Effective Date: June 15, 2021
Information We Collect.
We collect two types of information from you when you use the Services, or otherwise interact with Us: (1) “personally identifiable information” (as defined below) and (2) “non-personally identifiable information” (as defined below). Certain information is required to provide the Services. If you do not provide certain information, or request we delete certain information, you may no longer be able to use the Services.
Personal Identifiable Information (“PII”)
Personally identifiable information includes, but is not limited to, your first and last name, date of birth, demographic information such as gender, email address, and telephone number. You may also create a username or otherwise provide/create login credentials to utilize the Services, which will be associated with you. We may also associate information about your account with you, including but not limited to your preferences, usage history, and related information.[AG3]
Non-Personally Identifiable Information (“NPII”)
Non-Personally Identifiable Information can be technical information or aggregated, non-identifiable, or anonymized information. NPII does not identify you personally. If you provide Us with NPII, We may use it for the purposes described in this statement or any other legal purpose.
Automatic collection of NPII
When you download or use the Services, We automatically collect certain information by automated or passive means using a variety of technologies described below. We use these technologies across Our Services to enhance your user experience. These technologies may allow Us to personalize your online experience, recognize you as a previous visitor, save your user preferences, and/or maintain your login and password information on secure portions of Our Services. We also use these technologies to analyze how users use Our Services and to monitor the performance of the Services, including the App. To be clear, We do not combine the general information collected through these technologies with other personal information such as to render you identifiable[AG4] .
When you utilize the Services, We automatically collect certain information about your device, browsing actions, and patters, including but not limited to:
- information about your device and internet collection, including your web browser, IP address, operating system, platform type (such as Apple iOS or Android), time zone, geolocation, and cookies installed on your device;
- details of your visits and use of Our Services, including what websites or search terms referred you to the Services; the number of clicks on a feature; the amount of time spent on the Services; and information about how you interact with the Services. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- Cookies.A cookie is a small data file placed on your device or computer by Us or Our third-party vendor service provider(s) and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- Log files. Log files track actions occurring on the Services and collect data, including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- Web beacons, tags, and pixels. These are electronic files used to record information about how you use the Services.
- Necessary Cookies: These cookies are essential to the functionality of the Services in order to facilitate your use of the Services and their features, and in order to enable you to move around the Services smoothly. Without these cookies, We may not be able to provide certain services or features, and the Services will not properly function. Unfortunately, these cookies cannot be disabled or modified, which is why We refer to these as “Necessary.”
- Analytics and Reporting Cookies: We and Our third-party vendor service providers may use analytics cookies, which are sometimes called reporting cookies, to collect information about your use of the Services in order to enable Us to improve the way it works and prepare statistical analysis of such data. The information gathered via analytics cookies allows Us to see the overall patterns of usage of the Services, helps Us record any difficulties you have with the Services, and shows Us whether Our advertising is effective or not.
- Advertising cookies: We use advertising cookies to tailor marketing to you and your interests and provide you with a more personalized service in the future. These cookies remember that you visited Our Website, and We may share this information with third-parties, such as advertisers. Although these cookies can track your device’s visits to Our Website and other sites, they typically cannot personally identify you. Without these cookies, the advertisements that you see may be less relevant and interesting to you. For example, We use Facebook Custom Audiences to deliver targeted advertisements. If you have questions, you may obtain more information about Facebook’s policy privacy, which can be found at https://www.facebook.com/policy.php. We also use Google and Bing to deliver targeted advertisements. You may obtain more information about these sites’ privacy policies at:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.&...; For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
- Social and Content cookies: Many social media plugins use social and content cookies (for example, the Facebook ‘like’ button), and other tools meant to provide or improve the content on a website. We integrate these modules into Our Services to improve the experience of browsing and interacting with Our Services. Please note that some of these third party services place cookies that are also used for things like behavioral advertising, analytics, and/or market research.
If you have an account and you log in to this Site, We will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, We will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.[AG6]
How do I accept or reject cookies?
You can choose to disable or enable cookies at any time on your browser or on your device.
Your browser or device can be set to notify you of the cookies that are deposited and ask you to accept them or not. You can accept or reject cookies on a case-by-case basis or reject them consistently once and for all. We remind you that the refusal of cookies is likely to modify your conditions of access to Our Services. In order to manage the cookies as close as possible to your expectations, We invite you to set your settings taking into account the purpose of the cookies as mentioned above.
For the management of the cookies and your choices, the configuration of each browser is different. We suggest consulting the Help section of your browser or taking a look at the website AboutCookies.org, which offers guidance for all modern browsers.
Do Not Track.
Please note that We do not alter Our Services’ data collection and use practices when We see a Do Not Track signal from your browser.
Use and Disclosure of Personal Information.
TOME currently, and/or may in the future, collect, use, and disclose your Personal Information as authorized or required by law and/or for any or all of the following purposes:
- Communicate with you;
- Fulfill a service or a service request to you;
- Establish and verify your identity;
- Create your account and allow you to utilize our App;
- Protect and improve Our services;
- Offer updates, notices, and other information about products or services available from TOME as permitted by law;
- Respond to your questions, inquires, comments, and instructions;
- When in line with the preferences you have shared with us, provide you with information or advertising relating to Our products or services;
- Deliver personalized information to you about products that you have viewed or expressed interest in through retargeting techniques;
- Comply with applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in investigations conducted by law enforcement or any governmental and/or regulatory authority;
- Statistical purposes to help improve the functioning and availability of the Services;
- Notify you of any known breach of your Personal Information;
- Any other related purposes that would reasonably be expected for which you provided the information in accordance with consent obtained from you and in accordance with applicable law.
These purposes may continue to apply even in situations where your relationship with Us has been terminated or altered in any way. In such cases, We may still retain Personal Information relating to you and use or disclose such information for legal and/or business purposes, including for compliance with applicable law.
Sharing your Personal Information.
We share your Personal Information with third parties for the purposes described above.
We may also share your Personal Information with a third party in the event of a proposed or actual purchase, sale (including a liquidation, realization, foreclosure or repossession), lease, merger, amalgamation or any other type of acquisition, disposal, transfer, conveyance or financing of all or any portion of Our business in order for you to continue to receive the same or similar products and services. In these circumstances, personal information may be shared with the actual or prospective purchasers or assignees, or with the newly acquired business.
How We protect your personal information.
We use commercially reasonable technical, administrative, and physical controls and best practices to protect your personal information; however, since the internet is not a 100% secure environment, We cannot ensure the security of personal information during its transmission between you and us. Accordingly, you acknowledge that when you transmit such personal information, you do so at your own risk. Nevertheless, We strive to protect the security of your information and periodically review and enhance Our information security measures. We will notify you of any confirmed security breach of your personal information to the extent required by and in accordance with local laws.
If We forward Personal Information to any third party, We require that those third parties have appropriate technical and organizational measures in place to comply with applicable laws.
Communicating with you electronically.
By using the Services and providing your Personal Information, you agree that We can communicate with you electronically. This includes any required notifications (i.e. legal, technical, regulatory, security, privacy) relating to your use of the Services.
Where required, We will seek your express consent to send electronic messages. You may withdraw your consent by using the “unsubscribe” link located at the bottom of Our messages, contacting Us at the address listed below, or by emailing firstname.lastname@example.org.
Children under the Age of 13.
The Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information via the Services, download or utilize the App, make any purchases through the Services, or provide any information about yourself to Us.
Rights of California Residents.
You have the right under the CCPA to exercise free of charge:
- Disclosure of Personal Information We Collect About You
- You have the right to know:
- The categories of personal information We have collected about you;
- The categories of sources from which the personal information is collected;
- Our business or commercial purpose for collecting or selling personal information;
- The categories of third parties with whom We share personal information, if any;
- The specific pieces of personal information We have collected about you.
Please note that We are not required to:
- Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
- Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
- Provide the personal information to you more than twice in a 12-month period.
- Disclosure of Personal Information Sold or Used for a Business Purpose
In connection with any personal information We may sell or disclose to a third party for a business purpose, you have the right to know:
- The categories of personal information about you that We sold and the categories of third parties to whom the personal information was sold; and
- The categories of personal information that We disclosed about you for a business purpose.
- Right to Opt-Out of the Sale of Personal Information
Under the CCPA, you have the right to opt-out of the sale of your personal information. Please be aware that We are not currently in the business of selling personal information; however, if you exercise your right to opt-out of the sale of your personal information, We will add you to a “Do Not Sell List.”
- Right to Deletion
You have the right to request that We delete any of your personal information that We collected from you and retained, subject to certain exceptions. Once We receive and confirm your verifiable consumer request, We will delete (and direct Our service providers to delete) your personal information from Our records, unless an exception applies.
Please note that We may not delete your personal information if it is necessary to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of Our ongoing business relationship with you, or otherwise perform a contract between you and us;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- Debug to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when Our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided We have obtained your informed consent;
- Enable solely internal uses that are reasonably aligned with your expectations based on the your relationship with us;
- Comply with an existing legal obligation; or
- Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
- Protection Against Discrimination
You have the right to not be discriminated against by Us because you exercise any of your rights under the CCPA. This means We cannot, among other things:
- Deny goods or services to you;
- Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Provide a different level or quality of goods or services to you; or
- Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that We may charge a different price or rate, or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to you by your personal information.
Requests to Know, Requests to Delete, and Do-Not Sell (Opt-Out) Requests* may be submitted by either:
*Please note that We are not in the business of selling personal information.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows Us to reasonably verify you are the person about whom We collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if We cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If We require more time (up to 90 days), We will inform you of the reason and extension period in writing. If you have an account with us, We will deliver Our written response to that account. If you do not have an account with us, We will deliver Our written response by mail or electronically, at your option. Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell you why We made that decision and provide you with a cost estimate before completing your request.
Categories of Personal Information Collected
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). In particular, We have collected the following categories of personal information from consumers within the last twelve (12) months:
|Category||Examples||Collected (Yes or No)|
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||Y|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Y|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||N|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||N|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||N|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||Y|
|G. Geolocation data.||Physical location or movements.||N|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||N|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||N|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||N|
|K. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Y[AG8] |
Personal Information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Sources of Information Collected
We collect most of this personal information directly from you in person, by telephone, text, or email, and/or via Our Services. However, We may also collect information:
- from cookies on Our Services; and
- via Our IT systems, including automated monitoring of Our Services and other technical systems, such as Our computer networks and connections, communications systems, and email and instant messaging systems.
Purposes of Collecting Information
We process personal information for the purposes listed above. We will not collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may sell or disclose your personal information to a third party for a business purpose. When We sell or disclose personal information for a business purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
- In the preceding twelve (12) months, We have sold or disclosed the following categories of personal information for a business purpose:
- Categories A-K in the above table.
- We disclosed your personal information for a business purpose to the following categories of third parties:
- TOME affiliates;
- App stores and other marketplaces;
- Service providers and independent contractors We use to help deliver Our services;
- Other third parties We use to help Us run Our business, such as marketing agencies, website hosts, technical security solutions;
- Third-parties approved by you, including social media sites you choose to link your account to or third-party payment providers;
- Our insurers and brokers; and
- Our banks.
We may disclose your personal information in response to subpoenas, court orders, or other lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information in order to enforce or apply Our rights and agreements, or when We believe in good faith that disclosing this information is necessary or advisable, including, for example, to protect the rights, property, or safety of Our businesses, Our Websites, Our customers, Our users, or others, as permitted under the applicable laws, or as otherwise required by law or by government and regulatory entities. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
Changes to Our California Privacy Disclosures
We reserve the right to amend these California specific privacy disclosures at Our discretion and at any time. When We make changes to these privacy disclosures, We will notify you by email or through a notice on Our website homepage.
How to Contact Us
Rights of European Residents.
Additionally, if you are a European resident We note that We are processing your information in order to fulfill contracts We might have with you or otherwise to pursue Our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to the United States.
Rights under the GDPR
You have a number of rights under the GDPR in relation to your Personal Data, namely:
- The right of access pursuant to Art. 15 GDPR. You have the right to obtain from Us confirmation as to whether or not Personal Information concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Information and the manner in which, and the purposes for which We process your Personal Information, so that you can verify its accuracy and the lawfulness of the processing.
- The right to rectification pursuant to Art. 16 GDPR. You have the right to obtain from Us the rectification of inaccurate Personal Information concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- The right to erasure pursuant to Art. 17 GDPR. You have the right to obtain from Us the erasure of your Personal Information where :(a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where We have another legal ground for the processing that We may rely on); (c) where processing is based on Our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
- The right to restriction of processing pursuant to Art. 18 GDPR. You have the right to obtain from Us the restriction of processing of your Personal Information where: (a) the accuracy of such Personal Information is contested by you (for such period as will enable Us to verify the accuracy of your Personal Information); (b) the processing of your Personal Information is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that We no longer need your Personal Information for the purposes of the processing, but require such Personal Information for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Information on grounds of “legitimate interest” as per (c) above, pending verification by Us on whether Our legitimate grounds override your own.
- The right to objection pursuant to Art. 21 GDPR. You have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Information, which is based on point Our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Information unless We have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Information or direct marketing purposes at any time, without giving reason.
- The right to data portability pursuant to Art. 20 GDPR. You have the right to receive Personal Information concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where Our processing of your Personal Information is based on your consent, and the processing is carried out by automated means).
- The right to appeal to a competent data protection supervisory authority (Art. 77 GDPR). You have the right to appeal to the competent data protection supervisory authority in your country.
Please note that any processing of your Personal Information prior to the deletion of your account with Us, or your request that We no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.
You can exercise any of your rights as stated above, by sending Us a request to email@example.com. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.