PRIVACY POLICY

Legal > Privacy Policy

PRIVACY POLICY

Updated: July 2023

This Privacy Policy outlines how we collect, use and share personal data of people who use or are connected to our services, are interested in TavaHatz or its services, or to whom we wish to market our services. This Privacy Policy also provides you with information on your rights as a data subject and how to reach us if you have any questions.

This Privacy Policy does not apply to the practices of other businesses that TavaHatz does not own or control, including other companies’ websites, services and applications (“Third Party Services”) that you can access through the Services or to individuals that TavaHatz does not manage or employ. We encourage you to review the privacy policies of any Third Party Services you access or use. Please note that we cannot take responsibility for the content or privacy policies of Third Party Services, and any third party policies linked to this Privacy Policy are strictly for informational purposes only.

Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws. If you are a United States resident of California, Virginia, Colorado, Connecticut or certain other U.S. states, please see the sections titled California Privacy Rights, and Virginia/Colorado/Connecticut and certain other U.S. State Privacy Rights for specific disclosures with respect to our collection, use, and disclosure of your information and additional rights you have under applicable U.S. laws.

Contact Information

This Privacy Policy describes the policies and procedures of TavaHatz, LLC., 355 South 500 West Suite 100, Lindon, UT 84042, the United States, for the collection, use, and disclosure of personal data about you for we act as the data controller, or for which we act as joint controllers, in accordance with the European Data Protection Regulation (“GDPR”) and other applicable laws.

If you have any questions or concerns regarding privacy when using the Services of TavaHatz wish to use your rights, such as to object to the processing or have your personal data removed, please send us a detailed message to: privacy@tavahatz.com for all matters. We will make every effort to resolve your concerns. Please also see “Rights of Data Subjects” for more detailed information on your rights as the data subject.

TavaHatz collects personal data about you from the following sources, as described in this Privacy Policy, when you (i) register for the Site and the Services, through your user account with TavaHatz, including registering through a third-party service (your “Account”); (ii) use the Services; or (iii) view or interact with a TavaHatz link, QR Code, or other TavaHatz Product (one of our branded domains) on a third-party website. We collect the following types of information from you, some of which might be considered personal data under applicable law:

When You Register for a TavaHatz Account

When you create an Account, we collect the personal data from you, such as your name, phone number, company name, industry, job title, company size, email address, phone number and sign-in information. If you create an Account using your login information from a third-party account, such as a direct sales company, we will access and collect the personal data about you that the third-party account provides (which is based on your privacy settings with the third-party account), so that you can log into your Account with us.

Some features of the Services allow registered users to provide their own content to the Services, such as written descriptions of URLs, comments, images and video. Unless you request deletion of your personal data as described in this Privacy Policy, all content submitted by you to the Services may be retained by TavaHatz, even after you terminate your Account and may continue to be shared by third parties, as described in this Privacy Policy.

When You Create a TavaHatz Link and QR code (collectively “TavaHatz Products”)

One feature of the Services is the ability to create shortened uniform resource locators (URLs) of websites, QR codes linking to a URL. When you create a shortened link, QR code or other TavaHatz product, TavaHatz collects and stores both the original URL and any shortened URL and, if you are logged in to your Account, we will associate that information with your Account. TavaHatz also collects and stores your IP address, your geolocation data (which we derive from your IP address), the time and date on which you shortened the original URL and/or created the TavaHatz Product.

When You Interact With a TavaHatz Product

TavaHatz automatically collects personal data about the interaction (such as clicks or views) with every TavaHatz Product created through the Services (one of our branded domains) on a third-party website. This information includes, but is not limited to: (i) the IP address and location derived from the IP address; (ii) internet or other electronic network activity information like the referring websites or services; (iii) the time and date of each access; (iv) device settings, such as browser type, operating system, and language; and (v) cookies, as described in our cookie policy, and mobile advertising identifiers. As described in this Privacy Policy, we use this personal data to provide the Services, to understand and analyze how our Services are used and to identify trends, and to detect, deter and prevent malicious, fraudulent or unlawful activity. Please see the “Information We Share” section below for a description of how we may share information we collect when you create, view or interact with TavaHatz Products.

Information We Share

The Services are designed to help you share information with others. The following categories of personal data generated through your use of the Services are shared publicly, within TavaHatz and with the following categories of third parties for the business purposes described below.

TavaHatz Products You Create – Much of your activity on and through the Services is public by default. For example, when you create a TavaHatz Product, the original URLs you have shortened and the corresponding TavaHatz Product are publicly available, including the possibly included personal data.

Account Information – Where permitted by law, if you register a TavaHatz Account with an email address on a domain owned by an organization, (for example, an employer or educational institution where you have an email account), we may share your email address and information about your Account, such as the number of links you have created, with that organization to explore the organization’s interest in creating or managing an enterprise account or for related purposes.

Customer Support – We use various tools for communication and to provide you with customer support. To use customer support, you must provide at least one valid email address. This data processing can include the following data: Name, email address, contract information, job title, employer, customer ID, payment information, communication data. Data is processed to provide the services, offer customer support, communication with interested persons, responding to inquiries and customer relationship management. If the purpose of the contact is to conclude a contract or if you already have an account then we retain your information as needed to verify and provide you access to the services. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, to the extent further storage is not permitted or required by law.

Email or SMS Marketing – For some services, we use email or SMS marketing providers to send transactional emails or messages. When you register for our services, the data you enter during registration is transferred to our email or SMS marketing providers. This enables us to send you relevant emails, text messages, e.g. to confirm your registration or unsubscribe from our services. Further personal data may be stored and evaluated as a result, especially the user’s activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and operating system). For this purpose, your data will also be stored by our email or SMS marketing providers. Your data will not be passed on to third parties for the purpose of sending mails within the scope of using our services, nor will the vendor obtain the right to pass on your data.

Information You Elect to Share – When creating a TavaHatz Product, you can share that TavaHatz Product through Third Party Services. Any information that you elect to distribute through Third Party Services, such as a social network post you create, may then become accessible to users of those services. You can also access other Third Party Services through the Services, for example by clicking on links in the Statistics page for a TavaHatz Product. We recommend that you review the terms of service and privacy policies of such Third Party Services that you access through the Services since TavaHatz does not control and is not responsible for the privacy practices of these Third Party Services.

Information Shared with Service Providers – We may employ and contract with third parties to perform certain tasks on our behalf and under our direction (our “Service Providers”). We may need to share information about you with our Service Providers in order to fulfill certain business purposes, like providing our product with research and analytics on user behavior and providing advertising products and services to users, processing payments, and providing email marketing and support services. Our agreements with these Service Providers authorize them to use your information only as necessary to provide services to us. Transfers to subsequent third parties are covered by our agreements with our service providers.

Payment Processing – For the transmission and verification of purchases, the data processed include bank account details, billing/shipping address, card expiration date, customer name, CVC code, date/time/amount of transaction, device ID, email address, IP address/location, customer ID, payment card details, tax ID/status, unique customer identifier. We share your data in these cases to allow the payment processing services necessary to process the payments for your account.

Single Sign On – For some services, we allow users to elect to use single sign on services such as Google OAuth. Single Sign on Services allow users to log in to other online presences with their profile without having to create separate accounts.

Tax and Legal – Your personal data may be transferred to third parties for tax and legal reasons. Possible recipients are professionals (e.g. lawyers, tax consultants and auditors). In addition, data may be transferred to authorities (e.g. tax authorities) for tax and legal reasons. Such data transfer only takes place to recipients who are legally bound to secrecy.

The data may include the email address, IP address of the user’s device, date and time of registration, login information, address, contract information, payment information.

We have a legitimate interest in sharing personal data with professional consultants and auditors for the purpose of appropriate tax and legal consultation, and in some cases we are legally required to share this data.

Trust & Safety Compliance – We may share certain TavaHatz links, QR Codes, Link in Bio and/or related URLs, and the data collected when you create or interact with a TavaHatz Product to help detect, deter and prevent malicious, fraudulent or unlawful activity.

With Your Consent – We will share information about you when you direct or otherwise instruct us to do so, such as when you share shortened links or QR Codes or content with others through the Services, if you intentionally use or direct us or the Services to interact with third parties, or if we notify you that the information you provide will be shared in a particular manner and you provide such information (like sharing/posting it with a third-party Service).

The legal basis for processing of customer data for the Services and related communications is that the processing is necessary for performance of the requested service and management of the customer relationship subject to TavaHatz Terms of Service. The legal basis for other communications with the customer, such as marketing, is our legitimate interests to promote sales and increase awareness of TavaHatz Services, and communicate with our interest groups. Where such communications require consent, for example if we wish to market via email our Services to a new customer who is a natural person in the EU, the legal basis is your consent. The legal basis for improving, monitoring and analyzing the Services, and to prevent malicious, fraudulent or unlawful activity is our legitimate interests to ensure security and lawfulness of our Services, including protecting data of our customers and users, and preventing unauthorized or wrongful use.

This personal data is used to authenticate users to allow access to TavaHatz’s Services, to identify users to provide customer support, and store events and log information about your use of the Services for purposes of audit in case of a security or other incident to have a trail of actions performed by us and our users, to maintain support records, to promote sales and increase awareness of TavaHatz’s Services, and for purposes of service and product improvement, and to prevent malicious fraudulent or unlawful activity. The data is removed upon request, except for data (such as user name) stored in application logs and audit trails, which are deleted according to our standard data management cycle. We retain the personal data we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable legal obligations. Aggregated data sets that do not contain personal data are stored for an indefinite period for the purpose of business analysis. The personal data is erased from or anonymized in our systems upon request of the data subject or the customer they represent, or if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the data subject, whichever occurs first.

Contracts, Purchase Order and Invoicing

For any individual that acts as the contact person for our customer, supplier, partner or other entity that we conduct or wish to conduct business with, we process the following information:

  • Basic information (such as name, title, company name, work location and contact information)
  • Business connections
  • Communications

The individual acting as the contact person in a primary source of information, but the personal data may also be collected from your employees, your colleagues, and our (other) customers, suppliers and partners. The personal data is used to discuss business, pursue business opportunities, send notifications related to our services and otherwise communicate with you, contracting, invoicing and making payments. The processing is based on our legitimate interests to comply with contractual obligations, or the terms of agreements we have (or have had), maintaining relationships, and operating our business. In addition, the invoicing related personal data will be used in accounting and reporting, which processing shall be based on our obligations under the law.

Website and Contact Requests

TavaHatz, LLC process personal data gathered when you use or access their respective websites, including any and all subdomains of the sites (each “Site”, as applicable), respectively.

Each time Site is accessed, our system automatically collects data and relevant information from the computer system of the calling device.

The following data is collected:

  • Browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The IP address of the user
  • Date and time of access
  • Web pages from which the user’s system accessed our website
  • Web pages accessed by the user’s system through our website

This data is stored in the log files of our system. This data is not stored together with other personal data of the user. The temporary storage of the IP address by the system is necessary for the delivery of the website to the computer of the user. For this purpose, the user’s IP address must be kept for the duration of the session. The storage in log files is done to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our IT systems. An analysis of this data for marketing purposes does not take place. The legal basis for the temporary storage and other processing described above of data and logfiles is our legitimate interest to maintain functionality and ensure security of our website.

If you subscribe to our newsletter, request materials available from the website, send us a contact request, interact with our chat bot or otherwise contact us, we will likely add you to our list of commercial contacts. Please see the section “Newsletter, Events and Marketing” of this Privacy Policy to learn more about personal data processing in that regard. Please note that our services and resources are designed for business customers only (and should not even be interesting to consumers), and thus we presume that everyone contacting us and interested in our services represent a business, not a private individual. Personal data derived from our websites and contact requests are deleted upon request of the contact, if the data is identified as out of date, or if the contact is no longer deemed a suitable candidate for our services.

TavaHatz may use third-party APIs and software development kits (“SDKs”) to provide certain functions in our Services. We use cookies and similar technologies for the following purposes: Technically necessary; Comfort; Statistics; Marketing. When we use cookies and/ or similar techniques for processing personal data, the types of personal data processed may vary, depending on the categories of cookies or similar techniques. Non-essential cookies are used only with your consent. You have the option of preventing cookies from being used.

Rights Under the GDP

If you are a resident of the EEA or Switzerland, or otherwise subject to the GDPR, and we process your personal data, you have the right to ask for the following rights:

  • In all cases a right to be informed about processing by TavaHatz that pertains to personal data based on which you may be identified, and access to a copy of such personal data (Art. 15 GDPR).
  • If the personal data that is being processed is incorrect or inaccurate, you are entitled to demand for the data to be corrected (Art. 16 GDPR).
  • Subject to the conditions set in the GDPR, you may demand for the deletion or limitation of the processing and have the right to object to the processing altogether (Art. 17, 18, and 21 GDPR).
  • If the processing is based on your consent or a contract and the processing of data is carried out using automated procedures, you may be entitled to data transferability (Article 20 GDPR).
  • If you have consented to the processing of your data by the data controller, you may revoke your consent at any time. The legality of the data processing carried out on the basis of the consent that was obtained prior to the revocation will not be affected.

Furthermore, you have a right to appeal to the competent supervisory authority (Art. 77 GDPR) if you deem the personal data processing by us to violate the GDPR or other applicable data protection laws.

Landesbeauftragte für Datenschutz und Informationsfreiheit

Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de

Contact details of authorities in other EU Member States can be found from the directory maintained by the European Data Protection Board.

Contact Details for questions and Exercising your rights

If you have any questions or concerns regarding privacy when using the Services or wish to use your rights, such as object the processing or have your personal data removed, please send us a detailed message to: privacy@tavahatz.com. In addition to email you may exercise any of your rights by sending a request to us, our contact details are provided in “Contact Information” above.

We will make every effort to resolve your concerns. Once we receive your request, we will ask that you verify your identity such as by authenticating through your account. Please note that if you do not have a TavaHatz account, TavaHatz has no way of identifying you or verifying that you created or clicked on a TavaHatz Product, or otherwise interacted with our Services.

You may be entitled, in accordance with applicable law, to submit a request through an authorized agent. To designate an authorized agent to exercise your rights and choices on your behalf, please provide a written attestation, declaration, or permission that has either been physically signed or provided electronically per applicable law. In certain circumstances, we may be required by law to retain your personal data.

Tools available to exercise your rights

If you have a TavaHatz Account, you may access, correct, or request deletion of your personal data by logging into your Account. For TavaHatz Link and QR Code services, once logged in to your account, you will be able to view a history of the URLs you have shortened and the metrics pages for those URLs. You can request a complete copy of the personal data we store about your account by clicking the button to request a report in your Account Settings. You can delete your Account at any time through your Account settings page. If you delete your Account, you will no longer be able to access or use the Services. If you have an Account but are unable to access it, you can contact us at privacy@tavahatz.com. We will respond to your request within a reasonable timeframe.

As a TavaHatz Europe QR Code Services user you have the possibility to cancel the registration at any time by using the tools in the Service or via an email to customer support or privacy@tavahatz.com. You can object to the storage of your personal data at any time. In this case, all personal data stored will be deleted to the extent permitted by law or no opposing legitimate interest prevails. To do so, please send an email to privacy@tavahatz.com.

Please note that in the interest of ensuring that existing TavaHatz Products continue to function for all of our users, the TavaHatz Products that you have created and shared cannot be deleted or disabled (even if your Account is deleted), and any shortening and sharing activity that has already occurred on your Account also cannot be deleted. If you have concerns about any unauthorized use of your Account, you can delete your account within your Account settings.

International transfers of personal data

Depending on your location, information about you may be transferred to the United States or other countries outside the EU or European Economic Area (EEA) or may be processed there. These data transfers are necessary to provide you with the Services and functionalities you have requested as outlined in this policy.

To protect your personal data, we rely on appropriate legal basis for each data transfer. In particular, we use contractual safeguards such as Standard Contractual Clauses approved by the European Commission. Where applicable, we base data transfers also on adequacy decisions issued by the European Commission.

Please feel free to contact us for further information about international data transfers, including to obtain access to a copy of applicable safeguards.

California Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020, provides you with specific rights regarding your “personal information,” as that term is defined under the CCPA. This section describes the rights that California consumers have and explains how to exercise those rights. For the purposes of this section, personal information does not include: (i) information that is lawfully made available from federal, state or local government records; (ii) de-identified or aggregated data; or (iii) information excluded from the scope of the CCPA. To be clear, these rights are granted only to the extent that you are a California consumer and we are acting as a “business” under the CCPA with respect to your personal information. The rights in this section are not intended to grant you additional rights, but only your rights under the CCPA.

Information We Collect; How We Collect It; How We Use It

We have collected the following categories of personal information from consumers from the sources described in the Privacy Policy above, specifically the categories of sources identified in the subsection titled “TavaHatz Connections Platform Services” (under the section “TavaHatz Group Services”), and have shared such personal information with the following categories of third parties within the last twelve (12) months:

Category

Examples

Business or Commercial Purposes for Collecting Personal Information

Disclosed in the Prior Twelve (12) Months for the Following Business Purposes

“Sold” or “Shared” in the Prior Twelve (12) Months for the Following Purposes

Categories of Third Parties With Whom We Disclose, Sell, or Share Personal Information

A. Personal identifiers.

A real name, postal address, online identifier, Internet Protocol address, email address, account name.

To register your TavaHatz account or create a TavaHatz link

To communicate with you

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

For the security and integrity of our services, to verify or maintain the quality or safety of services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

B. Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Some personal information included in this category may overlap with other categories.

A name, physical characteristics or description, address, telephone number, credit card number, debit card number, or any other financial information, medical information.

To register your TavaHatz account

To communicate with you

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

C. Protected classification characteristics under California or federal law.

Age and gender.

Marketing and advertising

None

Service providers who perform business services for us

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

To register your TavaHatz account or create a TavaHatz link

When you interact with a TavaHatz link, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

G. Location data.

Physical location.

To create a TavaHatz link

When you interact with a TavaHatz link, to detect, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

H. Inferences drawn from other personal information for profiling purposes.

Used to create a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

When you interact with a TavaHatz link, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

We do not use or disclose sensitive personal information, as that term is defined under the CCPA. The categories of personal information described above are anonymized or erased from our systems upon request, if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the relevant individual, whichever occurs first.

Selling or Sharing of Personal Information

TavaHatz does not “sell” or “share” your personal information to third parties, as those terms are used in the CCPA.

Rights to Your Information

a. Right to Know

As a California consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale/sharing of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • The categories of personal information we collected about you.
  • The categories of sources from which the personal information is collected.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (see Data Portability Rights below).

b. Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. However, we may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to perform certain actions set forth under the CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.

c. Right to Data Portability

You have the right to request a copy of the personal information we have collected and maintained about you in the past 12 months. The CCPA allows you to request your information from us up to twice during a 12-month period. We will provide our response in a readily usable (and usually electronic) format.

d. Right to Correct

You have the right to request the correction of any personal information we maintain about you.

e. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

f. Exercising Your Rights

To exercise the rights described above, please contact us by using the following methods:

After submitting a request, we will take steps to verify your identity in order for us to properly respond and confirm that it is not a fraudulent request. In order to verify your identity, we will ask, at a minimum, that you provide your name, email address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. Depending on the request, if we are unable to verify that the consumer submitting the request is the same individual about whom we have collected personal information, we may contact you for more information, or we may not be able to meet your request.

Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your personal information. If you are making a request as the authorized agent of a California consumer, we will ask you to submit reliable proof that you have been authorized in writing by the consumer to act on such consumer’s behalf.

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the CCPA allows us up to 90 days to respond. We will still contact you within 45 days from when you contacted us to let you know we need more time to respond.

California “Shine the Light”

In addition to the above rights, under California Civil Code Section 1798.83 (“Shine the Light”), California residents may have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us by email at privacy@tavahatz.com. If you do not want your personal information shared with any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to us at privacy@tavahatz.com.

Contacting Us

If you have questions or concerns about this privacy policy, your California privacy rights, or our information practices, please email us at privacy@tavahatz.com.

Virginia/Colorado/Connecticut and Certain other U.S. State Privacy Rights

The Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the Connecticut Data Privacy Act and similar laws in other U.S. states (“State Privacy Laws”) provide their consumers with specific rights regarding their personal data. To the extent that you are a resident of one of these states, this section describes your rights under the State Privacy Laws and explains how you may exercise these rights.

The categories of personal data we process, our purposes for processing your personal data, the categories of personal data that we share with third parties, and the categories of third parties with whom we share it are set forth in the terms of the Privacy Policy above.

Rights to Your Information

In addition to the rights set forth in our Privacy Policy, the State Privacy Laws provide you with the following rights:

  • Right to know. You have the right to know whether we process your personal data and to access such personal data.
  • Right to data portability. You have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means. You may request such personal data up to twice annually, subject to certain exceptions.
  • Right to delete. You have the right to delete personal data that you have provided by or that we have obtained about you. Please note that we may deny such a request if the requested deletion falls under an exception as set forth in the State Privacy Laws. Additionally, if you request deletion of your personal data and we have obtained such information from a third-party source, we may retain such data by keeping a record of the deletion request and the minimum data necessary to ensure that your personal data remains deleted from our records and that such retained data is not used for any other purpose, or we may opt you out of the processing of such personal data for any purpose except for those allowed under the State Privacy Laws.
  • Right to opt out. You have the right to opt out of the processing of the personal data for purposes of: (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. As of the latest date of the Privacy Policy:
    • We do not process personal data for the purposes of targeted advertising;
    • We do not sell your personal data; and
    • We do not engage in profiling decisions based on your personal data that produce legal or similarly significant effects concerning you.
  • Right to correct. You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes for which we process it.
  • Right to nondiscrimination. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. Unless permitted by the State Privacy Laws, we will not:
    • Deny you goods or services;
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
    • Provide you a different level or quality of goods or services; or
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How to Exercise Your Rights; Verifying Your Identity

To exercise any of your privacy rights, or if you have any questions about your privacy rights, you may contact us by:

After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that your request is not fraudulent. We may contact you for additional information as reasonably necessary to authenticate your request, but if we are ultimately unable to authenticate your request using reasonable commercial efforts, then we may not be able to comply with it.

Only you or your authorized agent may make a verifiable request related to your personal data. If you are making a request as the parent or legal guardian of a known child regarding the processing of that child’s personal data, we may ask you to submit reliable proof of your identity.

Response Time; Your Right to Appeal

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the State Privacy laws allow us up to 90 days to respond. We will contact you within 45 days from when you contacted us to inform you of the need for additional time and the reason for such extension. We may charge you a reasonable fee to cover administrative costs if your requests are manifestly unfounded, excessive, or repetitive.

If we decline to take action on a request that you have submitted, we will inform you of our reasons for doing so, and provide instructions for how to appeal the decision. You will have the right to appeal within a reasonable period of time after you have received our decision. Within 60 days (45 days for residents of Colorado) of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general’s office to submit a complaint.

Nevada Privacy Rights

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal data that we have collected (or may collect) from you to data brokers or other third parties. You can exercise this right by emailing us at privacy@tavahatz.com with the subject line “Nevada Do Not Sell Request.”

Children’s Privacy

We do not knowingly collect personal data from children. If we learn that we have collected personal data of a child under 13 (or older as required by applicable law), we will take steps to delete such information from our systems as soon as possible. If you believe we might have any personal data from or about a child under 13, please contact us at privacy@tavahatz.com.

Changes to our Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time. If we make material changes in the way we collect or use information, we will provide notice by posting an announcement on the Services or sending you an email, and we will indicate when those changes will become effective. You are agreeing to any changes to the Privacy Policy when you use the Services after those changes become effective.

PRIVACY POLICY

Updated: July 2023

This Privacy Policy outlines how we collect, use and share personal data of people who use or are connected to our services, are interested in TavaHatz or its services, or to whom we wish to market our services. This Privacy Policy also provides you with information on your rights as a data subject and how to reach us if you have any questions.

This Privacy Policy does not apply to the practices of other businesses that TavaHatz does not own or control, including other companies’ websites, services and applications (“Third Party Services”) that you can access through the Services or to individuals that TavaHatz does not manage or employ. We encourage you to review the privacy policies of any Third Party Services you access or use. Please note that we cannot take responsibility for the content or privacy policies of Third Party Services, and any third party policies linked to this Privacy Policy are strictly for informational purposes only.

Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws. If you are a United States resident of California, Virginia, Colorado, Connecticut or certain other U.S. states, please see the sections titled California Privacy Rights, and Virginia/Colorado/Connecticut and certain other U.S. State Privacy Rights for specific disclosures with respect to our collection, use, and disclosure of your information and additional rights you have under applicable U.S. laws.

Contact Information

This Privacy Policy describes the policies and procedures of TavaHatz, LLC., 355 South 500 West Suite 100, Lindon, UT 84042, the United States, for the collection, use, and disclosure of personal data about you for we act as the data controller, or for which we act as joint controllers, in accordance with the European Data Protection Regulation (“GDPR”) and other applicable laws.

If you have any questions or concerns regarding privacy when using the Services of TavaHatz wish to use your rights, such as to object to the processing or have your personal data removed, please send us a detailed message to: privacy@tavahatz.com for all matters. We will make every effort to resolve your concerns. Please also see “Rights of Data Subjects” for more detailed information on your rights as the data subject.

TavaHatz collects personal data about you from the following sources, as described in this Privacy Policy, when you (i) register for the Site and the Services, through your user account with TavaHatz, including registering through a third-party service (your “Account”); (ii) use the Services; or (iii) view or interact with a TavaHatz link, QR Code, or other TavaHatz Product (one of our branded domains) on a third-party website. We collect the following types of information from you, some of which might be considered personal data under applicable law:

When You Register for a TavaHatz Account

When you create an Account, we collect the personal data from you, such as your name, phone number, company name, industry, job title, company size, email address, phone number and sign-in information. If you create an Account using your login information from a third-party account, such as a direct sales company, we will access and collect the personal data about you that the third-party account provides (which is based on your privacy settings with the third-party account), so that you can log into your Account with us.

Some features of the Services allow registered users to provide their own content to the Services, such as written descriptions of URLs, comments, images and video. Unless you request deletion of your personal data as described in this Privacy Policy, all content submitted by you to the Services may be retained by TavaHatz, even after you terminate your Account and may continue to be shared by third parties, as described in this Privacy Policy.

When You Create a TavaHatz Link and QR code (collectively “TavaHatz Products”)

One feature of the Services is the ability to create shortened uniform resource locators (URLs) of websites, QR codes linking to a URL. When you create a shortened link, QR code or other TavaHatz product, TavaHatz collects and stores both the original URL and any shortened URL and, if you are logged in to your Account, we will associate that information with your Account. TavaHatz also collects and stores your IP address, your geolocation data (which we derive from your IP address), the time and date on which you shortened the original URL and/or created the TavaHatz Product.

When You Interact With a TavaHatz Product

TavaHatz automatically collects personal data about the interaction (such as clicks or views) with every TavaHatz Product created through the Services (one of our branded domains) on a third-party website. This information includes, but is not limited to: (i) the IP address and location derived from the IP address; (ii) internet or other electronic network activity information like the referring websites or services; (iii) the time and date of each access; (iv) device settings, such as browser type, operating system, and language; and (v) cookies, as described in our cookie policy, and mobile advertising identifiers. As described in this Privacy Policy, we use this personal data to provide the Services, to understand and analyze how our Services are used and to identify trends, and to detect, deter and prevent malicious, fraudulent or unlawful activity. Please see the “Information We Share” section below for a description of how we may share information we collect when you create, view or interact with TavaHatz Products.

Information We Share

The Services are designed to help you share information with others. The following categories of personal data generated through your use of the Services are shared publicly, within TavaHatz and with the following categories of third parties for the business purposes described below.

TavaHatz Products You Create – Much of your activity on and through the Services is public by default. For example, when you create a TavaHatz Product, the original URLs you have shortened and the corresponding TavaHatz Product are publicly available, including the possibly included personal data.

Account Information – Where permitted by law, if you register a TavaHatz Account with an email address on a domain owned by an organization, (for example, an employer or educational institution where you have an email account), we may share your email address and information about your Account, such as the number of links you have created, with that organization to explore the organization’s interest in creating or managing an enterprise account or for related purposes.

Customer Support – We use various tools for communication and to provide you with customer support. To use customer support, you must provide at least one valid email address. This data processing can include the following data: Name, email address, contract information, job title, employer, customer ID, payment information, communication data. Data is processed to provide the services, offer customer support, communication with interested persons, responding to inquiries and customer relationship management. If the purpose of the contact is to conclude a contract or if you already have an account then we retain your information as needed to verify and provide you access to the services. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, to the extent further storage is not permitted or required by law.

Email or SMS Marketing – For some services, we use email or SMS marketing providers to send transactional emails or messages. When you register for our services, the data you enter during registration is transferred to our email or SMS marketing providers. This enables us to send you relevant emails, text messages, e.g. to confirm your registration or unsubscribe from our services. Further personal data may be stored and evaluated as a result, especially the user’s activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and operating system). For this purpose, your data will also be stored by our email or SMS marketing providers. Your data will not be passed on to third parties for the purpose of sending mails within the scope of using our services, nor will the vendor obtain the right to pass on your data.

Information You Elect to Share – When creating a TavaHatz Product, you can share that TavaHatz Product through Third Party Services. Any information that you elect to distribute through Third Party Services, such as a social network post you create, may then become accessible to users of those services. You can also access other Third Party Services through the Services, for example by clicking on links in the Statistics page for a TavaHatz Product. We recommend that you review the terms of service and privacy policies of such Third Party Services that you access through the Services since TavaHatz does not control and is not responsible for the privacy practices of these Third Party Services.

Information Shared with Service Providers – We may employ and contract with third parties to perform certain tasks on our behalf and under our direction (our “Service Providers”). We may need to share information about you with our Service Providers in order to fulfill certain business purposes, like providing our product with research and analytics on user behavior and providing advertising products and services to users, processing payments, and providing email marketing and support services. Our agreements with these Service Providers authorize them to use your information only as necessary to provide services to us. Transfers to subsequent third parties are covered by our agreements with our service providers.

Payment Processing – For the transmission and verification of purchases, the data processed include bank account details, billing/shipping address, card expiration date, customer name, CVC code, date/time/amount of transaction, device ID, email address, IP address/location, customer ID, payment card details, tax ID/status, unique customer identifier. We share your data in these cases to allow the payment processing services necessary to process the payments for your account.

Single Sign On – For some services, we allow users to elect to use single sign on services such as Google OAuth. Single Sign on Services allow users to log in to other online presences with their profile without having to create separate accounts.

Tax and Legal – Your personal data may be transferred to third parties for tax and legal reasons. Possible recipients are professionals (e.g. lawyers, tax consultants and auditors). In addition, data may be transferred to authorities (e.g. tax authorities) for tax and legal reasons. Such data transfer only takes place to recipients who are legally bound to secrecy.

The data may include the email address, IP address of the user’s device, date and time of registration, login information, address, contract information, payment information.

We have a legitimate interest in sharing personal data with professional consultants and auditors for the purpose of appropriate tax and legal consultation, and in some cases we are legally required to share this data.

Trust & Safety Compliance – We may share certain TavaHatz links, QR Codes, Link in Bio and/or related URLs, and the data collected when you create or interact with a TavaHatz Product to help detect, deter and prevent malicious, fraudulent or unlawful activity.

With Your Consent – We will share information about you when you direct or otherwise instruct us to do so, such as when you share shortened links or QR Codes or content with others through the Services, if you intentionally use or direct us or the Services to interact with third parties, or if we notify you that the information you provide will be shared in a particular manner and you provide such information (like sharing/posting it with a third-party Service).

The legal basis for processing of customer data for the Services and related communications is that the processing is necessary for performance of the requested service and management of the customer relationship subject to TavaHatz Terms of Service. The legal basis for other communications with the customer, such as marketing, is our legitimate interests to promote sales and increase awareness of TavaHatz Services, and communicate with our interest groups. Where such communications require consent, for example if we wish to market via email our Services to a new customer who is a natural person in the EU, the legal basis is your consent. The legal basis for improving, monitoring and analyzing the Services, and to prevent malicious, fraudulent or unlawful activity is our legitimate interests to ensure security and lawfulness of our Services, including protecting data of our customers and users, and preventing unauthorized or wrongful use.

This personal data is used to authenticate users to allow access to TavaHatz’s Services, to identify users to provide customer support, and store events and log information about your use of the Services for purposes of audit in case of a security or other incident to have a trail of actions performed by us and our users, to maintain support records, to promote sales and increase awareness of TavaHatz’s Services, and for purposes of service and product improvement, and to prevent malicious fraudulent or unlawful activity. The data is removed upon request, except for data (such as user name) stored in application logs and audit trails, which are deleted according to our standard data management cycle. We retain the personal data we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable legal obligations. Aggregated data sets that do not contain personal data are stored for an indefinite period for the purpose of business analysis. The personal data is erased from or anonymized in our systems upon request of the data subject or the customer they represent, or if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the data subject, whichever occurs first.

Contracts, Purchase Order and Invoicing

For any individual that acts as the contact person for our customer, supplier, partner or other entity that we conduct or wish to conduct business with, we process the following information:

  • Basic information (such as name, title, company name, work location and contact information)
  • Business connections
  • Communications

The individual acting as the contact person in a primary source of information, but the personal data may also be collected from your employees, your colleagues, and our (other) customers, suppliers and partners. The personal data is used to discuss business, pursue business opportunities, send notifications related to our services and otherwise communicate with you, contracting, invoicing and making payments. The processing is based on our legitimate interests to comply with contractual obligations, or the terms of agreements we have (or have had), maintaining relationships, and operating our business. In addition, the invoicing related personal data will be used in accounting and reporting, which processing shall be based on our obligations under the law.

Website and Contact Requests

TavaHatz, LLC process personal data gathered when you use or access their respective websites, including any and all subdomains of the sites (each “Site”, as applicable), respectively.

Each time Site is accessed, our system automatically collects data and relevant information from the computer system of the calling device.

The following data is collected:

  • Browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The IP address of the user
  • Date and time of access
  • Web pages from which the user’s system accessed our website
  • Web pages accessed by the user’s system through our website

This data is stored in the log files of our system. This data is not stored together with other personal data of the user. The temporary storage of the IP address by the system is necessary for the delivery of the website to the computer of the user. For this purpose, the user’s IP address must be kept for the duration of the session. The storage in log files is done to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our IT systems. An analysis of this data for marketing purposes does not take place. The legal basis for the temporary storage and other processing described above of data and logfiles is our legitimate interest to maintain functionality and ensure security of our website.

If you subscribe to our newsletter, request materials available from the website, send us a contact request, interact with our chat bot or otherwise contact us, we will likely add you to our list of commercial contacts. Please see the section “Newsletter, Events and Marketing” of this Privacy Policy to learn more about personal data processing in that regard. Please note that our services and resources are designed for business customers only (and should not even be interesting to consumers), and thus we presume that everyone contacting us and interested in our services represent a business, not a private individual. Personal data derived from our websites and contact requests are deleted upon request of the contact, if the data is identified as out of date, or if the contact is no longer deemed a suitable candidate for our services.

TavaHatz may use third-party APIs and software development kits (“SDKs”) to provide certain functions in our Services. We use cookies and similar technologies for the following purposes: Technically necessary; Comfort; Statistics; Marketing. When we use cookies and/ or similar techniques for processing personal data, the types of personal data processed may vary, depending on the categories of cookies or similar techniques. Non-essential cookies are used only with your consent. You have the option of preventing cookies from being used.

Rights Under the GDP

If you are a resident of the EEA or Switzerland, or otherwise subject to the GDPR, and we process your personal data, you have the right to ask for the following rights:

  • In all cases a right to be informed about processing by TavaHatz that pertains to personal data based on which you may be identified, and access to a copy of such personal data (Art. 15 GDPR).
  • If the personal data that is being processed is incorrect or inaccurate, you are entitled to demand for the data to be corrected (Art. 16 GDPR).
  • Subject to the conditions set in the GDPR, you may demand for the deletion or limitation of the processing and have the right to object to the processing altogether (Art. 17, 18, and 21 GDPR).
  • If the processing is based on your consent or a contract and the processing of data is carried out using automated procedures, you may be entitled to data transferability (Article 20 GDPR).
  • If you have consented to the processing of your data by the data controller, you may revoke your consent at any time. The legality of the data processing carried out on the basis of the consent that was obtained prior to the revocation will not be affected.

Furthermore, you have a right to appeal to the competent supervisory authority (Art. 77 GDPR) if you deem the personal data processing by us to violate the GDPR or other applicable data protection laws.

Landesbeauftragte für Datenschutz und Informationsfreiheit

Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de

Contact details of authorities in other EU Member States can be found from the directory maintained by the European Data Protection Board.

Contact Details for questions and Exercising your rights

If you have any questions or concerns regarding privacy when using the Services or wish to use your rights, such as object the processing or have your personal data removed, please send us a detailed message to: privacy@tavahatz.com. In addition to email you may exercise any of your rights by sending a request to us, our contact details are provided in “Contact Information” above.

We will make every effort to resolve your concerns. Once we receive your request, we will ask that you verify your identity such as by authenticating through your account. Please note that if you do not have a TavaHatz account, TavaHatz has no way of identifying you or verifying that you created or clicked on a TavaHatz Product, or otherwise interacted with our Services.

You may be entitled, in accordance with applicable law, to submit a request through an authorized agent. To designate an authorized agent to exercise your rights and choices on your behalf, please provide a written attestation, declaration, or permission that has either been physically signed or provided electronically per applicable law. In certain circumstances, we may be required by law to retain your personal data.

Tools available to exercise your rights

If you have a TavaHatz Account, you may access, correct, or request deletion of your personal data by logging into your Account. For TavaHatz Link and QR Code services, once logged in to your account, you will be able to view a history of the URLs you have shortened and the metrics pages for those URLs. You can request a complete copy of the personal data we store about your account by clicking the button to request a report in your Account Settings. You can delete your Account at any time through your Account settings page. If you delete your Account, you will no longer be able to access or use the Services. If you have an Account but are unable to access it, you can contact us at privacy@tavahatz.com. We will respond to your request within a reasonable timeframe.

As a TavaHatz Europe QR Code Services user you have the possibility to cancel the registration at any time by using the tools in the Service or via an email to customer support or privacy@tavahatz.com. You can object to the storage of your personal data at any time. In this case, all personal data stored will be deleted to the extent permitted by law or no opposing legitimate interest prevails. To do so, please send an email to privacy@tavahatz.com.

Please note that in the interest of ensuring that existing TavaHatz Products continue to function for all of our users, the TavaHatz Products that you have created and shared cannot be deleted or disabled (even if your Account is deleted), and any shortening and sharing activity that has already occurred on your Account also cannot be deleted. If you have concerns about any unauthorized use of your Account, you can delete your account within your Account settings.

International transfers of personal data

Depending on your location, information about you may be transferred to the United States or other countries outside the EU or European Economic Area (EEA) or may be processed there. These data transfers are necessary to provide you with the Services and functionalities you have requested as outlined in this policy.

To protect your personal data, we rely on appropriate legal basis for each data transfer. In particular, we use contractual safeguards such as Standard Contractual Clauses approved by the European Commission. Where applicable, we base data transfers also on adequacy decisions issued by the European Commission.

Please feel free to contact us for further information about international data transfers, including to obtain access to a copy of applicable safeguards.

California Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020, provides you with specific rights regarding your “personal information,” as that term is defined under the CCPA. This section describes the rights that California consumers have and explains how to exercise those rights. For the purposes of this section, personal information does not include: (i) information that is lawfully made available from federal, state or local government records; (ii) de-identified or aggregated data; or (iii) information excluded from the scope of the CCPA. To be clear, these rights are granted only to the extent that you are a California consumer and we are acting as a “business” under the CCPA with respect to your personal information. The rights in this section are not intended to grant you additional rights, but only your rights under the CCPA.

Information We Collect; How We Collect It; How We Use It

We have collected the following categories of personal information from consumers from the sources described in the Privacy Policy above, specifically the categories of sources identified in the subsection titled “TavaHatz Connections Platform Services” (under the section “TavaHatz Group Services”), and have shared such personal information with the following categories of third parties within the last twelve (12) months:

Category

Examples

Business or Commercial Purposes for Collecting Personal Information

Disclosed in the Prior Twelve (12) Months for the Following Business Purposes

“Sold” or “Shared” in the Prior Twelve (12) Months for the Following Purposes

Categories of Third Parties With Whom We Disclose, Sell, or Share Personal Information

A. Personal identifiers.

A real name, postal address, online identifier, Internet Protocol address, email address, account name.

To register your TavaHatz account or create a TavaHatz link

To communicate with you

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

For the security and integrity of our services, to verify or maintain the quality or safety of services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

B. Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Some personal information included in this category may overlap with other categories.

A name, physical characteristics or description, address, telephone number, credit card number, debit card number, or any other financial information, medical information.

To register your TavaHatz account

To communicate with you

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

C. Protected classification characteristics under California or federal law.

Age and gender.

Marketing and advertising

None

Service providers who perform business services for us

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

To register your TavaHatz account or create a TavaHatz link

When you interact with a TavaHatz link, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

G. Location data.

Physical location.

To create a TavaHatz link

When you interact with a TavaHatz link, to detect, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

H. Inferences drawn from other personal information for profiling purposes.

Used to create a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

When you interact with a TavaHatz link, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

We do not use or disclose sensitive personal information, as that term is defined under the CCPA. The categories of personal information described above are anonymized or erased from our systems upon request, if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the relevant individual, whichever occurs first.

Selling or Sharing of Personal Information

TavaHatz does not “sell” or “share” your personal information to third parties, as those terms are used in the CCPA.

Rights to Your Information

a. Right to Know

As a California consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale/sharing of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • The categories of personal information we collected about you.
  • The categories of sources from which the personal information is collected.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (see Data Portability Rights below).

b. Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. However, we may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to perform certain actions set forth under the CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.

c. Right to Data Portability

You have the right to request a copy of the personal information we have collected and maintained about you in the past 12 months. The CCPA allows you to request your information from us up to twice during a 12-month period. We will provide our response in a readily usable (and usually electronic) format.

d. Right to Correct

You have the right to request the correction of any personal information we maintain about you.

e. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

f. Exercising Your Rights

To exercise the rights described above, please contact us by using the following methods:

After submitting a request, we will take steps to verify your identity in order for us to properly respond and confirm that it is not a fraudulent request. In order to verify your identity, we will ask, at a minimum, that you provide your name, email address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. Depending on the request, if we are unable to verify that the consumer submitting the request is the same individual about whom we have collected personal information, we may contact you for more information, or we may not be able to meet your request.

Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your personal information. If you are making a request as the authorized agent of a California consumer, we will ask you to submit reliable proof that you have been authorized in writing by the consumer to act on such consumer’s behalf.

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the CCPA allows us up to 90 days to respond. We will still contact you within 45 days from when you contacted us to let you know we need more time to respond.

California “Shine the Light”

In addition to the above rights, under California Civil Code Section 1798.83 (“Shine the Light”), California residents may have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us by email at privacy@tavahatz.com. If you do not want your personal information shared with any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to us at privacy@tavahatz.com.

Contacting Us

If you have questions or concerns about this privacy policy, your California privacy rights, or our information practices, please email us at privacy@tavahatz.com.

Virginia/Colorado/Connecticut and Certain other U.S. State Privacy Rights

The Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the Connecticut Data Privacy Act and similar laws in other U.S. states (“State Privacy Laws”) provide their consumers with specific rights regarding their personal data. To the extent that you are a resident of one of these states, this section describes your rights under the State Privacy Laws and explains how you may exercise these rights.

The categories of personal data we process, our purposes for processing your personal data, the categories of personal data that we share with third parties, and the categories of third parties with whom we share it are set forth in the terms of the Privacy Policy above.

Rights to Your Information

In addition to the rights set forth in our Privacy Policy, the State Privacy Laws provide you with the following rights:

  • Right to know. You have the right to know whether we process your personal data and to access such personal data.
  • Right to data portability. You have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means. You may request such personal data up to twice annually, subject to certain exceptions.
  • Right to delete. You have the right to delete personal data that you have provided by or that we have obtained about you. Please note that we may deny such a request if the requested deletion falls under an exception as set forth in the State Privacy Laws. Additionally, if you request deletion of your personal data and we have obtained such information from a third-party source, we may retain such data by keeping a record of the deletion request and the minimum data necessary to ensure that your personal data remains deleted from our records and that such retained data is not used for any other purpose, or we may opt you out of the processing of such personal data for any purpose except for those allowed under the State Privacy Laws.
  • Right to opt out. You have the right to opt out of the processing of the personal data for purposes of: (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. As of the latest date of the Privacy Policy:
    • We do not process personal data for the purposes of targeted advertising;
    • We do not sell your personal data; and
    • We do not engage in profiling decisions based on your personal data that produce legal or similarly significant effects concerning you.
  • Right to correct. You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes for which we process it.
  • Right to nondiscrimination. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. Unless permitted by the State Privacy Laws, we will not:
    • Deny you goods or services;
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
    • Provide you a different level or quality of goods or services; or
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How to Exercise Your Rights; Verifying Your Identity

To exercise any of your privacy rights, or if you have any questions about your privacy rights, you may contact us by:

After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that your request is not fraudulent. We may contact you for additional information as reasonably necessary to authenticate your request, but if we are ultimately unable to authenticate your request using reasonable commercial efforts, then we may not be able to comply with it.

Only you or your authorized agent may make a verifiable request related to your personal data. If you are making a request as the parent or legal guardian of a known child regarding the processing of that child’s personal data, we may ask you to submit reliable proof of your identity.

Response Time; Your Right to Appeal

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the State Privacy laws allow us up to 90 days to respond. We will contact you within 45 days from when you contacted us to inform you of the need for additional time and the reason for such extension. We may charge you a reasonable fee to cover administrative costs if your requests are manifestly unfounded, excessive, or repetitive.

If we decline to take action on a request that you have submitted, we will inform you of our reasons for doing so, and provide instructions for how to appeal the decision. You will have the right to appeal within a reasonable period of time after you have received our decision. Within 60 days (45 days for residents of Colorado) of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general’s office to submit a complaint.

Nevada Privacy Rights

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal data that we have collected (or may collect) from you to data brokers or other third parties. You can exercise this right by emailing us at privacy@tavahatz.com with the subject line “Nevada Do Not Sell Request.”

Children’s Privacy

We do not knowingly collect personal data from children. If we learn that we have collected personal data of a child under 13 (or older as required by applicable law), we will take steps to delete such information from our systems as soon as possible. If you believe we might have any personal data from or about a child under 13, please contact us at privacy@tavahatz.com.

Changes to our Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time. If we make material changes in the way we collect or use information, we will provide notice by posting an announcement on the Services or sending you an email, and we will indicate when those changes will become effective. You are agreeing to any changes to the Privacy Policy when you use the Services after those changes become effective.