Last Updated: [April 18, 2024]
This U.S. state privacy notice (this “State Privacy Notice”) is included in our Privacy Policy and applies to our processing of “personal information” of residents covered under the State Privacy Laws in relation to the Website (as the terms “personal information” and “personal data” are defined under those State Privacy Laws) (collectively, “Consumers, “you,” or “your”). Any capitalized terms or other terms not defined herein shall have the meaning given to them elsewhere in our Privacy Policy or, if not defined herein or elsewhere in our Privacy Policy, the applicable State Privacy Law. The term “State Privacy Laws” means, as applicable, the California Consumer Privacy Act (the “CCPA”), the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act.
To the extent of any conflict between this State Privacy Notice and the rest of our Privacy Policy, this State Privacy Notice shall control only with respect to Consumers and their personal information. If you are located elsewhere, please see our Privacy Policy here.
I. Personal Information We Collect
A. Collection: Pursuant to the CCPA, we collect the categories of personal information listed below and have done so within the past twelve (12) months:
- Identifiers – Examples include name, email address, physical address, company name, and title.
- Commercial Information – Examples include products or services purchased, obtained, or considered and demographics/interests.
- Internet or Network Activity – Examples include page views, clickthroughs, referral and exiting URLs, time spent on pages, latency, and IP address.
- Inferences, such as predictions about your interests and preferences.
More on Sensitive Data: With respect to California’s privacy law (the CCPA), we do not process any data that may be deemed “sensitive” for the purpose of inferring characteristics about you or for a purpose that requires a corresponding opt-out right (the “right to limit”). With respect to the other State Privacy Laws, we do not process any “sensitive data” (as such term or similar term is defined under those laws) in such a manner that requires opt-in consent but, rather, only use such data to provide the services that you request.
- Sources: The above categories of personal information are collected from you directly or, in the context of Internet or Network Activity, from server logs, or from our third-party partners (e.g., analytics vendors).
- Business Purposes: We use the above categories of personal information as relevant for the following business purposes:
- Providing our Website and services
- Responding to inquiries and other messages
- To assist us in marketing to you, which includes but is not limited to the provision of marketing materials and emails
- Analytics (e.g., understanding of how the Website is used, the locations where Consumers engage with the Website, engagement with marketing channels such as email, measuring clickthroughs from URLs)
- Providing location-specific services (e.g., finding a distributor, store, or event near you)
- Cybersecurity
- Fraud detection and crime prevention
- Compliance with applicable law
- Responding to requests by public authorities or assist with investigations
- Establishing, exercising, or defending legal claims or otherwise protecting our business and our customers and enforcing our agreements and rights.
- Optimizing the Website and related services
- A merger, dissolution, reorganization, or similar corporate event, or the sale of all or substantially all of our assets (including, in each case, any due diligence relating thereto)
- Internal purposes aligned with Consumer expectations
- As otherwise either disclosed to you (e.g., via “just-in-time” notices) or pursuant to Consumer consent.
D. Disclosures: For the above business purposes, we disclose each of the categories of personal information above to third parties and service providers such as cloud storage and web hosting providers, distributors, technical assistance and security vendors, database management/back-up services, analytics services, email clients, digital marketing services (e.g., marketing automation), customer relationship management/CRM platforms, and customer service vendors.
III. Your Privacy Rights
Under the state privacy laws covered under this notice, you have the following rights subject to certain limitations under such laws, such as exceptions found in such laws or, in some cases, the inability to verify your identity:
The Right to Access | Under the State Privacy Laws, you have the right to obtain confirmation regarding whether we are processing your personal information and to access that personal information. You also have the right to access that personal information in a portable, readily usable format, unless not technically feasible to provide in such a format. Specifically with respect to the CCPA’s right to access, you have the right to request the following: (a) the specific pieces of personal information the business has collected about you and (b) the categories of personal information collected, the sources of collection, the business/commercial purpose for collecting or "selling/sharing" personal information, and the categories of third party to whom the business discloses personal information. |
---|---|
The Right to Delete | You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions under the State Privacy Laws. |
The Right to Correction | You have the right to request that inaccuracies in your personal information be corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information. |
Opt-Out Rights | Under State Privacy Laws, you have the right to opt-out of “sales” and “shares” of personal information, “targeted advertising,” and certain use/disclosure of “sensitive” personal information. We do not “sell” or “share personal information or process personal information for “targeted advertising.” Further, pursuant to the CCPA, we do not process “sensitive information” for purposes of inferring characteristics about your or otherwise for a purpose that requires a corresponding opt-out right (i.e., the “right to limit”). We do not have actual knowledge of “sharing” or “selling” the personal information of consumers under sixteen (16) years old. |
Exercising Your Rights: To exercise the access, correction, and deletion rights described above, please submit a request to us by either:
- Filling out this form
- Calling us at 720-664-3302
You have the right to not receive retaliatory or discriminatory treatment for the exercise of your rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.
Please note that a record of your requests, including how we responded and any correspondence or documentation related thereto, may be kept pursuant to our legal obligations.
IV. Verifying Your Rights Requests
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. Before processing your request, we may need to verify your identity and confirm you are a resident of a state that offers the requested rights.
Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information. This process may require us to request additional personal information from you, including, but not limited to, your email address or phone number or date of last transaction with us.
In certain circumstances under the State Privacy Laws, you are permitted to use an authorized agent to submit requests on your behalf (using the mechanisms for submitting requests above), where we can verify the authorized agent’s authority to act on your behalf.
In order to verify the authorized agent’s authority to submit requests on your behalf, we generally require evidence of either (i) a valid power of attorney under the relevant state laws or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.
We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated above, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.
Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive, or manifestly unfounded.
V. Appealing Privacy Rights Decisions
California, Colorado, Connecticut, and Virginia residents may have the right to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing us at privacy@ibotta.com with the subject line, “Privacy Request Appeal” and all relevant details.
VI. How to Contact Us
If you have any questions regarding our privacy practices as it relates to this State Privacy Notice, please contact us via email at privacy@ibotta.com with the subject line, “State Privacy Notice.”