Reletter

California Consumer Privacy Act Notice

Last Updated: May 30, 2024

This California Consumer Privacy Act Notice (“Notice”) is provided by Babadan Labs, an LLC incorporated in Delaware (hereinafter referred to as “Babadan Labs”, “Reletter”, the “Company”, “we” or “us”).

This Notice explains how we collect, use, retain, and disclose personal information about California residents. The Notice also explains certain rights that California residents have under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”).

The CCPA only applies to information about residents of California. If you are not a resident of California, you may submit a request and we may process it, as described in this Notice, even though the CCPA does not require us to do so. In accepting, processing, and responding to requests by individuals who are not California residents, we will apply all the same limitations and exceptions under the CCPA to those requests as apply to requests made by California residents. We reserve the right to change or stop the practice of accepting requests from U.S. individuals who are not California residents.

Under the CCPA, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. This information is referred to in this Notice as “Personal Data.”

Categories of Personal Data that We Collect

We collect Personal Data in a variety of contexts. For example, we collect Personal Data to provide newsletter database, monitoring, and reporting products and services, for our human resource purposes, and vendor management purposes.

The Personal Data that we collect about a specific California resident will depend on, for example, our relationship or interaction with that individual.

During the past 12 months, we have collected the following categories of Personal Data.

  1. Personal Identifiers — (such as your name, email address, phone number, mailing address, email receipt and open data)
  2. Billing Information — Personal information, including contact details (e.g., telephone number and address), payment card details (e.g., credit and debit card numbers)
  3. Employment information (such as your employer or industry);
  4. Purchase Information — Purchase information, such as products and services obtained and transaction histories
  5. Internet or Online Information — Internet or online information (e.g., browsing history) and information regarding interaction with our websites, applications, or advertisements
  6. Email content (if you choose to engage specific, optional messaging services and in the Terms of Service)
  7. Inferences — Inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics; and
  8. User content (any personal information about yourself or others that may be submitted as described in the Terms of Service).

Sources of Personal Data

The sources from which we collect Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The information below lists the categories of sources from which we collect Personal Data in different contexts.

  • From California residents directly, or other individuals acting on their behalf, through, for example, physical (e.g., paper application), audible (e.g., phone), and electronic (e.g., website, social media) sources.
  • Public records or widely available sources, including information from the media, and other records and information that are made available by federal, state, and local government entities.
  • Outside companies or organizations that provide data to support activities such as marketing.
  • Outside companies or organizations from whom we collect Personal Data to support human resource and workforce management activities.
  • Outside companies or organizations from whom we collect Personal Data as part of providing products and services, completing transactions, supporting everyday operations, or business management and development.

Categories of Third Parties and Our Disclosure of Personal Data

The categories of third parties to whom we disclose Personal Data about a specific individual depend on, among other things, our relationship or interaction with a specific California resident. 

Such third parties include:

  • Outside companies or organizations, including service providers subject to appropriate confidentiality and use restrictions, to whom we disclose Personal Data as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development. Examples may include internet service providers, social networks, operating systems and platforms, data brokers, advertising networks, and data analytics providers; companies or organizations to whom we provide products or services; other parties, partners, and financial institutions; and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.
  • Companies or individuals that represent California residents such as an accountant, financial advisor, or person holding power of attorney on behalf of a California resident
  • Government agencies including to support regulatory and legal requirements
  • Outside companies or organizations, including service providers subject to appropriate confidentiality and use restrictions, to whom we provide Personal Data to support human resource activities and workforce management. Examples may include operating systems and platforms and data analytics providers
  • Outside companies or organizations, in connection with routine or required reporting, including consumer reporting agencies and other parties

Data Retention

We will keep Personal Data no longer than necessary to fulfill the purposes described in this Notice. Under our record retention policy, we are required to destroy Personal Data after we no longer need it according to specific retention periods. However, we may need to hold Personal Data beyond these retention periods due to regulatory requirements or in response to a regulatory audit, investigation, or other legal matter. These requirements also apply to our third-party service providers.

Requests Under the CCPA

The CCPA defines a “sale” as the disclosure of Personal Data for monetary or other valuable consideration. Reletter does not sell and has not, within at least the last 12 months, sold Personal Data, including Sensitive Personal Data that is subject to the CCPA’s sale limitation. As of January 1, 2024, we do not share Personal Data for cross-context behavioral advertising within the scope of CCPA. We have no actual knowledge that we sell or share Personal Data of California residents 16 years of age and younger.

If you are a California resident, you have the right to request that we:

  1. Disclose to you the following information covering the 12-month period prior to your request (“Request to know”):
    1. The categories of Personal Data we collected about you and the categories of sources from which we collected the Personal Data;
    2. The business or commercial purpose for collecting Personal Data about you;
    3. The categories of third parties to whom we disclosed Personal Data about you, and the categories of Personal Data disclosed; and
    4. The specific pieces of Personal Data we collected about you;
  2. Delete Personal Data we collected from you (“Request to Delete”).
  3. Correct inaccurate personal information that we maintain about you (“Request to Correct”).

In addition, you have the right to be free from discrimination by a business for exercising your CCPA privacy rights, including the right as an employee, applicant, or independent contractor not to be retaliated against for exercising your CCPA privacy rights.

How to Make Requests

If you are a California resident, you can make a Request to Know, Delete, or Correct by submitting your request to [email protected].

When you make a Request to Know, Delete, or Correct, we will attempt to verify that you are who you say you are. For example, we will attempt to match information that you provide in making your Request with other sources of similar information to reasonably verify identity.

Responding to Requests

Privacy and data protection laws, other than the CCPA, may apply to some of the Personal Data that we collect, use, and disclose. When these other laws apply, Personal Data may be exempt from, or outside the scope of, a request to Know, Delete, or Correct. As a result, we may decline all, or part of your Request related to exempt Personal Data. This means that we may not provide some, or all, of this Personal Data when you make a Request to Know. Also, we may not delete or correct some, or all, of this Personal Data when you make a Request to Delete or Correct.

The types of Personal Data described above are examples. We have not listed all types of Personal Data that may not be included when we respond to or process Requests to Know, Delete, or Correct.

In addition to the above examples, we may not include Personal Data when we respond to or process Requests to Know, Delete, or Correct when the CCPA recognizes another exception. For example, we will not provide the Personal Data about another individual when doing so would adversely affect the data privacy rights of that individual. As another example, we will not delete Personal Data when it is necessary to maintain that Personal Data to comply with a legal obligation.

We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Data subject to the request.

Verifying Your Identity

Depending on the nature of your request, we may have to verify your identity when you contact us. We do this by:

  1. Requiring you to provide sufficient information in your request that allows us to reasonably verify you are the person about whom we collected personal information, or an authorized representative of that person.
  2. Sending an email to the primary email address you submit in your request and, if applicable, to any other email address we have on record for you requiring you to verify that you made the request.
  3. You may also use an authorized agent to exercise your rights on your behalf. If you wish to use an authorized agent, we require that your authorized agent provides written proof to us that he or she is authorized to act on your behalf, and we may also require your authorized agent to verify his or her own identity. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

We do not verify your identity when you make a request to opt-out of or limit sharing (if the latter is applicable). However, we may ask for the information necessary to complete the request.

We will only use personal information provided in your request to verify your identity or authority to make the request. If, however, we cannot verify your identity based on the information already maintained by us, we may request additional information from you or your authorized representative, which will only be used for the purposes of security, fraud-prevention, or verifying your identity and authority to exercise your rights.

We endeavor to respond to your request as soon as we can. If we are not able to respond to your request within 45 days, we will let you know that we may require additional time (up to 90 total days) and give you the reason for the extension of time.

Authorized Agents

If you are a California resident, you may authorize an agent to make a request on your behalf. A California resident’s authorized agent may make a request on behalf of the California resident by contacting [email protected]. As part of our verification process, we may request that you provide, as applicable:

  • For an individual (“requestor”) making a request on behalf of a California resident:
    • The requestor’s name; contact information.
    • The name; contact information; of the California resident on whose behalf the request is being made.
    • A document to confirm that the requestor is authorized to make the request. We may accept, as applicable, a signed permission by the California resident on whose behalf the request is made, copy of a power of attorney, legal guardianship or conservatorship order, or a birth certificate of a minor if the requestor is the custodial parent.
  • For a company or organization (“legal entity requestor”) making a request on behalf of a California resident:
    • The legal entity requestor’s active registration with the California Secretary of State.
    • Proof that the California resident has authorized the legal entity requestor to make the request. We accept as applicable, a signed permission by the California resident on whose behalf the request is made, copy of power of attorney, or legal guardianship or conservatorship order.
    • The name; contact information; of the California resident on whose behalf the request is being made. From the individual who is acting on behalf of the legal entity requestor, proof that the individual is authorized by the legal entity requestor to make the request. We accept a letter on the legal entity requestor’s letterhead, signed by an officer of the organization.

Deidentified Information

Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a deidentified fashion and will not attempt to re-identify the information.

Changes to this Notice

We may change or update this Notice periodically. Please visit this page regularly to view our most up to date notice.

Contact Us

If you have any questions or concerns about Reletter’s privacy policies and practices, please contact us at [email protected].

Related