California Privacy Notice Addendum
CALIFORNIA PRIVACY NOTICE ADDENDUM
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|Category||Examples||Use Types (see “Use of Personal Information” Section)||Recipient Types (see “Sharing Personal Information” Section)|
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||1, 2, 3, 5, 6, 7, 8||1, 2, 3, 4|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.||1, 2, 3, 5, 6, 7, 8||1, 2, 3, 4|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||1, 2, 3, 5, 6, 7, 8||1, 2, 3, 4|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||1, 2, 3, 5, 6, 7, 8||1, 2, 3, 4|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||1, 2, 3, 4, 5, 6, 7, 8||1, 2, 3, 4|
|G. Geolocation data.||Physical location or movements.||1, 2, 3, 5, 6, 7, 8||1, 2, 3, 4|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||1, 2, 3, 5, 6, 7, 8||1, 2, 3, 4|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||1, 2, 3, 5, 6, 7, 8||1, 2, 3, 4|
Please note that “personal information” does not include:
- Publicly available information from government records;
- De-identified or aggregated consumer information; or
- Information excluded from the CCPA’s scope, including:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our employees, clients or their representatives. For example, from documents that our employees, clients or their representatives provide to us in the course of employment or providing services to them.
- Indirectly from our employees, clients or their representatives. For example, through information we collect from our employees, clients and their representatives in the course of employment or providing services to them.
- Directly and indirectly from activity on our websites. For example, from submissions through our website portals or website usage details collected automatically (such as cookies).
- From third parties that interact with us in connection with the services we perform or who provide services to us. For example, investors and their advisors (who may provide, among other things, personal information about individual investors), acquisition targets and their advisors (who may provide personal information about the acquisition target’s directors, officers, and employees), and service providers we engage in the ordinary course of business (who may provide, among other things, personal information regarding their clients or obtained in connection with background checks).
Use of Personal Information
We may use the personal information we collect for one or more of the following business purposes:
- Use Type 1: To fulfill or meet the reason for which the information is provided (e.g., to perform due diligence in connection with hiring, acquisitions, or investments).
- Use Type 2: To provide you with information, products or services that you request from us.
- Use Type 3: To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
- Use Type 4: To improve our website and present its contents to you.
- Use Type 5: As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- Use Type 6: To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- Use Type 7: As described to you when collecting your personal information.
- Use Type 8: To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of assets (either our assets or assets of a third party in connection with mergers, acquisitions, or other corporate transactions), in which personal information is among the assets transferred or is related to employees of acquired or sold businesses.
We will not collect additional categories of personal information or use the personal information we collected for different purposes without obtaining your explicit consent to do so.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. If and to the extent we do disclose personal information for a business purpose, we enter an agreement that requires the recipient of that personal information to both keep that personal information confidential and not use it for any purpose except for those set forth in the applicable agreement.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
- Category A: Identifiers.
- Category B: California Customer Records personal information categories.
- Category C: Protected classification characteristics under California or federal law.
- Category E: Biometric information
- Category F: Internet or other similar network activity.
- Category I: Professional or employment-related information.
Recipients of Personal Information
We disclose your personal information for a business purpose to the following categories of third parties:
- Recipient Type 1: Our affiliates.
- Recipient Type 2: Service providers we engage in the ordinary course of business (including vendors engaged for background checks, investment bankers, legal advisors, accounting firms, finders, insurance brokers, benefits advisors, portfolio companies, and professional recruiters).
- Recipient Type 3: Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
- Recipient Type 4: Governmental authorities pursuant to applicable laws.
In the preceding twelve (12) months, we have not sold any personal information. We do not sell any personal information.
Your Rights and Choices
The CCPA provides consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection, disclosure, use, and sale of your personal information over the past twelve (12) months. Upon our receipt of a verifiable consumer request from you, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- for sales, identifying the personal information categories that each category of recipient purchased; and
- for disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records and direct our service providers to delete your personal information from their records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to maintain your personal information in order to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us using the below methods. If your request is for the categories of personal information that we may collect about you, we will need to verify your identity with a reasonable degree of certainty (which may require you to include at least two pieces of identifying information in your request). If your request is for the specific pieces of personal information that we may collect about you, we will need to verify your identity with a reasonably high degree of certainty (which may require you to include at least three pieces of identifying information in your request). If your request is a deletion request, we will need to verify your identity with a reasonable or reasonably high degree of certainty, depending on the type of information and the risk to you that deleting the information creates (which may require you to include at least two or three pieces of identifying information in your request). The request should include your full name and other information sufficient to identify you and the purpose of your request. We will inform you if we need additional information to process your request (e.g., to confirm your identity) or if your request technically deficient, in which case we will inform you how to remedy the deficiency.
- Calling us at 833-521-0521
- Emailing us at firstname.lastname@example.org
You may designate an authorized agent to make a request under the CCPA on your behalf. Only you, or a person or business entity registered with the California Secretary of State to conduct business in California that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. If you use an authorized agent to submit a request to know or a request to delete, except where you have provided the authorized agent with an applicable power of attorney, we may require that you (i) provide the authorized agent signed permission to do so, (ii) verify your own identity directly with us, or (iii) directly confirm with us that you provided the authorized agent permission to submit the request.
You may also make a verifiable consumer request on behalf of your minor child. Upon receipt of a request, we will seek to confirm your identity by contacting you using the information you provided to us. Any personal information collected from you in connection with any such verification will be used solely for the purposes of verification.
Please note that we are not required to provide your personal information in response to a verifiable consumer request more than twice within a 12-month period. The verifiable consumer request must provide information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Further, we are never allowed to disclose in response to a request to know any Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, security questions and answers, or unique biometric data generated from measurements or technical analysis of human characteristics. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We will confirm receipt of your request and will provide information about how we will process your request within 10 business days of receipt of your request. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we cannot verify you within such 45 day period, we may deny your request. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable and unless prohibited by law. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your consumer request unless it is excessive, repetitive, or manifestly unfounded, but we will not require any fee for verification of a request to know or delete. If we deny your request or determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate (if applicable) before completing your request.
You have a right to not receive discriminatory treatment from us for exercising your privacy rights under the CCPA. Except as permitted by the CCPA, we will not discriminate against you for exercising any of your CCPA rights, including by:
- Denying you goods or services.
- Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Providing you a different level or quality of goods or services.
- Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to Our Privacy Notice
We reserve the right to amend this Privacy Notice from time to time and for any reason, in our sole discretion, without notice, by updating this Privacy Notice. Accordingly, users are strongly encouraged to review our Privacy Notice regularly. If we decide to change our Privacy Notice, we will post those changes so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to collect personal information or use any collected information in a manner different from that stated at the time it was collected, we will notify users by posting changes on this page. We will use information only in accordance with the Privacy Notice under which the information was collected. Your continued access or use of this site following the posting of changes to this Privacy Notice means that you accept such revisions, changes and/or amendments. If you object to any of the changes to this Privacy Notice, please stop accessing this site. Please check this page frequently and review any changes to this Privacy Notice carefully so you are aware of any changes, as they are binding on you.
Sun Capital Advisors, Inc.
5200 Town Center Circle, 4th Floor
Boca Raton, FL 33486