This statement applies to Data Subject residing in California, USA, and supplements the terms provided in the general privacy statement.

This privacy notice for California residents supplements the information contained in the Privacy Policy of Avanquest Software SAS and its subsidiaries (collectively, “we,” “us,” or “our”) and applies to Visitors, Users, and Customers who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Privacy Rights  Act of 2020 (“CPRA”) and other California privacy laws.  Any terms defined in the CPRA have the same meaning when used in this notice.

This statement refers to the information collected either automatically or, as submitted by you, when you access, use or visit any of our digital assets or support channel (digital or other), that link or otherwise refer to the general privacy statement or this supplemental statement.  

According to the California Privacy Rights regulation, the following information we wish to provide the following information about our data collection and data processing practices. Please note that the general privacy statement includes the most required information and the following disclosures are provided for the sake of extra clarity.

For any data protection-related matter, please contact our DPO at dpo@avanquest.com.

1. Categories of personal information we collect and process.

   As described in our Privacy Policy, one or more of the following personal data categories may be processed by us or our affiliated companies:

   • Identifiers (such as email address, physical address, and phone number)
   • Online identifiers (such as cookies and IP address)
   • Online and network activity (engagement you make with us online, clicks, page views)
   • Device and OS information (type, versions, models)
   • Installation reports (timestamp and type of installation)
   • Products usage information (activity logs)
   • Payment and billing information
   • Marketing and advertising information (clicks, campaign metrics, referrer URLs)
   • Customer support and customer relation information (tickets, subject matter, status)
   • Signing up, registration, and account management
   • Subscription information
   • Analytics and BI

   For more details about the elements in each category, please refer back to our Privacy Policy.

2. How we may share personal information.

• As a rule, we do not sell your personal information or share it for monetary gain. We do use advertising services of vendors such as Google, Facebook, Bing and Linkedin, which under California law may be considered data selling. If you wish this type of data selling (i.e. sharing of IP address and cookies information for targeted advertising), you can use the opt-out option available from the footer of the page labeled as “do not sell my data“. 
• We may share your personal information with a third party for a business purpose, including our Affiliated Companies. When we do so, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
• In the preceding twelve (12) months, we have shared the following categories of personal information for business purposes:

3. Consumer privacy rights

Under the CPRA you may exercise the following rights:

• Access and data portability rights. You may request us to access certain information we may hold about you in the past 12 months. You may also ask us to provide it to you in a human-readable fashion (subject to exemptions). If you have an account with us, you can exercise your right directly via your account, or make a request to us via the form available in the portal or via email to dpo@avanquest.com. Upon receipt of your verifiable request, and provided no exceptions apply, will process the requested information. The right to access includes the following type of information (preceding 12 months):
  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or other purposes for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or shared your personal information for a business purpose.

You may only make such a request for access or data portability twice within a 12-month period.

• Delete personal data.

  You have the right to request the deletion of personal information retained about you, subject to certain exceptions (see below). If you have an account with us, you can exercise your right directly via your account, or make a request to us as described below. When applicable, once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

  We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with a customer/you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (CalOPPA) or any other applicable law.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

• Rectify personal information. You have the right to request that we correct any inaccurate personal information that it has collected about you, including:

• • The right to request that we delete any incomplete or inaccurate personal information that it has collected about you.
  • The right to request that we provide a method to directly correct your personal information only if you have an online account and the information is reasonably available through the account.

Note: These rights to rectification only apply to the personal information we collected about you directly and do not apply to personal information that we received from a third party.

• Opt-out of data selling or sharing. Avanquest is not in the business of selling, renting, or disclosing personal information to third parties for their direct marketing goals. We do, from time to time, may share your personal information for our marketing, advertising, and analysis purposes. If you do not want us to share your personal information, please click the ‘Do Not Sell/Share My Personal Information’ link at the footer of this page.

4. Exercising your rights and choices

• Exercising rights to access, data portability, deletion, and rectification is best done via your account. Otherwise, you can submit a verifiable consumer request to us by email to: dpo@avanquest.com or via the ‘privacy rights’ section in the portal. 
• A verifiable consumer request is “a request that is made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a natural person or a person registered with the Secretary of State, authorized by the consumer to act on the consumer’s behalf, and that the business can reasonably verify, pursuant to the regulations adopted by the Attorney General pursuant to paragraph (7) of subdivision (a) of Section 1798.185 to be the consumer about whom the business has collected personal information.”
• Any consumer request must: (1) Be made by a registered California resident or someone on their behalf; (2) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; (3) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
• Making a request does not require you to create an account with us if you do not already have one.  We will only use personal information provided in a verifiable consumer request to verify the identity or authority to make the request.

5. Response Timing and Format

• We strive to respond to a verifiable consumer request within 45 days of its receipt. If we require more time and meet the extension requirements defined by law, (up to 90 days), we will inform you of the reason and extension period in writing (electronically).
• If you do not have an account with us, we will deliver our written response by email. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request if that is the case.
• For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
• We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

6. Non-Discrimination

We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA or any other law, or due to your violations, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you with a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

7. Do not Track Signals (CalOPPA)

Do Not Track is a privacy preference that can be configured in certain web browsers (the “DNT Feature”); the DNT Feature, when enabled on a web browser, signals the websites you visit that you do not want certain information about your visit collected. Undertone does not currently respond or recognize DNT Feature signals.

8. Changes to this privacy statement

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you as per the notification mechanism described in our Privacy Policy, or, as otherwise required by applicable laws.

9. Contact info

If you have any questions or comments about this notice, our privacy statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at: dpo@avanquest.com.