top of page

Privacy Policy

[Last Updated: November 2023]

This Privacy Policy (“Privacy Policy”) governs the privacy practices of L.S Mobile Apps Holdings Ltd. (“L.S Mobile”, “we” “us” or “our”) and is an integral part of our Terms of Use (“Terms”). Any definitions used herein but not defined herein shall have the meaning ascribed to them in our Terms.

This Privacy Policy details the data we may collect from you, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below), among others, and where applicable, as required according to the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 effective January 1, 2023 (“CPRA”) (collectively “CCPA”).

As our Apps may be offered to users globally, and as different jurisdictions may have different requirements in order to comply with privacy regulations, please see our “Jurisdictions Specific Notices” attached herein as Annex A to this Privacy Policy.

TABLE OF CONTENTS

  1. AMENDMENTS

  2. APPLICABILITY

  3. CONTROLLER AND DATA PROTECTION OFFICER DETAILS

  4. TYPES OF DATA WE COLLECT FROM USERS

  5. PURPOSE OF PROCESSING USER’S DATA AND THE LAWFUL BASIS

  6. NON-USER DATA

  7. HOW WE COLLECT DATA

  8. SHARING DATA

  9. YOUR RIGHTS

  10. DATA RETENTION & DELETION

  11. DATA SECURITY

  12. ELIGIBILITY AND CHILDREN PRIVACY

  13. DATA TRANSFER

ANNEX A - JURISDICTION SPECIFIC NOTICES

  1. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

  2. ADDITIONAL NOTICE TO COLORADO RESIDENTS

    • Your Rights Under CPA

    • How to Submit a Request Under CPA?

  3. ADDITIONAL NOTICE TO VIRGINIA RESIDENTS

    • How to Submit a Request Under VCDPA?

  4. ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

    • How to Submit a request under CDPA?

  5. ADDITIONAL NOTICE TO UTAH RESIDENTS (effective January 2024)

  6. NOTICE TO NEVADA RESIDENTS

 

1. AMENDMENTS:

Except as otherwise described herein, we may at our sole discretion and at any time amend the terms of this Privacy Policy. Such changes shall be effective within 30-days from the publication of the amended terms on our website or in the App. The latest amendment to this Privacy Policy will be reflected in the "Last Updated" heading above. Your continued use of the App, following the amendment of the Privacy Policy, constitutes your acknowledgement of such amendments to the Privacy Policy. In the event of a material change, or in the event we are required by law, we will make a reasonable effort to provide you notification of such change.

 

2. APPLICABILITY:

This Privacy Policy governs the data collected and processed from the following individuals (“you” or “your”):

  • “User(s)”: an individual that installs our apps, Easy Caller ID, Easy Backup, Easy Cleaner or Easy Contacts (each and collectively shall be defined as "App(s)");

  • “Non Users”: As part of the Services, we provide the User shares its contact list with us, if you are an individual that appears on such list, this privacy policy also applies to you.

 

3. CONTROLLER AND DATA PROTECTION OFFICER DETAILS:

L.S. Mobile Apps Holding Ltd., incorporated under the laws of Israel, registration number 516463312, is the controller of your Personal Data (as defined below).

You may contact us through the below means:

 

 

EU DPR:

Individuals from the EU may contact our EU representative according to Art. 37 GDPR regarding all requests related to data protection and privacy:

  • DP-Dock GmbH, Attn: L.S Mobile Holdings Ltd, Ballindamm 39, 20095 Hamburg, Germany.

  • EU DPR Email: LSM@gdpr-rep.com

UK DPR:  

Our Data Protection Representative according to Art. 27 GDPR:

  • DP Data Protection Services UK Ltd., Attn: L.S Mobile Apps Holdings Ltd., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom.

 

4. TYPES OF DATA WE COLLECT FROM USERS:

You can find here information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data and how it is technically processed. 

The first type of data we collect is aggregated, non-identifiable, non-personal data, which may be processed via your use of the Services (“Non-Personal Data”).

 

The second type of data is individually identifiable data, namely data that identifies an individual, or may with reasonable effort identify an individual (“Personal Data”).

In the event that we combine Personal Data with Non-Personal Data, we will treat the combined data as Personal Data for as long as it remains combined.

 

5. PURPOSE OF PROCESSING PERSONAL DATA AND THE LAWFUL BASIS:

 

(A) USER’S DATA

The data sets we collect and process including how we process such data sets, for what purpose and what is our lawful basis to such processing activates is as follows:

  • Online Identifiers - When you use our App, your IP address will be collected, either directly by us or through our service providers. We use this data to enable us to audit and detect fraud. Our lawful basis is our legitimate interest.

  • Account Data – you may access the Services through your Facebook, Apple or Google account or by creating an account by registering and provide us with your email address. You can also use the Services without logging in. Our lawful basis is contract necessity.

  • Social Account – during your usage of our Services we will collect and process your social account (i.e. email account address, WhatsApp account address and etc.) in order to enable us to provide you with our Services and to match between the Contacts of the said account with the applicable account. Our lawful basis is contract necessity.

  • Contact Information - If you voluntarily contact us for support or other inquiries, you may be required to provide us with certain information such as your name and email address. We will use this data to provide you with the support you requested or to respond to your inquiry. Our lawful basis is our legitimate interest unless you are a User seeking technical support, in which this would be part of our contract obligation to you.

  • Call Log – only if you use our Caller ID App you will need to accept the "call log" permission. We use this permission to identify your callers, including if this caller is active in the last 6 months for the purpose of detect spam and fraud, accuracy and making sure the number is actually associated with a caller and is not a bot or otherwise a spammer. Any Android or iOS permissions need to be affirmatively enabled through in-app permission or the mobile settings. You may disable the permissions at any time, but depending on the permission you disable, a feature or all features may not function properly.

  • Contact List - In order to provide our Services, you will need to share your full contact list with us and provide with the permissions to access your contact list. The Services include enrichment, management, backup, verification, deletion of duplication of your contact list address book or a caller ID. For this, we will need your contact list. Our lawful basis is contract necessity in order to provide you with our Services. However, when we use this information through the Caller ID App, we will also use the contact list for identifying callers, this is subject to our legitimate interest in detecting spam and fraud callers.

  • Professional Data - for the enrichment features, we add the professional data of the contacts such as job, title and position. We obtain the data from our Services providers as detailed below.

Please note that, the actual processing operation per each purpose of use and lawful basis detailed above, may differ. Such processing operation usually includes a set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. Transfer of Personal Data to third party countries as further detailed in the Data Transfer section is based on the same lawful basis as stipulated above.

(B) NON-USER DATA:

We may process the Non-Users’ Personal Data which includes: name, phone number, email, job position and title, and any other information that the User has saved for that particular Contact.

We receive this information from the Users’ after disclosing our use of this data and they have affirmatively accepted.

We use this information to provide the Services, cleaning, merging and authenticating and enhancing the Users’ contact list.

However, for Easy Phone Dialer & Caller ID Users, we use the Non-User Personal Data collected from a User to potentially identify this caller for other Users. In other words, in case you appear as a Contact of our Caller ID Users we will collect and share your Personal Data with other Users of our Caller ID App.

The Non-Users’ Personal Data provided by our Caller ID Users is determined by such Caller ID Users, and the we or anyone on our behalf does not control and is not responsible for the above, even if any information was transmitted and provided to other Caller ID Users by us. For the avoidance of any doubt, we serve solely as a platform enabling Users, inter alia, to manage contact lists, protect from spam calls and knowing how other Users name contacts in their phonebook.

 As party of our obligations and responsibility to respect data subject privacy, we provide Non-User with the option to request to be opt-out as a contact that appear in the Caller ID. You may exercise your opt-put right by following the link: https://www.lsmapps.com/onetrust-opt-out.

Please note that when using APPLE IOS operational system, the Caller ID database is stored on-device and does not update automatically. Thus, when a Non-User request to opt-out, the deletion of the Personal Data does not automatically update and it requires the User's active action in order to apply such updates to the Caller ID database by launching the App.

 

6. HOW WE COLLECT DATA:

Depending on the nature of your interaction, we may collect your information by using one or more of the following methods:

  • Automatically - we may use APIs software developer kit (“SDK”) and other technological measures to gather some of your data automatically.

  • Provided by you voluntarily – we will collect your data if and when you choose to provide us with such data, for example, via our registration process, when you contact us, etc. as explained in this Privacy Policy.

  • Access through Android or iOS Permissions.

7. SHARING DATA:

We may share information solely in the following events: 

  1. Third Party Service Providers: we share all data with cloud providers for hosting purposes. We further share the Non-User Personal Data with Lusha Systems Ltd., (“Lusha”) our service provider and parent company. The purpose for sharing this data is to provide the enrichment and authentication features. If you are an EU data subject, Lusha will notify you once it receives this data and will offer you to opt-out. For more information, please see Lusha’s privacy notice HERE.

  2. Sharing Between Caller ID Users: To provide and improve our Caller ID App Services, we will share certain information with other Users of our Caller ID App Services, as it is necessary for the adequate performance of the contract between you and us and for performance of certain features of our Services based on our legitimate interest. Meaning, we may use the information provided by a User to identify a caller of a different User.

  3. Legal Requirement: We may share information in order to protect legal rights (including intellectual property rights) or to comply with any applicable law, regulation, legal process or governmental request.

 

8. YOUR RIGHTS:

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. We provide you with the ability to exercise certain choices, rights and controls in connection with your information. Depending on your relationship with us, data protection and privacy laws provide you with some of the following principal rights regarding your Personal Data: The right to access your Personal Data that we process; the right to ensure your Personal Data is accurate, complete and up to date; the right to have your Personal Data amended (by correcting, deleting or adding information); the right to object to the processing of your Personal Data, to the extent applicable; the right to withdraw consent, subject to legal or contractual restrictions and reasonable notice; right to Non-Discrimination and the right to cease sharing or selling your information as such term is defined under the CCPA.

You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request Form (“DSR”) available HERE, send us the request at: dpo@lsmapps.com.

Note that certain deletion, correction, and opt-out rights can be exercised by you independently. For example, depending on your interaction with us:

  1. You can opt-out from receiving marketing emails from us by clicking the “unsubscribe” link within the email;

  2. If you have a signed up as a registered User you may correct and revise or delete the Account Data through the App settings;

  3. If you are a Non-User, you may request us to opt-out through the link on the website HERE at any time, or submit the DSR form for deletion. 

NOTE THAT DELETING THE APP FROM YOUR DEVICE WILL NOT RESOLVED IN DELETING YOUR DATA COLLECTED FROM YOU IF YOU WISH TO DELETE THE ACCOUNT DATA PLEASE FILL IN THE DSR OR PRIOR TO DELETING THE APP GO TO THE APP SETTINGS AND CLICK “DELETE ACCOUNT DATA” AFTER YOU RECEIVE CONFIRMATION YOU CAN PROCEED AND DELETE THE APP.  WHEN YOU DELETE THE ACCOUNT DATA, WE WILL AUTOMATICALLY DELETE THE CONTACTS LIST AND THE CALL LOGS THEREFORE PLEASE MAKE SURE THIS INFORMATION IS BACKED UP PRIOR TO DELETION.

According to your relationship with us, we require you to provide different identifying details in order to locate you in order data base and follow your request.

  1. Registered Users – please provide us the email address that you used to register and open an account

  2. Non registered Users - may either submit deletion request through the Apps setting or in case you wish you can submit any request detailed below by providing us your device unique identifier as follows:

    1. UDID For apple device that can be found as follows: (i) Open up the latest version of iTunes and connect your iOS device to your computer (ii) Select your iOS device by clicking the device’s image located at the upper-left corner of iTunes’s UI. (iii) On the next screen, a window should appear listing your phone’s Capacity, Phone Number, and Serial Number. (iv) By clicking on Serial Number once, the prompt should change to display your UDID.

    2. IMEI for Android device, that can be found as follows: (i) Go to Settings. (ii) Select General. (iii) Select About. (iv) Scroll down to find your IMEI number

  3. Non-Users - please provide your phone number that you believe that is stored in our database.

Where we are not able to provide you with the information for which you have asked, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the supervisor authority (in the event you are a European Economic Area resident). We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information in accordance with applicable law.

 

9. DATA RETENTION & DELETION

Basically, we only keep your data as long as required to fulfill the purpose for which the data was collected, or as we are required by law.

We retain the data that we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual requests that we delete his or her Personal Data. We may, at our sole discretion, delete or amend information from our systems, without providing any prior notice to you, once we deem it is no longer necessary for such purposes.

Detailed retention period:

  • Users - you may request us to delete your information from any of our, and our service providers, databases, through the App settings as mentioned above on Section 9, or by submitting a request to: dpo@lsmapps.com or as deleted above. As long as you are our User we will continue to store your Personal Data, as noted above, deleting the App will not result in deletion of your Personal Data. In case you request us to delete your Personal Data we will delete your Personal Data as well as the contact lists and call logs collected from you, and we will request our service providers to delete such Personal Data as well.   

  • Non-Users - you may request us to opt-out (https://www.lsmapps.com/onetrust-opt-out) or to delete your Personal Data. You may request to delete your Personal Data by submitting DSR form. Please note that when using APPLE IOS operational system, the Caller ID database is stored on-device and does not update automatically. thus, when a Non-User request to opt -ut, the deletion of the Personal Data does not automatically update and it requires the User's active action in order to apply such updates to the Caller ID database by launching the App.

  • Other Data Sets - correspondence information, CVs, and other information provided to use will have various retention periods depending on the request, the consents and the law requirements.

In addition, please note that in case you are an User requesting us to stop the collection of your data (“Opt-Out”) by either contacting us through or by switching off the collection toggles in our App, we will stop the collection of your data from the date of such request, but we will use and process the data collected from you prior to submitting the request in order to provide our Services.

 

10. DATA SECURITY:

We take great care in implementing and maintaining the security of the Services and the Personal Data that we collect and process. We employ strict security procedures and policies to ensure the safety of the Personal Data we process and prevent any unauthorized use of it, as explained detailed in our Information Security Policy. If you believe that your privacy was treated in a way that was not in accordance with this Privacy Policy, or if you believe that someone may have attempted to abuse our Services, please contact us at: dpo@lsmapps.com.

Additionally, in the event of a security incident in which we discover your Personal Data may have been at risk, we will take reasonable efforts to notify you and the applicable authority (if required to do so, subject to applicable laws).

 

11. ELIGIBILITY AND CHILDREN PRIVACY:

The Services are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law which with respect to the EEA is under the age of 16 and with respect to the US, under the age of 13) and we do not knowingly process children's information. We will discard any information that we receive from a User that is considered a "child" immediately upon our discovery that such a User shared information with us. Please contact us at: dpo@lsmapps.com. If you have reason to believe that a child has shared any information with us.

12. DATA TRANSFER:

Our data servers in which we host and store the information are located in the EU. Our HQ is based in Israel in which we may access the information stored on such servers or other systems such as the L.S Mobile’s ERP, CRM, Salesforce and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area ("EEA") is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments and or assurances from the data importer to protect your Personal Data, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well recognized certification schemes.

 

ANNEX A - JURISDICTION SPECIFIC NOTICES

ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the CCPA, please see the CCPA Privacy Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

 

ADDITIONAL NOTICE TO COLORADO RESIDENTS

Under the Colorado Privacy Act (“CPA”) if you are a resident of Colorado, acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your personal data are described below.

“Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

Sensitive Data includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data.

Section 5 “Purpose of Processing User’s Data and the Lawful Basis” of the Privacy Policy, we describe our collection and processing of personal data, the categories of personal data that are collected or processed, and the purposes. Additionally, in Section 8 “Sharing Data” details the categories of third-parties the controller shares for business purposes.

Your Rights Under CPA:

Herein below, we will detail how consumers can exercise their rights, and appeal such decision, or if the L.S Mobile sells the personal data, or sells the personal data for advertising and how to opt-out:

  1. Right to Access/ Right to Know – you have the right to confirm whether and know the Personal Data we collected on you. You can exercise your right by reviewing this Privacy Policy, in case you would like to receive the Personal Data please fill in the DSR Form to receive a copy of your data.

  2. Right to Correction – you have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data. You can exercise this right directly through your account or by filling in the DSR Form.

  3. Right to Deletion – you have the right to delete the Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3)  Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5)  Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action. If you would like to delete your Personal Data please fill in the DSR Form. You do not need to create an account with us to submit a request to know or delete.

  4. Right to Portability – you have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. If you would like to receive the Personal Data please fill in the DSR Form. To receive a copy of your data we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

  5. Right to Opt-Out from Selling Personal Data – you have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc. The L.S Mobile does not sell your Personal Data, so we do not offer an opt out. The L.S Mobile may “share” Personal Data with third parties for personalized advertising purposes. You may indicate your choice to opt-out of the sharing of your Personal Data with third parties for personalized advertising on third party sites as detailed in Section 9 "Your Rights". To opt out from the use of cookies on our website, please click the “do not sell or share my personal information” in the footer of the website which will enable you to customize the use of cookies on our website.

  6. Right to Opt-Out from Targeted Advertising – you have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc. We do not profile you, thus we do not need to provide an opt-out.

  7. Right to Appeal – if we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. If we deny the appeal, you may contact the Colorado Attorney General using this link: https://coag.gov/office-sections/consumer-protection/  or (720) 508-6000. Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.

  8. Duty not to violet the existing laws against discrimination or non-discrimination – such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our Users.

How to Submit a Request Under CPA?

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If the DSR Form is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: dpo@lsmapps.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

 

ADDITIONAL NOTICE TO VIRGINIA RESIDENTS

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The VCDPA requires Carambola discloses the Categories of data processing and the purpose of each category, as detailed in Section 5 “Purpose of Processing User’s Data and the Lawful Basis” of the Privacy Policy, the categories of data shared and the third parties with whom it is shared, as detailed in Section 8 “Sharing Data”. Disclosure of sale of data or targeted advertising are detailed in Section 9 "Your Rights" above, and in the DSR Form. Further, as stated above under “Your Rights under CPA” details the rights you have under VCDPA and how you may exercise your rights.

How to Submit a Request Under VCDPA?

We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: dpo@lsmapps.com and specifying you wish to appeal.  Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.

 

ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The categories of Personal data processed, purpose of processing, are detailed in Section 5 “Purpose of Processing User’s Data and the Lawful Basis”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section 8 “Sharing Data”. Disclosure of sale of data or targeted advertising are detailed in Section 9 "Your Rights" above, and in the DSR Form.

Instructions on how to exercise your rights under CDPA are as stated above under “Your Rights under CPA”.

How to Submit a request under CDPA?

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 days response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

 

ADDITIONAL NOTICE TO UTAH RESIDENTS (effective January 2024)

Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your Personal Data are described below. “Personal Data" refers that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data. 

The categories of personal data processed, purpose of processing, are detailed in Section 5 “Purpose of Processing User’s Data and the Lawful Basis”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section 8 “Sharing Data”. Disclosure of sale of data or targeted advertising are detailed in Section 9 "Your Rights" above, and in the DSR Form.

Further, instructions on how to exercise your rights under UCPA are as stated above under “Your Rights under CPA”.

 

NOTICE TO NEVADA RESIDENTS

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to dpo@lsmapps.com.

bottom of page