Privacy Promise

Privacy Policy

This Privacy Policy governs the privacy practices for Think Small, a Minnesota nonprofit corporation and its affiliated brands, including Redleaf Press and Think Small Institute (“we,” “our,” or “us”). This Privacy Policy applies to information you provide to us when you create your user account, access our Content (defined below), or purchase our Products (defined below) by accessing our website and/or our online platform (collectively our “Platform”). This Privacy Policy specifies:

  • What personal information do we collect about you through our Platform?
  • How is this information used and with whom it may be shared?
  • What choices are available to you regarding the use of your data?
  • What are our security practices to protect the misuse of your information?
  • How can you correct any inaccuracies in the information?

Information We Provide and Collect

We are the owners of the information, educational materials, and other content (collectively “Content”) we provide through our Platform. This Privacy Policy specifies our rights to the information provided by you and/or collected through our Platform. Your information includes the information you provide in setting up your user account when you purchase our books, guides, courses or other materials (collectively our “Products”). We only have access to and/or collect information that you voluntarily provide us via our Platform, any email you send us, your user account, or other direct contact from you. We do not require you to set up a user account to access our website; however, an account is necessary to access our online platform and acquire our Products. For purposes of this Privacy Policy, “Personal Information” includes all personally identifiable information that is specific to you (e.g. name, address, phone number, email address, etc.). Except as specifically noted herein, we do not provide any Personal Information to any unaffiliated third party.


We may collect information about you through your use of our Platform with software application tools and data files (such as cookies and web log files), IP addresses, device state information, unique device identifiers, device hardware and OS information (“Usage Information”). You may be able to control such Usage Information through the control settings on your device or browser; but removing such Usage Information tools may impact the convenience to use or the functionality of the Platform.

We may collect and process information through our Platform about the location of your device using GPS or other location technologies, such as sensor data from your mobile device providing information about nearby Wi-Fi access points and cellular network towers (“Location Information”). We use Location Information solely as necessary to analyze and improve our Platform, Content, and Products.

Use and Disclosure of Your Information

We use your Personal Information as necessary to maintain your user account for the purpose of performing our services, and to provide our Products, Content, and Platform. In addition, we may use Personal Information, Usage Information, or Location Information we collect or you provide to us, in order to:

  • Respond to any questions you ask or to respond to the reason you contacted us. We do not share your Personal Information with any unaffiliated third party, unless necessary to respond to your request.
  • Enhance, improve and develop new services and products and for overall customer support.
  • To process your order and/or deliver the Products you purchase through our Platform.
  • Monitor usage and interaction statistics on our Platform, and/or through responses to our communications.
  • Perform data analytics for our internal business purposes.
  • Allow us to respond quickly and efficiently to your questions and your requests for information.
  • Communicate with you (via email, text, phone or mail) either directly or indirectly through our marketing service provider to send you special offers, or marketing information related to our products and services.
  • Communicate with you to request feedback or to notify you of changes to our terms, conditions and Privacy Policy.
  • Track use of our Platform, investigate suspicious activity, and enforce our terms and policies, to measure and improve the operation and security of our Platform, and your Personal Information.
  • Assess and improve our Products and Content.
  • Allow us to disclose your information to the extent permitted or required by law.

    • We use the Usage Information to perform data analytics, analyze and evaluate the features and functionality of our Platform, Content, and Products. We may also use Usage Information to process automatic crash reporting which collects reports of crashes, other technical issues, and information relating to how our Platform is functioning.

    We may use Location Information to customize Products, Content or information specific to your region. You have the ability to control access to Location Information through the control settings on your device.

    This information may also be provided to our Third-Party Providers (as defined below) as necessary to provide our Platform, Content, and Products, and related functionality and offer other services and products. Our “Third Party Providers” may include, in addition to any of our data sources, software development, application and data hosting, wireless network services providers, payment processors, and any digital analytics or marketing services. We are responsible for assuring that these Third-Party Providers comply with the terms of this Privacy Policy.

    Except for our Third-Party Providers, we will not share Personal Information, Usage Information, or Location Information with an unaffiliated third party without your prior authorization, unless doing so is necessary (1) to enforce this Privacy Policy, to comply with law, regulation or other legal processes or to protect the rights, property or safety of us or others, (2) to comply with a valid order or process from a public authority, (3) to protect against misuse or unauthorized use of our Platform or your user account, (4) to detect or prevent criminal activity or fraud, or (5) in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, in which case such information may be one of the transferred assets.

    Your Rights

    Depending on where you live, you may have certain legal rights under applicable law. For example, you may have the following rights:

  • Right to Access – means you can ask us for a copy of any Personal Information we have about you, if any.
  • Right to Correct – means you may ask us to change and/or correct any Personal Information we have about you.
  • Right to Delete – means you may ask us to delete any Personal Information we have about you and we will be happy to do so unless we are required to retain such information by law or regulation or we have a right to retain subject to a user agreement for our internal business purposes.
  • Right to Transfer – means you may request a copy of your Personal Information, in a commonly used and machine-readable format, be provided to you or to a third party you specify.
  • Right to Limit – means you have the right at any time to unsubscribe to any marketing communication from us and we will promptly honor such request.


    • We may update our Privacy Policy from time to time. We encourage you to review our Privacy Policy frequently to stay informed regarding how we collect, use, share and process Personal Information. You may contact us (see the Contact Us section below) at any time about any of these rights or any concern or question you have about our use of your Personal Information. See also the specific laws addendum.

    Security

    We take precautions to protect your Personal Information, including reasonable physical, administrative, and technical safeguards. When you submit Personal Information via our Platform, your Personal Information is transmitted using secure sockets layer (SSL) encryption technology. We restrict access to your Personal Information to our authorized personnel and/or Third-Party Providers as appropriate and necessary to provide our Platform, Content, Products and/or maintain your user account.

    We keep your Personal Information if it is necessary to process your requests, operate our business, and provide our Platform, Content, and Products, or as long as we are legally required to do so. For as long as we have your Personal Information, we will continue to protect the privacy and security of such Personal Information consistent with this Privacy Policy. However, no website, database or system is completely secure or “hacker proof.” You are also responsible for taking reasonable steps to protect your Personal Information against unauthorized disclosure or misuse. You are also responsible for protecting the security of your user account credentials and for any use of your user account.

    Children's Online Privacy Protection Act

    In compliance with the Children’s Online Privacy Protection Act, 15 U.S.C. § 6501.06 and 16 C.F.R. §§ 312.1 – 312.12, we do not knowingly collect information from children under the age of 13, nor does our Platform or our Content or Products target children under the age of 13. By using our Platform, Content, Products, and/or creating any user account, you represent that you are not younger than 13. Please contact us as noted below if you know or suspect that we have collected information from children under the age of 13 and we will take prompt measures to remove such information.

    Contact Us

    If you have any questions, comments, or concerns about this Privacy Policy, please contact us via email at privacy@thinksmallinstitute.org. All emails should include your first name, last name, email address, and the nature of your request.

    Copyright © 2021-2024 by Think Small. All rights reserved.

    Specific Laws Addendum

    The following additional terms may apply to you depending on where you reside in the United States. To the extent of any inconsistency, these terms take precedence over the terms in our Privacy Policy in relation to personal information that is collected and/or held in the United States.

    Please use the contact information in the Privacy Policy if you wish to access or correct any of your personal information that we hold or if you would like to report a potential breach by us of any applicable laws of the United States, our Privacy Policy, or this Addendum. We will promptly acknowledge and investigate any such reports.

    The laws of the states described below are the ones we are currently aware of that require giving individual notice and/or consent with respect to our Platform, Content, or Products, and that provide for specific individual rights with respect to our Platform, Content, or Products. We recognize that other states also have laws that may affect your privacy rights with respect to our Platform, Content, or Products, and we direct you to the information in our Privacy Policy for a description of such rights.

    As described further in our Privacy Policy, in the preceding twelve months, we or our service providers may have collected the below categories of personal information for business or commercial purposes:

  • Identifiers (such name, email address, address, and phone number);
  • Commercial information (such as transaction data);
  • Internet or other network or device activity (such as IP address, unique device, advertising ID, browsing history or other usage data);
  • Location information (general location, and, if you provide permission, precise GPS location);
  • Sensory information (such as audio recordings if you call our customer service);
  • Inferences about your preferences and traits through your use of the Platform; and
  • Other information that identifies or can be reasonably associated with you.

    • We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Platform; (3) affiliates; and (4) third-parties such as other users or our third-party providers.

    We or our service providers may collect the categories of information identified above for the following business or commercial purposes (as those terms are defined in applicable law):

  • Our or our service provider’s operational purposes;
  • Auditing consumer interactions on our site (e.g., measuring ad impressions);
  • Detecting, protecting against, and prosecuting security incidents, fraudulent or illegal activity and activity that violates any terms or policies;
  • Bug detection, error reporting, and activities to maintain the quality or safety of our Platform, Content, or Products;
  • Short-term, transient use, such as customizing content that we or our service providers display on services;
  • Providing services (e.g., account servicing and maintenance, data processing, customer service, advertising and marketing, analytics, communication about our Platform, Content, or Products, facilitating communications between users);
  • Improving our existing Products and developing new Products (e.g., by conducting research to develop new products or features, or to train our employees on issues that our users need to be resolved);
  • Other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third-party partners;
  • Other uses about which we notify you.

    • We describe our information sharing practices in the Privacy Policy. In the previous twelve months, we may have shared certain categories of personal information with third-parties for business purposes. The personal information shared may include the following categories of personal information: (1) identifiers; (2) commercial information; (3) location information; and (4) other information that can be associated with you.

    Examples of these types of uses are identified below. We may also use the below categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.

    Because we respect your privacy, we do not rent, sell, or exchange our list of customers.


    Any changes to this policy will be posted here on the Redleaf Press Website.


    This privacy policy is effective as of May 7, 2024.



     

    PRIVACY POLICY

    Last updated: May 17, 2024

    This Privacy Policy governs the privacy practices for Think Small, a Minnesota nonprofit corporation and its affiliated brands, including Redleaf Press and Think Small Institute (“we,” “our,” or “us”). This Privacy Policy applies to information you provide to us when you create your user account, access our Content (defined below), or purchase our Products (defined below) by accessing our website and/or our online platform (collectively our “Platform”). This Privacy Policy specifies:

    •             What personal information do we collect about you through our Platform?

    •             How is this information used and with whom it may be shared?

    •             What choices are available to you regarding the use of your data?

    •             What are our security practices to protect the misuse of your information?

    •             How can you correct any inaccuracies in the information?

    Information We Provide and Collect

    We are the owners of the information, educational materials, and other content (collectively “Content”) we provide through our Platform. This Privacy Policy specifies our rights to the information provided by you and/or collected through our Platform. Your information includes the information you provide in setting up your user account when you purchase our books, guides, courses or other materials (collectively our “Products”). We only have access to and/or collect information that you voluntarily provide us via our Platform, any email you send us, your user account, or other direct contact from you. We do not require you to set up a user account to access our website; however, an account is necessary to access our online platform and acquire our Products. For purposes of this Privacy Policy, “Personal Information” includes all personally identifiable information that is specific to you (e.g. name, address, phone number, email address, etc.). Except as specifically noted herein, we do not provide any Personal Information to any unaffiliated third party.

    We may collect information about you through your use of our Platform with software application tools and data files (such as cookies and web log files), IP addresses, device state information, unique device identifiers, device hardware and OS information (“Usage Information”). You may be able to control such Usage Information through the control settings on your device or browser; but removing such Usage Information tools may impact the convenience to use or the functionality of the Platform.

    We may collect and process information through our Platform about the location of your device using GPS or other location technologies, such as sensor data from your mobile device providing information about nearby Wi-Fi access points and cellular network towers (“Location Information”). We use Location Information solely as necessary to analyze and improve our Platform, Content, and Products.

    Use and Disclosure of Your Information

    We use your Personal Information as necessary to maintain your user account for the purpose of performing our services, and to provide our Products, Content, and Platform. In addition, we may use Personal Information, Usage Information, or Location Information we collect or you provide to us, in order to:

    •             Respond to any questions you ask or to respond to the reason you contacted us. We do not share your Personal Information with any unaffiliated third party, unless necessary to respond to your request.

    •             Enhance, improve and develop new services and products and for overall customer support.

    •             To process your order and/or deliver the Products you purchase through our Platform.

    •             Monitor usage and interaction statistics on our Platform, and/or through responses to our communications.

    •             Perform data analytics for our internal business purposes.

    •             Allow us to respond quickly and efficiently to your questions and your requests for information.

    •             Communicate with you (via email, text, phone or mail) either directly or indirectly through our marketing service provider to send you special offers, or marketing information related to our products and services.

    •             Communicate with you to request feedback or to notify you of changes to our terms, conditions and Privacy Policy.

    •             Track use of our Platform, investigate suspicious activity, and enforce our terms and policies, to measure and improve the operation and security of our Platform, and your Personal Information.

    •             Assess and improve our Products and Content.

    •             Allow us to disclose your information to the extent permitted or required by law.

    We use the Usage Information to perform data analytics, analyze and evaluate the features and functionality of our Platform, Content, and Products. We may also use Usage Information to process automatic crash reporting which collects reports of crashes, other technical issues, and information relating to how our Platform is functioning.

    We may use Location Information to customize Products, Content or information specific to your region. You have the ability to control access to Location Information through the control settings on your device.

    This information may also be provided to our Third-Party Providers (as defined below) as necessary to provide our Platform, Content, and Products, and related functionality and offer other services and products. Our “Third Party Providers” may include, in addition to any of our data sources, software development, application and data hosting, wireless network services providers, payment processors, and any digital analytics or marketing services. We are responsible for assuring that these Third-Party Providers comply with the terms of this Privacy Policy.

    Except for our Third-Party Providers, we will not share Personal Information, Usage Information, or Location Information with an unaffiliated third party without your prior authorization, unless doing so is necessary (1) to enforce this Privacy Policy, to comply with law, regulation or other legal processes or to protect the rights, property or safety of us or others, (2) to comply with a valid order or process from a public authority, (3) to protect against misuse or unauthorized use of our Platform or your user account, (4) to detect or prevent criminal activity or fraud, or (5) in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, in which case such information may be one of the transferred assets.

    Your Rights

    Depending on where you live, you may have certain legal rights under applicable law. For example, you may have the following rights:

    •             Right to Access – means you can ask us for a copy of any Personal Information we have about you, if any.

    •             Right to Correct – means you may ask us to change and/or correct any Personal Information we have about you.

    •             Right to Delete – means you may ask us to delete any Personal Information we have about you and we will be happy to do so unless we are required to retain such information by law or regulation or we have a right to retain subject to a user agreement for our internal business purposes.

    •             Right to Transfer – means you may request a copy of your Personal Information, in a commonly used and machine-readable format, be provided to you or to a third party you specify.

    •             Right to Limit – means you have the right at any time to unsubscribe to any marketing communication from us and we will promptly honor such request.

    We may update our Privacy Policy from time to time. We encourage you to review our Privacy Policy frequently to stay informed regarding how we collect, use, share and process Personal Information. You may contact us (see the Contact Us section below) at any time about any of these rights or any concern or question you have about our use of your Personal Information. See also the specific laws addendum.

    Security

    We take precautions to protect your Personal Information, including reasonable physical, administrative, and technical safeguards. When you submit Personal Information via our Platform, your Personal Information is transmitted using secure sockets layer (SSL) encryption technology. We restrict access to your Personal Information to our authorized personnel and/or Third-Party Providers as appropriate and necessary to provide our Platform, Content, Products and/or maintain your user account.

    We keep your Personal Information if it is necessary to process your requests, operate our business, and provide our Platform, Content, and Products, or as long as we are legally required to do so.  For as long as we have your Personal Information, we will continue to protect the privacy and security of such Personal Information consistent with this Privacy Policy. However, no website, database or system is completely secure or “hacker proof.” You are also responsible for taking reasonable steps to protect your Personal Information against unauthorized disclosure or misuse. You are also responsible for protecting the security of your user account credentials and for any use of your user account.

    Children’s Online Privacy Protection Act

    In compliance with the Children’s Online Privacy Protection Act, 15 U.S.C. § 6501.06 and 16 C.F.R. §§ 312.1 – 312.12, we do not knowingly collect information from children under the age of 13, nor does our Platform or our Content or Products target children under the age of 13. By using our Platform, Content, Products, and/or creating any user account, you represent that you are not younger than 13. Please contact us as noted below if you know or suspect that we have collected information from children under the age of 13 and we will take prompt measures to remove such information.

    Contact Us

    If you have any questions, comments, or concerns about this Privacy Policy, please contact us via email at privacy@thinksmallinstitute.org. All emails should include your first name, last name, email address, and the nature of your request.

    Copyright © 2021-2024 by Think Small. All rights reserved.

    Specific Laws Addendum

    United States

    The following additional terms may apply to you depending on where you reside in the United States. To the extent of any inconsistency, these terms take precedence over the terms in our Privacy Policy in relation to personal information that is collected and/or held in the United States.

    Please use the contact information in the Privacy Policy if you wish to access or correct any of your personal information that we hold or if you would like to report a potential breach by us of any applicable laws of the United States, our Privacy Policy, or this Addendum.  We will promptly acknowledge and investigate any such reports.

    The laws of the states described below are the ones we are currently aware of that require giving individual notice and/or consent with respect to our Platform, Content, or Products, and that provide for specific individual rights with respect to our Platform, Content, or Products. We recognize that other states also have laws that may affect your privacy rights with respect to our Platform, Content, or Products, and we direct you to the information in our Privacy Policy for a description of such rights.

    As described further in our Privacy Policy, in the preceding twelve months, we or our service providers may have collected the below categories of personal information for business or commercial purposes:

    • Identifiers (such name, email address, address, and phone number);
    • Commercial information (such as transaction data);
    • Internet or other network or device activity (such as IP address, unique device, advertising ID, browsing history or other usage data);
    • Location information (general location, and, if you provide permission, precise GPS location);
    • Sensory information (such as audio recordings if you call our customer service);
    • Inferences about your preferences and traits through your use of the Platform; and
    • Other information that identifies or can be reasonably associated with you.

    We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Platform; (3) affiliates; and (4) third-parties such as other users or our third-party providers.

    We or our service providers may collect the categories of information identified above for the following business or commercial purposes (as those terms are defined in applicable law):

    • Our or our service provider’s operational purposes;
    • Auditing consumer interactions on our site (e.g., measuring ad impressions);
    • Detecting, protecting against, and prosecuting security incidents, fraudulent or illegal activity and activity that violates any terms or policies;
    • Bug detection, error reporting, and activities to maintain the quality or safety of our Platform, Content, or Products;
    • Short-term, transient use, such as customizing content that we or our service providers display on services;
    • Providing services (e.g., account servicing and maintenance, data processing, customer service, advertising and marketing, analytics, communication about our Platform, Content, or Products, facilitating communications between users);
    • Improving our existing Products and developing new Products (e.g., by conducting research to develop new products or features, or to train our employees on issues that our users need to be resolved);
    • Other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third-party partners;
    • Other uses about which we notify you.

    We describe our information sharing practices in the Privacy Policy. In the previous twelve months, we may have shared certain categories of personal information with third-parties for business purposes. The personal information shared may include the following categories of personal information: (1) identifiers; (2) commercial information; (3) location information; and (4) other information that can be associated with you.

    Examples of these types of uses are identified below. We may also use the below categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.

    Table of Categories of Data, Uses and With Whom Shared

    Categories of Personal Information We Collect

    Examples of Uses

    Categories of Third Parties With Which We May Share That Information

    Collected/Shared

    Identifiers (e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name)

    Providing our Platform, Content, and Products, Updating and improving our Platform, Content, and Products, Personalizing content, Marketing and advertising, Communicating with you, Analyzing your use of our Platform, Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our Platform, breaches or potential breaches of terms and policies, Internal training of our personnel

    Affiliates, Third Party Providers

    Yes

    Any personal information described in subdivision (e) of Section 1798.80 (e.g., name, address, telephone number, bank account number, credit card number, debit card number, or any other financial information (with financial information only as required by our Third-Party Provider (i.e., Stripe))

    Providing our Platform, Content, and Products, Updating and improving our Platform, Content, and Products, Communicating with you, Analyzing your use of our Platform, Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, breaches or potential breaches of terms and policies, Internal training of our personnel

    Affiliates, Third Party Providers

    Yes

    Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement)

    Providing our Platform, Content, and Products·, Updating and improving our Platform, Content, and Products, Personalizing content, Marketing and advertising, Analyzing use of our Platform, Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies

    Affiliates, Third Party Providers

    Yes

    Geolocation information (general location, and, if you provide permission, precise GPS location)

    Providing our Platform, Content, and Products, Updating and improving our Platform, Content, and Products, Personalizing content, Marketing and advertising, Analyzing use of our Platform, Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies

    Affiliates, Third Party Providers

    Yes

    Sensory information (e.g., audio, electronic, visual, thermal, olfactory, or similar information)

    Providing our Platform, Content, and Products, Updating and improving our Platform, Content, and Products, Personalizing content, Analyzing use of our Platform, Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies, Internal training of our personnel

    Affiliates, Third Party Providers

    Yes

    Professional or employment-related information

    Providing our Platform, Content, and Products, Updating and improving our Platform, Content, and Products, Analyzing use of our Platform, Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies, Internal training of our personnel

    Affiliates,  Third Party Providers

    Yes

    Inferences drawn (to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes)

    Providing our Platform, Content, and Products, Updating and improving our Platform, Content, and Products, Personalizing content, Analyzing use of our Platform, Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies

    Affiliates, Third Party Providers

    Yes

    Sensitive personal information (e.g., account log-in, financial account, debit card, or credit card number with any required security or access code, password, or credentials allowing access to an account; precise geolocation)

    Financial information is required by our Third-Party Provider for payment processing (i.e., Stripe). The only information provided to us from Stripe is last four digits of card, email, and zip code. Our Third-Party Provider uses to: Process payments for our Products, Updating and improving our Platform, Content, and Products, Analyzing use of our Platform, Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies

    Affiliates, Third Party Providers

    Yes

     

    We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Platform; (3) affiliates; and (4) third-parties such as other users or our third-party providers.

    For Residents of California

    If you are a California resident (as defined by the California Consumer Privacy Act), you may have certain rights.

    This Notice for California Residents supplements the information in our Privacy Policy, and except as provided herein, applies solely to California residents (as defined by the California Consumer Privacy Act (CCPA) and amended by the Consumer Privacy Act Regulations (CPRA)). It may apply to personal information (as defined by CCPA / CPRA) we collect on or through the Platform and through other means (such as information collected offline, in person, and over the telephone). Until the CCPA / CPRA has specifically regulated business information, this Notice for California Residents does not apply to business information that does not constitute personal information.

    Summary of Information We Collect

    California law requires us to disclose information regarding the categories of personal information that we have collected about California consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

    Rights

    If you are a California resident (as defined by the CCPA / CPRA), you may have certain rights. California law may permit you to request that we:

    • Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information, if applicable (note, at this time we do not sell or share personal information with unaffiliated third parties); and the categories of third-parties with whom we shared personal information.
    • Provide access to and/or a copy of certain information we hold about you.
    • Request to opt-out of the sale or sharing of personal information.
    • Delete certain information we have about you.

    You may have the right to receive information about the financial incentives that we offer to you, if any. You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights referenced herein. Certain information may be exempt from such requests under applicable law. In addition, we need certain types of information so that we can provide our Platform, Content, and Products to you. If you ask us to delete it, you may no longer be able to access or use our Platform, Content, or purchase our Products.

    If you would like to exercise any of these rights, please submit a request to privacy@thinksmallinstitute.org. You will be required to verify your identity before we are able to fulfil your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

    The CCPA / CPRA, sets forth certain obligations for businesses that “sell” personal information. We do not sell personal information.

    Metrics

    California law may require us to compile the following metrics for the previous calendar year: the number of rights requests received, complied with, and denied, as well as the median number of days within which we responded to those requests. To the extent this obligation applies to us, we will update this section.

    California Shine the Light

    If you are a California resident, you may ask for a list of third-parties that have received your information for direct marketing purposes during the previous calendar year. If we have shared your information, this list will contain the types of information shared, and we will provide this list at no cost. To make such a request, contact us at privacy@thinksmallinstitute.org.

    California Do-Not-Track Disclosure

    We are committed to providing you with meaningful choices about the information collected on our Platform for third-party purposes. However, we do not currently recognize or respond to browser-initiated Do-Not-Track signals, as the Internet industry is currently still working on Do-Not-Track standards, implementations, and solutions.

    For Residents of Colorado

    If you are a resident of Colorado and you meet the definition of a “consumer,” you may have certain rights.

    Summary of Information We Collect

    Colorado law requires us to disclose information regarding the categories of personal data that we have collected about Colorado consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

    Rights

    Colorado law may permit you to request that we act on a consumer’s following rights:

    • Right of access to and/or a copy of certain information we hold about you.
    • Right to correct for any inaccuracies in your personal data.
    • Right to request that we delete your personal data.
    • Right to obtain your personal data in a portable (and if technically feasible readily usable) format.
    • Right to request to opt-out of the sale of personal data, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently sell personal data or engage in profiling.

    If you would like to exercise any of these rights, please submit a request to privacy@thinksmallinstitute.org. You will be required to verify your identity before we are able to fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

    Please note that while we may record customer service calls and/or training videos; we do not digitally analyze any such data for any biometric identification purposes.

    For Residents of Connecticut

    If you are a resident of Connecticut and you meet the definition of a “consumer,” you may have certain rights.

    Summary of Information We Collect

    Connecticut law requires us to disclose information regarding the categories of personal data that we have collected about Connecticut consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

    Rights

    Connecticut law may permit you to request that we act on a consumer’s following rights:

    • Right of access to and/or a copy of certain information we hold about you.
    • Right to correct for any inaccuracies in your personal data.
    • Right to request that we delete your personal data.
    • Right to obtain your personal data in a portable (and if technically feasible readily usable) format.
    • Right to request to opt-out of the sale of personal data, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently sell personal data or engage in profiling.

    If you would like to exercise any of these rights, please submit a request to privacy@thinksmallinstitute.org.  You will be required to verify your identity before we are able to fulfil your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

    Please note that while we may record customer service calls and/or training videos; we do not digitally analyze any such data for any biometric identification purposes.

    For Residents of Illinois

    Rights

    Residents of Illinois may have certain rights under the Biometric Information Privacy Act. Please note that while we may record customer service calls and/or training videos; we do not digitally analyze any such data for any biometric identification purposes.

    For Residents of Nevada

    Rights

    Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a person to be contacted either physically or online.

    We do not engage in such activity.

    For Residents of Virginia

    If you are a resident of Virginia and you meet the definition of a “consumer,” you may have certain rights.

    Summary of Information We Collect

    Virginia law requires us to disclose information regarding the categories of personal data that we have collected about Virginia consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

    Rights

    Virginia law may permit you to request that we act on a consumer’s following rights:

    • Right to confirm if we are processing personal data we hold about you.
    • Right to correct for any inaccuracies in your personal data.
    • Right to request that we delete your personal data.
    • Right to obtain your personal data in a portable (and if technically feasible readily usable) format.
    • Right to request to opt-out of the sale of personal data, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently sale personal data or engage in profiling.

    If you would like to exercise any of these rights, please submit a request to privacy@thinksmallinstitute.org. You will be required to verify your identity before we are able to fulfil your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

    Please note that while we may record customer service calls and/or training videos; we do not digitally analyze any such data for any biometric identification purposes.

    For Residents of Utah

    If you are a resident of Utah and you meet the definition of a “consumer,” you may have certain rights.

    Summary of Information We Collect

    Utah law requires us to disclose information regarding the categories of personal data that we have collected about Utah consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

    Rights

    Utah law may permit you to request that we act on a consumer’s following rights:

    • Right to confirm if we are processing personal data we hold about you.
    • Right to correct for any inaccuracies in your personal data.
    • Right to request that we delete your personal data.
    • Right to obtain your personal data in a portable (and if technically feasible readily usable) format.
    • Right to request to opt-out of the sale of personal data, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently engage in the sale of personal data or engage in profiling.

    If you would like to exercise any of these rights, please submit a request to privacy@thinksmallinstitute.org.  You will be required to verify your identity before we are able to fulfil your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

    Non-US Country Addendum

    EU/EEA

    The following additional terms apply to you if you reside in the European Union/European Economic Area (EU/EEA). To the extent of any inconsistency, the following terms take precedence over the terms in our Privacy Policy in relation to personal data that is collected and/or held relating to individuals (i.e., data subjects) residing in the EU/EEA.

    The EU/EEA’s General Data Protection Regulation (GDPR) governs our processing (as defined under GDPR) of your personal data, as well as your rights regarding the same. As used in this Addendum, the following terms have the following meanings:

    “Breach”, “data controller”, “data processor”, “Data Protection Authority”, “data subject”, “data subject rights”, “Member State”, “personal data”, “personal data breach”, “processing” (and “process”) (regardless of whether capitalized herein) have the meanings given to them in GDPR.

    “Standard Contractual Clauses,” for purposes of our Privacy Policy, means the template agreement contained in the Annex of the European Commission’s Implementing Decision of 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, and any replacement, amendment or restatement of the foregoing issued by the European Commission.

    Data controller; processing

    Think Small is a data controller of your personal data.  GDPR sets forth specific obligations of a data processor and data controller in each of these roles.

    Lawful Basis for our Processing of Your Personal Data.

    As the data controller, we are responsible for establishing a lawful basis for the processing of your personal data. We rely on our legitimate interests under GDPR Article 6 in order to engage in the processing of your personal data. This means that we have a legitimate interest in receiving and processing your personal data in order to provide our Platform, Content, and Products. We may, in some cases, also rely on obtaining your consent under GDPR Article 6 as the lawful basis of their processing of your personal data. If so, this means that we have requested your explicit consent (or “opt-in”) to their processing of your personal data.

    Data Protection Officer.

    Think Small has appointed a Data Protection Officer (DPO).

    Individual Rights

    As also noted in our Privacy Policy, you may make the following requests from us as the data controller. In each case these rights are subject to restrictions and/or exceptions as specified in the GDPR. The following is a summary of your rights:

    • The right of access, enabling you to receive a copy of your personal data
    • The right to rectification, enabling you to correct any inaccurate or incomplete personal data we hold about you
    • The right to erasure, enabling you to ask us to delete your personal data in certain circumstances
    • The right to restrict processing, enabling you to ask us to halt the processing of your personal data in certain circumstances
    • The right to object, enabling you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party), and
    • The right to data portability, enabling you to request us to transmit personal data that you have provided to us to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

    Under GDPR, a data subject also has the right to lodge a complaint with a Data Protection Authority, in particular in the Member State of the data subject’s residence, place of work or place of an alleged infringement, if the data subject considers that the processing of the personal data infringes the GDPR.

    If you wish to exercise any of these rights, please contact us using the contact information provided in our Privacy Policy. Please note that the GDPR specifies when the data controller may refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive.

    Special Categories of Personal Data

    Our Platform does not require the collection or processing of any sensitive personal data or sensitive information, as defined in applicable data protection laws (e.g., racial, ethnical origin, political opinions, religious beliefs, etc.).  We may nevertheless collect such sensitive personal data about you or we may collect it incidentally if you provide such data to us. By providing any sensitive personal data or by providing information by a recording, you consent to our collection of such information, however, we do not require or use such data to provide our Platform, Content, or Products.

    International Transfers of Data

    Personal Information originating in the EU/EEA will generally be stored on servers in the EEA but may be accessed and/or processed in a limited manner outside of the EEA. We adhere to the GDPR where it applies to our Platform, Content, or Products. Where your personal data is processed outside of the EEA, we will put in place appropriate safeguards.  Where appropriate, we may enter into Standard Contractual Clauses with importers or processors and/or other relevant third parties for the transfer of your personal data and may carry out a risk assessment and/or take necessary security measures in order to fulfill our obligations under GDPR.

    If we determine we are unable to provide equivalent protection of your personal data, including by entry into the Standard Contractual Clauses, we may seek to rely on derogations authorized by the GDPR, including the derogation of consent/contract/request of data subject. If relying on your consent, we will seek your explicit consent in advance.

    United Kingdom

    The following additional terms apply to you if you reside in the United Kingdom (UK).  To the extent of any inconsistency, these terms take precedence over the terms in our Privacy Policy in relation to personal data that is processed in the UK.

    The UK’s General Data Protection Regulation (UK GDPR) governs our processing (as defined therein) of your personal data, as well as your rights regarding the same. As used in this Addendum, the following terms have the following meanings:

    “Breach”, “data controller”, “data processor”, “Information Commissioner’s Office (ICO)”, “data subject”, “data subject rights”, “personal data”, “personal data breach”, “processing” (and “process”) (regardless of whether capitalized herein) have the meanings given to them in the UK GDPR.  The UK GDPR may regard a video as “personal data” if the image can be used to identify you.

    “UK Addendum” means the International Data Transfer Addendum to the EU/EEA Standard Contractual Clauses issued by the ICO, version B1.0 in force March 21, 2022, as may be amended from time to time (or any successor version).

    Data controller; processing

    Think Small is a data controller of your personal data. The UK GDPR sets forth specific obligations of data controllers and processors in each of these roles.

    Lawful Basis for our Processing of Your Personal Data.

    Because we are a data controller, we are the ones who are responsible for establishing a lawful basis for the processing of your personal data. We rely on our legitimate interests under UK GDPR Article 6 in order to engage in the processing of your personal data. This means that we have a legitimate interest in receiving and processing your personal data in order to provide the Platform, Content, and Products. We might in some cases also rely on obtaining your consent under UK GDPR Article 6 as the lawful basis of our processing of your personal data. If so, this means that we have requested your explicit consent (or “opt-in”) to their processing of your data. If applicable, you will be provided with our Consent and/or Lawful Basis to Collection and Processing of Personal Data notice.

    Data Protection Officer.

    Think Small has appointed a Data Protection Officer (DPO) as specified in our Privacy Policy.

    Individual Rights

    As also noted in our Privacy Policy, you may make the following requests from us as the data controller. In each case these rights are subject to restrictions and/or exceptions as specified in the UK GDPR. The following is a summary of your rights:

    • The right of access, enabling you to receive a copy of your personal data
    • The right to rectification, enabling you to correct any inaccurate or incomplete personal data we hold about you
    • The right to erasure, enabling you to ask us to delete your personal data in certain circumstances
    • The right to restrict processing, enabling you to ask us to halt the processing of your personal data in certain circumstances
    • The right to object, enabling you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party), and
    • The right to data portability, enabling you to request us to transmit personal data that you have provided to us to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

    You have the right to lodge a complaint with the ICO if you consider that the processing of your personal data infringes the UK GDPR.  If you wish to exercise this right, please contact us. You may also contact us using the contact information provided in our Privacy Policy. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive.

    Special Categories of Personal Data

    Our Platform does not require the collection or processing of any sensitive personal data or sensitive information, as defined in applicable data protection laws (e.g., racial, ethnical origin, political opinions, religious beliefs, etc.).  We may nevertheless collect such sensitive personal data about you or we may collect it incidentally if you provide such data to us. By providing any sensitive information or by providing information by recording, you consent to our collection of such information and our use and disclosure of it in accordance with our Privacy Policy for purposes directly related to the reason it was provided.

    International Transfers of Data

    Personal Information originating in the UK will be stored on servers in the UK but may be accessed and/or processed in a limited manner outside of the UK. We adhere to the UK GDPR where it applies to our Platform. Where your data is processed outside of the UK, we have put in place appropriate safeguards.  Where appropriate, we may enter into the UK Addendum to the Standard Contractual Clauses with an importer or processor and/or other relevant third parties for the transfer of your personal data and may carry out a risk assessment and/or take necessary security measures in order to fulfill our obligations under the UK GDPR.

    If we determine we are unable to provide equivalent protection of your personal data, including by entry into the UK Addendum to the Standard Contractual Clauses, we may seek to rely on derogations authorized by the UK GDPR, including the derogation of consent/contract/request of data subject. If relying on your consent, we will seek your explicit consent in advance.

    Canada

    The following additional terms apply to you if you reside in Canada. To the extent of any inconsistency, these terms take precedence over the terms in our Privacy Policy in relation to personal information that is collected and/or held in Canada.

    Applicable Law

    At the Canadian federal level, the Personal Information Protection and Electronic Documents Act (PIPEDA) establishes a framework for the collection and use of your personal information across Canada (e.g., if you are a candidate for employment of an organization that is a federally regulated work, undertaking, or business (e.g., Canadian bank, airline, broadcaster, etc.)). PIPEDA may not apply to personal information about you for use of our Platform.

    If PIPEDA does not apply, Canadian provincial privacy laws may still apply. We will comply with any such specific provincial privacy laws that apply to our Platform, Content, or Products.  For example, Alberta, British Columbia, and Quebec may have provincial privacy laws that apply to your personal information.

    Consent

    Depending on the applicable data protection laws, we may need to obtain your consent for the collection, use, or disclosure of your personal information. In Canada, your consent is only valid if it is reasonable to believe that you understand the nature, purpose, and consequences of the collection, use, or disclosure of your personal information. You may withdraw your consent at any time.

    At the time of obtaining your consent, we must provide you with the following:

    • An exhaustive list of types of personal information being collected and processed
    • A list of third parties with whom it is being shared (including the countries for such parties if outside Canada)
    • A stated commitment to handling your personal information according to our Privacy Policy, and provide a link to that policy
    • An explanation of the risk of harm and other potential consequences in using our Platform
    • A “No, I do not consent” button or similar option and explain to you the consequences of withholding your consent, and
    • A statement of the possibility for you to withdraw your consent after providing it.

    If applicable, you will be provided with our Consent and/or Lawful Basis to Collection and Processing of Personal Data notice.

    Opting Out of Email Communications

    Canada’s Anti-Spam Legislation (CASL) requires your consent on an opt-in basis in order for us to communicate with you by email. If you elect to provide us with an email address, we will treat such provision as your consent to opt-in to our use of email as a communication means. If applicable, you will be provided with our Consent and/or Lawful Basis to Collection and Processing of Personal Data notice. You may opt-out of email communication at any time.