EFFECTIVE DATE: February 19, 2020
This “Privacy Notice” describes the practices of Radiqal, LLC. and its
subsidiaries and affiliates (collectively, “Radiqal”, “we”, “us”, or “our”) and
the rights and choices available to individuals, regarding personal data.
Personal data means any information that relates to an identifiable individual.
Radiqal may provide additional or supplemental privacy notices to individuals
at the time we collect their data, which will govern how we may process the
information provided at that time. We may alter this Privacy Statement as
needed to abide by local laws or regulations around the world, such as by
providing supplemental information in certain countries. This Privacy Notice
does not apply to Radiqal’s processing of the
personal data of its personnel, such as employees and contractors.
We provide important information here for individuals located within Member
States of the European Union, countries in the European Economic Area "European Economic Area"),
the United Kingdom, and Switzerland (collectively, “Europe” or “European”).
1. The personal
data we collect
We collect personal data about individuals from various sources described
below. Where applicable, we indicate whether and why individuals must provide
us with personal data, as well as the consequences of failing to do so.
A. Information that we collect when a merchant’s customer
interacts with a Radiqal POS
(i) Information that we collect when individuals make a
payment
When you make a payment at a merchant using a Radiqal Medallion Pay Point
of Sale system (“Radiqal POS”), we collect information about the transaction,
which may include personal data. Information about transactions includes the tokenized
representation of the payment card used (“Payment Intent Token”), name
associated with the payment card, ship or vessel that the card user is
currently sailing on “(“Ship Name”), customer photo (“Guest Security Picture”),
electronic signature, name and location of the merchant at which the
transaction occurred, date and time of the transaction, transaction amount, transaction
details, and information about the goods or services purchased in the
transaction.
(ii) Additional information merchants’ customers may
provide through the Radiqal POS
We may collect additional information, depending on how a merchant
configures its Radiqal POS. This information may include:
B. Information that we collect from merchants about their
customers
Our merchants may provide us with information about their customers. This
information may include uploaded email addresses, phone numbers, and purchase
history, for instance when we manage promotions or marketing communications or
perform other services on behalf of a merchant.
C. Information collected via third-party applications
A merchant may choose to install third-party applications on its Radiqal
POS, much like an individual can install applications on their mobile phone or
tablet device. Radiqal may receive personal data about merchants, merchant’s
customers, or merchant’s personnel as a result of the merchant’s use of the
third-party application, such as when the application enhances or performs
services related to the personal data and returns information to the merchant’s
account. We are not responsible for the privacy practices of third-party
applications that are run on the Radiqal POS or the scope or quality of the
data that such an application transmits to us; however, we will treat the data
we receive from the third-party application in accordance with this Privacy
Policy.
D. Information collected via automated means
When you access our websites or use our mobile applications, we, our
service providers, and our partners may automatically collect information about
you, your computer or mobile device, and activity on our websites or mobile
applications. Typically, this information includes your computer or mobile
device operating system type and version number, manufacturer and model, device
identifier (such as the Google Advertising ID or Apple ID for Advertising),
browser type, screen resolution, IP address, the website you visited before
browsing to our website, general location information such as city, state or
geographic area; and information about your use of and actions on or in our
websites or mobile applications, such as pages or screens you accessed, how
long you spent on a page or screen, navigation paths between pages or screens,
information about your activity on a page or screen, access times, and length
of access. Certain products or services that we provide
or which merchants may incorporate into their websites or mobile applications
may automatically collect additional information, as may be further described
in a separate privacy notice.
Our service providers and business partners may collect this type of
information over time and across third-party websites. This information is
collected via various mechanisms, such as via cookies, web beacons, embedded
scripts, through our mobile applications, and similar technologies. This type
of information may also be collected when you read our HTML-enabled emails. You
can choose to disable cookies or to opt out of the use of your browsing
behavior for purposes of targeted advertising. For opt out instructions, please
review the “Targeted online advertising” portion of the “Your Choices” section
of this Privacy Notice.
2. How we use your personal data
We use your personal data for the purposes of:
A. Providing our products and services, which includes:
B. For research and development
We use the information we collect for our own research and development
purposes, which include:
C. Marketing
We may use your personal data to form a view on what products or services
we think you may want or need, or what may be of interest to you.
We may present opportunities when you use a Radiqal POS to provide your
personal data to Radiqal and merchants to facilitate marketing communications
between you and the merchant, and we will send such marketing communication if
you agree to receive them.
We may contact merchants and merchant’s personnel with marketing
communications using the personal data that the merchant provided to us if the
merchant actively expresses interest in making a purchase of Radiqal products
or services or have made a purchase from us and, in any case, have not opted
out of receiving that marketing, to the extent permitted by applicable law.
Where required by law, we will get your express opt-in consent before we
share your personal data with any company outside of Radiqal for marketing
purposes.
You can ask us to stop sending you marketing messages at any time by
contacting us using the details at Contact us section or clicking on the opt-out link included in each marketing
message.
Should you choose to opt out of receiving our marketing messages, we will
continue to carry out our other relevant activities using your personal data,
including sending non-marketing messages.
D. Complying with law
We use your personal data as we believe necessary or appropriate to comply
with applicable laws, lawful requests and legal processes, such as to respond
to subpoenas or requests from government authorities.
E. Compliance, fraud prevention and safety
We use your personal data as we believe necessary or appropriate to (a) enforce
the terms and conditions that govern our products and services; (b) protect our
rights, privacy, safety or property, and/or that of you or others; and (c)
protect, investigate and deter against fraudulent, harmful, unauthorized,
unethical or illegal activity.
F. With your consent
In some jurisdictions, applicable law may require us to request your
consent to use your personal data in certain contexts, such as when we use
certain cookies or similar technologies or would like to send you certain
marketing messages. If we request your consent to use your personal data, you
have the right to withdraw your consent any time in the manner indicated when
we requested the consent or by contacting us. If you have consented to receive
marketing communications from our third party
partners, you may withdraw your consent by contacting those partners directly.
G. To create anonymous data
We may create anonymous data from your personal data and from other
individuals whose personal data we collect. We make personal data into
anonymous data by excluding information that makes the data personally
identifiable to you, and use that anonymous data for
our lawful business purposes.
3. The parties with whom we share your personal data
A. Companies within the Radiqal group
We may disclose your personal data to our subsidiaries and corporate
affiliates – for purposes consistent with this Privacy Notice.
B. Service providers
We may employ third party companies and individuals to administer and
provide services on our behalf (such as companies that provide customer
support, companies that we engage to host, manage, maintain, and develop our
website, mobile applications, and IT systems, and companies that help us
process payments). These third parties may use your information only as
directed by Radiqal in a manner consistent with this Privacy Notice and are
prohibited from using or disclosing your information for any other purpose.
C. Third-party applications that interface with Radiqal
POS or Service
Third-party applications that a merchant has installed on a Radiqal POS may
be capable of providing instructions to Radiqal to engage in a transfer of
personal data, similar to how a merchant could provide
such directions. For example, an application may direct Radiqal to export data
or reports to a third-party cloud storage system. Merchants are responsible for
their use of third-party applications, the directions that the application
provides to Radiqal, and Radiqal’s reliance on those
directions. Radiqal is not responsible for the privacy policy or practices of
any third-party application.
D. Merchants
When Radiqal performs services for merchants, it may share personal data
with those merchants. For example, Radiqal may collect information about a
merchant’s customers from or on behalf of the merchant, such as when Radiqal
processes payment transactions, and Radiqal may provide personal data about
those customers back to the merchant. We are not responsible for the privacy
practices of merchants who use our services.
E. Participants in the transaction processing chain
Radiqal shares personal data with companies in the transaction processing
chain in connection with processing a payment transaction, such as merchants,
banks or other card issuers, card associations, debit network operators and
their members.
F. Credit reference, fraud protection, risk management,
and identity and verification agencies
Radiqal shares personal data with credit reference, fraud protection, risk
management, and identity verification agencies to help guard against, detect,
and respond to fraud or money laundering, and/or manage our or merchants’ risk,
and ensure we comply with contractual, legal, or regulatory requirements.
G. Professional advisors
We may disclose your personal data to professional advisors, such as
lawyers, bankers, auditors and insurers, where necessary in
the course of the professional services that they render to us.
H. To comply with laws and law enforcement;
protection and safety
Radiqal may disclose information about you to government or law enforcement
officials (including tax authorities) or private parties as required by law,
and disclose and use such information as we believe necessary or appropriate
to:
(i) Comply with applicable laws, lawful requests, and legal processes, such
as to respond to subpoenas or requests from government authorities;
(ii) Enforce the terms and conditions that govern our products and services;
(iii) Protect our rights, privacy, safety or property, and/or that of you
or others; and
(iv) Protect, investigate and deter against fraudulent, harmful,
unauthorized, unethical or illegal activity.
I. Business transfers
Radiqal may sell or transfer some or all of its business or assets,
including your personal data, in connection with a business transaction (or
potential business transaction) such as a merger, consolidation, acquisition,
reorganization or sale of assets or in the event of bankruptcy, in which case
we will make reasonable efforts to require the recipient to honor this Privacy
Notice.
J. To other parties with your permission or to fulfill a
contract they have with you
Radiqal may transfer your personal data to any third party who is not
otherwise covered by the other listed categories above where you have given us
permission to do so, or with whom you have entered into a contract when we need
to transfer your personal data to that party in order to fulfil that contract.
4. Your rights and choices
In this section, we describe the rights and choices available to all users.
Users who are located in Europe may read additional
information about their rights below.
A. Marketing communications
You can ask us to stop sending you marketing messages at any time by
contacting us or clicking on the opt-out link included in each marketing
message. You may continue to receive service-related and other non-marketing
messages. You may unsubscribe from a specific merchants’ communications sent to
you via Radiqal’s technology by clicking “Unfollow”
(or a similarly-titled opt-out link).
B. Targeted online advertising
Some of the business partners that collect information about users’
activities on our websites or in our mobile applications may be members of
organizations or programs that provide choices to individuals regarding the use
of their browsing behavior or mobile application usage for purposes of targeted
advertising. Users may opt out of receiving targeted advertising on websites
through participating members of the following organizations or programs:
Users of mobile applications may opt out of receiving targeted advertising
in mobile applications through participating members of the Digital Advertising
Alliance by installing the AppChoices mobile
application, available here, and selecting the user’s choices.
In addition, your mobile device settings may provide functionality to limit
our, or our partners’, ability to engage in ad tracking or targeted advertising
using the Google Advertising ID or Apple ID for Advertising associated with
your mobile device.
Please note that we also may work with companies that offer their own
opt-out mechanisms and may not participate in the opt-out mechanisms that we
linked above.
If you choose to opt-out of targeted advertisements, you will still see
advertisements online but they may not be relevant to you.
Even if you do choose to opt out, not all companies that serve online behavioural advertising are included in this list, and so
you may still receive some cookies and tailored advertisements from companies
that are not listed.
C. Do Not Track Signals
Some Internet browsers may be configured to send "Do Not Track"
signals to the online services that you visit. We currently do not respond to
do not track signals. To find out more about "Do Not Track," please
visit http://www.allaboutdnt.com.
D. Choosing not to provide your personal data
Where we request personal data directly from you, you do not have to
provide it to us. If you decide not to provide the requested information, in
some circumstances we, or merchants who use Radiqal, may be unable to provide
products or services to you. For example, we may be unable to process your
transaction.
E. Accessing, modifying or deleting your information
In some jurisdictions, applicable law may provide a right for individuals
to access, modify, or delete their personal data. You may contact us directly
to request access to, or modification or deletion of, your information. We may
not be able to provide access to, or modify or delete, your information in all
circumstances.
F. Complaints
If you have a complaint about our handling of your personal data, you may
contact our data protection officer using the contact information below. We
request that a complaint be made in writing. Please provide details about your
concern or complaint so that our data protection officer can investigate it. We
will take appropriate action in response to your complaint, which may include
conducting internal discussions with relevant business representatives. We may
contact you for additional details or clarification about your concern or
complaint. We will contact you to inform you of our response to your complaint.
You also may have a right to file a complaint with a national or local
regulatory agency.
5. International transfers
Radiqal is headquartered in the United States. Your personal data may be
transferred to the United States or other locations outside of your state,
province, country or other governmental jurisdiction where we or our service providers
maintain offices and where privacy laws may not be as protective as those in
your jurisdiction. If we make such a transfer, we will require that the
recipients of your personal data provide data security and protection in
accordance with applicable law.
6. How we keep your data safe
We have put in place appropriate security measures to prevent your personal
data from being accidentally lost, used or accessed in an unauthorized way,
altered or disclosed. In addition, we limit access to your personal data to
those employees, agents, contractors and other third parties who have a
business need to know. They will only process your personal data on our instructions,
and they are subject to a duty of confidentiality.
We maintain annual compliance with global Payment Card Industry Data
Security Standard (PCI DSS) adopted by the payment card brands for all
companies that process, store or transmit cardholder data.
We have put in place procedures to deal with any suspected personal data
breach and will notify you and any applicable regulator of a breach where we
are legally required to do so.
7. Links to other websites
We may link to third-party websites, mobile applications, and other
content. Radiqal is not responsible for the privacy practices of any third
party, and this privacy notice does not apply to such third party’s websites,
mobile applications, or other content. Radiqal does not guarantee, approve, or
endorse any information, material, services, or products contained on or
available through any linked third-party website, mobile application, or other
content. Radiqal is not responsible for any content on third-party properties
to which we link. Radiqal provides links to third-party properties or content
as a convenience, and visiting or using linked
third-party properties or content is at your own risk.
8. Additional information for European users
A. Controller and Data Protection Officer
Radiqal, LLC. is the controller of your personal data for purposes of
European data protection law. Radiqal has appointed a data protection officer
(“DPO”) who is responsible for overseeing questions in relation to this Privacy
Notice. If you have any questions about this Privacy Notice, including any
requests to exercise your legal rights, please contact the DPO using the
details set out below: Data Protection Officer, Radiqal Email address: dpo@medallionpay.com
Postal address: Radiqal, LLC - Medallion Pay, 110 Gibraltar Road, Suite 222,
Horsham, PA. 19044
B. Legal basis for processing
We are required to inform you of the legal basis of our processing of your
personal data, which are described in the table below. If you have questions
about the legal basis of how we process your personal data, you may contact us
using the information provided in the section above.
Processing Purpose Details regarding each processing purpose listed below are
provided in the section above titled “How we use your personal data”. |
Legal basis |
Providing our products and services |
Processing is necessary to perform the
contract governing our provision of the products or services or to take steps
that you request prior to signing up for the Services. In addition, when we
process personal data on merchants’ customers, these purposes constitute our
legitimate interests. |
|
These processing activities constitute our legitimate
interests. We make sure we consider and balance any potential impact on you
(both positive and negative) and your rights before we process your personal
data for our legitimate interests. We do not use your personal data for
activities where our interests are overridden by the impact on you (unless we
have your consent or are otherwise required or permitted to by law). In some
cases, marketing may be based on your consent – such as where you provide
your email address to us for the specific purpose of receiving our or
merchants’ marketing communications. |
To comply with law |
Processing is necessary to comply with our
legal obligations |
With your consent |
Processing is based on your consent. Where
we rely on your consent you have the right to withdraw it anytime in the
manner indicated in the Service or by contacting us at. |
C. Use for new purposes
We may use your personal data for reasons not described in this Privacy
Notice where permitted by law and the reason is compatible with the purpose for
which we collected it.
D. Automated decisions, credit reference agencies and
fraud prevention agencies
We sometimes make automated decisions based on your personal data (whether
provided by you or collected by us from third parties such as credit reference
and fraud prevention agencies). We will only do this where it is required in
connection with a contract, authorized by law, or based on your explicit
consent. You can contact us for more information on automated decision making.
Please also see the “Your individual legal rights” section below.
E. How long will you use my personal data?
We will use your personal data for as long as necessary based on why we
collected it and what we use it for. This may include our need to satisfy a
legal, regulatory, accounting, or reporting requirement.
To determine the appropriate retention period for personal data, we
consider the amount, nature, and sensitivity of the personal data, the
potential risk of harm from unauthorized use or disclosure of your personal
data, the purposes for which we process your personal data and whether we can
achieve those purposes through other means, and the applicable legal
requirements.
In general terms, we will retain your personal data for the duration of
your involvement/engagement with us and for as long as reasonably necessary
afterwards; however, we may maintain different retention periods for different
products and services. There are also certain types of information which are
required to be retained for a certain period by law.
F. Your individual legal rights
Under certain circumstances, individuals in Europe have rights under data
protection laws in relation to their personal data. If you are
located in Europe, you may ask us to take the following actions
regarding personal data that we hold:
• Access. You are entitled to ask us if we are
processing your personal data and, if so, for a copy of the personal data we
hold about you, as well as obtain certain other information about our
processing activities.
• Correction. If any personal data we hold about
you is incomplete or inaccurate, you can require us to correct it, though we
may need to verify the accuracy of the new data you provide to us.
• Erasure. This enables you to ask us to delete
or remove personal data where there is no good reason for us continuing to
process it. You also have the right to ask us to delete or remove your personal
data where you have successfully exercised your right to object to processing
(see below), where we may have processed your information unlawfully or where
we are required to erase your personal data to comply with local law.
• Object. Where our reason for processing your
personal data is our legitimate interests, you may object to processing as you
feel it impacts on your fundamental rights and freedoms. You also have the
right to object where we are processing your personal data for direct marketing
purposes.
• Restriction. You may ask us to suspend our use of
your personal data in the following scenarios:
o if you want us to establish the data's accuracy;
o where our use of your personal data is unlawful
but you do not want us to erase it;
o where you need us to hold your data for a longer period than we usually
would, because you need it to establish, exercise or defend legal claims; or
o you have objected to our use of your data but we
need to verify whether we have overriding legitimate grounds to use it.
• Transfer. Where it is possible, we will
provide to you, or a third party you have chosen, your personal data in a
structured, commonly used, machine-readable format. Note that this right only
applies to personal data provided by you which you initially provided consent
for us to use or where we used the information to perform a contract with you.
• Withdraw
consent. Where our
reason for processing is based on your consent, you may withdraw that consent
at any time. If you withdraw your consent, we may not be able to provide
certain products or services to you. We will advise you if this is the case at
the time you withdraw your consent.
• Automated
decision making. You have the right not to be subject to automated
decision making (e.g., profiling) that significantly affects you. The exercise
of this right is not available to you in the following cases:
o The automated decision is required to enter
into, or perform, a contract with you.
o We have your explicit consent to make such a decision.
o The automated decision is authorized by local
law of an EU member state.
However, in the first two cases set out above, you still have the right to
obtain human intervention in respect of the decision, to express your point of
view and to contest the decision.
You can submit requests to exercise these rights by emailing the Radiqal
DPO at dpo@medallionpay.com. We may need to request specific information from you to
help us confirm your identity and ensure you are entitled to exercise a right
in respect of your personal data, for example, a merchant identification number
or account number. This is a security measure to ensure that personal data is
not disclosed to any person who has no right to receive it. We may also contact
you to ask you for further information in relation to your request to speed up
our response.
There may be legal or other reasons why we cannot, or are not obliged to,
fulfil a request to exercise your rights. We will use available lawful
exemptions to your individual rights to the extent appropriate. If we decline
your request, we will tell you why, subject to legal restrictions.
You will not have to pay a fee to exercise any of your rights relating to
your personal data. However, we may charge a reasonable fee if your request is
clearly unfounded, repetitive or excessive. Alternatively, we may refuse to
comply with your request in these circumstances.
We will respond to all legitimate requests promptly and, in any event,
within any timeframes prescribed by applicable law. In general, we must respond
to queries within one month from the receipt of the request, so it is important
that requests are identified and sent to dpo@medallionpay.com as soon as possible. Occasionally it may take us longer than a month if
your request is particularly complex or you have made a
number of requests. In this case, we will notify you and keep you
updated. Any transmission of your personal data will be handled in a secure
manner.
You also have the right to make a complaint at any time to a supervisory
authority (for more information go to https://edpb.europa.eu/about-edpb/board/members_en).
G. Cross-border data transfer
We transfer your personal data within the Radiqal group, including outside
of Europe. Whenever we transfer your personal data out of Europe within the Radiqal
group to countries not deemed by the European Commission to provide an adequate
level of protection for personal data, the transfer will be based on our
Binding Corporate Rules.
When we transfer personal data outside of Europe to third parties in
countries not deemed by the European Commission to provide an adequate level of
protection for personal data, the transfer will be made pursuant to:
Please contact us if you would like to receive further information on the
specific mechanism used by us when transferring your personal data out of
Europe.
9. Changes to this Privacy Notice
We reserve the right to modify this Privacy Notice at any time. We
encourage you to periodically review this page for the latest information on
our privacy practices. If we make material changes to this Privacy Notice, we
will notify you by updating the date of this Privacy Notice and posting it on
our website and in app stores where our mobile applications covered by this
Privacy Notice are available for download. We may (and, where required by law,
will) also provide notification of changes in another way that we believe is
reasonably likely to reach you, such as via e-mail (if you have an account
where we have your contact information) or another manner through our website
or mobile applications.
Any modifications to this Privacy Notice will be effective upon our posting
of the new terms and/or upon implementation of the new changes (or as otherwise
indicated at the time of posting). In all cases, your continued use of our
products or services after the posting of any modified Privacy Notice indicates
your acceptance of the terms of the modified Privacy Notice.
10. Contact us
If you have any questions, concerns, or complaints about this Privacy
Notice or our privacy practices, or to request access to your personal data,
you may contact our Data Protection Officer at dpo@medallionpay.com.
For questions about your credit or debit card or your purchase, please
contact the financial institution that issued your card or the merchant.
11. Information for California Residents
The information provided in this “Information for California Residents”
section only applies to California residents. This notice describes how we
collect, use and share your Personal
Information (as defined in the California Consumer Privacy Act of 2018, or “CCPA”), and your rights with respect to that Personal
Information.
Your California privacy rights
As a California resident, you have the rights listed below. However, these
rights are not absolute, and we may decline your request as permitted by the
CCPA.
• Information. You can request the following
information about how we have collected and used your Personal Information
during the past 12 months:
• Access. You can request a copy of the
Personal Information that we maintain about you.
• Deletion. You can ask us to delete the
Personal Information that we maintain about you.
•
Nondiscrimination. You are entitled to exercise the rights described above
free from discrimination. This means that we will not penalize you for
exercising your rights by taking actions such as by denying you goods or
services, increasing the price/rate of goods or services, decreasing the
service quality, or suggesting that we may penalize you as described above for
exercising your rights. However, the CCPA allows us to charge you a different
price or provide a different service quality if that difference is reasonably
related to the value of the Personal Information we
are unable to use.
How to exercise your rights
You may exercise your California privacy rights as follows:
Right to information, access and deletion
You can request to exercise your information, access and deletion rights in
the following ways:
Sale of Personal Information
We do not sell, as defined under CCPA, your Personal Information to third
parties.
Personal information that we collect, use and share
The chart below summarizes our collection, use and sharing of Personal
Information during the last 12 months before the effective date of this Privacy
Policy. We describe the sources through which we collect your Personal
Information in section above titled The Personal Data We Collect, and
describe the purposes for which we collect, use, sell and share this
information in section above titled How We Use Your Personal Data and The Parties
With Whom We Share Your Personal Data.
Category (click to link to
glossary definition) |
Do we collect this information? |
Do we share this information for
business purposes? |
Identifiers |
Yes |
Yes |
Online Identifiers |
Yes |
Yes |
Protected Classification Characteristics |
Age possible, if provided by merchant |
No |
Commercial Information |
Yes |
Yes |
Biometric Information |
Yes |
No |
Internet or Network Information |
Yes |
Yes |
Geolocation Data |
Yes, possible |
Yes, possible |
Sensory Information |
No |
No |
Professional or Employment Information |
No |
No |
Education Information |
No |
No |
Inferences |
No |
No |
Financial Information |
Yes |
Yes |
Medical Information |
No |
No |
Glossary
Categories of Personal Information |
Date Elements within the Category |
Biometric Information |
An individual’s physiological, biological or
behavioral characteristics, including DNA, that can be used, singly or in
combination with each other or with other identifying data, to establish an
individual’s identity. Biometric information includes, but is not limited to,
imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns,
and voice recordings, from which an identifier template, such as a face
print, a minutiae template, or a voiceprint, can be extracted, and keystroke
patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise
data that contain identifying information. |
Transaction History |
Products or services purchased, obtained, or
considered, or other purchasing or consuming histories or tendencies. |
Financial Information |
Bank account number, debit or credit card
numbers, insurance policy number, and other financial information. |
Geolocation Data |
Precise location, e.g., derived from GPS
coordinates or telemetry data. |
Identifiers |
Real name, alias, postal address, unique personal
identifier, customer number, email address, account name other similar
identifiers. |
Government-issued ID |
Social security number, driver’s license,
passport, or other government-issued ID, including an ID number or image. |
Medical Information |
Personal information about an individual’s
health or healthcare, including health insurance information. |
Internet or Network Information |
Browsing history, search history, and
information regarding a consumer’s interaction with an Internet website,
application, or advertisement. |
Online Identifiers |
An online identifier or other persistent
identifier that can be used to recognize a person, family or device, over
time and across different services, including but not limited to, a device
identifier; an Internet Protocol address; cookies, beacons, pixel tags,
mobile ad identifiers, or similar technology; customer number, unique
pseudonym, or user alias; telephone numbers, or other forms of persistent or
probabilistic identifiers (i.e., the identification of a person or a device
to a degree of certainty of more probable than not) that can be used to
identify a particular person or device. |
Physical Description |
An individual’s physical characteristics or
description (e.g., hair color, eye color, height, weight). |
Protected Classification Characteristics |
Age (40 years or older), race, color,
ancestry, national origin, citizenship, religion or creed, marital status,
medical condition, physical or mental disability, sex (including gender,
gender identity, gender expression, pregnancy or childbirth and related
medical conditions), sexual orientation, veteran or military status, genetic
information (including familial genetic information). |
Sensory Information |
Audio, electronic, visual, thermal, olfactory,
or similar information. |