California residents (“you” or “your” for purposes of this “California Residents: Your Rights” section of the privacy policy) have specific rights regarding your personal information under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) on January 1, 2023, (collectively referred to herein as the “CPRA”). This section supplements the information contained in the other sections of the Gearset Privacy Policy privacy policy. This section describes your CPRA rights and explains how to exercise them. The CPRA and this section of the privacy policy apply to information collected both online and offline.
Please note that the CPRA does not apply to certain categories of personal information and our processing of CPRA-exempt categories of information may not be addressed below. Additionally, our privacy practices with respect to the personal information of employees and job applicants are not addressed below. Finally, this CPRA section of the privacy policy only addresses Gearset’s practices to the extent Gearset acts as a “business” under the CPRA.
You have the right to know the categories of personal information Gearset has collected, disclosed, sold or shared about consumers within the last twelve (12) months. The chart below contains this information.
| Category | Examples | Collected? | Source | Purpose of Collection | Categories of Third Parties to Whom Disclosed | Categories of Third Parties to Whom Sold/Shared |
|---|---|---|---|---|---|---|
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | YES | Directly from you; Indirectly from your activity on our website; From integrated third party services you use in conjunction with Gearset (e.g. OAuth provider, Salesforce); From third party hosts or organisers of events that you attend. | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website. | To our service providers so they may help us provide our services. | None |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, address, telephone number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. | YES | Directly from you; Indirectly from your activity on our website; From integrated third party services you use in conjunction with Gearset (e.g. OAuth provider, Salesforce); From third party hosts or organisers of events that you attend. | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website. | To our service providers so they may help us provide our services. | None |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO | N/A | N/A | N/A | N/A |
| D. Commercial information. | Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES | Directly from you; Indirectly from your activity on our website; From integrated third party services you use in conjunction with Gearset (e.g. OAuth provider, Salesforce). | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website. | To our service providers so they may help us provide our services. | None |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | N/A | N/A | N/A | N/A |
| F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES | Indirectly from your activity on our website. | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website. | To our service providers so they may help us provide our services. | None |
| G. Geolocation data. | Physical location or movements. | NO | N/A | N/A | N/A | N/A |
| H. Sensory data. | Audio, electronic, visual, or similar information. For example, recording of customer service calls. | YES | Directly from your phone or video call. | To improve our customer service or provide you with technical support. | To our service providers so they may help us provide our services. | None |
| I. Professional or employment-related information. | Current or past job history. | YES | Directly from you; Indirectly from your activity on our website; From integrated third party services you use in conjunction with Gearset (e.g. OAuth provider, Salesforce). | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website. | To our service providers so they may help us provide our services. | None |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO | N/A | N/A | N/A | N/A |
| K. Inferences drawn from other personal information. | Profile reflecting a person’s interests and preferences. | YES | Directly from you; Indirectly from your activity on our website; From integrated third party services you use in conjunction with Gearset (e.g. OAuth provider, Salesforce). | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website. | To our service providers so they may help us provide our services. | None |
| L. Sensitive Personal Information. | As defined in Cal. Civ. Code § 1798.140(ae). | NO | N/A | N/A | N/A | N/A |
We will retain each category of personal information we collect for the time period required to fulfill the legitimate business purposes for which it was collected and to engage in the disclosure practices outlined in this notice, unless a different retention period is required by applicable law, or to otherwise fulfill a legal obligation or protect our legal rights.
You have the right to request that Gearset disclose certain information to you about our collection, use, disclosure and sale of your personal information. Once we receive and confirm your request, to the extent you have requested them, we will disclose to you:
You have the right to request that Gearset correct any inaccurate personal information we have collected and maintain about you.
You have the right to request that Gearset delete any of the personal information we have collected and maintain about you, subject to certain exceptions. Once we receive and confirm your request, we will either delete, de-identify, or aggregate your personal information, unless a CPRA exception such as those listed below applies, and we or our service provider(s) need the information to:
Gearset does not sell or share personal information as those terms are defined by the CPRA.
Gearset does not use or disclose sensitive personal information for purposes other than those specified in section 7027(m) of the CPRA modified proposed regulations, as currently drafted.
To exercise your rights to know, correct, and delete under the CPRA please submit a request by emailing us at [email protected].
Only you, or someone legally authorized to act on your behalf (i.e., your authorized agent), may make a request related to your personal information. Gearset may require an agent to provide verification that they are acting on your behalf when they submit a request related to your personal information.
All requests to know, correct, or delete (whether made by you or an authorized agent) must (1) provide sufficient information for us to reasonably verify you by providing two to three pieces of personal information which we will match with personal information we maintain in our records, and (2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Gearset will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not:
Gearset provides consumers the right to appeal any decisions we make regarding consumer requests to know, correct, or delete. You may appeal any decision within 30 days of receiving notice of the decision.
Gearset Limited Attn: Legal Team The Bradfield Centre Cambridge Science Park Rd Cambridge, CB4 0GA, UK [email protected]