“Personal Data” in this Addendum has the same meaning as “personal information” in the California Consumer Privacy Act (Cal. Civ. Code Ann. § 1798.140(v)).
Collection and Use of Personal Data
In particular, we may have collected the following categories of Personal Data from consumers within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
B. Personal information categories.
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information
A profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We obtain the categories of Personal Data listed above from the following categories of sources:
Directly from you.For example, from forms you complete or purchases you make.
Indirectly from you. Forexample, from collecting data, such as device and browser information, and usage data, based on your actions on our Website.
From third party or public or commercially available sources or from companies that partner with us.This may include information we receive from our advertising and market research partners, who may provide us with information about your interest in and engagement with our online advertisements.
Disclosure or Sale of Personal Data
Processors or other service providers
Cookie data recipients (See Cookies Policy)
We may also disclose your Personal Data to third parties when you explicitly ask or authorize us to do so, in order to provide you with certain services. For example, if you choose to participate in the hearing test within the Nothing X app, we make certain Personal Data available to our third-party partner, Mimi Hearing Technologies GmbH, to provide you with personalized sound function.
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We do not sell, and in the preceding twelve (12) months we have not sold, any Personal Data.
Opt-Out of Disclosure, Sharing or Sale: If you are age 16 or older, you have the right to opt out of the sale of your Personal Data or the sharing of your Personal Data by making your request through firstname.lastname@example.org visit https://us.nothing.tech/pages/contact-support. In accordance with CCPA, we do not knowingly sell or share the Personal Data of individuals between the ages of 13-15, without the individual’s express consent, or under the age of 13, without the express consent of the individual’s parent or guardian.
You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Data provided in an opt-out request to review and comply with the request.
Right to Limit Use or Disclosure of Sensitive Personal Data: You have the right to limit the use or disclosure of your sensitive Personal Data to uses which are:
necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services,to help ensure the security and integrity of the Personal Data
for short-term, transient use, provided that the Personal Data is not disclosed to another party and is not used to build a profile about you or otherwise alter your experience, performing services on our behalf, or undertaking activities to verify or maintain the quality or safety of a service or device that is owned by us, or improve, upgrade, or enhance the said service or device.
Sensitive Personal Data includes account log-in information, credit card numbers in combination with security codes, passwords, or credentials to access said account or use said credit card, precise geolocation, racial origin, mail, email, or text message content, unless we are the intended recipient thereof, or genetic data. Personal Data that is collected or processed without the purpose of inferring characteristics about you is not subject to this section. You can make requests to limit use or disclosure of sensitive Personal Data through email@example.com if you believe we are using your sensitive Personal Data beyond what is allowable under the law.
Do Not Track: At this time, we are not aware of worldwide uniform or consistent industry standards or definitions for responding to, processing, or communicating “Do Not Track” signals. Accordingly, our services may be unable to respond to “Do Not Track” requests from browsers.
Right to Correct or Delete: You have the right to request that we delete any of your Personal Data that we collected from you and retained and to request that we correct any inaccurate Personal Data about you that we retain, subject to certain exceptions, by making your request through firstname.lastname@example.org. Once we receive and confirm your verifiable deletion request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.
We may deny your deletion request if retaining the Personal Data is necessary for us or our service provider(s) to:
Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;
Exercise free speech rights, ensure the right of another to exercise their free speech rights, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.) or similar state law(s);
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when deletion of the information may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
Comply with a legal obligation; or
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Once we receive and confirm your verifiable correction request, we will correct your Personal Data in our records (and direct our service providers to correct such information in their records), unless an exception applies.
In determining the accuracy of the Personal Data that is the subject of a request to correct, we shall consider the totality of the circumstances relating to the contested Personal Data and may deny a request to correct if we determine that the contested Personal Data is more likely than not accurate, based on the totality of the circumstances.
We may require a party making a request to correct to provide documentation supporting such request, if necessary to rebut our documentation that the Personal Data that is the subject of such request is accurate.
We may delete contested Personal Data, as an alternative to correcting the information, if the deletion of the Personal Data does not negatively impact the party making such request to correct or if such party consents to the deletion.
We may deny a party’s request to correct if we previously denied that party’s request to correct the same alleged inaccuracy within the past six (6) months of receiving the latter request.
We may deny a request to correct based on our good-faith, reasonable, and documented belief that such request to correct is fraudulent or abusive.
In responding to a request to correct, we will inform the party making such request whether we complied with the request and, if we do not, explain the basis for declining to do so.
Non-Discrimination: We will not discriminate against you for exercising any of your rights described herein. Unless permitted by law, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
The categories of Personal Data we collected about you.
The categories of sources for the Personal Data we collected about you.
Our business or commercial purpose for collecting or selling that Personal Data.
The categories of third parties with whom we share that Personal Data.
If we sold or disclosed your Personal Data for a business purpose, two separate lists disclosing:
sales, identifying the Personal Data categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained.
The specific pieces of Personal Data we collected about you (also called a data portability request).
4. Exercising Access, Data Portability, and Deletion and Correction Rights
We will only respond to verifiable requests related to your Personal Data coming from you, or someone legally authorized to act on your behalf. You may also make a verifiable request on behalf of your minor child.
Such request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative of that person.
Communicate your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm that the relevant Personal Data relates to you.
Making such a verifiable request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Data associated with that specific account.
We will only use Personal Data provided in such a verifiable request to verify the requestor's identity or authority to make the request.
Response Timing and Formats
We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide may only cover the 12-month period preceding our receipt of the verifiable request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is commonly used and should allow you to transmit the information from one entity to another entity without undue hindrance.
California Shine the Light Law
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request a list of all third parties to which we have disclosed certain of their Personal Data for direct marketing purposes. You may make one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. Please allow up to thirty (30) days for a response. To make such a request, please send an email to email@example.com or write us at: Nothing Technology Limited, 4th Floor, 32-38 Saffron Hill, London, United Kingdom, EC1N 8FH.