Last updated December 5, 2019
This policy applies (i) immediately to new users who use or access the Service on or after the Effective Date and (ii) on the Effective Date to users who use or access the Service before the Effective Date.
Please contact us if you have any questions or comments about our privacy practices. You can reach us online at firstname.lastname@example.org.
TRANSFERS OF PERSONAL DATA
The Service is hosted and operated in the United States (“U.S.”), with development, support and maintenance operations in other countries (and hosting soon to come in the European Union (“EU”), through Accrualify and its service providers. If you do not reside in the U.S., laws in the U.S. (and other countries) may differ from the laws where you reside. By using the Service, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Accrualify in the U.S. and will be hosted on U.S. servers, and you authorize Accrualify to transfer, store, host and process your information to and in the U.S., and possibly other countries. You hereby consent to transfer of your data to the U.S. pursuant to, at Accrualify’s discretion, the details of which are further set forth below, or the standard data protection clauses promulgated by the EC, a copy of which can be obtained at
EU PERSONAL DATA
If you are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your Personal Data, as further described below. Accrualify will be the controller of your Personal Data processed in connection with the Service, unless you access the Service through an enterprise account, or other Accrualify account that is controlled by a third party (e.g. your employer).
ACCRUALIFY GDPR COMPLIANCE
Accrualify is committed to compliance with the General Data Protection Regulation (GDPR), a new EU data privacy regulation that will go into effect May 25, 2018. The regulation is designed to give EU citizens more control over their data and to unify a number of existing privacy and security laws under one comprehensive law.
Our legal and security experts have closely analyzed the requirements of the GDPR and continue to monitor new guidance on best practices for implementing the requirements of the GDPR. We are updating our products, contracts, and policies to ensure that we are in compliance with the GDPR before May 25, 2018. We are also dedicated to helping our customers succeed in complying with the GDPR.
WHAT ACCRUALIFY IS DOING
Accrualify is currently implementing its company-wide GDPR compliance strategy ahead of the May 2018 due date. Below are a few examples of initiatives Accrualify has committed to in order to satisfy GDPR requirements that apply to both Accrualify and our customers:
- Accrualify maintains strict security and compliance protocols which are affirmed through our annual SOC 1 & 2 audit.
- When processing personal data regulated under GDPR, we commit to follow any additional security and privacy measures required under GDPR.
- Where we are transferring personal data outside of the EU, we are committing to appropriate data transfer mechanisms as required by GDPR.
- We are ensuring that applicable users have the ability to access and update their personal data.
- We are notifying regulators, customers, and users of breaches, if applicable, promptly as required by the GDPR.
- We are holding vendors that handle personal data to required data management, security, and privacy practices and standards.
- We are ensuring that Accrualify staff that process Accrualify customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
GENERAL DATA PROTECTION REGULATION FAQS
DOES ACCRUALIFY PROCESS THE PERSONAL DATA OF ITS CUSTOMERS?
WHAT PERSONAL DATA DO WE PROCESS?
For most users, we process data needed to provide our Service which includes their names, e-mail addresses, IP address, financial account information, phone number and physical address.
WHERE DOES ACCRUALIFY STORE AND PROCESS MY DATA?
Our goal is to provide our customers with secure, fast, and reliable services. Today, Accrualify stores data in its AWS data center located in the U.S. In order to bring you world class products, and to provide support and maintenance (e.g. 24×7 support coverage), Accrualify may also allow employees and contractors located outside the U.S. (e.g. in the EU, India, Australia, and Canada) to access to certain data for product development, and customer and technical support purposes. We ensure that all such disclosures are compliant with the law and that all use will be for the limited purpose described.
HOW CAN I MANAGE MY PERSONAL DATA THAT IS STORED BY ACCRUALIFY?
You can contact us directly at privacy@Accrualify.com if you desire to have any of your personal data removed. Please note this may impact your ability to use the Accrualify Service.
DOES ACCRUALIFY ENTER INTO GDPR-COMPLIANT DATA PROCESSING AGREEMENTS (DPA)?
For our customers:
Accrualify will enter into DPAs with our customers who are data controllers and have purchased a subscription to our design collaboration platform via a written agreement.
Accrualify is committed to our customers’ success and the protection of customer data, which is why our customers can count on our commitment to GDPR compliance.
Privacy: You own your data, and we’re committed to protecting your privacy.
Security: Accrualify maintains customer security as our highest priority.
Compliance: We maintain strict standards for achieving legal, regulatory and industry compliance frameworks such as SOC and PCI.
EU-U.S. and Swiss-U.S Privacy Shield Participation
Accrualify adheres to the Privacy Shield Principles of (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access and (7) Recourse, Enforcement and Liability (collectively, the “Privacy Shield Principles”).
As further set forth in the Privacy Shield Principles, we remain potentially liable if a third party processing Personal Data received from the EU or Switzerland on our behalf processes that Personal Data in a manner that is inconsistent with the Privacy Shield Principles (unless we can prove that we are not responsible for the event giving rise to the damage). Accrualify is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to any failure to comply with the Privacy Shield Principles. EU or Swiss individuals with inquiries or complaints regarding U.S. privacy practices should contact us at email@example.com.
Accrualify commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship, as well as the rights of Swiss individuals.
NOTICE OF WHAT INFORMATION WE COLLECT AND HOW WE USE IT
Types of Personal Data We Collect
Accrualify collects Personal Data about you when you provide it directly to us, when third parties such as our business partners (e.g. companies with whom we integrate our Service), or when Personal Data about you is automatically collected in connection with your use of our Service. We collect the following Personal Data from you in connection with the Service:
Contact Information: information we collect to identify or contact you, such as your first and last name, email address, phone number, and occasionally, physical address. For example, this is the basic information that we collect when you register to be a user in our administrative procure to pay Service.
Financial Account Information: If you are receiving or sending payments through the Service in any capacity, we will collect financial information in order to provide the Service. This information may include the following: bank account number, bank account title, bank name, branch location, routing number, Iban number, Swift code and/or any other data needed to facilitate payment.
Transaction Information: information related to transactions you conduct on the Service, including any payments made or received, and your interactions with the Service.
User Account Information: information that identifies you to the Service, such as your user name, email address, password, and IP address. For example, we use this information to authenticate you when you log in to the Service, and use the IP address to help maintain your web session security while using the Service.
Log Data: information automatically recorded by the Service about how a person uses our Service, such as IP addresses, device and browser type, operating system, the pages or features of our Website or Service to which a user browsed, the time spent on those pages or features, the frequency with which the Service is used by a user, the links on the Service that a user clicked on or used, and other statistics.
We also collect usage and performance information that is not Personal Data or that we aggregate or de-identify so that it no longer personally identifies an individual. We also associate some data that is not Personal Data with Personal Data.
We collect Personal Data when a user (i) creates an account (a “User Account”); (ii) logs into the Service; (iii) interacts with the Service; (iv) communicates with us; and (v) responds to a communication or interaction from us. Some of the methods and tools we use to collect Personal Data are:
Unique Identifiers: We use unique identifiers such as cookies, e-mail or your pseudonymized customer ID to track individual usage behavior on our Service, such as the length of time spent on a particular page and the pages viewed during a particular log-in period. Unique identifiers collect information about a user’s use of our Service on an individual basis.
Cookies: Like many websites, we collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Service. Cookies can either be “session cookies” or “persistent cookies”. Session cookies are temporary cookies that are stored on your device while you are visiting our Website or using our Service, whereas “persistent cookies” are stored on your device for a period of time after you leave our Website or Service. We use persistent cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our Service, and how your use of the Service varies over time. We also use persistent cookies to measure the effectiveness of advertising efforts. Through these cookies, we may collect information about your online activity after you leave our Service.
Use of Personal Data
Accrualify uses Personal Data to: (i) make and/or receive payments, (ii) provide and administer our Service; (iii) fulfill requests you make; (iv) protect, investigate, and deter against fraudulent, harmful, unauthorized, or illegal activity and (v) comply with legal obligations.
For example, we use Personal Data to:
- Make and receive payments
- Operate the Service
- Learn more about our users and their behaviors
- Facilitate communications among and between users
- Provide user support
- Communicate with users regarding support, security, technical issues, commerce, marketing, and transactions
- Facilitate marketing, advertising, surveys, contests, sweepstakes, and promotions
- Administer the Service, User Accounts, and transactions with respect to User Accounts
- Enforce our contracts, administering and carrying out our obligations under contracts, and complying with the law
- Complete corporate transactions such as mergers, sales of assets, or bankruptcies
We will only use your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
- Contractual Necessity: We process the following categories of Personal Data because we need to process the data to perform under our Service:
- Contact Information
- User Account Information
- Financial Account Information
- Transaction Information
- Legitimate Interest: We process the following categories of Personal Data when we believe doing so furthers the legitimate interest of us or third parties:
- Contact Information
- Financial Account Information
- User Account Information
- Transaction Information
- Log Data
Examples of these legitimate interests include:
- Operation and improvement of our business, products, and services
- Marketing of our products and services
- Provision of customer support
- Protection from fraud or security threats
- Compliance with legal obligations
- Completion of corporate transactions
Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
HOW AND WITH WHOM DOES ACCRUALIFY SHARE PERSONAL DATA?
We share Personal Data with vendors, third party service providers, and agents who work on our behalf and provide us with services related to the Service. These parties include:
- Third parties who act for us or provide services for us, such as payment processing, maintenance, sales, marketing, administration, support, data enrichment, hosting, and database management services
- Outside professional advisors (such as lawyers and accountants) for purposes related to the operation of our business such as auditing, compliance, and corporate governance
- Accrualify Affiliates, including persons or entities that acquire some or all of Accrualify or our assets
- Co-sponsors and presenters of webinars and events that you attend
We also share Personal Data with third party service providers and agents when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested.
We also share Personal Data when we believe it is necessary to:
- Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
- Protect us, our business or our users, or third parties, for example to enforce our terms of service, prevent spam or other unwanted communications and investigate or protect against fraud
- Maintain the security of our products and services
We also share information with third parties when you have given us consent to do so.
Use of Third-Party E-mail Address
If you register for the Service using an e-mail address that we recognize to be either a part of a third-party enterprise account for the Service (an “Enterprise Account”) or a potential enterprise Service purchaser (for example, your employer’s) (each, an “E-Mail Holder”), we may provide your name and email address to the E-Mail Holder and their administrator. In some cases, we will also consolidate your account(s) with the accounts of the E-Mail Holder and we provide your E-Mail Holder and their administrator with access to your User Account information. This may happen when the E-Mail Holder’s account is established after you register for your individual User Account. We make these transfers to allow users who are part of a larger organization to take advantage of the special features and security enjoyed by our enterprise Account holders, and in order to help you and your organization comply with its internal security and email usage obligations. Please note that all accounts for the Service, and all applicable subaccounts (which may include your User Account), are controlled by the account administrator.
YOUR PRIVACY CHOICES (Opt Out)
To opt out of having your personal information stored please email firstname.lastname@example.org. Please keep in mind to use the Service certain information is required and you will be notified if you are unable to continue using the services upon your request.
Our Cookie Management Tool: We also allow you the ability to opt out of certain types of Cookies by clicking on the cookie banner when you first enter the applicable website (for EU and Swiss users).
Emails: We will give you the ability to opt-out of marketing-related emails by specifically emailing email@example.com, or clicking on a link at the bottom of each such email. You cannot opt-out of receiving certain non-marketing emails regarding the Service.
When we transfer your information to third party companies (e.g. analytics or web hosting vendors), we will ensure they maintain the same level of security as us.
We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. We use commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption in transit, data encryption at rest, and enforcement of least privilege and need-to-know principles.
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with the Service. In some cases we retain Personal Data, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. Upon disposal, we will destroy or render unreadable any such Personal Data. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
WHAT RIGHTS AND CHOICES DO YOU HAVE REGARDING YOUR PERSONAL DATA?
Accessing, Correcting, and Deleting Your Personal Data and Other Data Subject Rights
You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date. We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question. In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days (or less!).
If you are an Accrualify account holder, you can accomplish most of the following by logging into your User Account or, for those using enterprise accounts, by contacting your account administrator. You can also contact us directly at firstname.lastname@example.org if you have any additional requests or questions:
Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure: You can request that we erase some or all of your Personal Data from our systems. Please note that if you request the deletion of information required to provide the Service to you, your User Account will be deactivated and you will lose access to the Service.
Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible. For the following, please email us at email@example.com:
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Service.
Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for marketing purposes.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
You also have the right to lodge a complaint about Accrualify’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, you can also submit your complaint to Privacy Trust, an independent third party. Visit https://www.privacytrust.com/drs/accrualify to file a complaint.
Finally, as a last resort and in limited situations, EU or Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
Closing Your Account
You may close an account, and upon termination of your User Account, we will take reasonable steps to provide, modify, or delete your Personal Data as soon as is practicable. However, Accrualify may nevertheless retain your Personal Data to protect the business interests of Accrualify, Accrualify Affiliates, vendors, and other users, and some information may remain in archived/backup copies for our records or as otherwise required by law. Those interests include without limitation the completion of transactions, maintaining records for financial reporting purposes, complying with our legal obligations, resolving disputes, and enforcing agreements.
CALIFORNIA PRIVACY RIGHTS (CCPA)
This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement of ACCRUALIFY, INC. and its subsidiaries (collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||NO|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||NO|
|G. Geolocation data.||Physical location or movements.||NO|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||NO|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
- Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
- Directly and indirectly from activity on our website (www.app.accrualify.com). For example, from submissions through our website portal or website usage details collected automatically.
- From third-parties that interact with us in connection with the services we perform. For example, from government agencies when we prepare readiness assessments for projects that receive government funding.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order for us to prepare a tax return, we will use that information to prepare the return and submit it to the applicable taxing authorities.
- To provide you with information, products or services that you request from us.
- To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis and product development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category I: Professional or employment-related information.
We disclose your personal information for a business purpose to the following categories of third parties:
- Our affiliates.
- Service providers.
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
In the preceding twelve (12) months, we have not sold any personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 650-437-7225.
- Visiting accrualify.com
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
ENFORCEMENT AND RECOURSE
If you are unhappy with how we deal with your complaint, or the outcome, you may invoke binding arbitration or refer your complaint to a data panel.
In compliance with the Privacy Shield Principles, Accrualify commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Accrualify at firstname.lastname@example.org.
Accrualify has further committed to refer unresolved Privacy Shield complaints to PrivacyTrust, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.privacytrust.com/drs/accrualify for more information or to file a complaint. The services of PrivacyTrust are provided at no cost to you.
Our Service is not intended for children under the age of 18 (16 in the EU), and therefore, Accrualify does not knowingly acquire or receive Personal Data from children under the age of 18 (16 in the EU). If we later learn that any user of our Service is under the age of 18 (16 in the EU), we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.
WHAT IF YOU HAVE QUESTIONS REGARDING YOUR PERSONAL DATA?