PRIVACY POLICY

[Last Modified: July 18, 2023]

This privacy policy (“Privacy Policy”) describes how CodeFuel Ltd. D/B/A Codefuel and any of its affiliated companies, is part of the Perion Network Ltd. Group (“CodeFuel”, “we”, “us”, or “our”) collect, use and disclose certain information; and the choices you can make about our use of that information. 

CodeFuel is a technology and media company that provides a range of services. We display advertisements, sponsored content or search results provided to us by our search feed partners or advertisers (“Services”). The Services may be offered to by other companies including through apps, sites or products that display to you search results and ads by linking to our Services, or by our own developed extensions, software or apps that display the ads and search results through the Services (“CodeFuel Apps” or “Apps”).  

When you browse our website: https://www.codefuel.com/, you are trusting us with your information. This Privacy Policy is meant to help you understand what information we collect, why we collect it, how we safeguard it and how you can control it by exercising your rights.

1. POLICY AMENDMENTS 

We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice if these changes are material and, where required by applicable law; we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

 

2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION

CodeFuel Ltd., part of the Perion Network Ltd. Group, and incorporated under the laws of the state of Israel, is the Controller (as such term is defined under the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”) or equivalent privacy legislation). For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact our privacy team as follows: 

CodeFuel Ltd.,

26 HaRokmim Street, Azrieli Center, Building A, 4th Floor

Holon 5885849, Israel

  • Data Protection Representative for Data Subjects in the EU and UK:

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. 

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/11106546394.

Attn: Andreas Mätzler 

Email: rep_perion@prighter.com.

3. DATA SETS WE COLLECT AND FOR WHAT PURPOSE  

We may collect two types of information from you, depending on your interaction with us. 

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration). 

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data” or “Personal Information” as applicable under law). 

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

The table below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations:

DATA SET
Online Identifiers and Marketing Data: When you access and interact with our website, we collect certain online identifiers such as Cookie ID, IP address or similar unique online identifiers generated, advertising ID, tags (“Online Identifiers”). Further, we will collect your behavioral information, which is collected indirectly by our external marketing tools, or analytic tools. This information includes the referring URL (that is, the webpage directing you to our website, and other websites you visited in the session), your interests in our competitors, the web page you visited when you tapped/clicked on our ad, how you interact with our webpage, time, duration of use, pages you have viewed on our website (“Marketing Data”).
Contact Information: If you voluntarily contact us for support or other inquiries, you may be required to provide us with certain information such as your name, email address, organization name, etc. (“Contact Information”).
Direct Marketing: If and to the extant available through the website, when registering for a free trial or other similar forums, we will send you service communications and marketing promotions, such as new features, additional offerings, special opportunities or any other information we think you will find valuable (“Direct Marketing”).
Newsletter Registration: In the event you sign up to receive our newsletter or other marketing materials, you will be requested to provide your contact details, such as your email address.
Additional Features: In the event you choose to provide feedback, post on our website or social media pages, you may be required to provide us with certain additional information such as your role, country, company name, etc.
Call Recordings: When we contact you through your work phone, we may, subject to applicable laws, record our call (“Call Recordings”).
Recruitment: In the event you apply for a job via our website, we will process your CV (and the information included therein), as well as additional information such as your contact information (name, email address and phone number), information regarding your education and skills, employment history, and your photo (to the extent provided by you). Also, where allowed or required by law, we may process diversity and inclusion data regarding your candidacy, such as ethnicity, gender, or any disability. In addition, we may collect further information from public and online sources, referees, and former employers and combine such data with your other data. In addition, we may collect other information from public and online sources, referees, background checks where applicable, and former employers and combine such data with the data you provided us (collectively, “Recruitment Data”).
Account Data: In order to use our Services, you will be required to register and open an account through the website. During the registration process you will be requested to provide us with certain information such as your name, email address, phone number, country, information about your company, your job title and any other information you decide to provide us in connection with the registration. (Collectively “Account Registration Data”).
PURPOSE AND OPERATIONS
First, Online Identifiers and cookies are used, in particular to operate the website and enable its proper functionality, for security and fraud prevention purposes, debugging purposes and to resolve technical problems. For example, in order to automatically recognize you by the next time you enter the website or to confirm you are a real person. Second, the Online Identifiers and the Marketing Data are indirectly processed by third-parties marketing and analytic tools, for analytic and remarketing purposes. We process this data to understand how Prospects use our website and to measure effectiveness of some ads we use in order to track conversions, build targeted audience, and remarket our Services to people who have taken some action on the website.
We collect your Contact Information to provide you with the support you requested or to respond to your inquiry. The correspondence with you may be processed and stored by us in order to improve our customer service and in the event, we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable).
We will use your information in order to keep you updated with offers and content such as service updates, new capabilities and features, surveys, etc.
We will use such data solely in order to provide you with the content that you have requested to receive. These messages contain content defined as "advertisement" or "direct marketing" under the Israeli law.
We will use this information for the purpose of providing you with the services that you requested. We use such Call Recordings in order to enhance our sales efforts, and in the event we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable).
We will use your Recruitment Data to process your job application and for recruitment management purposes, for further recruitment steps (e.g., interview), and to enable us to comply with corporate governance and legal and regulatory requirements. Following the completion of the recruitment process, we may further retain and store the Recruitment Data (including other interactions with us under such process) as part of our internal records keeping, including for legal defense from any future claim, as well as, and subject to applicable law requirements, to contact you in the future for other position we believe you qualify for. If you are hired, your Recruitment Information will be kept on our HR systems as part of your employment and our corporate management. We may use third parties’ services and platforms to manage the recruitment process. If we do so, your Recruitment Data will also be processed by this third party pursuant with such third part's privacy notice linkable through the application form you fill in through the website.
We use your Account Registration Data to create and designate your account, authentication and validate access, enable log-in, access and use of your account as well as to send you needed information related to our engagement (e.g., billing and invoicing). In addition, we use this information for Direct Marketing purposes, meaning, as our customer, we may send you marketing related communications (by email or other contact details you have provided), materials and content regarding the Services you are currently using or any services we may offer in the future to keep you up to date, and for example, offers and content such as software updates, new capabilities and features, surveys, etc.
LAWFUL BASIS UNDER THE GDPR
Online Identifiers which are collected through cookies we implement, which are strictly necessary for the proper and basic operation of the website will be processed in our legitimate interest. Your Marketing Data which are collected through third-party cookies, including any targeting and marketing cookies, will be processed based on your consent which we will obtain through our cookie notice and consent management. You may withdraw consent at any time by using the cookie preference settings as available in the footer of the website, or by managing opt-out through your browser or device.
We process such Contact Information subject to our legitimate interest.
We process your information subject to our legitimate interest. You can opt-out at any time through the “unsubscribe” link within the email or by contacting us directly.
We process such data subject to your consent. You may withdraw consent at any time through the “unsubscribe” link within the email or by contacting us directly. In addition, we will further maintain a suppression file – meaning lists of applicable email addresses that have requested to opt-out, under our legitimate interest and to ensure we comply with such preference and choice.
We process this information subject to our legitimate interest. Subject to applicable laws, we will process our Call Recordings based on your consent.
We process your Recruitment Data (including use, store and retain it) for the described purposes, based on our legitimate interest. In some cases, for example, where we will ask you to provide health related information or diversity and inclusion data, we will process such data based on our obligations in employment and the safeguarding of your fundamental rights. Where you provided your consent, we will process your Recruitment Data in order to contact you with further job offers which we believe you might be interested in. Processing of this information for Direct Marketing purposes is made subject to our legitimate interest. You can opt-out at any time using the “unsubscribe” option within the body of the message. Please note that if you choose to unsubscribe from our Direct Marketing, we will still retain your contact details and send you service-related emails, such as invoices.

We use various technologies to collect and store the data sets listed above, including cookies, pixel tags, local storage, databases and server logs. We use different technologies to process your information listed above, for the purposes listed above. We use systems that analyze your activity to provide you with customized search results, personalized ads, or other features tailored to how you use our services. We analyze your activity also to detect abuse such as spam, malware, and illegal content. 

Therefore, the actual processing operation per each purpose of use and lawful basis detailed in the table above, may differ. Such processing operation usually includes set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure or destruction. Transfer of Personal Data to third party countries as further detailed in Section 10 “INTENATIONAL DATA TRANSFER” below, is based on the same lawful basis as stipulated in the table above.  

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services and to enforce our policies and agreements, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests. 

 

4. HOW WE COLLECT YOUR INFORMATION 

We may collect information either automatically or voluntarily provided by you. Automatic collection of information is usually made through the use of cookies, pixel tags, local storage, databases, and server logs, all as detailed below. 

5. COOKIES AND SIMILAR TRACKING TECHNOLOGIES

When you browse our website, we, or our third party vendors, place “cookies”, “pixels” or “web beacons”, that collect certain information about your usage and interaction with the website and use this information for marketing CodeFuel and the Services CodeFuel offers, to find leads and prospects, as detailed in the table above. We also use these tools for analytic purposes as detailed above.   

You can find more information about cookies at www.allaboutcookies.org

Please see our cookie list, as well instruction on how to change your cookies settings and preferences at any time, available through our website footer.  

6. DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

We share your Personal Data with third parties, including with Business Partners or service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.

CATEGORY OF RECIPIENT
Service Providers
Enforcement Of Our Rights and Security Detections.
Any Acquirer of Our Business.
Governmental agencies, or authorized third parties
DATA THAT WILL BE SHARED
All types of Personal Data
All types of Personal Data
All types of Personal Data
Subject to law enforcement authority request.
PURPOSE OF SHARING
We may disclose Personal Data to our trusted agents and service providers (including, but not limited to, our Cloud service provider, our analytics service provider, our CRM provider, etc.) so that they can perform requested services on our behalf. Thus, we share your data with third party entities, for the purpose of storing such information on our behalf, or for other processing needs. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.
We may disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.
We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.
We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

Where we share information with services provider and agents, we ensure they only have access to such information that is strictly necessary in order for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit). 

Further, for the avoidance of doubt, we may transfer and disclose or otherwise use Non-Personal Data or information which is linked to anonymous random identifiers or information that is aggregated in a non-identifiable way, at its own discretion.

 

7. USER RIGHTS

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed. 

For detailed information on your rights and how to exercise your rights, please see the Data Subject Request Form (“DSR”) available here.

Certain rights can be easily executed independently by you without the need to fill out the DSR Form:

  • You can correct or delete the Contact Information or Account Data at any time, through the account settings on the website;
  • You can you can opt-out from receiving our marketing emails by clicking “unsubscribe” link;
  • you can withdraw consent for processing Personal Data for analytics or marketing purposes, by using the cookie settings on the website, or as detailed in the section below: 

8. DATA RETENTION 

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you will express your preference to opt-out, where applicable. 

The retention periods are determined according to the following criteria:

  1. For as long as it remains necessary in order to achieve the purpose for which the Personal Data was initially processed. For example: if you contacted us, we will retain your contact information at least until we will address your inquiry.
  2. To comply with our regulatory obligations. For example: transactional data will be retained for up to seven years (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
  3. To resolve a claim we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

9. SECURITY MEASURES 

We work hard to protect Personal Data we process from unauthorized access or unauthorized alteration, disclosure or destruction. We have implemented physical, technical and administrative security measures for the Services that comply with applicable laws and industry such as: encryption using SSL, we minimize amount of data that we store on our servers, restrict access to Personal Data to CodeFuel employees, contractors and agents, etc. Note that, we cannot be held responsible for unauthorized or unintended access that is beyond our control, and we make no warranty, express, implied or otherwise, that we will always be able to prevent such access.

Please contact us at: privacy@codefuel.com if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data. 

10. INTERNATIONAL DATA TRANSFER 

Our data servers in which we host and store the information are located in the US. The Company’s HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area (“EEA“) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union (SCCs). 

Additionally, following the withdrawal of the United Kingdom (UK) from the European Union on January 31, 2020, the UK is no longer considered to be a part of the EEA and therefore, the transferring of Personal Data from the EEA to the UK will also be subject to the SCCs or other contractual clauses that will ensure the security of the Personal Data (pending an adequacy decision from the European Commission). Further, the transfer of Personal Data collected within the UK to countries outside the UK, will be provided with sufficient safeguards as required under applicable laws, including pursuant with the UK standard contractual clauses (UK SCCs) as approved by the UK Information Commissioner Office (ICO).

11.ELIGIBILITY AND CHILDREN PRIVACY

The Services are not intended for use by children (the phrase “child” shall mean an individual that is under the age defined by applicable law which with respect to the EEA is under the age of 16 and with respect to the US, under the age of 13) and we do not knowingly process children’s information. We will discard any information that we receive from a user that is considered a “child” immediately upon our discovery that such a user shared information with us. Please contact us at: privacy@codefuel.com if you have reason to believe that a child has shared any information with us. 

JURISDICTION-SPECIFIC NOTICES

 

A. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

This section applies to California residents only pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the CPRA, effective January 1, 2023. 

Please see the CCPA Privacy Notice here which discloses the categories of Personal Information collected, purpose of processing, source, categories of recipients with whom the Personal Information is shared with for a business purpose, whether the Personal Information is sold or shared, the retention period, and how to exercise your rights as a California resident.

B. ADDITIONAL NOTICE TO COLORADO RESIDENTS

GENERAL

Under the Colorado Privacy Act (“CPA”) if you are a resident of Colorado, acting as an individual or in the household context only (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your Personal Data are described below.

Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

“Sensitive Data” as defined in the CPA include (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data. 

Section 3 to this Privacy Policy describes our collection and processing operations of Personal Data, the categories of Personal Data that are collected or processed, and the purposes. Additionally, Section 6 above details the categories of third-parties with whom we share the Personal Data with for business purposes. 

YOUR RIGHTS UNDER CPA

The table below details how Colorado consumers can exercise their rights, and appeal our decisions regarding their exercise requests.

Right to Access/ Right to Know
Right to Correction
Right to Deletion
Right to Portability
Right to opt out from selling Personal Data
Right to opt out from Targeted Advertising
Right to opt out from Profiling
Right to Appeal Duty not to violet the existing laws against discrimination or non-discrimination
You have the right to confirm whether we are processing your Personal Data and to access such Personal Data.
You have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
You have the right to delete the Personal Data we hold about you. However please note this right is not absolute, and in certain circumstances we may deny such request, in full or in part, if retaining the Personal Data is necessary for us or our service provider(s) for any of the following reasons: 1. Complete the transaction for which we collected the Personal Data; provide a service that you requested; take actions reasonably anticipated within the context of our ongoing business relationship with you; or otherwise perform our contract with you.
2.Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
4.Comply with the law or legal obligation.
5.Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
6. nable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
7. Make other internal and lawful uses of that Personal Data that are compatible with the context in which you provided it.
We will delete or de-identify Personal Data not subject to one of these exceptions from our records and will direct our processors to take similar action.
You have the right to obtain the Personal Data we process about you, in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
To the extent applicable to the Personal Data we hold about you, you have the right to opt out of the “sale” or “share” of your Personal Data for purposes of targeted advertising, “sale” to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer.
If we decline to take action on your request, we will inform you without undue delay, however no longer than 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. If we deny the appeal, you may contact the Colorado Attorney General using this link: https://coag.gov/office-sections/consumer-protection/ or (720) 508-6000. Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices.
If you wish to know if we hold any of your Personal Data, please review this Privacy Policy. If you believe we do hold any of your Personal Data and you wish to receive such Personal Data, please fill in our DSR available here. You are not required to create an account with us to submit a request to access your Personal Data.
You can exercise this right directly through your account or by filling in our DSR available here.
If you would like to delete your Personal Data, please fill in our DSR available here. You are not required to create an account with us to submit a request to delete your Personal Data.
If you would like to receive the Personal Data, please fill in our DSR available here. We will select a format to provide your Personal Data that is readily usable and should allow you to transmit the Personal Data from one entity to another entity without hindrance.
In the event we use your Personal Data for analytic purposes, you may have the right to opt-out from the “sale” of your Personal Data by clicking the “do not sell or share my personal information” in our website’s footer which will enable you to customize the use of cookies on our website.
We may “share” Personal Data with third parties for targeted advertising purposes. To opt out from the use of cookies on our website, please click the “do not sell or share my personal information” in the footer of the website which will enable you to customize the use of cookies on our website.
We do not profile you, thus we do not provide an opt-out mechanism in this regard.
Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions. We do not discriminate our consumers.

HOW TO SUBMIT A REQUEST UNDER CPA? 

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If the DSR is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required. 

We will respond to your request within 45 days after receipt of a verifiable Consumer Request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@codefuel.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/. 

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request. 

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. 

C. ADDITIONAL NOTICE TO VIRGINIA RESIDENTS

Under the amended Virginia Consumer Data Protection Act (“VCDPA”), if you are a resident of Virginia acting solely in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act. 

The VCDPA requires CodeFuel to disclose the Categories of data processing and the purpose of each category, as detailed in Section 3 to this Privacy Policy, the categories of data shared and the third parties with whom it is shared, as detailed in Section 6. Disclosure of sale of data or targeted advertising is detailed in the DSR Form available here. Further, the table appears under Section B. above details the rights you have under VCDPA and how you may exercise your rights. 

HOW TO SUBMIT A REQUEST UNDER VCDPA? 

We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@codefuel.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you or your request, we will not be able to grant your request.

D. ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your Personal Data are described below.

Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act. 

The categories of Personal Data processed, purpose of processing, are detailed in Section 3, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section 6. Disclosure of sale of data or targeted advertising is detailed in in the DSR Form available here. Further, the table appears under Section B. above details the rights you have under CDPA and how you may exercise your rights.

HOW TO SUBMIT A REQUEST UNDER CDPA? 

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests, provided we inform you of such extension within the initial 45 days response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, however no longer than within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.