Privacy Policy (US)

1. BACKGROUND

1.1      In connection with use of its website located at www.ICONAC.COM (the “Website”) and any other publicly accessible user resources (collectively, the “Resources”), ICONAC NY, Inc. (“Company,”“us,”“we,” and other similar terms) gathers certain information regarding users who use the Resources. The gathering of information is always reasonable in relation to our business or the purpose for which the Resources exist, and includes, without limitation, various information provided by you or your internet service provider (“ISP”), whether mobile data or otherwise, to us. We, in turn, gather information from, and share information with necessary parties with whom or which we have an ongoing business relationship or may need to come into possession of user information in order to enable, facilitate, or otherwise enhance your experience with the Resources. We take each user’s data privacy seriously, and at all times endeavor to collect, compile, handle, store, and disseminate user data (whether or not Personal Information as defined below, “User Data”) in compliance with applicable law, including, as may be applicable to certain users, under either the 2018 California Consumer Privacy Act (the “CCPA”), or the European Union General Data Protection Regulation (the “GDPR”).This Privacy Policy sets forth the manner by which we undertake due care with respect to: (i) protecting User Data in accordance with applicable law and practices which we deem proper and commercially reasonably in relation to each form of User Data, (ii) protecting the rights of various parties handling, providing, and sharing or receiving User Data, such as users, our employees and contractors, and our business partners, (iii) our transparency with respect to the processing, handling, storage, and dissemination of User Data, (iv) our measures in respect to protection from data breach and other unauthorized disseminations of User Data, and (v) applicable law (including with respect to the CCPA and GDPR, as applicable).

1.2     Please note, we have no control over the systems, websites, mobile applications, or other resources of third parties (“External Systems”). External Systems and the companies which operate them are responsible for complying with the CCPA and GDPR independently, and we do not assume any duty to ensure that an External System linked from, or which links to, the Resources, complies with the CCPA or GDPR.
1.3     “Personal Information” has varying definitions depending on the laws applicable to you. The Resources are controlled and provided from within the Unites States, however, Company complies with laws and regulations such as the CCPA and GDPR, which each mandate certain definitions of Personal Information.

2. INFORMATION COLLECTION AND TRACKING

2.1      We may use analytics tools, such as Google Analytics, and various cookies in order to improve and analyze the use of our Resources. The information collected by these analytics tools is mostly anonymous traffic data including browser information, device information, and language. We do not collect additional information, such as your age, gender, interests, clickstream, or anything associated with a so-called user “Internet passport.”

2.2     The following chart summarizes the type and character of User Data we collect, and gives certain examples of User Data which we do not collect.

Type of User Data

Do We Collect This Type

Identifiers

We collect certain User Data provided by your ISP when you use the Resources.  We further collect this type of User Data 

Personal Information

We will only collect this type of User Data to the extent you specifically provide it to us.

Protected classification characteristics under State or federal law.

We will only collect this type of User Data to the extent you specifically provide it to us.

Internet or other similar network activity data

We may collect this type of User Data

Geolocation data.

We may collect this type of User Data

Device sensory data

We may collect this type of User Data

Collated User Data and inferred or interpolated User Data

We may collect this type of User Data

2.3      We collect User Data from a variety of sources in connection your use of the Resources, including, registration information which you provide when registering for our services or products, and information you provide to us in response to our communications.

2.4      Cookies. A cookie is a piece of data stored on the hard drive of your computer that contains information about you and that is used for record keeping purposes. Cookies enable us to track and target your interests to enhance your experience on the Resources. We may set and access cookies on your computer to provide you with customized content and to assist in providing the products that you have requested. We also work with companies who provide services to maintain the Resources and enable those service providers the right to use cookies in our Resources. Most cookies automatically delete themselves from your hard drive after each session. Like many other operators of websites and mobile applications, we may automatically track information based upon your behavior on the Resources, including combining information that we obtain through the use of cookies with Personal Information, or other aggregate or anonymous data, including a unique identification we may assign you. The information may include browser type, internet service provider, referring/exit pages, platform type, date/time stamp, IP address, and number of clicks, all used to analyze trends, administer the Resources, track your movement in the aggregate, and gather broad demographic information for aggregate use. Most web browsers and mobile device browsers are initially set up to accept cookies; however, you can reset your browser to reject all cookies. If you reject the cookie, you may still use the Resources, although your access to and use of some areas of the Resources may be limited. In addition, if you refuse to accept cookies you agree to assume all responsibility for any resulting loss of functionality. Some of the cookies used in the Resources are set by us, and others are set by third parties who deliver services on our behalf.
2.5      Third-Party Advertising And Analytics. We may use third-party service providers to provide site metrics and other analytics services. These third parties can use cookies, web beacons, and other technologies to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access the Resources, webpages viewed, time spent on webpages, links clicked, and conversion information (e.g., transactions entered into). This information may be used by us and third-party service providers on our behalf in order to analyze and track usage of the Resources, determine the popularity of certain content, and better understand how you use the Resources. The third-party service providers that we engage will at all times be bound by confidentiality obligations and other appropriate restrictions with respect to their use and collection of your information. Notwithstanding the foregoing protections, this Privacy Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices. For more information about targeted advertising specifically, please visit http://www.aboutads.info/choices. These third party service providers may make use of cookies to implement their services, as and where appropriate.
2.6      Web Beacons. Aspects and pages within the Resources also may contain “web beacons” (also known as Internet tags, pixel tags and clear GIFs). A web beacon is an electronic image, often a single pixel (1×1), that is ordinarily not visible to Resources visitors and may be associated with cookies on the visitors’ hard drives. Web beacons do not contain any Personal Information, and allow us to count users who have visited certain pages of the Resources, to deliver branded services, and to help determine the effectiveness of promotional or advertising campaigns. Web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party. We use log files to store the data that is collected through web beacons.
2.7      Location Information. In order to provide certain services, we may require access to location information, including precise geolocation information collected from your browser or device. If you do not consent to collection of this information, certain services will not function properly and you will not be able to use those services. You may stop our collection of location information at any time by changing the preferences in your browser or on your mobile device.

3. STORAGE AND PROCESSING

We may, and we may use third-party service providers to, process and store your information. The third-party service providers that we engage will at all times be bound by confidentiality obligations and other appropriate restrictions with respect to their use and collection of your information.

4. USE OF INFORMATION

4.1      We may use information about you for a number of purposes, including:
4.1.1    Making available for use, improving, and developing the Resources
4.1.2   Communicating with you regarding the Resources, including, delivering the information and support you request, including technical notices, security alerts, and support and administrative messages including to resolve disputes, collect fees, and provide assistance for problems with the Resources or your user account.
4.1.3   Enforcing our Terms of Use or other applicable agreements or policies.
4.1.4   Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process;
4.1.5   Fulfilling any other purpose disclosed to you.
4.2      We may disclose your Personal Information to a third party for a business purpose or sell certain aspects of your Personal Information, subject to your right to opt-out of those sales (as described herein). When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. The CCPA generally prohibits third parties who permissibly purchase Personal Information from us from further selling or transferring such purchased Personal Information unless you have received an additional express notice of such proposed transfer and an opportunity to opt-out of such transfer and further transfer. In the preceding twelve (12) months from the last update to this Privacy Policy, we have not (i) disclosed Personal Information for a business purpose, or (ii) sold Personal Information. Subject to the foregoing, we may share certain of the User Data, including Personal Information, with affiliated and non-affiliated third parties as permitted by law.We may disclose your Personal Information in special cases when we have reason to believe that disclosing this information is necessary: (a) to identify, contact or bring legal action against someone who may be causing injury to or interfering (either intentionally or unintentionally) with: (i) our legal rights or property, (ii) another visitor or anyone else that could be harmed by such activities; or (b) by operation of law or at the request for cooperation from law enforcement or another governmental agency.

5. LINKS

We are deeply committed to your right to privacy. However, please note that this Privacy Policy only applies to the Resources and not to any External Systems that you may access from the Resources, each of which may have privacy policies that are materially different from this Privacy Policy. We encourage you to be aware when you leave the Resources and to read the privacy policies of each and every other website, mobile application, or other resource, as we are not responsible or liable for the commitments and obligations made to you in any privacy policy or the Terms of Use of any such Resources.

6. SECURITY

6.1      We know it is very important to protect the information you share with us. We take appropriate security measures to help safeguard this information from unauthorized access and disclosure. For example, we restrict access to nonpublic Personal Information about you to our employees who need to have access to such information in order to provide products or services to you, as well as to authorized third parties (as stated above). We maintain physical, electronic, and procedural safeguards designed to protect your Personal Information. We protect your Personal Information over the internet by using a secure web server, which allows web applications and programs to interact with our web server via an encrypted session. If you access the Resources via a traditional web browser, you will know you are in secured area by “https” or a lock appearing in the lower right hand corner of your browser window. When you use the Resources, you may move in and out of secured areas.
6.2     You should feel confident using our Resources. However, no system can be completely secure. Although we take very significant steps to secure your information, there is always a chance that your information will not always remain secure, or our computers or systems are illegally accessed, and the data on them stolen or altered. You should always take great care in handling and disclosing your Personal Information. For example, avoid sending Personal Information through insecure email.
6.3     Please refer to the Federal Trade Commission’s Resources at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to protect yourself against identity theft. We assume no liability or responsibility to you or to any third party arising out of any loss, misuse, destruction, or alteration of your information.

7. ACCESS TO INFORMATION, CORRECTION, DELETION, ACCOUNT DEACTIVATION, AND RELATED MATTERS.

You have the right to request access to the information we have on you. You can do this by contacting us at [email protected]. We will make sure to provide you with a copy of the data we process about you. In order to comply with your request, we may ask you to verify your identity. We will fulfil your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you with an administrative fee.If you believe that the information we have about you is incorrect, you are welcome to contact us so we can update it and keep your data accurate. If you wish to deactivate or cancel your account, you can do so by making a request to us by email or phone, using the contact details provided below.

8. PERSONS UNDER THE AGE OF 13 AND ABILITY TO CONSENT

In order to use the Resources and/or its products and/or services, you must be at least 13 years of age. The Resources are not directed to or intended for use by persons under the age of 13 and we are not knowingly soliciting Personal Information from such persons or sending them requests for non-public Personal Information. If we become aware that we have inadvertently received Personal Information directly from someone under the age of 13, we will delete such information from our records. If you are under the age of 13, you must not use our products or services, including sending us any Personal Information. Further, if you are under the age of 18, or the age of consent in the applicable jurisdiction, you must have the consent of your parent or guardian in order to consent to this Privacy Policy, our Terms of Use, and use the Resources (and the service delivered thereby).

9. HOW LONG WE RETAIN YOUR INFORMATION.

We generally retain your information as long as reasonably necessary to provide you access to the Resources and services delivered thereby, or to comply with applicable law. However, even after you deactivate your account, we may retain copies of information about you and any transactions or services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with the Resources, to assist with investigations, to enforce our Terms of Use or other applicable agreements or policies, or to take any other actions consistent with applicable law.

10. NOTIFICATION OF CHANGES.

We reserve the right to modify, add, alter or otherwise update this Privacy Policy from time to time, so you are encouraged to review this Privacy Policy from time to time. However, please note that each time you use the Resources, the current version of this Privacy Policy will apply. If we decide to change our Privacy Policy, we will date and post those changes on the Resources so that you are always aware of what information we collect, how such information is used and under what circumstances, if any, such information is disclosed. Any and all changes to our Privacy Policy will also be reflected on this page. You can determine whether the Privacy Policy has been revised since your previous visit to the Resources by referring to the “Last Updated” legend at the top of this page. Please read this Privacy Policy carefully. Your use of this Resources constitutes your acceptance to be bound by this Privacy Policy without limitation, qualification or change. If at any time you do not accept all the Terms of Use contained herein, you must immediately discontinue use of this Resources. If at any point we decide to use Personal Information in a manner different from that stated at the time it was collected, we will notify you by way of email and you will then have a choice whether or not we can use such information in this different manner.

11. VISITOR’S ACCEPTANCE OF THESE TERMS.

By using the Resources, you hereby accept all of the terms set forth in our Privacy Policy. If you do not agree to accept all or any portion of such terms, then you are respectfully asked not to use the Resources. Your continued use of the Resources following the posting of such modifications, alterations or updates will signify your acceptance thereof.

12. CONTACT US.

If you wish to exercise any right afforded to you herein or under applicable law, or if you have any additional questions about our collection and storage of data, please contact us at [email protected]. If you have any questions or concerns regarding our notice, or if you believe our notice or applicable laws relating to the protection of your Personal Information have not been respected, you may file a complaint with our office listed above, and we will respond to let you know who will be handling your matter and when you can expect a further response. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We may keep records of your request and any resolution.

13. CALIFORNIA RESIDENTS.

The CCPA provides California residents with specific rights regarding their Personal Information. This Section 13 applies only to California residents or other persons who are afforded the rights and protections of the CCPA.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verified request in compliance with the CCPA, we will provide a report to you which sets forth the following with respect to you: (i) categories of Personal Information collected (ii) sources for such collection, (iii) our business or other commercial purpose for selling any such Personal Information, (iv) categories other third parties with which we have shared your Personal Information, (v) the specific scope of any information shared to those third parties, and (vi) if we have sold or transferred your Personal Information, separate lists which set forth (1) each sale, with the categories transferred to each purchaser, and (2) each business-related transaction, with the categories used in connection therewith.

Deletion Request Rights

You have the right to request that we delete any of your Personal Information in our possession and collected from the Resources, subject to certain limitations or exceptions. Once we receive and confirm your verified request in compliance with the CCPA, we will delete your Personal Information from our records, unless a limitation or exception applies.  We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: (i) complete a transaction for which we collected such Personal Information, provide a good or service that you requested and do not wish to terminate or rescind, or otherwise carry out any obligations which are or may become necessary to consummate any obligations to you or requests by you, (ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, (iii) maintain, repair, or improve the Resources, including the correction of errors that impair existing intended functionality, (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law, (v) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.), (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent, (vii) facilitate any lawful internal use or review in connection with our internal processes, or (viii) comply with any law, regulation, order of governmental authority, or other legal process.

Exercising Access, Data Portability, and Deletion Rights

 

To exercise the access, data portability, and deletion rights described above, please submit a verified request in compliance with the CCPA. You may make such a request on your own behalf, on your minor child’s behalf, or on behalf of any entity for which you are a duly appointed representative listed on the California Secretary of State’s website.  You may only make such a request for access or data portability twice within a 12-month period with respect to any specific user. Please provide us sufficient information to verify user with respect to whom the request relates, and that you have authority on behalf of such user.  Always describe your request with sufficient detail to enable our understanding, response, and implementation.

Response Timing and Format

We make commercially reasonable efforts to respond to a verified request in compliance with the CCPA within forty-five (45) days of receipt of each request. We will inform you as soon as practicable if we believe we require more to evaluate or undertake your requested actions.  We will deliver our written response by mail or electronically, at your option, at the contact information you provide with your request.  Any disclosures we provide will only cover the 12-month period preceding our receipt of the verified request in compliance with the CCPA. If we are unable to comply in part or in full, we will provide our reason with the reply to a request. With respect to any data portability request, we will select data formats in our reasonable discretion.  We reserve the right to charge a reasonable fee to you for our cost and administrative expense in connection with any request under the CCPA, if your exercise of right is excessive, repetitive, patently unreasonable or without basis, or is otherwise intended to harass, pester, or hinder us or our Resources. We will notify you of any fees with our response to a request under the CCPA.

Personal Information Sales Opt-Out and Opt-In Rights

If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information at any time (the “right to opt-out”). We do not sell the Personal Information of consumers whom we actually know are younger than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer or parent or guardian of a consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.  To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by email at the address below.  Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may change your mind and opt back in to Personal Information sales at any time by visiting our website and sending us a message.  We will only use Personal Information provided in an opt-out request to review and comply with the request.

Non-Discrimination

 

In making the Resources available, we will not discriminate against you for exercising any of your rights under the CCPA.  Subject to exclusions under the CCPA, we will not as a result of your exercise of rights under the CCPA (i) deny you goods or services generally available through the Resources, (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, (iii) provide you a lesser level or quality of goods or services, or (iv) imply or suggest that you may receive a different price or rate for goods or services, or a different level or quality of goods or services. Notwithstanding the foregoing, we may offer you certain financial incentives permitted by the CCPA which proximally or actually result in different prices, rates, or quality levels. Any such financial incentive will reasonably relate to the value of the Personal Information to which it relates, provide a disclosure of material terms, and provide an opt-in, which may be revoked at any time.

14. SPECIAL CONSIDERATIONS UNDER THE GDPR

14.1    The below table sets forth how we may process data received by a user entitled to the protections of the GDPR.

Reason

Requirements

Contractual necessity

  • Data processed must be necessary for the Resources (or the purchase of products or services, as applicable) and defined in an agreement between a user and the Company

Consent

  • Requires a freely given, specific, informed and unambiguous consent by clear affirmative action, including any consent provided in this Privacy Policy
  • Users have a right to withdraw consent, which must be brought to their attention
  • Must be from a user over the age of consent in the applicable jurisdiction, otherwise given by or authorized by a parent / guardian
  • Explicit consent is required for some processing (e.g., special categories of Personal Information)

Legitimate interests

  • If a business or a third party has legitimate interests which are not overridden by a user’s rights or interests.
  • Processing must be paused if an individual objects to it
14.2    “Data controller” and “data processor” are important concepts in understanding a company’s responsibilities under the GDPR. Depending on the scenario, a company may be a data controller, data processor or both, and will have specific responsibilities as a result: A company is a data controller when it has the responsibility of deciding why and how (the “purposes” and “means”) the Personal Information is processed.
14.3     Under the GDPR, data controllers must adopt compliance measures to cover how data is collected, what it’s used for and how long it’s retained. They will also need to make sure people can access the data about them. Data controllers must ensure data processors meet their contractual commitments to process data safely and legally. This Privacy Policy sets forth and discussed all matters in relation to our activities, if any, as a data controller.
14.4     A company is a data processor when it processes Personal Information on behalf of a data controller. Under the GDPR, data processors have obligations to process data safely and legally. This Privacy Policy sets forth and discussed all matters in relation to our activities, if any, as a data processor.
14.5     Any transfer of Personal Information outside of the EEA (European Economic Area) must meet certain legal requirements. To the extent we are in receipt of Personal Information being transferred from inside the EEA to any region outside the EEA, we will at all times comply with applicable restrictions.
14.6     To the extent that we operate as a data controller and/or processor, our workplace will at all times be cognizant of applicable restrictions, and comply therewith.