Privacy Notice

Last Updated: January 13, 2021

Effective: January 20, 2021

Introduction

Scope

Types of Data We Collect

How We Use and Process Your Personal Data

How We Share Your Personal Data

Access, Integrity, Choice & Deletion

How We Protect Your Personal Information

How You Can Contact Us

Transmission to Other Countries

Third Party Apps & Websites

Cookies & Clear Gifs

Advertising Opt-Out

California Disclosure

Changes to policy

Appendix A: California Information Sharing Disclosure

Introduction

MiTek Industries, Inc. and its subsidiaries and affiliates (“MiTek”, “Company”, “we”, “us”, “our”) respects your privacy and is committed to safeguarding and protecting your privacy in connection with its collection of personal information. This Privacy Policy contains important information regarding its privacy practices and the choices it offers individuals with respect to their personal information. If you provide us with personal information, you are telling us that you have read, fully understand, and accept the privacy practices summarized in this Privacy Policy.

Scope

This Privacy Policy applies to our collection and use of personal information that we may obtain in a variety of ways, including through: your use of this site and the sites listed on Schedule A (collectively, the “Sites” and each a “Site”); information obtained in connection with your purchase of products or services or our purchase of products or services from you; information obtained in connection with your job application or employment; information from events you attend; and our mobile applications.

Types of Data We Collect

When we use the term “personal information” in this Privacy Policy, we mean information that identifies or can be used to identify an individual. Personal information does not include information that has been anonymized or de-identified or, in some cases, information that is publicly available.

We may collect personal information: from you (for example, when you order a product or service, fill out a form, contact us, register an account, apply for a job, or sign up for a newsletter); from your employer; from publicly available information; and by automated means when you visit or use our products or services on any Sites or interact with online advertisements we place.

The following provides examples of the type of information we collect from you and how we use that information:

Account Registration – We may collect your name and contact information when you create an account. We also collect information relating to the actions that you perform while logged into your account. We have a legitimate interest in providing account related functionalities to our users. Accounts can be used to track orders, to track support tickets.

Audio and Video Recordings – We may collect audio and video information that you submit, that is captured through our surveillance cameras on our property, or that is captured during support calls. Our use of recordings submitted by you is based on your consent. We have a legitimate interest in ensuring the security of our properties and quality of our products and services.

Client Information – We collect the name and contact information of our clients and their employees with whom we may interact. We may process this information to perform our contract with the client. We also have a legitimate interest in contacting our clients and communicating with them concerning normal business administration such as projects, services, and billing.

Customer Support/Feedback – If you provide us feedback or contact us for support we will collect your name and e-mail address, as well as any other content that you send to us, in order to reply. If you contact us for customer support, we also may ask you to provide information about your computer or about the issues you are trying to resolve. We have a legitimate interest in receiving, and acting upon, your feedback or issues. In some circumstances, we may process this information in order to perform our contract with you.

Distance Information – When you use our Sites or mobile applications, we may collect your location from the GPS, Wi-Fi, and/or cellular technology in your device to determine your location. We have a legitimate interest in understanding our users and providing tailored services. In some contexts, our use is also based upon your consent to provide us with geo location information.

Web Interactions – When you use our Sites and any services provided through the Sites, we may automatically collect information, using cookies and similar technologies, such as:

  • your browser type and operating system;
  • site pages you view;
  • links you click;
  • your IP address;
  • the location from which you access our website;
  • the date and time of your visit to our website;
  • your internet service provider;
  • the website you visited before coming to our Site;
  • the number of links you click within the site;
  • the pages you viewed on the site;
  • certain searches/queries that you conducted via our product(s) and/or website(s); and
  • mobile device identifiers such as IMEI and Device ID.

We have a legitimate interest in making our website operate effectively, monitoring our networks, and monitoring the visitors to our websites. Where required by law, we base the use of third-party cookies and similar tracking technology upon consent.

Mobile Devices – For users of our mobile applications, we may use mobile analytics software. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.

Newsletters – When you sign up for one of our mailing lists we collect your email address or postal address. If you receive a newsletter from us, we may use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. We have a legitimate interest in sharing information about our products or services and understanding how you interact with our communications to you. In certain circumstances, our collection of information is based on your consent.

Online Message Board – If you use message boards provided by us or others, any information you submit may be collected and used by others. We are not obligated to monitor these public message boards, and we take no responsibility for the security or confidentiality of any information posted on such boards. Our use of your information provided to message boards is based upon your consent.

Order Placement – We collect your name, billing address, shipping address, e-mail address, phone number, and credit card number when you place an order. We use your information to perform our contract to provide you with products or services.

Employment – If you apply for a job posting, or become an employee, we will collect personal information necessary to process your application or perform our contract of employment. This may include, among other things, your tax identification number, birth date, or, in some countries, your religion. We may collect your education or employment history to evaluate you for a position or your bank or credit account information to pay or reimburse you. In some locations, we may have collected an algorithm from a fingertip scan or we may have collected biometric or similar information to perform our employment contract. Employee use of company systems also may be monitored for security purposes. We also may have video cameras at a location for security purposes.

Job application information may be collected by us directly through a Site, in person, or by email. If you are a California (USA) resident, please also see the California Notice of Collection of Personal Information for Job Applicants, which is posted on the careers page of the Sites and can also be found here.

We use information about current employees to perform our contract of employment, or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and workforce operations.

How We Use and Process Your Personal Data

In addition to those purposes outlined above, the Company may collect your personal information for a variety of reasons.

The information we collect in usage or web server logs helps us: administer the Sites you visit; analyze Site usage; assist us with the products and services you buy; protect the Sites and their content from inappropriate use; and improve the user’s experience.

We may use your personal information for our internal business purposes, which could include, for example, to complete a transaction with you. We also may use this information to contact you for various other business reasons, such as to:

  • market our products and services to you or send a newsletter;
  • set up your user account;
  • contact you on behalf of our affiliated companies or external business partners about an offering that may interest you;
  • ask you about your experience with our company, the Sites, or our products and services;
  • protect against or identify possible fraudulent transactions;
  • determine the effectiveness of our advertising;
  • allow you to register for MiTek University; and
  • administer the Sites, to assess the traffic to our Sites, to maintain and improve the Sites and our services, and to analyze trends in the aggregate.

We may also use statistics regarding Site and product usage for product development and enhancement purposes.

When you post an ad on our Site for machinery that you wish to sell, we may ask you for contact information (such as name and email address) so you can be contacted through the Site regarding your ad.

We draw inferences from the personal information we collect, and we use such inferences for the same purposes as the purposes for which the information was collected.

When you use our Sites and otherwise provide us personal information, you acknowledge and agree that we will use that information for our business and legal purposes as outlined above.

How We Share Your Personal Data

We may provide your personal information to our affiliated companies and to unaffiliated third parties whom we have retained to assist us with our internal business purposes such as email service providers, platform hosting providers, payment processors, vendors, employee benefit providers, consultants, business partners, and other product and service providers acting on our behalf. This may be necessary: to provide or support the products and services we offer, to perform our agreement with you, to meet our legal obligations to content and technology providers, as needed in the connection with a transfer of business assets, or as we deem necessary to protect our rights or property. We require any third party or affiliate that handles or has access to your personal information to use such information consistent with our commitments under this Privacy Policy.

If another company acquires, or plans to acquire, our company, business, or our assets, we will share information with that company, including at the negotiation stage.

We also may disclose personal information as necessary to comply with the law, such as to comply with a subpoena or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We may disclose certain information: If we are required to bring or defend against litigation, or any regulatory proceeding between or relating to you or us; or If we believe that such disclosure is necessary to identify, contact, or bring legal action against someone who may have breached the Terms of Use of one of our Sites or who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other Sites users, or anyone else who could be harmed by such activities.

In some instances, job application information may be collected on our behalf by our contracted third-party administrator(s), who are permitted to process the information you provide only for purposes of providing services to us.

We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.

Access, Integrity, Choice & Deletion

If we collect or use your personal information, we want that information to be reliable, accurate, complete, timely, and relevant to its intended use. To accomplish this, we provide individuals with the ability to access their data and request data corrections or deletions. In some cases, we may limit or deny your request if the law permits or requires us to do so or if we are unable to adequately verify your identity.

If you wish to access correct, or request deletion of your personal information or delete your photo from your profile, please log into your account or contact us as set forth in this Privacy Policy.

Access & Integrity

You may request access to your personal information by contacting us as set forth in this Privacy Policy. To the extent required by law, upon request, we will grant you reasonable access to the personal information that we have about you in a portable format.

We ask that you keep your personal information current and make or advise us of any changes to it.

Some employee personal information can be updated directly in Workday.

To update your customer preferences for email communications for our products, services, news updates, bulletins, and reports please go to the preference link found on each specific email communication.

If you believe we hold personal information about you that is, in context, inaccurate, incomplete, untimely, or not relevant to its intended use, you may contact us and request that we correct, update, or delete this information. We will take reasonable steps, as appropriate to the context, to correct inaccurate or incomplete information, or to delete untimely or irrelevant information, upon reasonable demonstration that the information is inaccurate, incomplete, untimely, or not relevant to its intended use. In connection with such requests, we will comply with legal requirements, where applicable.

We reserve the right to: (1) request and obtain reasonable information from you confirming your identity; (2) request and obtain information from you necessary to correct or update the information; (3) reject and/or ignore requests if we determine that such requests are repetitively made, or otherwise lack a good faith basis; and (4) take no further action with respect to your request if you fail to reasonably provide the information described in (1) or (2). We will respond to your request in a timely manner.

For Human Resources data

We will retain personal information of employees and applicants for as long as needed to comply with our legal obligations, resolve disputes, and enforce our agreements.

Choice

As a general matter, we must use your personal information for communicating with you and processing any transactions or instructions. In other respects, you may have choices about how we use your information, whether we communicate with you and, if we do communicate with you, what form that communication takes. You may object to our use or disclosure of your personal information by contacting us as set forth in this Policy.

If you do not want us to continue using your personal information for our internal business purposes or wish to revoke your prior consent to do so, you may request that we stop doing so (opt-out) by contacting us as set forth in this Policy. We will honor your opt-out request where required by law, and in many cases even where not legally required. We may not honor your request if there is a need to further use your personal information, for example, if we are compelled by law to provide your personal information, or we require the use of your personal information for purposes of litigation or investigation, or for other legal or business purposes. We may also need to keep the information we have collected about you for internal use only, such as for statistical analytics and compliance reasons, to the extent permitted by law.

As a general rule, we only send you promotional email messages or text messages with your (opt-in) consent. You can stop receiving promotional email messages from us by following the instructions provided in connection with such messages, including at the footer of the email message you receive, or by contacting our Data Privacy Officer at privacyservices@mii.com

In certain countries, if you are an employee of a customer and use our products and/or services in the course of your employment, we may send you unsolicited marketing via email if your employer has given its consent for you to receive email communications from us, or if your employer has allowed us to contact you directly and gain your consent to receive marketing.

Where permitted by law, we may mail you unsolicited offers or product information that we believe is of interest to you. You can stop receiving promotional postal mail from us by contacting our Data Privacy Officer as set forth in this Privacy Policy. Promotional postal mail may contain opt out instructions, and you can also stop receiving promotional postal mail by following those instructions.

You can also stop receiving promotional email or postal communication from us by contacting our Data Privacy Officer. Please provide your contact details to enable the Data Privacy Officer to identify you and complete your request. If you choose to stop receiving promotional messages from us, we will honor your request. However, we will continue to send you product or service related communications to fulfill our agreement with you.

Deletion

Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Any biometric or similar information we collect, if any, will be deleted no later than the first anniversary of the date the purpose for collecting the identifier expires unless a different period is required by law.

Some users may have the right to request that we delete their personal information. All deletion requests must be directed to the Data Privacy Officer. We may also decide to delete your data if we believe it is incomplete, inaccurate, or that our continued use and storage are contrary to our obligations to other individuals or third parties. When we delete personal information, it will be removed from our active database, but it may remain in archives where it is not practical or possible to delete it. In addition, we may keep your personal information as needed to comply with our legal obligations, resolve disputes, and/or enforce any of our agreements.

How We Protect Your Personal Information

The security of your personal information is important to us.

We follow generally accepted security standards, taking into account the relative risks and nature of the personal information to employ reasonable and appropriate physical, technical, and administrative safeguards to protect against its loss, misuse, tampering, and unauthorized access, alteration, destruction or disclosure, both internally and from outsiders.

Unfortunately, with any transmission over the Internet, there is always some element of risk involved in submitting personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

You are responsible for maintaining the secrecy of your passwords and any account information. Please be aware that we will never ask you for your password in an unsolicited phone call or e-mail.

How You Can Contact Us

If you have questions, concerns or requests regarding our Privacy Policy or collection or use of your personal information, you may contact us at:

By mail at:

Data Privacy Officer
MiTek House
Grazebrook Industrial Park
Peartree Lane
Dudley
West Midlands
DY2 0XW
United Kingdom

By email at: privacyservices@mii.com

Through the web page located at: https://privacyportal-uk.onetrust.com/webform/b8e7571f-5f8e-40aa-9ba3-bba5557bd7ad/d805682d-6114-47f7-b824-847c9bd8b645

If you have an unresolved privacy or personal information use concern that we have not addressed satisfactorily, please contact our U. S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Employees should use the following procedures:

If you are not satisfied with our response, and are in the European Union, you may have a right to lodge a complaint with your local Data Protection Authority.
If you have questions, concerns or requests regarding our Privacy Policy or collection or use of your personal information, you may contact us at:

Privacy Concern Handling Process for Human Resource Data

In compliance with the Privacy Shield Principles, we are committed to ensuring that your concerns regarding your Personal Information are investigated and quickly resolved. For this reason, we have developed a privacy concern handling process. It is our intention to resolve all concerns related to your privacy and our privacy practices through this process.

MiTek encourages free and open communication between employees, Human Resources and other management employees. MiTek employees have a responsibility to report any and all concerns related to data privacy or any behavior which they believe is the inappropriate use of Personal Information. Most incidents can be effectively addressed with minimum disruption, if they are promptly reported. The following process will apply for employee disputes or complaints about the use of Personal Information:

  • Employees who have a concern about MiTek’s use of Personal Information or a potential data breach should notify their supervisor representative. If such employee is a member of a European Works Council, or Union the employee should follow the designated grievance process. If an employee feels it would be inappropriate to discuss the incident with the supervisor, or if the supervisor is the subject of the complaint, the employee can report such conduct/comment(s) to their Human Resources representative or any other member of management. Employees are encouraged to use the MiTek Open Door Policy. We also have the Ethics & Compliance Hotline available for more serious issues: toll-free 800-261-8651 or at www.brk-hotline.com.
  • Any management employee who becomes aware of any data breach or complaint about conduct which may constitute inappropriate use of Personal Information will immediately notify the Data Protection Officer at privacyservices@mii.com. Failure to do so may result disciplinary action, up to and including termination.
  • Any applicant who believes that he/she has observed the inappropriate use of Personal Information or been subjected to data breach should immediately notify the Data Protection Officer at privacyservices@mii.com. The complaint should be as specific as possible and should generally include the names of individuals involved and any witnesses.

Reports and complaints of the inappropriate use of Personal Information will be investigated promptly and in an objective, impartial manner. MiTek will conduct investigations in a confidential manner, to the extent possible. Disclosure of information regarding such matters will be made on a “need-to-know” basis, consistent with the rights of the individuals involved and MiTek’s obligation to investigate. If MiTek determines that unlawful use of Personal Information occurred, it will take prompt remedial action in accordance with applicable law.

Any employee who believes he/she is being retaliated against should promptly contact their Human Resources representative, his/her supervisor or another member of MiTek management so that concerns can be promptly and thoroughly reviewed. Any employee who engages in unlawful retaliation is subject to disciplinary action, up to and including termination.
Inquiries from Local Data Protection Agencies, Works Councils and the U.S. Department of Commerce Reports and complaints received from Local Data Protection Agencies, Works Councils, the U.S. Department of Commerce or any other local, regional or federal agency should immediately be directed to the Data Protection Officer at privacyservices@mii.com.
In each case, above, we will respond to you within forty-five (45) days of receipt of your submission and will do our best to address your concerns.

Employees in the EU have the right to contact their local Data Protection Authority where resolution through our internal process is not achievable, or where you may wish to pursue independent resolution mechanisms. To locate the DPA in your jurisdiction, please visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index.

Transmission to Other Countries

We may store and process your personal information in systems located outside of your home country. We also may transfer your personal information to countries that may not guarantee the same level of protection for personal information as the one in which you reside. By giving us your personal information, you consent to these transfers.

However, regardless of any transfers or where storage and processing may occur, we have procedures and controls in place to protect personal information, consistent with the principles set forth under this Privacy Policy, and as required under applicable Data Protection/Privacy laws.

We have a Privacy Shield Privacy Policy that applies to our handling in the U.S. of personal information of persons residing in the European Economic Area (“EEA”) and Switzerland. It can be found here. If this Privacy Shield Privacy Policy applies to your personal information, then, with respect to that personal information, the terms of the Privacy Shield Privacy Policy control over any conflicting term in this Privacy Policy.

Third Party Apps & Websites

Note that our Sites and products may contain links to websites operated by others whose privacy practices are different from ours. This Privacy Policy does not apply to any information collected from you through such links or that you may provide on the websites you reach by utilizing those links. We are not responsible for the content or privacy practices of websites linked to the Sites or any other websites that are not designed and developed by us. You are encouraged to use common sense and review the privacy practices of each website you elect to visit before submitting your personal information.

Cookies & Clear Gifs

Cookies

A “cookie” is a small text file sent to your device that is used to store limited information about your use of a product or website.

We and our service providers and trusted partners use cookies and similar technology to provide you with certain functionality, such as enabling access to secure log-in areas and saving you from having to re-enter information into product or website forms. We also may use cookies or similar technologies to personalize our product or website content or improve security and user experience, for example to analyze Site traffic, such as total visitors to Site pages, to make improvements, and to gather demographic information about our user base as a whole.

We may use analytics tools provided by Google, Inc. (“Google”) or other similar providers. Analytics tools serve cookies through our products or website and collect aggregated data about users’ and visitors’ use of the product or website. The data collected enables us to understand aggregated user or visitor activity and how we may improve our product or website offering. This data is collected and used on an aggregated basis only and is not used to identify any individual user or visitor.

We also may use marketing automation tools offered by third parties (specific company information can be given upon request). These companies serve cookies to profile a user’s or visitor’s interests and activity. We use data collected through these cookies to serve users or visitors with information, new articles and advertising tailored to their specific needs and requirements.

You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Sites or service. To manage Flash cookies, please click here.

By using our products and websites you agree that we can place these types of cookies on your device.

We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.

Clear Gifs

Our email and promotional communications to customers and other third parties may also include “Clear Image” gifs to track results of an email campaign.

You have the right to refuse or disable cookies and clear gifs served through our products or website although, if you choose to do so, certain functionality may become unavailable to you.

You can turn off gifs within an email and can visit your email client’s help menu for further information. You can also disable gifs in your browser settings. As the means by which you may do this vary from browser to browser, we recommend you visit your browser’s help menu for further information.

Please note that if you do not set your browser and e-mail settings to disable cookies and clear gifs, you will be indicating your consent to receive them.

Advertising Opt-Out

Advertising Opt-Out

We partner with one or more third parties to display advertising on our Sites and manage our advertising on other websites. Our third-party partners may use cookies or similar technologies to provide customers and other third parties advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising, you can do so with respect to some companies by clicking here (or if located in the European Union click here).

You may learn more about how to opt-out of receiving personalized advertisements on this browser or device from advertisers who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out options of each of those organizations.

Links to those sites are here:

Network Advertising Initiative: Browser Opt-Out: https://www.networkadvertising.org/choices/

Digital Advertising Alliance: Browser Opt-Out: https://www.aboutads.info/choices/

Both Network Advertising Initiative and Digital Advertising Alliance: App Opt-Out: https://youradchoices.com/appchoices

Your mobile device may include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” on Android) that allows you to opt-out of having certain information collected through apps used for interest-based advertising purposes, or notify interest-based advertising companies that you do not want to be tracked. When you opt-out of personalized advertising, you may continue to see online advertising on the services or our ads on other websites.

California Disclosure

This section applies to the personal information of California (U.S.A.) residents as governed by California law including the California Consumer Privacy Act (“CCPA”).

We do not “sell” your personal information. We also do not rent, sell, or share personal information (as defined by California Civil Code § 1793.83) about you that we collect with other people or unaffiliated companies for their direct marketing purposes, unless we have your permission.

Under the CCPA, a California resident has the following rights: to request additional information about our data collection, use, disclosure, and sales practices in connection with the consumer’s personal information; to request the specific personal information collected about them during the previous 12 months; and to request the deletion of the personal information we have about them. A California resident may not be discriminated against for exercising their California privacy rights.

To make a request, you may contact us as set forth in this Privacy Policy. In most cases, you will be required to provide your name and email address or phone number so that we can verify your request, and in some cases additional information may be required. However, the verification steps we take may differ depending on where you live and the request. Where possible, we will attempt to match the information you provide in your request to information we already have on file to verify your identity. If we are able to verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us do so. We will respond to your request within the 45-day time period required by applicable law. However, we may not always be able to fully comply with your request; and we will notify you in that event.

Under the CCPA, California residents may use an authorized agent to make privacy rights requests. We require the authorized agent to provide us with proof of the California consumer’s written permission (for example, a power of attorney) that demonstrates authorization to submit a request on their behalf. We will also (a) require the authorized agent to verify their own identity and (b) confirm the agent’s authority with the California consumer about whom the request was made.

Please see Appendix A for a description of the categories of information which are (1) collected and (2) transferred for an organization’s “business purpose” (as that term is defined under California law) in the past 12 months.

Changes to policy

We may update this Privacy Policy to reflect changes to our information practices, technology, and applicable law. If we make any material changes, we will try to provide notice in a meaningful way, such as notice for a reasonable period of time next to the “privacy policy” link on our homepage at the time the change becomes effective. All previous versions will be invalid. Regardless, we encourage you to periodically review this page for the latest information on our privacy practices.

Appendix A: California Information-Sharing Disclosure

California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicates that companies should disclose whether the following categories of information are collected, transferred for consideration, or transferred for an organization’s “business purpose” as that term is defined under California law (or were collected or transferred in the past 12 months). We do not “sell” your personal information. Note that while a category may be marked, that does not necessarily mean we have information in that category about you. For example, while we transfer bank account numbers for our business purpose in paying our employees (e.g., direct deposit) we do not collect or transfer bank account numbers of individuals that submit questions on a Site’s “contact us” page.

Categories of Personal Information We Collect To Whom We Disclose Personal Information for a Business Purpose
Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, social security number, driver’s license number, passport number or other similar identifiers. • Advertising networks
Affiliates or subsidiaries
Business partners
• Data analytics providers
• Data brokers
Government entities, as may be needed to comply with law or prevent illegal activity
Internet service providers
• Joint marketing partners
Operating systems and platforms
• Other Service Providers
• Payment processors and financial institutions
Professional services organizations, this may include auditors and law firms
• Social networks
Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e) – this may include signature, physical characteristics or description, state identification card number, insurance policy number, education, bank account number, credit card number, debit card number, and other financial information, medical information, and health insurance information..
Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical or mental handicap, etc.
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric information
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Professional or employment-related information
Inferences drawn from any of the information listed above