents

IX. Exercising your Rights Under the CCPA, CPRA, CPA, CTDPA, NPICICA, UPA, or VCDPA

1. Submitting a Request
   
   To exercise the rights described in this Privacy Notice, please submit a verifiable consumer request to us:
   • via phone: Toll Free +1-888-557-3327
   • via email: [email protected]
   • via link: https://cloud.name-coach.com/do-not-sell-or-share-my-personal-information/
   
   Only you, or someone legally authorized to act on your behalf (if in California, the person legally authorized to act on your behalf must be registered with the California Secretary of State), may make a verifiable consumer request related to your Personal Information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows Namecoach to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include the user’s:
   
   • First name
   • Last name
   • Email address
   • Please describe your request with sufficient detail that allows Namecoach to properly understand, evaluate, and respond to your request
     
2. Verifying Requests
   
   Namecoach cannot respond to your request or provide you with Personal Information if Namecoach cannot verify your identity or authority to make the request and confirm the Personal Information that relates to you. If Namecoach cannot initially verify your identity or authority, Namecoach will follow internal procedures to verify your identity and authority. Namecoach attempts to respond to a verifiable consumer request within forty-five (45) days of its receipt. If Namecoach requires more time (up to 45 days), Namecoach will inform you of the reason and extension period in writing.
   
   If you have an account with Namecoach, Namecoach will deliver Namecoach’s written response to that account. If you do not have an account with Namecoach, Namecoach will deliver Namecoach’s written response by mail or electronically, at your option.
   
   Any disclosures Namecoach provides will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response Namecoach provides will also explain the reasons Namecoach cannot comply with a request, if applicable. For data portability requests, and to the extent that Namecoach is able, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the Personal Information from one entity to another entity. If we are not able to do so, we will let you know
   
   Namecoach does not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If Namecoach determines that the request warrants a fee, Namecoach will tell you why Namecoach made that decision and provide you with a cost estimate before completing your request.
   
   If you have any questions or comments about your rights under the CCPA, CPRA, CPA, NPICICA, VCDPA, and CTDPA please contact us at [email protected]
   
   

X. Users from Outside of the United States

• General: By using the Services you acknowledge and agree that: (i) your information will be processed as described in this Privacy Notice; and (ii) you consent to have your information transferred to us and our facilities in the United States or elsewhere, including those of third parties as described in this Privacy Notice.

• European Economic Area (EEA) or Switzerland: If you are based in the EEA or Switzerland, you acknowledge and agree that we may transfer your information (including personal information) to us and our facilities in the United States or elsewhere, including those of third parties as described in this Privacy Notice. Please review our Terms of Service and the applicable services agreement for more information regarding any other applicable data protections.

• Legal Basis for processing your information. If you are a user located in the EEA or Switzerland, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we may also have a legal obligation to collect personal information from you. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to Contact Us” heading below.  Namecoach adheres to the General Data Protection Regulation (“GDPR”). For further details, please see the GDPR section below.
  
  

XI. Canadian User Rights – FIPPA and PIPEDA

Namecoach makes every effort to cooperate with institutions in compliance with the Canadian Freedom of Information and Protection of Privacy Act (“FIPPA”), Personal Information Protection and Electronic Documents Act (“PIPEDA”), and all federal and provincial laws and regulations, including those related to privacy and anti-spam legislation.

FIPPA provides Canadian citizens with the right to access information under the control of institutions, while PIPEDA aims to protect the privacy rights of individuals by regulating how organizations handle their personal information and fostering transparency, accountability, and consent in the collection and use of personal data.

This Privacy Notice, any applicable MSA Agreement, and the Terms of Service, all detail Namecoach’s and the institution’s obligations in regard to confidentiality, transparency, accountability, and consent in the collection and use of data. FIPPA and PIPEDA compliance are predicated on all Parties’ compliance with these provisions.

Further, with regard to PIPEDA’s ten “fair information principles” forming the ground rules, so to speak, for how Personal Information should be collected and disclosed, the Privacy Notice complies with that as well. The goal of the Fair Information Principles is to examine any collection and use of Personal Information, and ensure that it only be used in such a way that a reasonable person would consider appropriate in the circumstances. Namecoach, throughout this document, complies with that ask by being fully transparent and open with regard to all of its policies, and approaching them in not only a fully reasonable manner, but also in a cautious manner looking toward protecting all Personal Information.

XII. GDPR

Introduction

The goal of the GDPR is to standardize data protection laws and processing across the EU, and to give individuals stronger, more consistent rights to access and control their personal information.  Namecoach is committed to ensuring the security and protection of all personal information that we process, and to approach data protection in a compliant and consistent manner.  We have developed and are continuously implementing and updating our data protection roles, policies, procedures, controls, and measures to ensure maximum compliance.

In most processing contexts, Namecoach acts as a processor or service provider for a controller institution or certifying entity. In those situations, where required by applicable law, Namecoach only transfers personal data to third countries or international organizations where the controller institution or certifying entity has authorized Namecoach to do so in accordance with applicable law.

When we transfer information from individuals in the EEA to countries that have not received an adequacy finding under Article 45 of the GDPR, we rely on alternative adequate safeguards, such as the contractual mechanisms set forth in Article 46 of the GDPR or derogations for specific situations set forth in Article 49 of the GDPR.  In the limited situations where we act as a controller and rely on a cross-border transfer mechanism under Article 49, we only collect and transfer your information to third countries: (i) with your consent; (ii) to perform a contract with you; or (iii) to establish, exercise, or defend legal claims.

Methods of Compliance

• Information Audit – We periodically audit information to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
• Policies & Procedures – We monitor and update data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws.
• Data Retention & Erasure – We have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right To Be Forgotten’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response time frames and notification responsibilities.
• Data Breaches – We have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time, and have disseminated these to all employees.
• International Data Transfers & Third-Party Disclosures –We carry out strict due diligence checks with all recipients of personal information to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
• Subject Access Request (SAR) – We have revised our SAR procedures to accommodate the revised 30-day time frame for providing the requested information and for making this provision free of charge. Our procedures detail how to verify the data subject, what steps to take for processing an access request, and what exemptions apply to ensure that communications with data subjects are compliant, consistent and adequate.
• Legal Basis for Processing – We reviewed all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the related activity. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of GDPR and Schedule 1 of the Data Protection Bill are met.
• Privacy Notice/Policy – We have revised our Privacy Notices to comply with GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
• Direct Marketing – We have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions, a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
• Processor Agreements – Where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting, etc.), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with GDPR.
• Right of access: You can access your collected personal information by contacting us at [email protected].
• Special Categories Data – Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed when we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Further, in general, we do not request or require sensitive or special category information about you, including:
  • Racial or ethnic origins
  • Political opinions
  • Religious or philosophical beliefs
  • Trade-union membership
  • Genetic data
  • Biometric data
  • Data regarding Your health (including mental or physical health), sex life, or sexual orientation
  • Criminal records
  • Credit history and creditworthiness
  • Citizenship or immigration status
    

Rights of Data Subject

• Right to correct, update, or delete: You can correct, update, or request deletion of your personal information by contacting us at [email protected].
• Right to restriction of processing: You can ask us to restrict processing your personal information by contacting us at [email protected].
• Right to object to processing: You may object to the processing of your personal information by us at any time by contacting us at [email protected].  This right does not exist if we have already processed your personal information.
• Right to data portability: You can ask to take your personal information that you provided to us, in a structured format, from us by contacting us at [email protected]. .
• Right to withdraw consent: You have the right to withdraw your consent to our processing of your information by contacting us at [email protected]. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 
• Right to file a complaint with the local supervisory authority: You have a right to raise questions or complaints with your local data protection authority at any time.
  

If you have any questions or comments about this Privacy Notice, please contact us at [email protected].