California Privacy Notice
This privacy notice supplements Adversary Security’s Privacy Notice to explain the categories of personal data that we collect and how we collect and use personal data that is subject to the California Consumer Privacy Act of 2018 (CCPA).   This supplemental notice should be read in connection with Adversary Security’s Privacy Notice.  In the case of a conflict, the terms of this supplemental notice will prevail as it pertains to California residents.

Information We Collect, Use and Disclose

Adversary Security collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (personal information). This information is collected in order to carry out the business purposes you engaged Adversary Security to perform and other commercial purposes.  In particular, we collected the following categories of personal information about our consumers:

Category | Examples | Collected.

A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name. YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES

C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES

D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO

E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, signatures, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO

F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. NO

G. Geolocation data. Physical location or movements. YES

H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO

I. Professional or employment-related information. Current or past job history or performance evaluations. NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO

K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO

Your legal rights

The California Consumer Privacy Act (CCPA) provides residents of California specific privacy rights. These include the right to:

- request information from us regarding the categories and specific pieces of personal information we collect, use and disclose about you;

- request, twice in a 12-month period, a copy of the information collected over the last 12 months;

- request the deletion of information, with exceptions;

- opt-out of the sale of personal information; and

- not be discriminated against for exercising any of the above consumer rights.

Exercising Rights Under the CCPA

You may contact us at anytime to exercise your rights under the CCPA.  As part of processing your request, we require you to provide certain personal data about you in order to verify your identity in accordance with the CCPA requirements. This information includes your first and last name, email address, physical address, telephone number, and description of relationship to Adversary Security, but may also include additional information based on the nature of your request and your relationship with us.

Additionally, in accordance with your rights under the CCPA, you may designate an authorized agent to make a request on your behalf. In order to comply with your request, we will require the personal data referenced above to be used for identity verification purposes, as well as the name, email address, and telephone number of your authorized agent.

After we verify your identity and the validity of your request, we will take the following action free of charge:

- in the case of an access request, provide you any required personal data covering the twelve (12)-month period preceding your request; and

- in the case of a deletion request, delete personal data that we have collected about you, subject to our right to maintain your personal data for specific purposes permitted under CCPA.

We will work to comply with your verified request within forty-five (45) days, but may extend that period when reasonably necessary, in which case we will notify you.  Please note that you may only make an access request to us for your personal data up to two (2) times in any twelve (12) month period.