The Privacy Policy applies to the personal information collected from users of our Websites, Products and Services in which the Privacy Policy is posted or linked, when the Privacy Policy is specifically referenced in the Websites, Products and Services or when Chaos asks you to acknowledge it. This Privacy Policy also covers personal information that we collect from consumers who contact us by email, telephone and offline, such as during in-person events. 

If you are one of our Partners or Resellers, this policy also tells you how we process personal data when we conduct business with you.

This Privacy Policy also may apply to personal information provided to us by consumers who engage with us through social media.

This Privacy Policy aims to provide you with comprehensive information in a clear and understandable language about what actions are taken with the personal data you provide to us, including:

• What personal data do we process?
• For what purposes do we process your personal data?
• For how long do we keep the personal data you provide?
• Whom do we share your personal information with?
• What are your rights regarding your personal data and how you can exercise them? 
• How do we notify you of a change to our Privacy Policy?

With this Privacy Policy, Chaos declares that it has implemented all technical and organizational measures to protect the personal data of individuals prescribed by applicable law.

The data controller in the sense of the GDPR and other applicable data protection laws is:

Chaos Software GmbH, a limited liability company incorporated under the laws of the Federal Republic of Germany, Amtsgericht Mannheim, HRB 726749.

Chaos is part of a corporate group of entities operating in and outside of Germany. Chaos may share your personal data with other Affiliates within this Corporate Group if the applicable legal requirements are met. For avoidance of doubt Affiliate should mean an entity that controls, is controlled by or is under common control with Chaos Software GmbH. For purposes of this defined term, “control” means ownership of more than fifty (50%) percent of the voting stock or other ownership interest in an entity.

In certain cases, the immediate data controller may be one of Chaos Software GmbH’s Affiliates, please see Section 14. Privacy Rights and Choices, which includes additional descriptions of your rights and our obligations in certain key jurisdictions and who is the responsible data controller depending on your country of residence.

If you have any questions and / or requests related to your personal data that Chaos processes, you can contact us at: An der Raumfabrik 33b, 76227 Karlsruhe, Germany, or email: dpo@chaos.com 

You can contact our Data Protection Officer at the following email: dpo@chaos.com 

Please see Section 14. Privacy Rights and Choices, which includes additional descriptions of your rights and our obligations in certain key jurisdictions and who to contact depending on your country of residence. 

Chaos develops 3D visualization technology for architecture, engineering, construction, product design, manufacturing, and media and entertainment.

Our Websites, Products and Services are strictly professional and are not aimed at children under 18 years old and we will not deliberately collect, use, provide or process in any other form any personal information of children under the age of 18. We therefore also ask you, if you are under 18 years old, please do not provide us with your personal information (for example, your name, address, and email address). In case you are under 18 years old and wish to use our Websites, Products and Services please ask your parent or guardian to register and buy a license for you. If we learn that we have collected personal data through our Websites, Products and Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

Any information and data by which an individual can be identified falls directly or indirectly under the definition of “personal data”.

For example, indirect identification is your mobile number. Direct identification is achieved when you provide a unique identifier such as Personal Identification Number (PIN), passport number, etc.

"Special categories of personal data" means for example data revealing racial or ethnic origin, political views, religious or philosophical beliefs or membership of trade unions, as well as the processing of genetic data, biometric data for the sole purpose of identifying an individual, health data or data about the sexual life or sexual orientation of the individual.

We collect personal data directly from you, for example when you create an account with us or contact us. We also collect data when you use our Websites, Products and Services including usage data. We sometimes collect data from third parties, including our Resellers and Partners.

This personal data that Chaos collects and processes for our Websites, Products and Services may include the following categories:

We collect Personal Data via cookies, pixel tags, or similar technologies when you use our Websites, Products and Services (collectively referred to as Cookies), including for conducting analytics and advertising. For more information on our use of cookies, please read our Cookie Policy or use the Cookie Settings functionality available in our Websites, Products and Services that implement cookies.

Chaos does not collect any special categories of personal data since such are not required for the use of our Websites, Products and Services. If sensitive categories of personal data are provided by you during your communication with the Company or use of our Websites, Products and Services, it will be deleted as soon as possible after the processing of such data is established.

The processing of personal data includes the collection, storage, destruction, transfer, correction, updating, deletion, and all other activities carried out with your personal data. 

Chaos processes personal data on the grounds of the performance of a contract with the consumer (Article 6, paragraph 1, item "b" of the GDPR). We may also process personal data after obtaining clear, free, and unambiguous consent from you for the purposes of processing expressed through your voluntary registration or provision of data in our Websites, Products and Services or trough clicking onto optional checkboxes (Article 6, paragraph 1, item “a” of the GDPR). The consent you provide can always be withdrawn by contacting us or using the contact form available on our website.

Some of our processing activities are based on legitimate interest (Article 6, paragraph 1, item “f” of the GDPR), but only after we have carefully assessed that such interests do not concern the fundamental rights and freedoms of the data subject.

Lastly, in a very limited number of cases we process your personal data for compliance with a legal obligation to which Chaos is subject (Article 6, paragraph 1, item “c” of the GDPR).

Chaos operates in different countries across the world which may use different legal bases for processing according to applicable laws in different jurisdictions. In any case We make sure that we process your personal information lawfully and we apply the following principles:

• Transparency
• Respect
• Trust
• Fairness

The personal data provided by you shall be used for the following purposes, including but not limited to:

• Administration and maintenance of our Websites and the Chaos IDs of our customers and users.
• Sale, support, development and analytics of our Products and Services.
• Usage of aggregated data (telemetry) about your use of our Products and Services for the purpose of making all our products and services better.
• For data analytics, research and product development that enable us to better understand our consumers and offer innovations for them.
• Marketing and advertising activities, including but not limited to sending you marketing messages by email, in-app notifications and phone, if the legal requirements for digital marketing are met.
• For targeted advertisements (also sometimes referred to as personalized or interest-based advertising) based on information generated by a user’s online activity, such as visiting websites that contain our advertising partners’ ads or cookies, some of which are based on geo-location.  
• To create anonymized data, which are not subject to this Privacy Policy, that are used in improving Chaos’ Products and Services and similar business purposes and otherwise as permitted by contract and law.
• To detect and protect against fraud, abusive and unauthorized use of our Products and Services, including to combat against piracy of our software products.
• Processing of personal data for compliance with regulatory and other legal requirements.
• Answering claims and requests sent by our customers / users.
• Processing orders or purchases made by our customers / users.
• If you are a Reseller or Partner, communicate with you to manage our relationship.
• Performance of rights and obligations related to our products, contractual or pre-contractual relationship with our customers / users.
• Anticipating and resolving issues related to our Products and Services.
• For the purposes of ensuring proper functioning of the cloud services and to investigate and resolve issues we may have access or otherwise process the uploaded user generated content. Chaos may use automated processing techniques on content you upload in order to improve our Products and Services and user experience.
• Creating new Products or Services that would meet your needs.

Your personal data is not subject to automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR.

When you visit our Websites or use our Products and Services, Chaos processes (collects) your personal information in the following ways:

• By providing your details to purchase and use any of our Websites, Products and Services.
• By providing your details to use a free product, Not For Resale (NFR) License, trial or a demo version of any of our Products and Services.
• By completing your account registration or other various forms on our Websites.
• By filling in your required billing details.
• By processing information about IP addresses, cookies, operating system, and browser type.
• By processing anonymized telemetry or personalized telemetry (if enabled) or other product usage data when you use our Products and Services.
• By using our support functionalities, send us emails or use our forums.
• By attending events, seminars, workshops, camps or other in-person gatherings that require registration or where photographs and/or video of the event is being recorded.
• By receiving information from third parties especially when we interact with our Resellers and Partners or conduct targeted advertising activities and utilize lead generation through third-party platforms when the applicable legal grounds are met.

Depending on the legal ground based on which we process your personal data, the storage period of personal data may be different.

Your personal data is stored as long as we have valid legal grounds for processing it. After this period has expired and in case there is no legal ground to continue storing your personal data, your information shall be fully anonymized or deleted.

Chaos respects your privacy and keeps your data secured. Subject to statutory requirements or business needs, Chaos may disclose your personal data to the following categories of recipients:

• Service providers: When we use service providers related to client management systems, technical maintenance and provision of internal IT systems, cloud storage and operational support to our activities, Chaos may disclose personal data to those service providers. Please be informed that such disclosure shall commence only in case there are legitimate grounds for doing so and only based on a written agreement ensuring that the receiver provides adequate levels of protection for the personal data.
• Our corporate partners and companies within our distribution network: Chaos uses a network of corporate partners and distributors (referred to in this Privacy Policy as Partners and Resellers) who distribute our products and services in different jurisdictions and bundles. Therefore, we may disclose your personal data to a distributor who is in a suitable area with you in order to provide the best quality service.
• Other companies in our corporate group: Chaos shares your data with other companies within its corporate group. 
• Corporate restructuring: If we are involved in a merger, acquisition or asset sale, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be transferred to a party involved in such arrangement.
• External companies providing services related to card payments: Payment card purchases are processed by third-party payment processors. Chaos does not have access to complete bank account numbers, credit card numbers or debit card numbers. We receive only partial bank data and statements while the third-party payment processor company processes your full bank information;
• Advisors: We work with various advisors, including tax consultants, auditors and legal advisors, with whom we may share your Personal Data.

Legal: Information about our users, including Personal Data, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Chaos, our users, a third party, or the public. 

In principle, Chaos and many of its Affiliates that are based in Europe store and process personal data predominantly in the European Union (“EU”), the European Economic Area (“EEA”) and the United Kingdom (“UK”).

Chaos may transfer personal information across borders to any of the places where we and our Affiliates, Partners and Resellers operate. These other places may have data protection laws that are different from (and, in some cases, less protective) than the laws where you reside. 

If your personal information is transferred across borders by us or on our behalf, we use appropriate safeguards to protect your personal information in accordance with this Privacy Policy and applicable law.  These safeguards include agreeing to standard contractual clauses or model contracts for transfers of personal information among our Affiliates and among our Partners and Resellers.  When in place, these contracts require our Affiliates, Partners and Resellers to protect personal information in accordance with applicable privacy laws.  

For more information about how we transfer Personal Data internationally, please contact us as set out in Section 3 above. 

This Section applies to residents in the EU, EEA and UK, as well as any resident of a country that is not listed in Section 14 and provided with specific rights applicable per their local legislation in the country of residence.

Subject to European law (GDPR) and the privacy laws applicable in the UK, you may have the following rights to your personal data processed by Chaos:

• Access your personal data that Chaos processes and get a copy thereof.
• In case of incompleteness or inaccuracy in the data that Chaos processes, your personal data will be corrected (right to rectification).
• Request the erasure of your personal data when the conditions are met. Such cases are if the purpose for which the data is collected is achieved, you have withdrawn your consent when the processing is based on consent and there is no other legal basis for processing, your data is being processed unlawfully, and others.
• In the cases specified by the law, you may require that the processing of your personal data is restricted.
• In the cases specified by the law, you may object to the processing of your personal data.
• Exercise your data portability rights and request that your data be provided in a structured, commonly used and machine-readable format.
• Withdrawing your consent when processing your personal data is based on consent.

You can exercise any of the above rights by submitting a formal request to the following address: An der Raumfabrik 33b, 76227 Karlsruhe, Germany, or email: dpo@chaos.com. In order to exercise your rights, it is mandatory to establish the identity of the claimant when submitting a request for exercising your rights. For your convenience we have created a policy for data subjects’ rights where you can find a lot more information about your rights related to data privacy and how to exercise them.

If you are a European resident, you also have the right to file a complaint with the respective data protection authority where you live, work or where you think we have violated data protection laws, when the relevant prerequisites are in place.

You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email or by contacting us at dpo@chaos.com. You may continue to receive service-related and other non-marketing emails. 

This policy may be updated periodically to reflect changes in personal data protection legislation and best practices. When Chaos updates this Privacy Policy, We will post the updated version and change the Effective Date above.  We will also take appropriate measures to inform you in advance of significant changes that We believe affect your privacy rights either via email or including a just-in-time notice displayed in our Products or Services.  If your consent is required by applicable privacy laws, we will obtain your consent to changes before the revised Privacy Policy applies to you.  Please regularly check this Privacy Policy to ensure you are aware of the updated version. 

RESIDENTS OF SOUTH AFRICA

Personal information that is collected from you is required for you to have access to Chaos’ Websites, Products and Services.  Failure to provide this personal information may prevent you from accessing or using any or all of our Websites, Products and Services.  Under the Protection of Personal Information Act 4 of 2013 (POPIA), personal information of juridical persons also is protected; therefore, in the event that our Websites, Products and Services are accessed on behalf of a juridical person (legal entity), personal information of such legal entity should be protected.

Direct Marketing

All electronic direct marketing communication will be sent to you (until you opt out) when:

• you consent to receive direct marketing communication in accordance with POPIA; or
• We received your personal information in connection with the sale of any of our products or services to you so that we can communicate with you about our other products or services.  You can choose to opt out of receiving these marketing communications at the time by using the “unsubscribe” link or contacting us at using the contact information below.

Your Rights 

You have the right to make the following requests about your personal information:

• to ask whether Chaos holds personal information about you, free of charge.
• to request a record or a description of your personal information that Chaos holds about you.
• to request that Chaos update or correct inaccurate or incomplete personal information about you.
• to request that Chaos stops using your personal information for any reason
• to object to the processing of your personal information.
• to request that Chaos deletes your personal information.
• to request that Chaos restrict how your personal information is used, shared and otherwise processed.
• to request that Chaos transmit a copy of your personal information to you or to a third party selected by you.

We may (and in some cases are required to) verify your identity before we can act on your request to exercise your privacy rights.  

How to contact us to exercise your privacy rights 

To exercise your privacy rights, please contact Chaos using one of these options:

• email: dpo@chaos.com 
• write: Chaos Software GmbH, An der Raumfabrik 33b, 76227 Karlsruhe, Germany.

You have a right to lodge a complaint with the Information Regulator (South Africa) https://inforegulator.org.za/ 

Email: POPIAComplaints@inforegulator.org.za 

Other Processing Details  

We also automatically collect the following information:

• Analytics information: We may collect analytics data, or use third-party analytics tools such as Google Analytics, to help us measure traffic and usage trends for the Websites, Products and Services and to understand more about the demographics and behaviors of our users.

We also permit third-party online advertising networks, social media companies and other third-party services to collect information about the user’s use of the Services over time so that they may play or display ads on the Services used by the user and on other devices the user may use

For some of the Services, we use third-party tools to monitor user experience information. These tools automatically collect usage information, including mouse clicks and movements, page scrolling and any text keyed into website forms. The information collected does not include passwords, payment details, or other sensitive personal information. We use this information for site analytics, optimization and to improve website usability. We do not permit this information to be shared with or used by third parties for their own purposes.

Our online and email advertising-related vendors may use pixel tags, web beacons, clear GIFs or other similar technologies in connection with the Services to help manage our online and email advertising campaigns and strengthen the effectiveness of such campaigns. For example, if a vendor has placed a unique cookie on the user’s computer, the vendor may use pixel tags, web beacons, clear GIFs or other similar technologies to recognize the cookie during the user’s visit to the Services and to learn which of our online advertisements may have brought the user to the  Services, and the vendor may provide us with such other information for our use. We may link such other information provided to us by our vendors to Personal information about the user that we have previously collected.

We may use third-party advertising companies to serve advertisements on the Services. These companies may use information (not including the user’s name, address, email address or telephone number) about a user’s visits to the Services to provide advertisements about goods and services of interest to the user.

We may link or combine the user’s activities and information collected from the user through the Services with information we collect automatically through tracking technologies. This allows us to provide the user with a personalized experience regardless of how the user interacts with us through the Services.

RESIDENTS OF BRAZIL

Chaos Software GmbH and its Affiliates (together, Chaos or We) take your right to privacy seriously.  We appreciate that you trust us with your personal information and respecting your privacy is at the core of our interactions with you.  

We respect the privacy rights of all our consumers who are residents of Brazil. We aim to comply fully with the requirements of the Brazil’s Lei Geral de Proteção de Dados Pessoais do Brasil, also known as LGPD. In addition to our Privacy Policy above we recognize that all Brazilian residents have the following rights as per the LGPD:

• The right to access your personal data.
• The right to confirmation of the existence of the processing of your personal data.
• The right to correct incomplete, inaccurate, or out-of-date personal data
• The right to anonymize, block or delete unnecessary or excessive personal data or personal data not being processed in compliance with the LGPD.
• The right to delete personal data processed with the consent of the data subject.
• The right to the portability of data to another service or product provider, through an express request.
• The right to information about public and private entities with which the controller has shared data/
• The right to information about the possibility of denying consent and the consequences of such denial.
• The right to revoke consent.

You can exercise your privacy rights by sending an email to dpo@chaos.com. In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal information is: Chaos Software EOOD, UIC 131375768, a limited liability company incorporated under the laws of Republic of Bulgaria, with seat and registered address at: 145 Tsarigradsko shose Blvd., Sofia Office Center, 12th floor, 1784 Sofia, Bulgaria

The Data Protection Officer is: Yordan Astardzhiev

Data Protection Regulator: 

Autoridade Nacional de Proteção de Dados

https://www.gov.br/anpd/pt-br 

RESIDENTS OF CANADA

Chaos Software GmbH and its Affiliates (together, Chaos or We) collects, uses, and discloses Personal Information for the purposes identified in our Privacy Policy and for any additional purposes, as permitted by law, with notice to you and your express or, where permitted, implied consent.

You have certain rights in respect of your information. To access or correct your Personal Information, please send us an email at: dpo@chaos.com. Please note we may verify your identity before we can act on your request. 

For residents of Quebec: The person in charge of the protection of personal information about individuals residing in Quebec is Yordan Astardzhiev, who can be contacted by email at dpo@chaos.com.

The controller of your personal information is Chaos Software EOOD, UIC 131375768, a limited liability company incorporated under the laws of Republic of Bulgaria, with seat and registered address at: 145 Tsarigradsko shose Blvd., Sofia Office Center, 12th floor, 1784 Sofia, Bulgaria

FOR RESIDENTS OF EUROPE AND THE UNITED KINGDOM (UK) 

RESIDENTS OF BULGARIA.

The controller for the personal information collected in connection with use of our Websites, Products and Services in Bulgaria is Chaos Software EOOD, UIC 131375768, a limited liability company incorporated under the laws of the Republic of Bulgaria. 

Address: 145 Tsarigradsko shose Blvd., Sofia Office Center, 12th floor, 1784 Sofia, Bulgaria.

Email: dpo@chaos.com 

The Privacy Policy above is fully applicable for residents of Bulgaria apart from the applicable personal data controller and the contact details listed in this section. You also have the right to file a complaint with the Bulgarian Commission for Protection of personal Data (https://www.cpdp.bg/en/index.php?p=home&aid=0).

RESIDENTS OF CZECH REPUBLIC.

The controller for the personal information collected in connection with use of our Websites, Products and Services in the Czech Republic is Chaos Czech a.s., a joint-stock company incorporated under the laws of the Czech Republic

Address: Karlovo namesti 288/17, 120 00 Prague, Czech Republic.

Email: dpo@chaos.com 

The Privacy Policy above is fully applicable for residents of The Czech Republic apart from the applicable personal data controller and the contact details listed in this section. You also have the right to file a complaint with the Czech’s supervisory body, which is The Office for personal data protection, Pplk. Sochora 27, 170 00 Prague, Czech Republic, (www.uoou.cz).

RESIDENTS OF DENMARK

The controller for the personal information collected in connection with use of our Websites, Products and Services in Denmark is Cylindo International ApS, a company incorporated under the laws of Denmark, 

Address: Livjaegergade 17B, 2. th., 2100 Copenhagen, Denmark.

Email: hello@cylindo.com 

The Privacy Policy above is fully applicable for residents of Denmark apart from the applicable personal data controller and the contact details listed in this section. You also have the right to file a complaint with the Danish Data Protection Agency at https://www.datatilsynet.dk/.  

RESIDENTS OF ITALY

The controller for the personal information collected in connection with use of our Websites, Products and Services in Italy is AXYZ design S.R.L., with registered office in Melegnano (MI), via Monte Suello n.15.

Address: Melegnano (MI), via Monte Suello n.15.

Email: support@axyz-design.com 

The Privacy Policy above is fully applicable for residents of Italy apart from the applicable personal data controller and the contact details listed in this section. In addition, residents of Italy have the right to lodge a complaint with a supervisory authority (for further information, see the institutional website of the Privacy Guarantor www.garanteprivacy.it).

RESIDENTS OF REPUBLIC OF NORTH MACEDONIA

The controller for the personal information collected in connection with use of our Websites, Products and Services in the Republic of North Macedonia is Chaos Software DOOEL, a limited liability company incorporated under the laws of the Republic of North Macedonia.

Address: 3 Dobrivoe Radosavlevik str., Bitola, North Macedonia.

Email: hello@cylindo.com 

The Privacy Policy above is fully applicable for residents of the Republic of North Macedonia apart from the applicable personal data controller and the contact details listed above. You also have the right to file a complaint with the North Macedonian Data Protection Agency at https://azlp.mk/.  

RESIDENTS OF THE UNITED KINGDOM

The controller for the personal information collected in connection with use of our Websites, Products and Services in the United Kingdom is Chaos Software Ltd., a limited liability company incorporated under the laws of the United Kingdom. 

Address: 2 Wellington Road | St John's Wood, Westminster NW8 9SP | United Kingdom

Email: dpo@chaos.com  

The Privacy Policy above is fully applicable for residents of the United Kingdom apart from the applicable personal data controller and the contact details listed above. You also have the right to file a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/. 

RESIDENTS OF JAPAN

The controller for the personal information collected in connection with use of our Websites, Products and Services in Japan is Chaos Group Japan Co. Ltd. 

Address: Tokyo, Setagaya district, Seijo 4-33-3-402, Japan.

Email: dpo@chaos.com 

The Privacy Policy above is fully applicable for residents of Japan apart from the applicable personal data controller and the contact details listed above.

RESIDENTS OF SOUTH KOREA

The controller for the personal information collected in connection with use of our Websites, Products and Services in South Korea is Chaos Group Incorporated.

Address: A-1510, 606, Seobusaet-gil, Geumcheon-gu, Seoul, Korea, (gasan-dong, Daesung D-POLIS Knowledge Industry Center), South Korea.

Email: dpo@chaos.com 

The Privacy Policy above is fully applicable for residents of South Korea apart from the applicable personal data controller and the contact details listed above.

RESIDENTS OF THE UNITED STATES

Throughout this section for Residents of the United States, we use the following terms with the following meanings:

• Consumer (or you) means an individual acting in a personal or household context who uses the Services and, for California residents, individuals acting in a business-to-business context.
• U.S. Privacy Laws means the California Consumer Privacy Act, the California Privacy Rights Act, the Colorado Privacy Act, the Connecticut's Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act, the Virginia Consumer Data Protection Act and similar laws enacted from time to time in other U.S. states, each as amended, repealed, consolidated, or replaced from time to time.

CONTROLLER

The controller for the personal information collected in connection with use of our Websites, Products and Services in the United States is Chaos Software Inc., a company with registered office at 80 Pine Street, Floor 24, New York, NY 10005-1732. Chaos Software Inc. is hereinafter referred to in this section as Chaos or We.

RESIDENTS OF CALIFORNIA. 

This California Privacy Notice (California Privacy Notice) applies to Chaos’s processing of personal information of residents of the U.S. State of California (California Consumers) as required by the California Consumer Privacy Act of 2018, as amended (CCPA).  This "Residents of California" section contains our Notice at Collection under CCPA.  

If you are a California Consumer, this California Privacy Notice is designed to help you understand the categories of personal information that we collect about you, where we get that personal information, why we process it, who we share it with, and the rights you have to know and control your personal information.  If this California Privacy Notice and any provision in the rest of our Privacy Policy conflict, then this California Privacy Notice applies for the processing of personal information of California Consumers.  This California Privacy Notice does not apply to Chaos’s employees, contractors, contingent workers, job applicants, business partners and resellers residing and operating in the U.S. State of California. 

In this "Residents of California" section, Business Purposes means providing the Products and Services, operating the Websites; managing and processing interactions and transactions with California Consumers; securing and debugging the Products and Services; advertising and marketing; quality assurance; research and development; and other business purposes as may be defined in CCPA from time to time; and Service Providers means organizations that process personal information on behalf of Chaos and contractors and other organizations with which Chaos shares personal information pursuant to a contract for Business Purposes.

NOTICE AT COLLECTION 

For CCPA purposes, Chaos generally acts as a “Business” with respect to your personal information, which means that Chaos determines how and why the personal information that Chaos collects from or about you is handled.  (A “Business” is similar to a “controller” which is defined in the preamble to this Privacy Policy.)

This Notice at Collection of personal information describes our personal information collection practices when we are acting as the Business, including a list of the categories of personal information we collect, the purposes for which we collect personal information and the sources from which we collect personal information.

This Notice at Collection covers the twelve (12) months prior to the "Last Updated" date above. This Notice at Collection is updated at least once per year. If this Notice at Collection conflicts with the Privacy Policy, this Notice at Collection will govern as to California Consumers, unless expressly stated otherwise. If Chaos’s processing materially changes between updates to this Notice at Collection, Chaos will provide a supplemental notice when or before the changes apply.

Although we already explain what personal information we collect and why above in this Privacy Policy, the CCPA requires that we make certain disclosures using the categories of personal information used in the definition of personal information in the CCPA.   

In the preceding 12 months, Chaos has collected the following categories of personal information:  

Generally, when we collect precise geolocation information or other personal information that is “sensitive” under California law, Our use of this personal information is to perform a Service you have requested and is consistent with the permitted business purposes in California Civil Code § 1798.100 et seq. and implementing regulations.  We will collect your consent for any other use.  

Chaos does not collect:

• Government Issued Identification Numbers (e.g., social security, driver’s license, state identification card or passport number)
• Non-public Education Records as defined in Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99), i.e., education records directly maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, schedules, identification codes, financial information or disciplinary records
• Communication Content (e.g., the contents of a California Consumer's mail, email and text messages, other than when Chaos is the intended recipient of the communication)
• Health Information (personal information collected and analyzed concerning a California Consumer's health, medical history, mental or physical health, diagnosis/condition and medical treatment)
• Sex Life / Sexual Orientation (personal information collected and analyzed concerning a California Consumer's sex life or sexual orientation)

Your California Consumer Privacy Rights

CCPA offers California Consumers the following key privacy rights:

• Right to Access Information: You have the right to request access to personal information collected about you and information regarding the source of that information, the purposes for which we collect it and the third parties and service providers with whom we share it.
• Categories:  You may request any of the following for the period that is 12 months prior to the request date: (1) categories of personal information we have collected about you; (2) categories of sources from which we collected your personal information; (3) the business or commercial purposes for our collection, sale, sharing of your personal information; (4) the categories of third parties to whom we have disclosed your personal information; (5) a list of the categories of personal information disclosed for a business purpose, and, for each, the categories of recipients, or that no disclosure has occurred; and (6) a list of the categories of PI we have sold or shared about you, and, for each, the categories of recipients, or that no sale or sharing has occurred.
• Specific Pieces:  You may request to confirm if we are processing your personal information and, if we are, to obtain a transportable copy, subject to applicable request limits, of your personal information that we have collected and are maintaining, subject to certain limitations.
• Right to Request Deletion: You have the right to request that we delete certain personal information that we have collected from you.
• Right to Correct: You have the right to correct inaccurate personal information about you. Note that correction requests are subject to certain limitations, and we may choose to delete rather than correct your personal information in some circumstances.
• Right to Opt-Out of Sale of Personal Information to Third Parties:  Our disclosure of your personal information to third party advertising and analytics providers may constitute a sale under certain state laws and, in California, may also constitute “sharing” (which is a term used to address the sharing of information for advertising purposes). To the extent that our use constitutes a sale or sharing of your personal information, you have the right to opt-out by (a) enabling an opt-out preference signal or Global Privacy Control on your browser which is recognized by our U.S.-facing websites, (b) opting-out of cookies in our cookie preference center, or (c) for non-cookie personal information (e.g., your email address), submitting an opt-out request at dpo@chaos.com.
• Right to Limit Sensitive Personal Information Processing:  Chaos will ask for your consent if we process sensitive personal information for any purpose that is not exempt from consumer choice under the CCPA (e.g., to perform the services/provide the goods that you requested).
• Right Against Discrimination: We will not discriminate against you for exercising your rights under the CCPA. We will not deny you goods or services for exercising your rights; charge you a different price or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, because you exercised your rights; provide you a different level or quality of goods or services because you exercised your rights; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services as a result of exercising your rights.
• Automated Decision Making / Profiling:  Chaos does not engage in processing that constitutes automated decision making or profiling under the CCPA. However, if in the future we opt to utilize automated decision making or profiling you have the right to opt-out of certain types of automated decision making or profiling processing.

To submit a request to exercise your California privacy rights, please:

• click here
• call toll-free to 1-866-I-OPT-OUT (1-866-467-8688)
• email us at: dpo@chaos.com 

Please note:

• We may (and in some cases are required to) verify your identity before we can act on your request to exercise your California privacy rights.  After we receive and process your request, we will contact you using the email address provided in your request with instructions on how to verify your identity, after which we will check our records for matching information.  
• We may not honor part or all your request – for example, certain information we collect may be exempt from this California Privacy Notice, such as public information made available by a government entity or information covered by a different privacy law.  In these situations, we will explain why we do not honor your request when we respond to you.

Notice of Financial Incentive

We may offer discounts or other benefits to California Consumers enrolled in certain rewards or promotional programs.

Chaos does not generally assign monetary or other value to consumers’ personal information and our promotional activity changes continually. To the extent California law requires that a value be assigned to such programs, or the price or service differences they involve, Chaos values the personal information collected and used under each program as being equal to the value of the discounts or other financial incentives provided in each such program, based upon a practical and good-faith effort to assess on an aggregate basis for all collected information: (1) the type of personal information collected in each program (e.g., email address), (2) the use of such information by Chaos in connection with its marketing activities, (3) the range of discounts provided (which can depend on each consumer’s purchases under such offers), (4) the number of individuals enrolled in respective programs, and (5) the products for which the benefits (such as price difference) can apply. These values can change over time. Note that this description is without waiver of any proprietary or business confidential information, including trade secrets, and it does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.

A different California law permits California residents to request a notice disclosing the categories of Personal Information about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. At this time, Chaos does not share Personal Information with third parties for their direct marketing purposes.

RESIDENTS OF OTHER U.S. STATES. 

The U.S. Privacy Laws offer Consumers certain rights with respect to their personal information. Chaos will honor these rights for any U.S. resident. They include:

• Right to Access Information: You have the right to access and obtain a copy of your personal information.
• Right to Request Deletion: You have the right to request that we delete personal information provided by or obtained about you.
• Right to Correct: You have the right to correct inaccuracies in your personal information
• Right to Opt-Out: Our disclosure of your personal information to third party advertising and analytics providers may constitute a sale under certain state laws. In addition, we use cookies to serve targeted ads. You have the right to opt-out of these activities by (a) enabling an opt-out preference signal or Global Privacy Control on your browser which is recognized by our U.S.-facing websites, (b) opting-out of cookies in our U.S.-facing websites’ cookie preference center, or (c) for non-cookie personal information, submitting an opt-out request at dpo@chaos.com 

To protect Consumers, if we are unable to verify a privacy rights request, we are unable to honor the request. We will use personal information provided in a verified privacy rights request only to verify identity or agent authority to make the privacy rights request and to track and document responses unless Chaos also received the personal information for another purpose.

Agent Requests

You may use an authorized agent to make a privacy rights request for you. We may require that you directly confirm that you authorized the agent to submit requests on your behalf or request provision of evidence for the authorization. Please note that it may take additional time to verify and fulfill agent-submitted requests. Once confirmed, your authorized agent may exercise privacy rights on your behalf, subject to the requirements of applicable law.  

Appeals

You may appeal Chaos's decision regarding a request by email at dpo@chaos.com. Please use the same email address that you used to submit the initial privacy rights request when you submit your Request to Appeal and please add “Request to Appeal” in the subject line of the email. If you do not use the same email address, Chaos cannot link your Request to Appeal to your initial privacy rights request.

Chaos's Responses

Some personal information that we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., data tied only to a pseudonymous browser ID). We do not include that personal information in response to those requests. If we deny a request, in whole or in part, Chaos will explain the reasons in our response.

Chaos will make commercially reasonable efforts to identify personal information that we process to respond to a privacy rights request. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your personal information and give you the opportunity to select whether you want the rest. We reserve the right to direct you to where you may access and copy responsive personal information yourself. We typically do not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided with a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Retention of your Personal Information

We retain personal information about a Consumer for as long as the Consumer’s account is active and otherwise as long as necessary for the purposes described above.  We also retain personal information as long as necessary to comply with legal obligations, resolve disputes and enforce our agreements. When determining the retention period, we consider various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you and mandatory retention periods under applicable law.