Privacy Policy
Last updated: March 2025
PLEASE READ THE FOLLOWING PRIVACY POLICY, FOR INFORMATION REGARDING THE WAYS YOUR PERSONAL DATA MAY BE PROCESSED, CAREFULLY. WHEN YOU USE THE APP YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY.
I. INTRODUCTION
AIBY Inc. (“we,” “us” or “our”) takes your privacy seriously. This Privacy Policy (“Privacy Policy”) explains our data protection policy and describes the types of information we may process when you access, use and/or interact with us via the website available at https://onskin.com/ (hereinafter, the “Website”).
Note that the present Privacy Policy is applicable only with respect to data that may be collected, stored, processed when you access and/or use the Website. This Privacy Policy does not apply to data that is collected, stored, processed when you access and/or use onSkin mobile App introduced on the Website (hereinafter, “onSkin App”). To learn more about data processing practices applicable to the onSkin App, please visit the corresponding onSkin App’s Privacy Policy.
The Website is designed for general information and promotional purposes. It provides detailed description of the onSkin App’s functionalities, user reviews, information about the onSkin App team.
When we refer to personal data (or personal information) we mean any information of any kind relating to a natural person who can be identified, directly or indirectly, in particular by reference to such data. It is a natural person who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social status.
This Privacy Policy (except for Annex below – “U.S. Multistate Privacy Notice”) applies to all users of the Website regardless of where they are located. The U.S. Multistate Privacy Notice included in the Annex to this Privacy Policy supplementary applies to those users who:
a) are residents of U.S. states where corresponding U.S. State Privacy Laws were enacted; and
b) fall within the scope of the U.S. Multistate Privacy Notice applicability.
II. INFORMATION WE PROCESS
There are several categories of information that may be processed when you access, use and/or interact with the Website.
Functional information
We ask for and process the following information when you access and/or use the Website. This information is necessary for the adequate performance of the contract between you and us. Without such information it is impossible to provide complete functionality of the Website and perform the requested services:
- Activity Information directly related to your use of the Website. When you search for information about different plant varieties by making text search requests via the Website, we may collect, process and store information regarding the date, time and other details of your requests (terms you search for, your search history). PLEASE MAKE SURE THAT YOUR TEXT SEARCH REQUESTS DO NOT CONTAIN PERSONALLY IDENTIFIABLE INFORMATION OR SENSITIVE DATA.
- Information you may provide us via our communication channels (Contact information).
We may collect, store, and process information such as your name, e-mail address, and any other content you include in your email when contacting us via our support email ([email protected]). We process all this information solely for the purpose of considering and responding effectively to your requests, if necessary.
We may also collect, store and process your email address when you subscribe to our newsletters on the Website. For more details, see subsection “Email newsletters”
We use our cloud storage provider, Advanced Hosters B.V., to collect, store, and process the information you provide via our communication channels.
Information that is processed automatically
When you access, use and/or interact with the Website, some information about your device and your user behavior may be processed automatically. This information is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We process this information on the ground of our legitimate interest for improving the Website and providing our users with the best experience.
We may use third-party automatic data processing technologies to analyze certain information sent by your device via the Website (analytics or advertising tools). Some of them may launch automated processing of your personal data, including profiling, which means any form of automated processing of personal data used to evaluate certain personal aspects relating to you, in particular to analyze or predict aspects concerning your personal preferences, interests, behavior, location or movements (see the list of data described below). Processing information through automatic data processing technologies starts automatically when you first time access the Website.
- Device Details. When you use a device (computer, laptop / tablet / phone) to access the Website, some details about your device are reported, including “device identifiers”. Device identifiers are small data files or similar data structures stored on or associated with your device, which uniquely identify your device (but not your personality). Device identifier enables generalized reporting or personalized content and ads by the third parties.
What data may be processed:
- Information about the device itself: type of your device, type of operating system and its version, model and manufacturer, screen size, screen density, orientation, audio volume and battery, battery life, loading time, latency, framerate, device memory usage.
- Information about the Internet connection: mobile carrier, network provider, network type, IP address, timestamp and duration of sessions, speed, browser and version, browser language.
- Location-related information: IP address, the country code/ region/ state/ city associated with your SIM card or your device, language setting, time zone.
- Device identifiers: advertising identifiers, Identity For Advertisers for iOS devices / Advertising ID or Android ID for Android devices.
- Cookies and similar technologies. When you access, use and/or interact with the Website, cookies and similar technologies may be used (pixels, web beacons, scripts). A cookie is a text file containing small amounts of information which is downloaded to your device when you access the Website. The text file is then sent back to the server each time you use the Website. This enables us to operate the Website more effectively. For example, we will know how many users access specific areas, content or features within the Website and which links they clicked on. We use this aggregated information to understand and optimize how the Website is used, improve our marketing efforts, and provide content and features that are of interest to you. Third party analytics tools use cookies or similar technologies for the purpose of analyzing the Website traffic.
- Log file information. Log file information is automatically reported each time you make a request to access the Website. When you use the Website, analytics tools automatically record certain log file information, including time and date when you start and stop using the Website, and how you interact with the Website.
Information provided automatically to analytics or advertising tools does not generally come to our control, therefore, we cannot be responsible for processing such information. Please mind that some services are engaged in personal data profiling and may obtain information related to your personality and/or your device by using technologies that do not belong to our scope of responsibility.
Using a special form available on the Website, you may provide us your email address to receive email newsletters from us. These newsletters may include special subscription offers, new features and functionalities, and other updates related to the onSkin App and/or the Website on the grounds of our legitimate interests. Subscribing will allow you to stay up to date and receive the latest news about the onSkin App and the Website, including the best price offers. You may unsubscribe at any time by using the opt-out link provided in each email you receive from us. Your unsubscribe request will be honored within a reasonable period of time.
III. THE PURPOSES OF PROCESSING YOUR DATA
Our mission is to constantly improve the Website and provide you with better user experiences. As part of this mission, we use your information for the following purposes:
(a) To make our service available and ensure the efficient operation of the Website. We use functional information and information that is processed automatically to provide you with all requested services and to ensure the efficient operation of the Website according to its intended purpose.
(b) To improve, test and monitor the effectiveness of the Website. We use the information that is processed automatically to better understand user behavior and trends, detect potential outages and technical issues, to operate, protect, improve, and optimize the Website.
(c) To communicate with you. We may use information that you voluntarily provide to us via our support channels and contact forms for the purposes of processing and responding (if necessary) to your requests, receiving your feedback, comments or suggestions, also to send you marketing notifications about the operation of the Website, onSkin App or on other matters.
(d) To prevent fraud and spam, to enforce the law. We really want the Website to be free of spam and fraudulent content so that you feel safe and free. We may use your information to prevent, detect, and investigate fraud, security breaches, potentially prohibited or illegal activities, protect our trademarks, enforce our [Terms of Use] and applicable law.
If any new purpose for processing your data arises, we will let you know when we start to process information for that other purpose by introducing the corresponding changes to this Privacy Policy.
IV. SHARING OF YOUR INFORMATION
We will not rent or sell your personal data to third parties, but we may share your information obtained via tools like cookies, log files, and device identifiers with third-party organizations that provide automatic data processing technologies for the Website. We do not control or influence these third parties’ tracking technologies or how they may be used.
Please note that while we partner solely with third parties who have assured us they apply the necessary technical and organizational measures to protect your data, we cannot guarantee the absolute security of any information transmitted from the Website directly to such third parties. We are not responsible for any accidental loss or unauthorized access to your data through a fault of third parties.
We may engage the following third-party service providers in order to provide us with necessary infrastructure for delivery and improvement of the Website:
Entity name | Services performed | Entity location | Link to Privacy Policy |
---|---|---|---|
Advanced Hosters B.V. | Cloud service provider | Netherlands | https://advancedhosting.com/en/documents/privacyPolicy |
Google LLC | Google Analytics (tool for the Website traffic analysis) | U.S.A. | Google Privacy Policy: https://policies.google.com/privacy?hl=en How Google uses information from sites or apps that use its services: https://policies.google.com/technologies/partner-sites?hl=en https://support.google.com/analytics/answer/6004245 (see section ‘Information for visitors of sites and apps Using Google Analytics’) |
Mindbox USA LLC | Email marketing tool | U.S.A. | https://mindbox.cloud/documents/privacy-policy/ |
As it is indicated above we use Google Analytics service that tracks and reports the Website traffic. Google Analytics service uses different types of cookies to analyze user activity on the Website. To learn more about the types of cookies and other data collected and processed by Google Analytics (Google LLC) please visit https://support.google.com/analytics/answer/6004245 and https://policies.google.com/technologies/cookies. Note that we are not responsible for any usage of your data by the abovementioned third-party service provider (Google LLC) in violation of our instructions.
If you don’t want Google Analytics to use cookies you can block data collection following the instructions provided in Section IX of the present Privacy Policy.
The Website may contain links to third party sites/services. You also may visit the Website following a link from a third party site. We are not responsible for the privacy practices of these third-party sites or services linked, including for the information or content contained within them (unless we are the providers of those sites and/or services).
We may disclose your personal information if it is needed for objective reasons, due to the public interest or in other unforeseen circumstances:
- as required by law;
- when we believe, in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- if we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice in our Website of any change in ownership or your personal information usage, as well as any choices you may have regarding your personal information.
V. INTERNATIONAL DATA TRANSFERS
We work in the cross-border area and provide the Website to users around the world.
We and third-party organizations that provide automatic data processing technologies for the Website or our third-party partners may transfer the automatically processed information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.
If you are located in the European Union or other regions with laws governing data processing that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that may not have the same data protection laws as in your home jurisdiction. We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information.
By using the Website, you agree that we may transfer your personal data to any third country, a territory or one or more specified sectors within that third country, or to the international organization where data protection and confidentiality regulations may not provide the same level of protection of personal data as your country does.
VI. HOW DO WE STORE YOUR DATA
For the purposes of data storage, we recourse to the services of the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data – if possible – before sending it to the hosting organizations for the purposes of its storage. Please note that we cooperate only with those hosting organizations that have passed our security and reliability check.
In particular, we recourse to the services of Advanced Hosters B.V. that have adopted technical and organizational measures to protect your personal data against unauthorized/unlawful processing and accidental loss, destruction or other damage.
VII. HOW LONG WE USE YOUR PERSONAL DATA
We generally retain your personal information for as long as is necessary for performing the functional service of the Website and to comply with our legal obligations. If you no longer want us to use your information that we physically access and store, you can request that we erase your personal information and/or close your account.
However, some data may still be stored for a certain time period (but no longer than the storage purpose requires) if information is necessary to comply with legal obligation (taxation, accounting, audit) or in order to maintain safety and data backup settings, prevent fraud or other malicious acts.
VIII. USER PRIVACY RIGHTS
Applicable data protection laws give you the following rights regarding your personal information:
- The Right to Know (also referred to as the Right to Access). You have the right to obtain a confirmation as to whether or not personal data concerning you is being processed. Additionally, you can request a copy of personal data we hold about you and additional details on how such data is processed.
- The Right to Data Portability. You are entitled to request your personal information in a portable, structured and machine-readible format that makes it easier to reuse such information or transfer it directly to another service, move it wherever you want.
- The Right to Correct Inaccuracies (also referred to as the Right to Rectification). Where you cannot update your data by yourself through your account (if available) or the App settings, you can ask us to correct, change, complete or rectify your data.
- The Right to Data Deletion (also referred to as the Right to Erasure or the Right to Be Forgotten). You have the right to request the deletion of all or some pieces of your personal data we process. In this regard you should bear in mind that applicable data protection laws may provide exceptions to the Right to Data Deletion, which means that under certain circumstances we may need to keep some pieces of your data to comply with legal obligations, detect fraud, exercising or defence of legal claims, for other legal reasons. Therefore, upon receiving your verified request, we’ll delete your personal data and direct our service providers to do the same unless a legal exception applies.
- The Right to Restriction of Processing. Under certain circumstances, you may have the right to limit the ways in which your personal information is processed. These specific circumstances are addressed in data protection laws that may apply to you. For example, you can ask for restriction of data processing in the case of disputed accuracy: if you believe that the personal data we hold about you is inaccurate, you can request a restriction of processing while we verify its accuracy.
- The Right to Object to Processing of Personal Data. When your personal information is processed automatically with the involvement of third party service providers, you may object to such processing in some circumstances. Additionally, when your personal information is processed for direct marketing purposes, you may ask to cease processing your data for these direct marketing purposes. In order to exercise your right to object please submit us the corresponding request. You may also contact the third party service providers listed in the Section IV of this Privacy Policy to learn how you can object to their processing of your data. Most of them have clear instructions on their privacy pages, functional API or other options.
To exercise any of the rights described above, you can contact us at [email protected]. Please bear in mind that we ensure the above mentioned rights only with respect to the information that we physically access and store. We also would like to draw your attention to the fact that in order to process your request we first have to identify you as a user of the Website or onSkin App.
You also have the right to lodge a complaint with your local data protection or a supervisory authority if you reasonably believe that your rights under applicable data protection laws have been breached. Please note that when you exercise your right to lodge a complaint with your local data protection or a supervisory authority, you may be required to provide additional information and support your complaint with sufficient objective evidence. By lodging a complaint you agree to provide sufficient explanation as to what you believe impaired your rights. Additionally, in some cases prior to lodging a complaint to your local data protection or a supervisory authority, you may be required to send your initial claim directly to us and ask for clarifications if necessary.
If you are located in the European Union, you may address our representative when you have questions on privacy issues: Konrad Gutowski, [email protected].
IX. HOW TO OPT OUT
How to opt-out of being tracked by Google Analytics
If you want to opt-out of being tracked by Google Analytics you can install and enable Google Analytics Opt-out Browser Add-on. Additionally, you can manage cookies and/or delete cookies already set by Google Analytics through your browser settings. Further information on Google Analytics’ data practices and relevant instructions can be found at https://support.google.com/analytics/answer/6004245 (see section ‘Information for Visitors of Sites and Apps Using Google Analytics’).
Bear in mind that if you choose to disable all cookies, this can affect the Website functions, some of the features that make the Website more efficient may not function.
X. SECURITY
The security of your personal information is highly important to us. We follow generally accepted industry standards to protect the personal information provided to us, both during transmission and once we receive it.
We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information.
We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing.
Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law.
If you have any questions about the security of the Website, you can contact us with the corresponding message via our support channels or contact forms.
XI. CHILDREN’S PRIVACY
The Website is not intended for children. Therefore, we do not knowingly or intentionally collect or solicit any personal information from children. For the purposes of this Section XI the terms “child” and/or “children” in the context of data processing activities may be interpreted on a case-by-case basis as prescribed by applicable data protection laws. No one who is considered a “child” under applicable data protection laws is allowed to directly provide any personal information via the Website.
As a general rule we consider a person under the age of 16 to be regarded as “a child” until we have legal grounds to conclude that a person under 16 should be treated as an adult as per provisions of local data protection rules or based on the parent authorization provided to us directly. Solely the holders of parental responsibility are liable for preventing their children from providing personal information via the Website without relevant verifiable parental consent. If we learn that we have collected personal information from a child without verification of parental consent, we will erase that information as quickly as possible. If you reasonably believe that we might have any information from or about a child, or a child has directly provided us with personal information via the Website without verifiable parental consent, please contact us.
XII. CHANGES TO THE PRIVACY POLICY
In case we change our Privacy Policy, we will post the changes on this page. Please check the Website regularly for any changes.
XIII. HOW TO CONTACT US
If you have any questions about this Privacy Policy, please feel free to contact us at [email protected].
Copyright © 2023-2025 AIBY Inc.
Annex to Privacy Policy
U.S. Multistate Privacy Notice
INTRODUCTION. THE SCOPE OF APPLICATION
This U.S. Multistate Privacy Notice (“Notice”) supplements the information contained in Privacy Policy and may apply to individual residents of the U.S. states (“Covered U.S. Individual Residents”) that have enacted comprehensive data privacy laws including but not limited to California Consumer Privacy Act of 2018 (CCPA) as amended by California Privacy Rights Act of 2020 (CPRA), Texas Data Privacy and Security Act of 2023 (TDPSA), Virginia Consumer Data Protection Act of 2021 (VCDPA), Colorado Privacy Act of 2021 (CPA), Connecticut Data Privacy Act of 2022 (CTDPA) and others (collectively referred to as “U.S. State Privacy Laws” and separately as “U.S. State Privacy Law”). Notice addresses specific requirements common to U.S. State Privacy Laws and outlines additional information on the rights of Covered U.S. Individual Residents. It also describes how we collect, use, disclose and protect your personal information in compliance with these U.S. State Privacy Laws.
Applicability. Please note that if you are a user of our Website and a resident of one of the U.S. states where the corresponding U.S. State Privacy Law was enacted, you’ll be regarded a Covered U.S. Individual Resident and this Notice shall apply to you only if the processing of your personal data in connection with your use of the Website falls within the scope of such U.S. State Privacy Law. Please refer to the corresponding U.S. State Privacy Law for further details. If you are still unsure whether this Notice is applicable to you, please contact us, and we will spare no effort to assist you.
The correlation between Privacy Policy and Notice. This Notice does not replace and cannot be used interchangeably with Privacy Policy. On the contrary, Notice serves as a supplemental part of Privacy Policy for Covered U.S. Individual Residents.
The concept of personal data under U.S. State Privacy Laws. Applying Notice, you should also bear in mind that it pertains only to the processing of personal data which is understood as information linked or reasonably linkable to an identified or identifiable individual. Generally U.S. State Privacy Laws do not apply to the processing of de-identified, aggregated data or publicly available information, as these categories fall outside the scope of personal data.
THE CATEGORIES OF PERSONAL DATA PROCESSED. PURPOSES OF PROCESSING
Detailed information about the categories of personal data that may be processed when you use the Website is contained in Section II of Privacy Policy
To learn about the purposes of personal data processing please review Section III of Privacy Policy
SHARING OF PERSONAL INFORMATION WITH SERVICE PROVIDERS (PROCESSORS). CLARIFICATIONS ON ISSUES OF DATA SELLING
U.S. State Privacy Laws require us to provide you with information about who we share your personal data with and for what purposes. You can find comprehensive data in this regard in Section IV of Privacy Policy. The legal entities indicated in Section IV of our Privacy Policy act as our “service providers” or “processors” within the meaning of U.S. State Privacy Laws and process your information on our behalf for business purposes. The examples of business purposes are the following: auditing related to current interaction with users, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions; providing customer service, advertising, marketing, analytic services; detecting security incidents; debugging; provision of Website services to users; improving, enhancing, upgrading the Website functionality. When we use the services of our processors/service providers and disclose your information for business purposes, we enter into corresponding written contracts with them. These contracts incorporate data processing provisions, parts, sections or annexes that require our processors/service providers not to use personal information transferred by us other than for the purpose of performing the services specified in the contracts. Additionally, the contracts with our processors/service providers specifically prohibit them from and/or do not contain permissions for selling the personal information transferred by us.
We do not “sell” you personal information for monetary gain, which means that we do not and will not disclose your personal information to third parties in direct exchange for money or some other form of payment. However, certain U.S. State Privacy Laws provide expansive definition of the term “sell”, which leads to cases where some disclosures of personal information to a third party even for non-monetary benefit of the disclosing party (“valuable consideration”) may qualify as data selling. In particular, sharing of personal information with third parties for the purposes of “interest-based advertising”/ “cross-context behavioral advertising” may constitute a sale under broad definition and interpretation of this and similar terms (“sell”/”selling”/”sold”) according to some U.S. State Privacy Laws. Even if such kind of data sharing qualifies as sale under U.S. State Privacy Law applicable to you, you’ll always have an option to opt out (see the subsection [Instructions on Online Tracking Opt Out] below for more details on available opt out mechanisms).
PRIVACY RIGHTS
If you are a Covered U.S. Individual Resident and this Notice applies to you, you’ll be able to exercise all user privacy rights specified in Section VII of Privacy Policy, particularly:
- the Right to Know (also referred to as the Right to Access);
- the Right to Data Portability;
- the Right to Correct Inaccuracies (also referred to as the Right to Rectification);
- the Right to Data Deletion (also referred to as the Right to Erasure or the Right to Be Forgotten);
- the Right to Restriction of Processing;
- the Right to Object to Processing of Personal Data.
User privacy rights listed above have similar content and exceptions in different jurisdictions. Their general meaning is addressed in Section VII of Privacy Policy. However, some minor aspects related to these rights may vary slightly from one jurisdiction/state to another, therefore, you may want to consider these differences when submitting your user privacy request.
Besides the rights referred to above, U.S. State Privacy Laws specifically mention the following additional data privacy rights you have:
The Right to Opt Out of the processing of the personal data for purposes of (a) targeted advertising, sometimes also referred to as “cross-contextual behavioral advertising” or “interest-based advertising”; (b) the “sale” or “sharing” of your personal data; (c) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you. The specified Right to Opt Out is exercised with due regard to the context of our interaction with you as with the user of our Website and accompanying data processing activities. To learn the details on how you can exercise your Right to Opt Out, please refer to the subsection [Instructions on Online Tracking Opt Out] below.
The Right to Non-Discrimination. This right means that you will not receive discriminatory treatment for exercising your privacy right(s). Inter alia, we will not deny you the Website access or services, charge different prices or rates, or provide a different level or quality of services for you if you choose to exercise your user privacy right(s).
The Right to Appeal. If we deny and refuse to take an action on your initial user privacy request, you may have the right to appeal that decision under some U.S. State Privacy Laws. See the subsection [How to Appeal Initial Decision Regarding Privacy Request] below for more details.
HOW TO EXERCISE YOUR PRIVACY RIGHTS
Depending on the specific user privacy right you choose to exercise, different methods may be available to you.
In particular, when appropriate technical capabilities are accessible through your device and/or browser settings, some rights (e.g. the Right to Correct Inaccuracies, the Right to Data Deletion, the Right to Opt Out) can be exercised independently without our assistance and the need to submit us the corresponding request. For instance, in certain circumstances, the Website may allow you to change, update, correct inaccuracies, or delete certain pieces of your personal data via your Website account settings (if applicable).
Instructions on Online Tracking Opt Out.
Follow the instructions below to stop online tracking activities across third party services and sharing your data with third parties.
Analytics Platforms Opt Out Mechanisms. Some third-party analytics service providers have their own privacy management tools that allow you opt out and/or make your privacy choices directly.
To opt out of Google Analytics tracking, you can install and enable the Google Analytics Opt-out Browser Add-on. You can also manage or delete cookies set by Google Analytics through your browser settings. For more details on Google Analytics’ data practices and instructions, visit this link (see the section ‘Information for Visitors of Sites and Apps Using Google Analytics’).
Please note that disabling all cookies may impact the functionality of the Website, and some features designed to enhance your experience may not work properly.
Therefore, we recommend you to check the privacy options of our service providers (processors) regularly. The up to date list of our service providers (processors) is presented in Section IV of Privacy Policy.
For the purposes of this Notice opt out of online tracking activities using methods described above meets the purposes of exercising your Right to Opt of processing, “sale” (under broad interpretation) or “sharing” of data for the purposes targeted advertising, profiling to which third parties may be involved.
Submission of a user privacy request to exercise privacy right(s)
To exercise any user privacy right that cannot be managed independently, please contact us at any time via support email address available on the Website with your privacy request. When submitting your request, please include in its text the phrase “Exercising my rights to maintain confidentiality in [State]”, replacing ‘[State]’ with the name of the state of your residence. We will make every effort to fulfill your request and support you in exercising your privacy rights.
AUTHENTICATION OF USER PRIVACY REQUESTS. INSTRUCTIONS ON HOW TO APPEAL OUR INITIAL DECISION REGARDING YOUR PRIVACY REQUEST
When you submit any user privacy request via the support email address available on the Website in order to exercise your privacy right(s), the relevant procedure of request authentication shall be put in place. The details and rules for such authentication procedure are provided below.
We shall comply with your user privacy request only if we are able to authenticate you as the user of our Website and as a Covered U.S. Individual Resident. Therefore, when submitting a verifiable user privacy request, you should be ready to:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or such person’s authorized agent, which (depending on the circumstances) may include: name, address, city, state, zip code and email address. We may use this information to surface a series of security questions to you to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming his/her authority to represent your interests or a power of attorney, signed by you.
- Describe your privacy request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will be unable to respond to your privacy request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that the personal information relates to you. Before processing your request, we may ask for additional information or documents to verify your identity. This serves as a safeguard to prevent the unauthorized disclosure of your personal information in response to fraudulent or deceptive requests.
We ensure that personal information provided in a verifiable user privacy request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.
We try to respond to a verifiable user privacy request within forty-five (45) days of its receipt. If we require more time and it is reasonably necessary, we may extend the response period. In this case we will inform you of the reason and the applicable extension period in writing.
How to Appeal Initial Decision Regarding Privacy Request.
In cases when we have a reasonable basis, we may choose to decline to take an action regarding the user privacy request. For example, this may happen when we are unable to authenticate a request, or when the request is manifestly unfounded or fraudulent. In this particular case we’ll inform you of the justification for declining to take action within a reasonable period of time after receiving your initial request.
If we decline to take action with respect to your initial request, you may be entitled to appeal our decision under some U.S. State Privacy Laws. To do so, you will need to provide us with the missing information and explanations reasonably necessary to address your request effectively. Within the term prescribed by the applicable U.S. State Privacy Law we’ll inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for our decision.
CHANGES TO THIS NOTICE. FINAL PROVISIONS
We may update this Notice from time to time. To stay informed of updates, please review the latest published version of Notice regularly.
If you reasonably believe that certain U.S. State Privacy Law provides you with additional rights or options not outlined or referred to in this Notice, please contact us via the support email address available on the Website. We will do our best to address all your concerns and reply to your request effectively.
Copyright © 2025 AIBY Inc.