ROI Rocket: U.S. State-Specific Disclosure
Last Updated: December 4, 2024
Some U.S. state privacy laws require us to inform residents about additional privacy disclosures and rights. This U.S. State-Specific Disclosure (“U.S. State-Specific Disclosure“) supplements the ROI Rocket Privacy Notice and applies solely to individuals who reside in the States of California, Colorado, Connecticut, Oregon, Texas, Utah, and Virginia (“consumers” or “you“).
As used in this U.S. State-Specific Disclosure, the term “personal data” (a) has the meaning provided under the Colorado Privacy Act (“CPA“); Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA“); the Oregon Consumer Privacy Act (“OCPA“); Texas Data Privacy and Security Act (“TDPSA“); Utah Consumer Privacy Act (“UCPA“); and the Virginia Consumer Data Protection Act (“VCDPA“); and (b) also includes “personal information” as such term is defined under the California Consumer Privacy Act (“CCPA“), in each case, as such laws in (a) and (b) are amended from time to time (collectively, the “U.S. State Privacy Laws“). Any other capitalized but undefined terms shall have the meanings set forth in the ROI Rocket Privacy Notice.
1. General Overview
This U.S. State-Specific Disclosure is designed to provide you with additional information on how we handle your data and inform you of additional rights that you may have.
- We explain the categories of data we collect, where we collect it from, and the purpose for which we collect it.
- We explain how we sell or share your data and the category of third party we share it with.
- We explain your data subject rights, including how to exercise them.
2. What data about me is collected, from where, and what is the purpose and use of the collection?
We recommend you carefully review the ROI Rocket Privacy Notice for the types of data we collect and how we use it. In addition, as required under U.S. State Privacy Laws, we have identified below the categories of personal data we’ve collected, the source, and purpose from the last 12 months and we will continue to collect in the next 12 months.
| Description | Examples | Source | Purpose | Disclosure for Business Purpose or Sale / Sharing |
|---|---|---|---|---|
| Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers. |
|
1, 2, 4, 5, 6 |
|
| More sensitive information. | Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, and pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information). |
|
1, 2, 4, 6 |
|
| Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
|
1, 2, 3, 4, 5, 6 |
|
| Internet or other similar network activity. | Browsing history, search history, or information on a consumer’s interaction with a website, application, or advertisement. |
|
2, 3, 4, 5, 6 | |
| Geolocation data. | The city, state, and/or country derived from your IP address. |
|
1, 2, 3, 4, 5, 6 |
|
| Sensory data. | Electronic, or similar information. |
|
1, 2, 6 |
|
| Professional or employment-related information. | Current or past job history, performance evaluations, or to validate your self-reported employment information. |
|
1, 2, 6 |
|
| Education information. | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
|
1, 2, 6 |
|
| Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes. |
|
1, 2, 3, 4, 5, 6 |
|
| Usage Information. | information about the devices used to access the Website (including IP addresses), the dates and times of Website visits, and the clickstream data of the users accessing the Website. |
|
3, 4, 5, 6 |
|
| Profile Information. | We may use some of the information described above in addition to your username and password. |
|
1, 2, 3, 6 |
|
| * We may use certain standard web measurement and tracking technologies such as “cookies” (which are small text files stored by your Internet browser), web server logs, or other statistics programs to collect Usage Information, and track and record how you use the Website or other measure other statistics. We may also use third-party analytics on the Website, including Google Analytics and/or Accelerize. For more information about Google Analytics’ or Accelerize’s privacy practices, please review their privacy policies below: https://policies.google.com/technologies/partner-sites https://getcake.com/privacy-policy |
||||
|
Source Explanation Directly from You. For example, from the forms you complete on our Website, including when you sign up with us or preferences you express or provide through our Website. Indirectly from You. For example, through cookies we or our service providers set on your device as you navigate through our Website or otherwise collect as you navigate through the Website. Third Parties. We may collect your information from third parties such as our clients, service providers, business partners, and through publicly available means. For example, third parties who help us provide the Website including our payment processors, advertising, and analytic providers. |
|
Purpose Explanation
We may also use your information to:
|
3. Data We Do Not Collect
We do not intentionally collect data on persons under the age of 16. We will not collect additional categories of personal data or use the personal data we collected for materially different, unrelated, or incompatible parties without providing you notice. If we become aware of the collection of data on persons under the age of 16, we will delete it.
4. Retention of Your Data
We retain your personal data for as long as necessary to provide the services on the Website. We will keep your personal data for as long as your account is “active”. After a certain period of inactivity (i.e. you do not engage with a survey or the Website for a certain period of time), we may mark your account as “inactive.” Once an account is “inactive” your personal data is stored for two years; after which your account, including your personal data, is permanently deleted.
There might be some latency in deleting this personal data from our servers and back-up storage and some personal data may not be completely removed from our logs and other records. We may retain this personal data if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
5. Disclosure of Data for Business Purposes
We disclose your personal data for a business purpose to the following categories of third parties, as each category is further described in the ROI Rocket Privacy Notice:
- Our clients;
- Service Providers; and
- Business Partners.
6. Disclosure of Data for a Sale or Use of Data for Targeted Advertising
The categories of third parties, that we share personal data with that may be considered the sale or sharing of personal data for targeted advertising include Analytics Providers and Advertisers.
7. Your Rights and Choices
The U.S. State Privacy Laws may provide you with specific rights regarding your personal data. This section describes your rights and explains how to exercise those rights. Certain requirements must be met for consumers to exercise their rights, see Exercising Rights below for more information on what requirements must be met and how to exercise said rights.
8. Opt-Out Rights
Some of the activities may be considered “sales” or “sharing” of your personal data or “targeted advertising” under applicable U.S. State Privacy Laws. Depending on where you reside, you may have the right to opt out of targeted advertising, sharing, and sales of your personal data.
8.1. Sale/Sharing of Your Data
Our use of your personal data may be considered a sale or sharing under U.S. State Privacy Laws. If you would like to opt out of the sale/sharing of your personal data you may email us at the email listed in the How to Contact Us Section below. In addition, you may also opt out of the sale/sharing of your personal data by clicking the “Your Privacy Choices” link (also found at the bottom of the page), or you may broadcast the Global Privacy Control signal through your web browser or device, more information on Global Privacy Controls can be found here.
8.2. Profiling
We do not use your personal data to profile you in furtherance of decisions that produce legal or similarly significant effects.
9. Access/Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months, including:
- The categories of personal data we collected about you.
- The categories of sources for the personal data we collected about you.
- Our business or commercial purpose for collecting or selling that personal data.
- The categories of third parties with whom we share that personal data.
- The specific pieces of personal data we collected about you (also called a data portability request).
- If we sold or disclosed your personal data for a business purpose, two separate lists disclosing:
- sales, identifying the personal data categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal data categories that each category of recipient obtained.
Once we receive and confirm your consumer request, we will provide you with the requested information. See Exercising Your Rights for more information.
10. Data Correction Rights
Under U.S. State Privacy Laws, you have the right to request that we correct inaccurate personal data that we collected from you and retained, taking into account the nature of the personal data and the purposes of processing personal data. Once we receive and confirm your consumer request (see Exercising Your Rights for more information), we will use commercially reasonable efforts to correct the inaccurate personal data (and where required by applicable law, direct our service providers to correct) your personal data from our records, unless an exception applies.
11. Deletion Rights
Under certain applicable laws, you have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your consumer request (See Exercising Your Rights for more information), we will delete (and where required by applicable law, direct our service providers to delete) your personal data from our records, unless an exception applies.
These exceptions include retaining the information if it is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal data, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Only you, or someone legally authorized to act on your behalf, may make a “verifiable consumer request” (subsequently referred to as a “consumer request”) related to your personal data. You may also make a consumer request on behalf of your minor child. Please submit a consumer request by: using our data subject request form or emailing us at the email listed below in the How to Contact Us Section.
To be verifiable, a consumer request must include:
- Providing sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative and that you have rights under this notice.
- Describing your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you.
Making a consumer request does not require you to create an account with us, but we may require authentication of the consumer that is reasonable in light of the nature of the personal data requested.
We will only use personal data provided in a consumer request to verify the requestor’s identity or authority to make the request.
13. Initial Request
We endeavor to respond to a consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your consumer request unless it is excessive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
14. Exercising Your Appeal Rights
Under U.S. State Privacy Laws, you may have a right to appeal our decisions, as set forth below. All appeals should be received by us within a reasonable amount of time after we have provided our response to your initial request.
If we decide that we cannot comply with a Colorado resident’s initial request, that Colorado resident has a right to appeal our decision. Any appeal should be sent to the place where the initial request was sent (see Exercising Rights). The appeal should clearly indicate that it is an appeal of an initial request and should include the initial request along with our response explaining why we cannot comply with the request. We will review all appeals and provide a response within 45 days of receipt of the appeal. If we require more time (for a maximum total of 105 days), we will notify the Colorado resident within 45 days of receipt of the appeal that we require more time and a reason for the delay. Once we respond, we will inform the Colorado resident of any action taken or not along with an explanation of the reason in support of the response. If a Colorado resident has any concerns about the results of an appeal, such Colorado resident may submit a complaint to the Colorado Attorney General, which can be found here: https://coag.gov/file-complaint/.
If we decide that we cannot comply with a Virginia, Texas or Connecticut resident’s initial request, that Virginia, Texas, or Connecticut resident has a right to appeal our decision. Any appeal should be sent to the place where the initial request was sent (see Exercising Rights). The appeal should clearly indicate that it is an appeal of an initial request and should include the initial request along with our response explaining why we cannot comply with the request. We will review all appeals and provide a response within 60 days of receiving the appeal, including the action taken or not and the justification for the action. If we cannot comply with a request after an appeal is made, Virginia residents may submit a complaint to the Virginia Attorney General, which can be found here: https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint. If we cannot comply with a request after an appeal is made, Connecticut residents may submit a complaint to the Connecticut Attorney General, which can be found here: https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page. If a Texas resident has any concerns about the results of an appeal, such Texas resident may submit a complaint to the Texas Attorney General, which can be found here: https://oag.my.salesforce-sites.com/CPDOnlineForm.
If we decide that we cannot comply with an Oregon’s resident’s initial request, that Oregon resident has a right to appeal our decision. Any appeal should be sent to the place where the initial request was sent (see Exercising Rights). The appeal should clearly indicate that it is an appeal of an initial request and should include the initial request along with our response explaining why we cannot comply with the request. We will review all appeals and provide a response within 45 days of receiving the appeal, including the action taken or not and the justification for the action. If we cannot comply with a request after an appeal is made, you have the right to contact the Oregon Attorney General, which can be found here: https://justice.oregon.gov/consumercomplaints/OnlineComplaints/OnlineComplaintForm/en.
15. Non-Discrimination
We will not discriminate against you for exercising any of your rights under applicable law. Unless permitted by applicable law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
16. Other California Privacy Rights
California’s “Shine the Light” law (Civil Code § 1798.83) permits users of the Website who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us at the information provided in the How to Contact Us Section below.
17. Changes to our U.S. State-Specific Disclosure
From time to time, we may update this U.S. State-Specific Disclosure. For any material changes, we will adhere to the same requirements that apply when material changes are made to our ROI Rocket Privacy Notice. Please see the preamble of the ROI Rocket Privacy Notice for more information.
If you have any questions or comments about this notice, how we collect and use your data described here and in the ROI Rocket Privacy Notice, your choices and rights regarding such use, or wish to exercise your rights under applicable law, please do not hesitate to contact us at:
| Physical Address | ROI Rocket 205 Detroit St., 6th Floor Denver, CO 80206 USA |
| hello@roirocket.com |