Updated: September 25, 2020
Who Are We?
LocateSmarter, LLC (the “Company”), headquartered in Cedar Falls, Iowa, U.S.A., offers innovative and customizable data solutions and analytics for clients in a variety of industries, with a focus on location and contact services, fraud identification and detection, and compliance products.
If you have any questions or comments about Company’s Privacy Policy or our practices, or if you would like to correct, complete, or supplement any of your information we maintain, please contact us as follows:
LocateSmarter
Attn: Compliance
1309 Technology Parkway, Suite 101
Cedar Falls, IA 50613
877-815-2268 – privacy@locatesmarter.com
Who And What Is Covered By This Privacy Policy?
This Privacy Policy describes the Company’s policies and practices regarding its collection, use, maintenance, disclosure and sale of personal information, and sets forth the rights of consumers regarding their own personal information. This Privacy Policy applies both to the Company’s online information gathering and dissemination practices for Company’s web applications including this website (the “Site”), and information collected or received offline, whether directly from you or from other sources.
If you have arrived at this Privacy Policy by clicking through a link on our Site, or by searching for or clicking on a link directing you to any page of our Site, then this Privacy Policy applies to you. When you use the Site, you consent to the use of your information in the manner specified in this Privacy Policy. This policy may change periodically, as we undertake new personal data practices or adopt new privacy policies, so please check back from time to time for updates to the policy posted here. Updates become effective immediately upon posting unless otherwise stated. By your continued use of the Site, you consent to the terms of the most recently revised and posted policy.
Use of our Site is strictly limited to persons who are of legal age in the jurisdictions in which they reside. You must be at least eighteen (18) years of age to use our Site. If you are not at least 18 years of age, please do not use or provide any information through this Site.
Other Websites/Third Party Links
You may find links to other, third party websites on Company’s Site. This Privacy Policy does not apply to any website owned and/or operated by or on behalf of any other entity, even if our Site posts a link to those other websites and you click through from our Site. We do not control the content or links that appear on these third party sites, and are not responsible or liable for the practices employed by third party websites linked to or from our Site. Those websites have separate and independent privacy policies. If you visit and/or disclose information through other sites, you are subject to the privacy policies, customer service policies, and practices of those websites. Browsing and interaction on any other website is subject to that website’s own terms and policies.
What Personal Information Does The Company Collect, From Where, And Why?
The following is a description of: (i) the categories of personal information the Company may have collected in the preceding 12 months; (ii) the sources from which we may have collected it; and (iii) the business purposes for which we may have collected it. We do not knowingly solicit, collect, or receive information from consumers under the age of 18 through the Site or otherwise.
Information You Provide Directly.
The Company does not typically collect personal information directly from individuals, with the exception of job applicants and employees. However, should you, or an authorized representative acting on your behalf, choose to voluntarily submit or disclose personal information to us, that information – whether submitted or disclosed by you through the Site, by mail, e-mail, SMS text, telephone, or other channel – is governed by this Privacy Policy.
If you initiate contact or correspond with us orally or in writing, we may keep a record of your contact information and correspondence and we reserve the right to use your contact information, and any other information that you provide to us in your message, to respond thereto or attempt to resolve your request or inquiry.
If you wish to change or correct any information voluntarily submitted to us, please do so by contacting us in the manner described above.
Information Received in Connection with Potential Employment.
Company receives personal information about potential candidates for employment with LocateSmarter, including any resume or application information provided from an applicant, recruiter, human resources provider, or external job service/application website. We use this information to evaluate an applicant’s candidacy and/or contact an applicant in connection with potential employment.
Information We Receive From Our Clients in our Role as a Service Provider.
Company receives and maintains personal information contained in the accounts that we service for our clients in our role as a Service Provider. Our clients operate in a variety of industries, and hire us to provide a broad array of services and products, such as location and contact services, fraud identification and detection, and compliance. This information may include: name, date of birth, social security number, physical address, telephone number, email address, business and employment information, etc. We use this information to update and confirm contact or location information, collect additional contact, location and consumer status information for our clients, to assist clients attempting to contact you, and to otherwise fulfill our contractual responsibilities to our clients.
Information We Receive From Our Service Providers.
Company receives and maintains personal information from our Service Providers. Service Providers are persons or entities that we contract with to provide a material service in connection with managing or assisting with the completion of our business objectives or fulfilling our responsibilities to our clients for whom we also act as a service provider. This may include, for example, data analytics providers, data service providers, data brokers, or data scrubbers. Information that we typically may receive from our service providers includes new or updated name, contact and location information, business and employment information, date of birth, social security number, bankruptcy and litigation information, military and deceased status, etc.
Information We Receive From Third Parties.
The Company receives and maintains personal information from third party sources, such as data licensors, data analytics providers, data brokers, and/or data suppliers that sell or grant to Company the right and license to access and use consumer personal information. Company uses this personal information for integration into its products and services or subscriptions that Company markets or sells to its direct end-user clients, and for sale or license to other companies that may further resell or use the information and integrate or incorporate it into their own transaction-based products or services. This information may include, for example, name, date of birth, social security number, physical address, telephone number, email address, business and employment information, driver’s license information, bankruptcy and litigation information, military and deceased status, etc.
Information Automatically Collected By Your Use Of This Site.
You may use this Site without disclosing to us any personally identifiable information. We do not automatically collect any personally identifiable information from you (e.g., name, address, telephone number, email address, social security number, or financial information) when you use the Site. The Site can only collect such information if it is affirmatively provided by you.
Like most websites, however, the Site automatically collects certain non-personally identifiable information during a user’s visit. That information may include the internet protocol (IP) address of your device, the location where the device is accessing the internet, browser type and language, internet service provider, type of computer/operating system, date/time stamps, user interface interaction data (e.g., mouse clicks or navigation through the Site), and other information about the usage of the Site, including a history of pages viewed and or uniform resource locator (URL) information (showing where you came from or where you go to next). We use this information to improve the Site’s design, estimate user volume and usage patterns, speed up searches, and improve the user experience. We may also use this information to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
More specifically:
(i) IP Address
Each time a user visits the Site, we may automatically collect an internet protocol (IP) address and the web page from which the user was directed to the Site. In order to administer and optimize the Site and to diagnose and resolve potential issues or security threats to our Site or to the Company, we may use an IP address to help identify users and to gather broad demographic information about them.
(ii) Cookies, Pixel Tags, And Web Beacons
Cookies are small files that a site or its service provider transfers to a user’s device through the web browser (if you allow) that enables the site’s or service provider’s systems to recognize the browser and capture and remember certain information. We use cookies to optimize Site functionality and improve a user’s experience while navigating through the Site. Most or all browsers permit you to disable or reject cookies. You can do this by adjusting your preferences in the browser.
Our Site may incorporate “pixel tags,” “web beacons,” or similar tracking technologies (collectively, “pixel tags”) that track the actions of Site users. Pixel tags are used to collect information, such as the internet service provider, IP address, the type of browser software and operating system being used, the date and time the Site is accessed, the website address, if any, from which a user linked directly to the Site and/or the website address, if any, to which the user travels from the Site and other similar traffic-related information.
We may aggregate information collected from Site visits by various users to help us improve the Site and the services that we provide through the Site.
(iii) Do Not Track
Our Site tracks when visitors enter through a marketing landing page. The Site also keeps a record of third-party websites accessed when a user is on our Site and clicks on a hyperlink. But we do not track users to subsequent sites and do not serve targeted advertising to them.
(iv) Analytics Information
Web servers for the Site may gather anonymous navigational information about where visitors go on our Site and information about the technical efficiencies of our Site and services. Anonymous information does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual. Examples of anonymous information may include certain information about the internet browser, domain type, service provider and IP address information collected through tracking technologies and aggregated or de-identified data. We use anonymous analytics information to operate, maintain, and provide to you the features and functionality of the Site, improve our services, analyze trends and administer our web applications.
What Personal Information Do We Share With Others, Including Selling or Disclosing for a Business Purpose?
Information Collected on the Site.
Company does not sell or share any personal information obtained on or submitted through the Site, such as personally identifiable information, information you choose to submit, or information about your Site activity or visits to our Site with any third party or marketing group.
Information Sold to Third Parties.
In the past twelve (12) months, Company has sold personal information to third parties for their own use or further disclosure.
Company sells and/or licenses subscriptions and/or the right to use and access consumer personal information to non-affiliated third parties. Those third parties include companies in a variety of industries and categories including financial services, data suppliers, data analysts, data brokers, and marketers, etc. The third parties use the information for various business purposes, including location and contact services, fraud identification and detection, and compliance. Some third parties may also resell the information or access to the information, or integrate and incorporate the information into their own transaction-based products or services offered to others. This information includes, for example, name, date of birth, social security number, physical address, telephone number, email address, business and employment information, driver’s license information, bankruptcy and litigation information, military and deceased status, etc.
The Company does not knowingly sell the personal information of consumers under 16 years of age.
If you are a California resident and wish to opt-out of future sales of your PI, please complete a “Do Not Sell My Personal Information” request on our website. Additional instructions and information about your right to opt-out can be found in the second half of this Privacy Policy, which applies only to California residents.
Sharing Information With Clients Pursuant To A Written Contract Through Which We Act As a Service Provider.
We may share personal information with our clients that engage us as a Service Provider through a written contract. Our clients operate in a variety of industries, and hire us to provide a broad array of services and products, such as location and contact services, fraud identification and detection, and compliance. Our clients may direct us to gather, process, and provide them with consumer personal information so that we can update and confirm consumer contact, location, and status information, assist them with their attempts to contact you, and otherwise fulfill our contractual responsibilities as their Service Provider. We may share with our clients new or updated consumer information such as: name, date of birth, social security number, physical address, telephone number, email address, business and employment information, driver’s license information, bankruptcy and litigation information, military and deceased status, etc.
Sharing Information With Our Service Providers.
We may share personal information with our Service Providers. Service Providers are persons or entities that we contract to provide a material service in connection with managing or assisting with the completion of our business objectives and operations or fulfilling our responsibilities to our clients. Our Service Providers may include data analytics providers, data service providers, data brokers, data scrubbers, data security and technological support companies, and legal counsel. In connection with providing services to Company, one or more of our Service Providers may have access to identifying information, such as name, date of birth, social security number, physical address, telephone number, email address, business and employment information, driver’s license information, bankruptcy and litigation information, military and deceased status, etc. We prohibit our Service Providers from accessing or using personal information for any purpose other than as reasonably necessary to perform a business purpose that we authorize by contract, and personal information will not be further used by our Service Providers or further sold or disclosed by them to any Third Party.
Sale Of Our Company Or Company Assets.
In the event of a sale, assignment, liquidation, or transfer of our assets or of any portion of our business, we reserve all available rights to transfer any and all information that we collect and maintain to unaffiliated third-parties in connection with that event.
Monitoring, Law Enforcement And Legal Requests.
Company may be required by law enforcement, federal or regulatory entities, or judicial authorities to provide personal information, such as in response to an audit, investigation, or subpoena. Company will only disclose information as legally required or necessary to demonstrate compliance with the law. Company has no obligation to monitor the Site or the use of the Site or to retain the content of any user session. However, we reserve the right, at all times, to monitor, review, retain and/or disclose any information, as necessary and to the extent possible, to satisfy (and demonstrate our compliance with) any applicable law regulation, legal process or governmental request or to cooperate with law enforcement and other authorities in investigating a claim of illegal activity. We also may use IP addresses, if available, to identify a user when we feel it is necessary to protect the Site, our service, clients, potential clients or others.
Our Internal Use And Research
Company reserves the full and unrestricted right to use and disclose de-identified information; anonymized information; aggregated information; or publicly available information that has not been combined with nonpublic personal information for purposes including, but not limited to, our own internal use, service improvement, data mining, analytics, and research.
How Long Do We Retain Personal Information?
We are required to retain or delete certain data, including in some cases personal information, for specific periods of time in order to fulfill the contractual requirements of our clients and to complete the services for which we were hired to perform, to comply with our internal policies and procedures, and/or to comply with applicable law.
How Do We Protect Your Personal Information?
The Company is committed to protecting your privacy. We take data security very seriously, because our reputation and livelihood rely on it and our clients and licensors require it. Company takes reasonable security measures and seeks to implement the best practices and procedures in data collection, storage, processing and security, to protect personal information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Company has implemented administrative, technical, physical, electronic and procedural safeguards designed to protect against the unauthorized disclosure of personal information and to ensure the integrity and confidentiality of personal and private information. Company complies with the Privacy of Protected Health Information (PHI) and other regulations pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (the Privacy Rule). We also comply with standards for safeguarding Non-public Personal Information (NPI) as set forth in the final rule of the Gramm-Leach Bliley Act of 1999 (GLBA), and provide safeguards against the invasion of privacy of Federal Records as required in The Privacy Act of 1974. Company also takes appropriate steps to protect the information you may share with us on the Site from being seen or accessed by unauthorized personnel.
Personal information is disposed of properly and securely utilizing industry standards. Our data security policies and practices are periodically reviewed and modified as necessary.
** THE INFORMATION BELOW APPLIES TO CALIFORNIA RESIDENTS **
Rights Under The California Consumer Privacy Act.
The CCPA And Personal Information.
The California Consumer Privacy Act (“CCPA”), effective January 1, 2020, as clarified by the California Consumer Privacy Act Regulations approved on August 14, 2020, grants privacy rights to California consumers in connection with their Personal Information.
“Personal Information” or “PI” is “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” PI does not include information lawfully made available from government records or information that is already subject to sector-specific privacy laws, including the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Fair Credit Reporting Act (FCRA), federal laws that impose requirements and restrictions to protect consumer data.
A consumer has rights regarding his/her PI, including:
- A right to know what PI is collected, used, shared or sold by the business;
- A right to access PI collected and retained by the business;
- A right to require businesses and, by extension, their service providers, to delete PI, subject to certain exceptions;
- A right to opt-out of the business’ sale of PI; and
- A right to non-discrimination in terms of pricing or service for choosing to exercise a privacy right under the CCPA.
Consumer Right To A Notice of Collection.
A business that collects PI directly from a consumer must, at or before the point of collection, inform the consumer as to the categories to be collected and the purposes for which it shall be used. A business that intends to sell the PI must also notify the consumer and provide the website form for submitting a “Do Not Sell My Personal Information” request. Data brokers registered in California need not provide such a notice if their registration includes a link to instructions for opting-out.
Consumer Right To Know.
A covered business must disclose in its privacy policy the PI it has collected, sold, or disclosed for a business purpose in the past 12 months.
A business must disclose the following in response to a verifiable request to know:
- The categories of PI the business has collected about the consumer;
- The categories of sources from which that PI was collected;
- The business or commercial purpose for collecting or selling PI;
- The categories of third parties with whom the business shares PI;
- The categories of PI the business sold and categories of third parties to whom it was sold;
- The categories of PI the business disclosed for a business purpose and associated categories of third parties to whom those categories were disclosed; and
- If requested, the specific pieces of PI the business has collected.
Consumer Right To Delete.
A California consumer has the right to request that a covered business delete his/her PI, subject to certain exceptions. Once a request is reasonably verified by the business, the PI requested to be deleted must be erased from the records held by that business or otherwise deidentified or aggregated, and the business must direct its Service Providers with whom the information was shared to also delete the information, unless it is subject to an exception.
A request to delete may be denied if the requestor’s identity cannot be verified or if retaining the information is necessary to:
- Complete the transaction for which it collected the PI, provide a good or service requested by the consumer, take action reasonably anticipated within the context of the ongoing business relationship with the consumer, or otherwise perform a contract with the consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer’s relationship with the business.
- Comply with a legal obligation.
- Make other internal and lawful uses of the information that are compatible with the context in which the consumer provided it.
If a business stores PI on archived or backup systems, it may delay compliance with a request to delete for that data until the archived or backup system relating to that data is restored to an active system or next accessed or used for a sale, disclosure, or other commercial purpose.
Consumer Right To Non-Discrimination.
A business must not discriminate against a consumer who exercises CCPA rights. A business may charge different prices or provide a different quality of goods or services, but only if the difference is reasonably related to the value provided to the consumer by the consumer’s data. A business may offer financial incentives to a consumer for the collection, sale, or deletion of personal information on a prior, opt-in consent basis.
Consumer Right To Opt-Out.
A business that sells PI to third parties must provide notice to consumers, clearly inform them of the right to opt-out of the sale, and provide a “Do Not Sell My Personal Information” link on its website that enables the consumer to opt-out of future sales of that Consumer’s PI.
A business is prohibited from selling the PI of a consumer the business knows is less than 16 years of age, unless (for a consumer between 13 and 16 years of age) the consumer has affirmatively authorized the sale or (for a consumer less than 13 years of age) the consumer’s parent or guardian has affirmatively authorized the sale.
Privacy Policy Requirements.
A business must include the following in its privacy policy, to be updated every 12 months:
- A description of consumer CCPA rights, including the right to opt out of the sale of PI and a separate link to a “Do Not Sell My Personal Information” internet webpage if the business sells PI;
- The method(s) by which a CCPA request can be submitted;
- A list of the categories of PI the business has collected, sold, or disclosed for a business purpose in the preceding 12 months; and
- For any business that, alone or in combination, buys, receives or shares for commercial purposes, or sells, the PI of 10 million or more consumers in a calendar year, the following metrics: The number of requests to know, delete, and opt-out received, complied with in whole or in part, and denied for the previous calendar year, and the median or mean number of days within which the business substantively responded to requests to know, delete, and opt-out.
How Do I Submit a CCPA Request to Know or Request to Delete to the Company?
Instructions: Requests To Know or Delete
If you are a California resident and wish to submit a CCPA Request to Know or Request to Delete, you may use one of the following methods:
Fill out the “Request to Know or Delete Personal Information” form.
OR
Call us, Toll-Free, at: 877-815-2268
Please be advised that we are only required to respond to your request to know or access twice in any 12-month period.
Verification: Requests to Know or Delete
We need to be reasonably sure that the person making a request to know or delete your PI is you, or a representative that you have authorized to make a request on your behalf. We cannot comply with your request if we cannot verify your identity or your authority to make a request for another person. Accordingly, before we can comply with a request to know or delete, you must provide information such as your full name, mailing address, and the last four digits of your social security number, so that we can to attempt to verify your identity and locate your records, if any.
To the extent possible, we will not ask you for new information to verify your identity, but instead will request information that we can cross-check against existing records. If we are unable to verify your request without new information, we will delete the new information as soon as practical after processing your CCPA request, except as may be required to comply with the CCPA’s record retention requirements.
We will never require you to create an account with us in order to verify your request. We will only use information you provide to us during the verification process to try to verify your identity or your authority to make the request for another person.
Requests to know the specific pieces of information we may hold, and not just a list of the categories of information, require heightened verification procedures, and we will require you to submit a written declaration under penalty of perjury stating that you are the consumer whose PI is the subject of the request. In addition, certain pieces of information, such as a social security number, driver’s license number, government-issued identification number, financial account number, or health insurance or medical identification number, will not be disclosed in response to a CCPA request.
If you wish to authorize someone else to act on your behalf in connection with your CCPA rights, we must receive proof that this person is authorized to do so. Proof can be provided by a consumer verifying his/her own identity directly with us and then providing written authority for a designated person to act on the consumer’s behalf, or through receipt of a power of attorney or other legal documentation of authority, or proof of registration with the California Secretary of State as a designated representative. You may also make a verifiable consumer request on behalf of a minor child, which requires that you submit proof of your status as a parent or legal guardian.
Our Response: Requests to Know or Delete
Within 10 business days of receiving a request to know or delete, we will provide confirmation of your request and an associated reference number. This may be provided by letter, email, or at the conclusion of a web form submission or phone call during which you submit a request.
If you submit a Request to Delete, we may require you to re-confirm your choice to delete the information after verifying your request, but prior to any actual deletion that may be required.
The Company strives to respond within 45 days of receiving a request to know or delete. If we need additional time, or cannot verify your request, we will let you know.
We will respond by U.S. mail or email, at your option. Any information we provide will cover only the 12-month period preceding receipt of your request.
If we cannot respond to or comply with your request to know or delete, or we otherwise deny your request, we will explain our reasoning and decision in our response. We may, for example, deny a request to know or delete if: (1) it cannot be acted upon because the PI that we collected or maintain is solely in our role as a Service Provider, as that term is defined in the CCPA, (2) we cannot verify your identity, (3) we need to retain the information you seek to have deleted in order to complete the transaction for which it was collected, or (4) the information we maintain for you is exempt from the CCPA, such as information collected, processed, sold or disclosed pursuant to the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), or the Fair Credit Reporting Act (FCRA).
We are required to keep a record of any CCPA request you submit for at least 24 months, including any assigned reference number, the request date and nature of the request, the manner in which the request was made, the date and nature of our response, the basis for any full or partial denial, and copies of any signed declarations submitted for verification purposes.
We do not charge a fee to process a request unless it is excessive, repetitive, or manifestly unfounded, and we have informed you in writing of the reasoning behind a charge and its estimated cost. We will provide a cost estimate before completing your request if we determine that a charge is warranted.
NOTICE OF RIGHT TO OPT OUT OF SALE OF PERSONAL INFORMATION
California residents have the right to opt-out of the future sale of their PI by Company to Third Parties, with certain exceptions provided in the CCPA.
Instructions: Requests to Opt-Out
If you are a California resident and wish to opt-out of the future sale of your PI, you may use one of the following methods:
Submit an Opt-Out Form on our Website by Clicking this Link: “Do Not Sell My Personal Information”
Call us, Toll-Free, at: 877-815-2268
Verification: Requests to Opt-Out
A request to opt-out need not be a verifiable consumer request. However, a request needs to include information sufficient to identify the PI that is subject to the request. Any information the Company requires for an opt-out request will be used for that purpose only.
If you wish to authorize someone else to make a request to opt-out on your behalf, you must provide that person written permission signed by you. We may deny a request from your authorized agent if they cannot provide us with a signed authorization from you.
Our Response: Requests to Opt-Out
We comply with requests to opt-out as soon as feasibly possible, but no later than 15 business days from the date we receive a request. If we sell PI subject to a request to opt-out after a request is received, but before we can process and comply with the request, we will notify the third parties that received the PI and direct them not to sell it. We will respond to your request by U.S. mail or email, at your option.
There are certain exceptions to the right to opt-out. For example, a business may need to sell PI to comply with legal obligations or exercise legal claims or rights, or the PI may be exempt from the CCPA, such as information lawfully made available from government records or information collected, processed, sold or disclosed pursuant to the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), or the Fair Credit Reporting Act (FCRA). In addition, if the Company has a good-faith, reasonable, and documented belief that a request to opt-out is fraudulent, we may deny a request to opt-out and will provide an explanation why we believe the request is fraudulent.
CCPA Request Annual Metrics
The following information will be updated on an annual basis, on or before July 1st each year, to disclose Company’s CCPA request metrics for the previous calendar year.
In the calendar year 2022:
- Company received 0 requests to know from California consumers. Of those requests, 0 were denied, in whole or in part.
- Company received 0 requests to delete from California consumers. Of those requests, 0 were denied, in whole or in part.
- Company received 0 requests to opt-out from California consumers. Of those requests, 0 were denied, in whole or in part.
- The mean number of days within which Company substantively responded to requests from California consumers is as follows:
- Requests to know: (N/A, no requests received);
- Requests to delete: (N/A, no requests received); and
- Requests to opt-out: (N/A, no requests received).