Appendix I: General Data Protection Regulation 2016/679 (“GDPR”).
- Scope.
If you are a resident of the European Union (“EU”) and we process data about you that might be considered Personal Information under the GDPR, this Appendix shall apply. - Your rights as a Data Subject.
You have the rights indicated in Section 7 in accordance with the provisions of the GDPR. You also have the following rights:- Right to restriction of processing.
You have the right to restrict us from processing all or some of your Personal Information, temporarily or permanently. - Right to data portability.
You have the right to request us a copy of your Personal Information in an electronic format, along with the right to transmit such data to another controller. - Right to not be subject to automated decision-making.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. - Right to withdraw your consent.
At any time, you have the right to withdraw the consent you have given us to carry out the processing of your Personal Information.
- Right to restriction of processing.
- How to exercise your rights.
We shall take all the appropriate measures to provide you with any information you have requested in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.
We shall answer your request within 1 month of the date on which it was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 2 additional months. In such case, we will inform you within the original 1-month term. - Restrictions to your rights.
Please note that the exercise of your rights is subject to certain restrictions pursuant to the EU and/or EU Member’s local law, as indicated in Section 23 of GDPR. In addition, if we are not in a position to identify you, then we shall not facilitate the exercise of your rights.
Please note that, if you exercise your right to withdraw your consent, such withdrawal will not affect the lawfulness of the processing carried out before you exercise this right. - Sensitive Personal Information.
Under the GDPR, Personal Information is considered sensitive if it reveals:- Racial or ethnic origin.
- Political opinions.
- Religious or philosophical beliefs.
- Trade union membership.
- Genetic or biometric data for the purpose of uniquely identifying a natural person.
- Data concerning health or data concerning a natural person’s sex life or sexual orientation.
- We will process your Sensitive Personal Information only if one of the conditions set forth under section 9 of the GDPR applies.
- Use of our services by children.
Under the GDPR, the processing of Personal Information related to a child is lawful if the child is at least 16 years old. If the child is under 16 years old, processing will only be lawful if the consent is given or authorized by the child’s holder of parental responsibility, and to the extent of such consent. That’s why, whenever possible, we try to make reasonable efforts to verify consent is given or authorized by the holder of parental responsibility over the child, as permitted by available technology. - How secure is your Personal Information.
We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That is why we implement appropriate technical and organizational measures to protect your Personal Information. In case of a data breach, we will notify you without undue delay about it, in clear and plain language, pursuant to section 34 of the GDPR. We will inform you about the nature of the Personal Information affected and the security measures we have taken to tackle this breach. Please note that certain exceptions may apply (e.g.: we shall not inform you about the data breach if we implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Information affected by the data breach, in particular, those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption; we shall not communicate you about the data breach if we have taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize, etc.).
Appendix II: California Privacy Rights Act (“CPRA”).
- Scope.
If you are a resident of California and we process data about you that might be considered Personal Information under the CPRA, this Appendix shall apply. - Your rights as a Data Subject.
You have the rights indicated in Section 7 in accordance with the provisions of the CPRA. - How to exercise your rights.
We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request within 45 days from the date on which your request was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term, together with the reasons for the extension. - Restrictions to your rights.
Please note that the exercise of your rights is subject to certain restrictions pursuant to the CPRA. (e.g. we shall not delete your personal information if it is necessary to: a) complete the transaction for which the personal information was collected; b) help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes; c) to comply with a legal obligation, etc.; in case your request is manifestly unfounded or excessive, we may either charge you with a reasonable fee taking into account the administrative costs of providing the information or refuse to act on the request and notify you the reason for refusing your request, etc.). - Sensitive Personal Information.
Under the CPRA, Personal Information is considered sensitive in the following cases:- Personal Information that reveals:
- A consumer’s social security, driver’s license, state identification card, or passport number.
- A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- A consumer’s precise geolocation.
- A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
- The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
- A consumer’s genetic data.
- The processing of biometric information for the purpose of uniquely identifying a consumer.
- Personal Information collected and analyzed concerning a consumer’s health.
- Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.
- Personal Information that reveals:
- Use of our services by children.
Under the CPRA, a child is any natural person who is under 16 years old. Please note that, under the CPRA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. That’s why –in case we receive a request from a child’s parent and/or legal guardian–, we will both analyze and reply to it within the legal terms granted by the CPRA.
Appendix III: Virginia Consumer Data Privacy Act (“VCDPA”).
- Scope.
If you are a resident of the Commonwealth of Virginia and we process data about you that might be considered Personal Information under the VCDPA, this Appendix shall apply. - Your rights as a Data Subject.
You have the rights indicated in Section 7 in accordance with the provisions of the VCDPA. You also have the following rights:- Right to receive a copy of your personal information.
You have the right to request a copy of the Personal Information we have collected about you in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance if the processing is carried out by automated means. - Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects to you.
- Right to receive a copy of your personal information.
- How to exercise your rights.
We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request within 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 45 additional days. In such case, we will inform you within the initial 45-day term together with the reasons for the extension.
In case we decline your request, we will inform you no later than 45 days from the date on which your request was received. If you want to appeal our decision, send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request”.
We will answer your appeal within 60 days from the date on which it was received, which will include a written explanation for the decision taken. If we deny your appeal, you may contact Virginia’s Attorney General to submit a complaint by visiting https://www.virginia.gov/agencies/office-of-the-attorney-general/. - Restrictions to your rights.
Please note that the exercise of your rights is subject to certain restrictions pursuant to the VCDPA (e.g. if your request is manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover up the costs of analyzing your request; if we are unable to authenticate your request by using reasonable commercial efforts, we shall not analyze it; we shall provide you the requested information free of charge up to twice annually, etc.). - Sensitive Personal Information.
Under the VCDPA, Personal Information is considered sensitive in the following cases:- Personal Information revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status.
- Genetic or biometric data processed for the purpose of uniquely identifying a natural person
- The Personal Information collected from a known child.
- Precise geolocation data.
- In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
- Use of our services by children.
Under the VCDPA, a child is any natural person under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
Please note that, under the VCDPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the VCDPA. - How secure is your Personal Information.
We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of your Personal Information.
In case of a data breach, please note that the Code of Virginia Title 18.2 Chapter 6, Article 5 Subsections 18.2-186.6 might apply.
Appendix IV: Colorado Privacy Act (“CPA”).
- Scope.
If you are a resident of the State of Colorado and we process data about you that might be considered Personal Information under the CPA, this Appendix shall apply. - Your rights as a Data Subject.
You have the rights indicated in Section 7 in accordance with the provisions of the CPA. You also have the following right:- Right to data portability.
You have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance. - Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects to you.
- Right to data portability.
- How to exercise your rights.
We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request within 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.
In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision and the instructions to appeal.
In case you want to appeal our decision, send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request”.
We will answer your appeal within 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 60 additional days. In such case, we will inform you within the original 45-day term, together with the reasons for the extension.
If you have any concerns about our response to your appeal, you may contact Colorado’s Attorney General to submit a complaint by visiting https://coag.gov. - Restrictions to your rights.
Please note that the exercise of your rights is subject to certain restrictions pursuant to the CPA (e.g. we shall not comply with your request if, after making reasonable commercial efforts, we cannot authenticate your request; we may charge you a reasonable fee to cover up the costs of answering your request if you have submitted a second or subsequent request within a 12-month period, etc.). - Sensitive Personal Information.
Under CPA, Personal Information is considered sensitive in the following cases:- Personal Information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, or citizenship or immigration status.
- Genetic or biometric data that may be processed for the purpose of uniquely identifying an individual.
- Personal Information from a known child.
- In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
- Use of our services by children.
Under the CPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful only if the child’s parents or legal guardian have given their consent. - How secure is your Personal Information.
We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement reasonable measures to protect your Personal Information. In case of a security breach, we will notify you without undue delay, no later than 30 days after we become aware of the incident pursuant to Title 6, Article 1, Part 7 Section 6-1-716 of the 2022 Colorado Code. Please note that certain exceptions may apply (e.g. if our internal investigation determines that the misuse of your Personal Information has not occurred and is not reasonably likely to occur).
Appendix V: Connecticut Data Privacy Act (“CDPA”).
- Scope.
If you are a resident of the State of Connecticut and we process data about you that might be considered Personal Information under CDPA, this Appendix shall apply. - Your rights as a Data Subject.
You have the rights indicated in Section 7 in accordance with the provisions of the CDPA. You also have the following rights.- Right to obtain a copy of the personal information.
You have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance where the processing is carried out by automated means. - Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects to you.
- Right to obtain a copy of the personal information.
- How to exercise your rights.
We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request no later than 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. complexity of your request/number of requests received)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.
In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision. If you want to appeal our decision, you must send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request”.
If you decide to appeal our decision, we will answer your appeal no later than 60 days from the date on which it was received. If we deny your appeal, you may contact Connecticut’s Attorney General to submit a complaint by visiting https://portal.ct.gov/AG.
Restrictions to your rights.
Please note that the exercise of your rights is subject to certain restrictions pursuant to the CDPA (e.g. we shall not comply with your request if, after making reasonable commercial efforts, we cannot authenticate your request or identity or the identity of the agent acting on your behalf; we shall not comply with your opt-out request if we have a good faith, reasonable and documented belief that such request is fraudulent; if your request is manifestly unfounded, excessive, or repetitive, we may charge you with a reasonable fee to cover up the costs of analyzing your request; we may give you the data requested free of charge up to once during a 12-month-period; we shall not comply with your request if the confirmation or access to your Personal Information would require us to reveal a trade secret, we shall not comply with your right to obtain a copy if that would require us to reveal a trade secret, etc.).- Sensitive Personal Information.
Under CDPA, Personal Information is considered sensitive in the following cases:- Data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation or citizenship or immigration status.
- Genetic or biometric data processed only for the purpose of uniquely identifying an individual.
- Personal Information collected from a known child.
- Precise geolocation data.
- In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
- Use of our services by children.
Under the CDPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
Please note that, under the CDPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the CDPA.
Appendix VI: Argentine Personal Data Protection Act No. 25,326 (“PDPA”).
- Scope.
If you are a resident of Argentina and we process data about you that might be considered Personal Information under PDPA, this Appendix shall apply. - Your rights as a Data Subject.
You have the rights indicated in Section 7 in accordance with the provisions of the PDPA. You also have the following rights:- Right to update your personal information.
You may request us to update the Personal Information we have collected about you. - Right to request information.
You have the right to request information to the supervisory authority about the existence of databases, the controller’s identity, and the purposes for which the Personal Information has been processed.
- Right to update your personal information.
- How to exercise your rights.
If you exercise any of these rights, we will check your entitlement and respond to you within 10 (ten) calendar days from the date on which your request to access your Personal Information was received; or 5 (five) business days from the date on which (i) your request for any rectification, update, or deletion of your Personal Information was received; or (ii) we noticed a mistake on your Personal Information.
To exercise your rights, please contact us at info@nextleveltech.com.
You represent and warrant that you have been duly informed that: “The data subject has the right to access your Personal Information at intervals of not less than six months free of charge unless there is a specified legitimate interest agreed upon by the interested party as established in section 14, paragraph 3 of Act 25,326, by submitting an email to the following email address: info@nextleveltech.com. The AGENCY OF ACCESS TO PUBLIC INFORMATION, in its function of Controlling Entity of Act 25,326, has the attribution to attend any complaints or reports related to the infringement of personal data regulations”. - Restrictions to your rights.
Please note that the exercise of your rights is subject to certain restrictions pursuant to Section 17 of the PDPA. For example, we have the right to not delete your Personal Information when we are required to retain such data based on a legal obligation or if such deletion affects a third party. - Sensitive Personal Information.
Under PDPA, Personal Information is considered sensitive if it reveals:- Racial or ethnic origin.
- Political opinions.
- Religious or philosophical beliefs.
- Trade union membership.
- Data concerning health or data concerning a natural person’s sex life or sexual orientation.
- Use of our services by children.
In Argentina, a child is a person under 18 years old. Pursuant to Criteria No. 5 of Annex I of the Resolution AAIP 4/2019, the processing of Personal Information of a child in Argentina will be lawful if: a) The child has given its consent based on the progressive autonomy principle, as set forth in Sections 26 and 639 of the Argentine Federal Civil and Commercial Code, taking into account the child’s psychophysical characteristics, aptitudes, and development; b) The consent has been given by the child´s holder of parental responsibility, parent and/or legal guardian when the child’s psychophysical characteristics, aptitudes, and development do not allow the child to give its consent. - How secure is your Personal Information.
We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of your Personal Information, in compliance with Sections 9 and 10 of the PDPA and Resolution AAIP 47/2018.
Appendix VII: Utah Consumer Privacy Act (“UCPA”).
- Scope.
If you are a resident of Utah and we process data about you that might be considered Personal Information under the UCPA, this Appendix shall apply, provided that the UCPA is in full force and effect. - Your Rights as a data subject.
- You have the rights indicated in Section 7 in accordance with the provisions of the UCPA. You also have the following rights:
- Right to obtain a copy of your personal information.
- You have the right to request a copy of the Personal Information you have previously provided to us in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without impediment where the processing is carried out by automated means.
Right to opt-out of the processing of Personal Information for purposes of targeted advertising and processing of Sensitive Personal Information. - Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising, as well as to opt-out the processing of Sensitive Personal Information.
Right to receive a clear notice prior to processing Sensitive Personal Information. - You have the right to receive a clear notice about the processing of Sensitive Personal Information prior to the beginning of such processing.
Right of no discrimination.
- You have the right to not be discriminated against (e.g. not to be denied any product or service; not to be charged with a different price or rate for any product or service; not to be provided with a different quality of a good or service) if you exercise your rights.
How to exercise your rights. - We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request no later than 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. complexity of your request/volume of requests received)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.
In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision.
Please note that if the consumer is subject to guardianship, conservatorship, or other protective arrangement pursuant to Title 75, Chapter 5 Protection of Persons Under Disability and Their Property, the guardian or conservator of the consumer shall exercise their rights on their behalf.
Restrictions to your rights. - Please note that the exercise of your rights is subject to certain restrictions pursuant to the UCPA (e.g. we shall not comply with your request if it is excessive, repetitive, technically infeasible or manifestly unfounded; if we reasonably believe that the primary purpose for submitting the request was something other than exercising a right or if the request, individually or as part of an organized effort, harasses, disrupts or imposes undue burden on our business’ resources; we may charge you with a reasonable fee to cover up the administrative costs of complying your request; we may give you the data requested free of charge up to once during the same 12-month-period; we shall not comply with your request if, using commercially reasonable efforts, we are unable to authenticate your request; we may request additional information reasonably necessary to authenticate your request if we are unable to authenticate your request using commercially reasonable efforts; we shall not comply with your request if we suspect it is fraudulent and we are not able to authenticate the request before the 45-day-period expires, etc.).
Sensitive Personal Information. - Under the UCPA, Personal Information is considered sensitive in the following cases:
- Data revealing racial or ethnic origin, religious beliefs, medical history, mental or physical health condition or diagnosis or medical treatment by a health care professional, sexual orientation or citizenship or immigration status.
- Genetic or biometric data, if the processing is for the purpose of identifying a specific individual.
- Specific geolocation data.
- In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
Use of services by children.
Under the UCPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
Please note that, under the UCPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the UCPA.
Appendix VIII: Texas Data Privacy and Security Act (“TDPSA”).
- Scope.
If you are a resident of Texas and we process data about you that might be considered Personal Information under the TDPSA, this Appendix shall apply, provided that the TDPSA is in full force and effect. - Your Rights as a data subject.
- You have the rights indicated in Section 7 in accordance with the provisions of the TDPSA. You also have the following rights:
- Right to obtain a copy of your personal information.
- If the data is available in a digital format, you have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another controller without hindrance.
Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling. - Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising or profiling in furtherance of a decision that produces a legal or similarly significant effect concerning yourself.
Right of no discrimination.
- You have the right to not be discriminated (e.g. not to be denied any product or service; not to be charged with a different price or rate for any product or service; not to be provided with a different quality of goods or services) if you exercise your rights.
How to exercise your rights. - We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request no later than 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. complexity of your request/number of requests received)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.
In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision. In case we decline your request, we will provide you with the instructions to appeal our decision.
If you decide to appeal our decision, we will answer your appeal no later than 60 days from the date on which it was received. If we deny your appeal, you may contact Texas’ Attorney General to submit a complaint by visiting https://www.texasattorneygeneral.gov/.
Restrictions to your rights. - Please note that the exercise of your rights is subject to certain restrictions pursuant to the TDPSA (e.g. we shall not comply with your request if it is excessive, repetitive or manifestly unfounded or we may charge you with a reasonable fee to cover up the administrative costs of complying with your request; we may give you the data requested free of charge up to twice annually; we shall not comply with your request if, using commercially reasonable efforts, we are unable to authenticate your request; we may also request additional information reasonably necessary to authenticate your request; we shall not comply with an opt-out request received from an authorized agent if (i) the authorized agent does not communicate us the request in a clear and unambiguous manner, (ii) we are not able to verify, with commercially reasonable efforts, if you are a resident of Texas, (iii) we do not possess the ability to process the agent’s request, or (iv) if we do not possess similar or identical requests we receive from you for the purpose of complying with similar or identical laws or regulations of another state).
Sensitive Personal Information. - Under TDPSA, Personal Information is considered sensitive in the following cases:
- Data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status.
- Genetic or biometric data, if the processing is for the purpose of identifying an individual.
- Personal Information collected from a known child.
- Precise geolocation data.
- In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
Use of services by children.
Under the TDPSA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
Please note that, under the TDPSA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the TDPSA.
Appendix IX: Oregon Consumer Privacy Act (“OCPA”).
- Scope.
If you are a resident of Oregon and we process data about you that might be considered Personal Information under the OCPA, this Appendix shall apply, provided that the OCPA is in full force and effect. - Your Rights as a data subject.
- You have the rights indicated in Section 7 in accordance with the provisions of the OCPA. You also have the following rights:
- Right to obtain a copy of the personal information.
- If the data is available in a digital format, you have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another controller without hindrance.
Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling. - Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of a decision that produces a legal or similarly significant effect concerning yourself.
Please note that you can designate another person to serve as your authorized agent to act on your behalf regarding this right to opt-out.
Right of no discrimination.
- You have the right to not be discriminated (e.g. not to be denied any product or service; not to be charged with a different price or rate for any product or service; not to be provided with a different quality of goods or services) if you exercise your rights.
How to exercise your rights. - We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request no later than 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. complexity of your request/number of requests received)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.
In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision. In case we decline your request, we will provide you with the instructions to appeal our decision.
If you decide to appeal our decision, we will answer your appeal no later than 45 days from the date on which it was received. If we deny your appeal, you may contact Oregon’s Attorney General to submit a complaint by visiting https://www.doj.state.or.us/oregon-department-of-justice/contact-us/.
Restrictions to your rights. - Please note that the exercise of your rights is subject to certain restrictions pursuant to the OCPA (e.g. we may give you the data requested free of charge up to once during any 12-month period unless the purpose of the second or subsequent request is to verify that we corrected inaccuracies in, or deleted your Personal Information in compliance with your request; we shall not comply with your request if, using commercially reasonable efforts, we are unable to authenticate your request without additional information from you unless you provide us the information necessary to authenticate your request; regarding your opt-out request, we may ask for additional information necessary to comply with such request, (e.g. information to identify you and your request); we may deny your request to opt-out if we have a good faith, reasonable and documented belief that your request is fraudulent, etc.).
Sensitive Personal Information. - Under OCPA, Personal Information is considered sensitive in the following cases:
- Data revealing racial or ethnic background, national origin, religious beliefs, mental or physical condition or diagnosis, sexual orientation, status as transgender or non-binary, status as a victim of crime or citizenship or immigration status.
- Accurately identifies within a radius of 1750 feet a consumer’s present or past location, or the present or past location of a device that links or is linkable to a consumer by means of technology that includes, but is not limited to, a global positioning system that provides latitude and longitude coordinates.
- Genetic or biometric data.
- A child’s personal information.
- In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
Use of services by children.
Under the OCPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
Please note that, under the OCPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child or on behalf of a child for whom the guardian has legal responsibility. Moreover, a guardian or conservator may exercise the rights described herein on behalf of a consumer that is subject to a guardianship, conservatorship, or other protective agreement.
In case we receive a request from a child’s parent and/or legal guardian, or a consumer’s guardian or conservator, we will both analyze and reply to it within the legal terms granted by the OCPA.
Appendix X: Florida Digital Bill of Rights (“FDBR”).
- Scope.
If you are a resident of Florida and we process data about you that might be considered Personal Information under the FDBR, this Appendix shall apply, provided that the FDBR is in full force and effect. - Your Rights as a data subject.
- Right to obtain a copy of the personal information.
- You have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance where the processing is carried out by automated means.
Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
- Jointly with the right to opt-out of the processing sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects to you.
How to exercise your rights. - We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request within 45 days since we have received it. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 15 additional days. In case we need to extend the term, we will inform you within the original 45-day term, together with the reasons for the delay.
If the request is rejected, you will be informed of the reason for the rejection and the instructions to appeal the decision.
If you want to appeal our decision, you must send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request.”
If you decide to appeal our decision, we will answer your appeal no later than 60 days from the date on which it was received, informing you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions.
We shall provide information or take action in response to your requests free of charge, twice per year, as long as such requests are not unfounded, excessive, or repetitive.
Restrictions to your rights. - Please note that the exercise of your rights is subject to certain restrictions pursuant to the FDBR (e.g. we shall not comply with your request if, after making reasonable commercial efforts, we cannot authenticate your request; we may charge you a reasonable fee to cover up the costs of answering your request if you have submitted a third or subsequent request within a 12-month period, etc.).
Sensitive Personal Information. - Under FDBR, Sensitive Data is considered one of the following.
- Personal information revealing an individual’s racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status.
- Genetic or biometric data processed for the purpose of uniquely identifying an individual.
- Personal information collected from a known child.
- Precise geolocation data.
- In case we process Sensitive Data, we will only carry out such processing if you have given us your consent to do so.
Use of services by children. - Under the FDBR, a child is any individual who is under 18 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
Please note that, under the FDBR, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the FDBR.
How secure is your Personal Information.
We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of your Personal Information. These measures are aimed at preventing, detecting, protecting against, or responding to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity, preserving the integrity or security of systems, or investigating, reporting, or prosecuting those responsible for any of these actions.
Appendix XI: Montana Consumer Data Privacy Act (“MCDPA”).
- Scope.
If you are a resident of Montana and we process data about you that might be considered Personal Information under the MCDPA, this Appendix shall apply, provided that the MCDPA is in full force and effect. - Your Rights as a data subject.
- You have the rights indicated in Section 7 in accordance with the provisions of the MCDPA. You also have the following rights:
- Right to obtain a copy of the personal information.
- You have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance where the processing is carried out by automated means.
Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
- Jointly with the right to opt-out of the processing sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of a decision that produces a legal or similarly significant effect to you.
How to exercise your rights. - We shall take all the appropriate measures to provide you with any information you have requested.
We shall answer your request within 45 days since we have received it. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 45 additional days. In case we need to extend the term, we will inform you within the original 45-day term, together with the reasons for the delay.
If the request is rejected, you will be informed of the reason for the rejection and the instructions to appeal the decision.
If you want to appeal our decision, you must send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request.”
If you decide to appeal our decision, we will answer your appeal no later than 60 days from the date on which it was received, informing you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions.
We shall provide information in response to your requests free of charge, once per 12-month period, as long as such requests are not unfounded, excessive, technically infeasible, or repetitive.
You may designate another person to serve as your authorized agent and act on your behalf to opt out of the processing of your personal information for the purposes already specified. You may designate an authorized agent by way of a technology, including but not limited to an internet link or a browser setting, browser extension, or global device setting indicating a customer’s intent to opt out of such processing.
On the other hand, the guardian or conservator of a consumer subject to a guardianship, conservatorship, or other protective arrangement, may exercise the rights of the consumer on their behalf regarding the processing of personal information.
Restrictions to your rights. - Please note that the exercise of your rights is subject to certain restrictions pursuant to the MCDPA (e.g. we shall not comply with your request if, after making reasonable commercial efforts, we cannot authenticate your request; we may charge you a reasonable fee to cover up the costs of answering your request if you have submitted a second or subsequent request within a 12-month period, etc.).
Sensitive Information. - Under MCDPA, Sensitive Data is considered one of the following.
- Data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, information about a person’s sex life, sexual orientation, or citizenship or immigration status.
- The processing of genetic or biometric data for the purpose of uniquely identifying an individual.
- Personal information collected from a known child.
- Precise geolocation data.
- In case we process Sensitive Data, we will only carry out such processing if you have given us your consent to do so.
Use of services by children. - Under the MCDPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
Please note that, under the MCDPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the MCDPA.
How secure is your Personal Information.
We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of your Personal Information. These measures are aimed at preventing, detecting, protecting against, or responding to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity, preserving the integrity or security of systems, or investigating, reporting, or prosecuting those responsible for any of these actions.
In case of a security breach, we will notify you without undue delay, according to applicable state regulations.