Privacy Policy
Effective Date: August 5, 2024
NYMBLER, doing business as Nimbler (“us”, “we”, or “our”) is committed to protecting your privacy. This Privacy Policy governs how we collect, store, and use your personal data (as defined below), as well as other data and information arising out of and/or relating to you and/or your use of our Services – which include your use of the website www.nimbler.com (the “Site”) and any other technologies, features, mobile applications, and content we offer (collectively, the “Services”).
This Privacy Policy does not apply to third-party websites, products, or services, even if they may link to our Sites or our Sites may link to them. We recommend you review the privacy practices of those third parties before connecting accessing third party websites and sharing any personal data.
Our Terms of Use incorporate this Privacy Policy by reference in its entirety. To keep things simple, we use the same capitalized terms as those set forth in the our Terms of Use, and their respective definitions, apply equally to this Privacy Policy.
Contents. This Privacy Policy is provided in a layered format. You can jump to a specific section by clicking on the section below:
Personal Data We May Collect, Use, and Disclose
We collect, use, and disclose information that may be used to uniquely identify you in various ways in accordance with applicable law.
Sources of Personal Data
We may use collect personal data from various sources.
Disclosure of Personal Data
We may disclose your personal data to certain third parties, such as our service providers and advertising partners.
Aggregated, Deidentified, or Anonymous Information
We may create aggregated, de-identified, or anonymous information from personal data by removing certain components.
Cookies and Tracking Technologies
We collect information about your use of the Service through cookies and other tracking technologies.
How We Protect Your Information
We use reasonable and appropriate technical and organizational measures to protect your personal data.
Data Retention
We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy.
International Transfers of Your Personal Data
Your personal data may be transferred to the U.S. and other countries.
Children's Privacy
Our Services are not intended for use by children under the age of 18 and we use reasonable age verification measures to limit access to our Services.
Your Privacy Rights
We provide additional disclosures and rights to residents of certain jurisdictions.
European Privacy Notice
We provide additional disclosures and rights to residents of the European Economic Area, United Kingdom, and Switzerland.
California Privacy Notice
We provide additional disclosures and rights to California residents.
Nevada Privacy Notice
We provide additional disclosures and rights to Nevada residents.
Colorado, Connecticut, Utah, and Virginia Privacy Notice
We provide additional disclosures to Colorado, Connecticut, Utah, and Virginia residents.
Changes to This Policy
Changes to this Privacy Policy will become effective on the date they are posted.
Contact Us
You may contact us for comments or questions in various ways.
* * *
Personal Data We May Collect, Use, or Disclose
This section identifies the categories and types of personal data that we may collect about you, as well as the purposes for which each category is collected and the types of third parties that may receive the personal data.
For the purposes of this Privacy Policy, “personal data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identifiable individual. Personal data includes “personal information” as that term is defined in applicable privacy laws. Personal data does not include publicly available information; lawfully obtained, truthful information that is a matter of public concern; information that has been de-identified; or aggregate consumer information. “Publicly available information” includes information that is made available from federal, state, or local government records; information that a business has a reasonable basis to believe is lawfully available to the general public, either through widely distributed media, or by the consumer; and information that is made available by a person to whom the consumer has disclosed the information if the consumer has not restricted the information to a specific audience. We may disclose non-personal data, such as aggregated user statistics, to third parties. Our use of aggregated, anonymized, and de-identified data is not subject to this Privacy Policy.
Category of Personal Information
Processing Purposes
Categories of Third Party Recipients (excluding our service providers and processors)
Identifiers, including
Name
Address
Email address
Phone number
Date of birth
Account username
Certain social media account information including user ID
IP address
Unique device identifiers
Mobile app identifiers
Device operating system information
Contact you and provide information
Provide customer service
Perform identity and age verification as required under applicable law
Provide and maintain the Services
Facilitate interactive features
Internal analytics
Market our products and services
Market the products and services of others
Internal business purposes, including general business administration
Audit, compliance, legal, policy, procedure, and regulatory obligations
Customer claims and fraud investigation and prevention
Systems and data security
Protecting the safety of our employees and others
Targeted Advertising
Profiling
Any other purpose consistent with your consent and expressed preferences
Nimbler’s enterprise customers, which are typically retailers of business products and services, as well as data compilers and resellers (our “Enterprise Customers”)
Advertising networks and data platforms
Commercial information, including
Information about your interests and preferences
Same purposes as noted for “Identifiers”
Advertising networks and data platforms
Our Enterprise Customers
Financial information, including
Bank account number
Credit card number
Debit card number
Any other financial information
Provide and maintain the Service
Internal business purposes, including general business administration
N/A
Internet or other electronic network activity information, including
Browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages
Content and information about your communications through the Services
Information using cookies and tracking technologies
Mobile operating system information
Mobile internet browser type
Diagnostic data
Same purposes as noted for “Identifiers”
Advertising networks and data platforms
Our Enterprise Customers
Geolocation Data, including
Global Positioning System (“GPS”) data
Locational information based upon your IP address
Cell network data
Locational data collected from various devices including your mobile device(s) or vehicles(s)
Internal business purposes, including general business administration
Customer claims and fraud investigation and prevention
Systems and data security
Protect the safety of our employees and others
Internal analytics
N/A
Professional or employment-related information
Employer name
Employment history
Professional licenses or registrations
Employer industry
Employer size and revenue range
Employment start and end dates
Employment contact information
Employment title, job functions, and skills
Education and credentials
Facilitate interactive features
Internal analytics
Market our products and services
Market the products and services of others
For internal business purposes, including general business administration
Advertising networks and data platforms
Our Enterprise Customers
Audio, electronic, visual, or similar information, including
Any original text, audio recordings, photos, videos, and other media you may share on the Services.
Same purposes as noted for “Identifiers”
Advertising networks and data platforms
Our Enterprise Customers
Characteristics of protected classifications, including:
Age
Date of birth or age range
Gender or gender identity
Marital status
Military or veteran status
National origin
Criminal history or records
Income level
Racial or ethnic origin
Sexual orientation
For internal business purposes, including general business administration
Customer claims and fraud investigation and prevention
Systems and data security
Protecting the safety of our employees and others
Internal analytics
Advertising networks and data platforms
Our Enterprise Customers
Sensitive personal information or sensitive data, including:
Social Security, driver’s license, state identification card, or passport number.
Precise geolocation.
Racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership.
Inferences about you using any of the above
Any of the above purposes
Advertising networks and data platforms
Our Enterprise Customers
Sources of Personal Data
We may collect personal information about you from the following categories of sources:
Directly from you through your interactions with us, such as when you use the Site or Services, create an account with us, complete electronic forms, or otherwise contact us via chat, email, phone, or text.
Through cookies and tracking technologies, as discussed in more detail in Cookies and Tracking Technologies (Section 5 of this Policy).
Other users of our Sites and Services.
From third parties, including our third party data providers, service providers, business and marketing partners, affiliates, analytics providers, ad network providers, ad agencies, and advertisers, including sources of publicly available and other information that we license data from.
From publicly available information sources, government agencies or public records.
From social media and other content platforms, such as Meta, Google, and LinkedIn, if you access the Services through a third-party connection or log-in or interact with us on these platforms use the Sites or Services.
Disclosure of Personal Data
We may disclose personal information that we collect, or you provide to the following:
Our Enterprise Customers. As part of our core business, we provide personal data to our enterprise customers, which are typically retailers of business products and services, as well as data compilers and resellers.
Our affiliates. We may share personal information among our affiliates to provide our Services, and for internal administrative purposes.
Our service providers. We share personal information with our service providers to provide services on our behalf, such as payment processing, analytics, advertising, hosting, marketing, customer and technical support, and other services. These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use the information for any other purpose.
Third party platform advertisers. We may share your information with third-party platform providers who assist us in serving advertising to others who may be interested. We also partner with third parties who use Cookies to serve interest-based advertising and content on their respective third-party platforms that may be based on your preferences, location, and/or interests.
Third parties related to compliance and harm prevention. Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities.
Third parties related to a change of ownership. If we or our subsidiaries are involved in a merger, acquisition, asset sale, or other corporate combination, your personal information may be transferred to the acquiring or surviving entity.
Aggregated, Deidentified, or Anonymous Information
We may create aggregated, de-identified, or anonymous information from data by removing certain data components (such as your name, email address, or linkable tracking ID) that makes the data identifiable, or through aggregation, obfuscation or other means. Subject to applicable law, our use of such aggregated, de-identified, or anonymized information is not personal data or subject to this Privacy Policy.
Cookies and Tracking Technology
We use cookies and similar tracking technologies and analytics services to track activity on and gauge the effectiveness of the Site.
Cookies
When you visit our Site we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets NYMBLR help you log in faster and enhance your navigation through the Site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take on the Service), and allow us or our business partners to track your usage of the Service over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.
Examples of cookies we use:
Strictly Necessary. We may use cookies that we consider are strictly necessary to allow you to use and access our website, including cookies required to prevent fraudulent activity, improve security or allow you to make use of shopping cart functionality.
Performance. We may use cookies that are useful in order to assess the performance of our website, including as part of our analytic practices or otherwise to improve the content, products or services offered through our website.
Functionality. We may use cookies that are required to offer you enhanced functionality when accessing our website, including identifying you when you sign in to our website or keeping track of your specified preferences, including in terms of the presentation of content on our website.
Advertising. We may use cookies to deliver content, including ads, relevant to your interests on our website and third party sites based on how you interact with advertisements or content.
Log file information:
Log file information is automatically reported by your browser or mobile device each time you access the Service. When you use our Service, our servers automatically record certain log file information. These server logs may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information.
Device identifiers:
When you access the Service by or through a mobile device (including but not limited to smart-phones or tablets), we may access, collect, monitor and/or remotely store one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by NYMBLR. A device identifier may convey information to us about how you browse and use the Service. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Service. Some features of the Service may not function properly if use or availability of device identifiers is impaired or disabled.
Analytics information:
We may directly collect analytics data, or use third-party analytics tools and services, to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Service. We may use Google Analytics or other service providers for analytics services. These analytics services may use cookies and other tracking technologies to help us analyze how users use the Services. Information generated by these services (e.g., your IP address and other usage information) may be transmitted to and stored by Google Analytics and other service providers on servers in the U.S. (or elsewhere) and these service providers may use this information for purposes such as evaluating your use of the Service, compiling statistic reports on the Service’s activity, and providing other services relating to Service activity and other Internet usage. You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.
Third-Party Ad Networks.
Certain companies may participate in the Digital Advertising Alliance ("DAA") AdChoices Program and may display an Advertising Option Icon for Interest-based Ads that links to an opt-out tool which allows you to exercise certain choices regarding targeting. You can learn more about the DAA AdChoices Program at http://www.youradchoices.com/ and its opt-out program for mobile apps at http://www.aboutads.info/appchoices.
In addition, certain advertising networks and exchanges may participate in the Network Advertising Initiative (“NAI”). NAI has developed a tool that allows consumers to opt out of certain Interest-based Ads delivered by NAI members' ad networks. To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Ads, you will continue to receive non-targeted ads. Opting out of one or more NAI or DAA members only means that those selected members should no longer under the DAA / NAI rules deliver certain targeted ads to you. This will affect this and other services, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). If your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different device or web browser(s), or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective. Mobile device opt-outs will not affect browser-based Interest-based Ads even on the same device, and you must opt-out separately for each device. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
How We Protect Your Personal Data
NYMBLR cares about the security of your information, and uses commercially reasonable safeguards to preserve the integrity and security of all information collected through the Service. To protect your privacy and security, we take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications from NYMBLR, at all times. Additionally, we partner with Amazon Web Services (AWS) with strategically placed and limited number of access points to the cloud to allow for a more comprehensive monitoring of inbound and outbound communications and network traffic.
In the event that any information under our control is compromised as a result of a breach of security, NYMBLR will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
Note that your privacy settings may be affected by changes to the functionality of third party sites and services that you add to the NYMBLR Service, such as marketing or sales tools. NYMBLR is not responsible for the functionality or security measures of any third party.
Data Retention
We will retain your personal data only for as long as is necessary to provide you with Services, to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain certain personal information for internal analysis purposes. This information is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods. Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position, including regard to applicable statutes of limitations, litigation or regulatory investigations.
International Transfers of Your Personal Data
Your personal data may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. The data protection laws in the jurisdiction in which we process personal data may differ from those of your jurisdiction, and in certain circumstances, your personal data may be subject to access requests from governments, courts, law enforcement agencies or regulatory agencies in those other jurisdictions.
If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, we comply with any applicable laws to provide an adequate level of data protection to the U.S., as described further in our European Privacy Notice. Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use EU Standard Contractual Clauses with data recipients located outside the EEA or the UK as well as other appropriate measures and safeguards.
Children’s Privacy
Our Services are not intended for children under the age of eighteen (18) years and we do not knowingly collect information from such persons. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at [EMAIL]. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.
Your Privacy Rights
We make every effort to promptly process all unsubscribe requests.
Opting of promotional electronic communications from us
We may use your personal information to send you updates regarding existing products and services, information about new products and services, upcoming events, surveys, and other announcements and inquiries. If you no longer wish to receive promotional email communications from us, you may opt out via the unsubscribe link included in such emails or communicate your opt-out request using the information below. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required in order to provide you with the Service or for other reasons disclosed in this Policy (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices). If you have any questions about reviewing or modifying your account information, you can contact us directly at [EMAIL].
European privacy rights
Individuals located in the European Economic Area, United Kingdom, and Switzerland have certain rights with respect to our collection, use, and sharing of their personal data. Please review our European Privacy Notice for more information about those rights.
U.S. privacy rights
Certain U.S. jurisdictions provide residents with certain rights with respect to their personal information or personal data as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our California Privacy Notice; Nevada Privacy Notice; and Colorado, Connecticut, Utah, and Virginia Privacy Notice for more information on rights and terms specific to your location or place of residence.
European Privacy Notice
This European Privacy Notice applies to any individuals located within the EEA, UK, or Switzerland from whom we may have collected personal data from any source, including through your use of our Services. We provide this European Privacy Notice to comply with applicable privacy laws, including the General Data Protection Act (“GDPR”), the UK GDPR, and related laws, regulations, and guidance from the European Union and/or its member states. Any capitalized term used and not otherwise defined below has the meaning assigned to it in our Privacy Policy.
European law provides individuals located in Europe with rights to receive certain disclosures regarding the collection, use, and sharing of personal data, as well as rights to be informed, access, rectification, erasure, restrict processing, data portability and to object with respect to collected personal data. For the purposes of this European Privacy Notice, “personal data” means any information relating to an identified or identifiable natural person.
Basis for processing your personal data
We rely on one or more legal bases to process your personal data under applicable law. We may process personal data (i) as necessary to perform our contractual obligations to you, including, but not limited to, those obligations in our terms of use; (ii) as necessary to pursue our legitimate interests as further detailed below; (iii) as necessary for our compliance with our legal obligations such as a request or order from courts, law enforcement or other government authorities; and/or (iv) with your consent, including to send you marketing email messages and other information that may be of interest to you, which you may withdraw at any time.
Legitimate business interests
We may collect, process, and maintain personal data to pursue the legitimate business interests outlined below. To determine these legitimate interests, we balance our legitimate interests against the legitimate interests and rights of you and others and only process personal data in accordance with those interests where they are not overridden by your data-protection interests or fundamental rights and freedoms.
Our legitimate interests generally include:
Provide, improve, and develop our Sites, Products, and Services, including to deliver your requested services, send you messages and provide user support, customize the Services to better fit your needs as a user, develop new products and services, and perform internal analytics and research and development. This also includes sharing personal data with our trusted service providers that provide services on our behalf.
Protect you and others and to create and maintain a trusted environment, such as to comply with our legal obligations, to ensure compliance our agreements with you and other third parties, to ensure safe, secure, and reliable Service, and to detect and prevent wrongdoing and crime, assure compliance with our policies, and protect and defend our rights, interests, and property. In connection with the activities above, we may conduct internal research and profiling based on your interactions on various Sites, content you submit to the Sites, and information obtained from third parties.
Provide, personalize, measure and improve our marketing, including to send you promotional messages and other information that may be of interest to you with your consent. We may also use personal data to understand our user base and the effectiveness of our marketing. This processing is done pursuant to our legitimate interest in undertaking marketing activities to offer products or services that may be of interest to you.
Your privacy rights
In certain circumstances, individuals located within the EEA, UK, and Switzerland are entitled to the following data protection rights regarding their personal data:
Right to access. You have the right to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data.
Right to rectification. You have the right to request that we correct or update your personal data that is inaccurate, incomplete or outdated.
Right to erasure. You have the right to request that we erase your personal data in certain circumstances provided by law.
Right to restrict processing. You have the right to request that we restrict the use of your personal data in certain circumstances.
Right to object to processing. You have the right to object to our processing of your personal data, under certain conditions.
Right to data portability. You have the right to request that we export the data that we have collected to you or another company, under certain conditions.
Right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal data. Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data. You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA). You can view the contact information for your data protection authority here
Where the processing of your personal data is based on your previously provided consent, you have the right to withdraw your consent at any time. If you would like to exercise any of these rights, please submit a written request using the information in the Contact Us section below. We will respond to these requests in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.
You may also have the right to lodge a complaint about our data collection and processing actions with the appropriate supervisory authority. You can view the contact information for your data protection authority here.
California Privacy Notice
This California Privacy Notice supplements the information contained in the rest of our Privacy Policy and is intended to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any capitalized term used and not otherwise defined below has the meaning assigned to it in our Privacy Policy. For the purposes of this California Privacy Notice, except where a different definition is noted, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available information, information that has been de-identified or aggregated, or other information subject to certain federal and state regulation.
If you are a visually-impaired customer, a customer who has another disability or a customer who seeks support in another language, you may access this California Privacy Notice by emailing us at [EMAIL].
Personal Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Identifiers
Protected classification characteristics under California or federal law
Professional or Employment information
Internet or other electronic network activity information
Geolocation data
Audio, electronic, visual, or similar information
Commercial information
Inferences
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
To provide you with information, products or services that you request from us.
To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To improve our website and present its contents to you.
To service contracts with our clients to help them fulfil their marketing programs to develop new business and service existing business.
For testing, research, analysis and product development.
To provide our data and data marketing services, such as:.
Creating data marketing tools and products for our marketer clients. This includes our provision of datasets, data “appends” (connecting data across datasets), data “scoring” (providing inferences about potential consumer behavior), data hygiene services (helping customers to evaluate, validate and correct personal information they hold.
Helping our clients identify and understand their consumers better, by providing insights about them and managing loyalty programs, as well as providing financial and other scoring products.
Assisting our clients through our Services to provide their current and prospective customers with better service, improved offerings, and special promotions, for instance, advising on which current or prospective customers are most likely to be interested (or disinterested) in certain offers.
Creating or helping to create defined audience segments based on common demographics and/or shared (actual or inferred) interests or preferences (e.g., technology professionals). When we do this, we work with a data partner that “matches” our or other Information through de-identification techniques (such as through coded data “hashing”) with online cookies and other identifiers, in order to target and measure ad campaigns online across various display, mobile and other media channels.
Assisting in targeting and optimizing of direct mail and email campaigns, display, mobile and social media marketing, including by providing customer insights.
Measuring the effectiveness of online or offline ad campaigns by determining which messages are most likely to be seen or opened by which types of consumers, or which types of ads are most likely to lead to purchases.
Analyzing and optimizing our clients’ (or their service providers’) proprietary databases, to assist in our client’s marketing campaigns to reach new customers.
Disclosure of Personal Information
We limit our disclosure of the categories of personal information above to our service providers for one or more business purposes. “Business purposes” means the reasonably necessary and proportionate use of personal information for our operational purposes, other purposes described in this Privacy Policy, for the operational purposes of our service providers and contractors, as well as other purposes compatible with the context in which the personal information was collected.
We may “sell” and/or “share” personal information with our Enterprise Customers, as detailed in Sections 1 and 3 of this Privacy Policy. We may also “sell” and/or “share” personal information with third party advertising networks and platforms for purposes of providing targeted behavioral advertising on those platforms.
In the last 12 months (from the last updated date listed at the top of this Privacy Policy), we have “sold” or “shared” the following categories of personal information:
Identifiers
Professional or employment information
Internet or other electronic network activity information
Audio, electronic, visual, or similar information
Inferences
Retention of Personal Information
We will retain your personal data only for as long as is necessary to provide you with Services, to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain certain personal information for internal analysis purposes. This information is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods. Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position, including regard to applicable statutes of limitations, litigation or regulatory investigations.
Your California Privacy Rights
The CCPA provides consumers (California residents) with specific rights regarding their personal information. If you are a California resident, you may have the following rights under applicable California law:
Right to know and access. You have the right to know what personal information we collect, use, disclose, and sell and/or share, as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
Right to delete and erase. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the personal information that we collect about you.
Right to correct inaccurate personal information. You have the right to request the correction of inaccurate personal information.
Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
Right to opt out of sale and/or sharing. You have the right to opt-out of the sale and/or sharing of your personal information by a business.
Right to Limit Use and Disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide goods or services to you. We will not use or disclose your sensitive personal information after you have exercised your right unless you subsequently provide consent for the use of your sensitive personal information for additional purposes.
Sharing with third parties for their own direct marketing purposes. We do not disclose this personal information to third parties for their own purposes without your consent. If you wish to request information regarding such practices under California’s “Shine the Light” Law, please Contact Us. You must include your full name, email address, and postal address in your email or mail request so that we can verify your California residence and respond.
How to exercise your rights. You may exercise any of the rights described in this section by following the instructions in Your Privacy Rights.
Notice of Right to Opt-Out of Sale/Sharing
California residents may opt out of the “sale” or “sharing” of their personal information. As noted above, we may “sell” and/or “share” your personal information with Enterprise Customers, advertising networks, and data platforms. You may opt-out by following the instructions in Your Privacy Rights.
We do not knowingly sell or share the personal information of minors under 16 years of age without legally-required affirmative authorization. If you are a parent or guardian and you believe that your child has provided us with information without your consent, please review the Children’s Privacy section and contact us by email at [EMAIL]
You can also opt out of such sale or sharing by clicking the Your Privacy Choices link at the bottom of our website and selecting your preferences. You may also opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. Please note that if you do not have an account with us or if you are not logged into your account, your opt out request will be linked to your browser identifier only and not linked to any account information, because the connection between your browser and your account is not known to us.
Nevada Privacy Notice
We may “sell” personal information to our Enterprise Customers, as detailed in Sections 1 and 3 of this Privacy Policy. Nevada residents have the right to request to opt out of any sale of their personal information under Nevada SB 220. If you are a Nevada resident and would like to make such a request, please follow the instructions in Your Privacy Rights. You must include your full name, email address, and postal address in your email or mail request so that we can verify your Nevada residence and respond. In the event we sell your personal data after the receipt of your request, we will make reasonable efforts to comply with such request.
Colorado, Connecticut, Utah, and Virginia Privacy Notice
This Privacy Notice applies to any Colorado, Connecticut, Utah, and Virginia residents about whom we collect personal information (“consumers”). The provisions contained within this section, in addition to the disclosures throughout the rest of this Policy, are intended to provide notices in compliance with the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), and the Virginia Consumer Data Protection Act (“VCDPA”). This section does not apply to certain personal data that is already subject to certain federal and state regulations, such as protected health information.
For the purposes of this section, “personal data” means information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information.
Our Personal Data Practices
The CPA, CTDPA, UCPA, and VCDPA provide rights to residents of Colorado, Connecticut, Utah, and Virginia, respectively, to receive certain disclosures and access regarding collection, use, sale, and sharing of personal data. Detail about what kinds of personal data we may collect or have collected, how we collect it, why we collect it, and who we may disclose it to is found in the Personal Data We May Collect, Use, and Disclose; Sources of Personal Data; and Disclosure of Personal Data sections of this policy.
We may “sell” and/or “share” personal data with our Enterprise Customers, as detailed in Sections 1 and 3 of this Privacy Policy. We may also “sell” and/or “share” personal data with third party advertising networks and platforms for purposes of providing targeted behavioral advertising on those platforms.
Your Privacy Rights
If you are a resident of Colorado, Connecticut, Utah, or Virginia, you have the following rights under applicable law in relation to your personal data, subject to certain exceptions:
Right to know and access. You have the right to know what personal data we collect, use, disclose, and/or sell or share as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
Right to delete and erase. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the personal data that we collect about you.
Right to correct inaccurate personal data. You have the right to request the correction of inaccurate personal data.
Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
Right to opt out. You have the right to opt-out of targeted advertising, our sale of your personal data, and profiling decisions that could produce legal or similarly significant effects concerning the consumer.
Rights concerning sensitive personal data. If you are a Connecticut, Colorado, or Virginia resident, we cannot process your sensitive data or your sensitive data inferences, or use your personal data for certain purposes without your affirmative consent. If you are a Utah resident, you have the right to opt out of having your sensitive personal data processes.
How to exercise your rights. You may exercise any of the rights described in this section by following the instructions in Your Privacy Rights.
How to appeal decisions about your rights. Connecticut and Virginia residents can appeal our decisions concerning privacy rights requests, as follows:
Connecticut residents. If you are a Connecticut resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Connecticut’s Office of the Attorney General by phone at (860) 808-5420 or by submitting a form here.
Virginia residents. If you are a Virginia resident and want to appeal our decision with regard to a request that you have previously made, please Contact Us or notify the Office of the Attorney General of Virginia online here. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Virginia’s Office of the Attorney General by phone at (804) 786-2071, written correspondence to 202 North 9th Street, Richmond, Virginia 23219, or online here.
Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning material amendments or changes to this Policy. We encourage you to periodically review this page for the latest information on our privacy practices. This Privacy Policy was last updated on the date indicated above.
Contact Us
If you have any questions about this Privacy Policy, the practices of this Site, or your dealings with this Site or our Services, please contact us at support@nimbler.com.