Introduction

This Privacy Policy (the “Policy” or “Privacy Policy”) describes how Maxio LLC, a Delaware limited liability company (together with its affiliated companies and subsidiaries worldwide, collectively, “MAXIO”, “our”, “we” and “us”) collects and handles personal data (i.e. information about a natural person, or to the extent applicable privacy law covers a business entity, the covered business entity) submitted to or processed through the http://www.maxio.com website, the MAXIO mobile application (the “MAXIO Website”, “Website”) or “MAXIO Platform”), and/or any other services, applications and features offered or enabled by or through us with respect thereto, except where we explicitly state otherwise (all services offered through the MAXIO Website or the MAXIO Platform, collectively, “Services”).  Capitalized terms used and not defined in this Policy have those meanings given to them in our Terms. We value your trust and take our privacy obligations seriously.  We have tried to describe our policies in a clear and concise manner below.  We like feedback so please let us know if you have any questions or would like further clarity.

This Policy applies whether you are a customer that subscribes to and uses the Services, a prospective customer, an employee, customer or other end user of our customer that utilizes our solutions, a user of our Services, or whether you are simply visiting our Website. However, this Policy does not apply to any websites of third parties to which we provide links. This Privacy Policy does not describe our collection and use of personal data in the context of employment, applications for employment, and related activities. If you want to request more information concerning personal data we collect in the human resources context, please reach out to Maxio HR at HR@maxio.com.

When you interact with the Website or the Services, you consent to such collection, processing, sharing and retaining of information (including personal information/personal data and geolocation data) as described in this Privacy Policy and all additional terms and conditions governing your use of the Website or the Services. You are also responsible for ensuring that the entity or people on behalf of which you are acting (such as your employer or a customer) are aware of the content of this Privacy Policy and that you have confirmed that they agree to the terms of this Privacy Policy.  If you do not consent to the terms of this Privacy Policy and all additional terms and conditions, do not continue to interact with or use the Website or the Services.

Who We Are

Maxio is a holding company with its main office in Atlanta, Georgia.  We provide online subscription and revenue management platforms to help subscription businesses offer flexible pricing and bundle packaging. Most of our customers are business entities or other organizations.

We have multiple subsidiaries including, SaaS Optics, LLC, Chargify, LLC and Keen, LLC and have offices in Atlanta, Georgia, San Antonio, Texas, Krakow, Poland, and Dublin, Ireland.  We offer our services to Customers worldwide.

We collect and process personal data for our own use in managing our business and offering our services.  Most of this Privacy Policy describes our policies for data that we collect and use for our own business purposes.

We also process personal data that our customers have collected (either independently of our Services or using our Services) and asked us to process for them as part of our Services. We use this Customer-controlled data only as permitted by our customers in our agreements with them and not for our own general business purposes. We have included information below to describe our commitments to you if we have access to your data in our role as a service provider for a customer, but you should review the privacy policy of our C=customer that controls your personal data to understand its privacy practices.

How to Contact Us

Please contact us if you have any questions about the information in this Privacy Policy or our handling of your personal data, or would like to access, correct, delete, restrict our use, or take other action with regard to your personal data. We ask, however, that if we are in possession of your data solely as a service provider for our customer, you first contact our customer with your request.

You may contact us by calling us at 1-678-710-8260, by submitting the request via our website, by sending an email to privacy@maxio.com, or by mailing us at: Maxio, 6525 The Corners Pkwy NW, Peachtree Corners, GA 30092.

Changes to this Policy

We will manage your personal data in accordance with the Privacy Policy version that was published on the date that we collected the data about you. We may amend or otherwise modify all or a portion of this Privacy Policy from time to time. The revised Privacy Policy will be available on this website, and if you are a customer of our Services, we may also provide your administrative users (as identified in your account) with notice of such changes by e-mail. You are responsible for periodically reviewing the Privacy Policy as posted on the Website. Amendments and modifications to the Privacy Policy will be deemed effective once posted online. Your continued use of the Services following any modification constitutes your acceptance of the modified terms, except to the extent that (i) other notice or consent is required by applicable law, rules, or regulations; or (ii) if you are a then-current customer, such change has a material adverse impact on you and you do not agree to the change, in which case you may terminate this Agreement by giving at least thirty (30) days prior written notice to MAXIO (such termination notice to be sent at the latest 60 days after such change was posted to the Website). You are not entitled to object to, and will not have the rights set out in this clause, for any change that Maxio implements in order to comply with applicable law, rules, or regulations. For such imposed changes, shorter notice periods may be applied by MAXIO as needed to comply with the relevant requirement. Please contact us at privacy@maxio.com if you would like to see a prior version of our Privacy Policy.

Categories of Individuals Whose Information We Process

We describe our policies below in terms of three categories of individuals:

• subscribers – these are individuals who purchase goods and services from our customers; we do not have a direct relationship with these individuals and process their data only as part of providing our services to our customers and as instructed by our customers.

• account users – these are individuals who work for our customers, such as our customers’ accounting and technical staff; we interact with these individuals as part of providing our services and managing the account relationship.  For example, we enable these individuals to administer the customers’ accounts on our services platform, we send them invoices and other correspondence, and we provide them with technical assistance.

• visitors – these are individuals who visit our websites or our social media pages, who visit our office or interact with us at a trade show, or who interact with us in some way other than as a subscriber or an account user.

Information We Collect

We collect the following types of information, according to your use of the Website and Services and/or your relationship with us:

Marketing Partners and Resellers: We have relationships with other companies that help us market, sell and deliver our services.  They may collect personal data of the type described above using the methods described above and provide that data to us.   For example, we have relationships with companies who refer customers to us and resellers who offer our services under the reseller’s own brand name.  We will treat personal information we receive from our marketing partners and resellers the same as the personal information we collect directly.

Combinations of data collected using different methods: We use service providers such as Clearbit and Hubspot to help us associate the personal data we capture about you as part of visitor interactions with personal data we collect about you as an account user. We do not associate data about visitors or account users (alone or combined) with personal information we may have about you as a social media user or subscriber.

Other Information Collected: We may collect information through Cookies as described below under Information Collected Through Technology. We may also collect information through our Advertising Ecosystem as described below.

Sensitive Personal Information: “Sensitive personal information” is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation. We do not knowingly or intentionally collect sensitive personal information from individuals through the Website or our services, with the exception of geolocation data collected as described above. Unless provided by you solely through the services, and only as necessary to use the same, you must not submit to us sensitive personal information of any kind. If, however, you inadvertently or intentionally submit or transmit sensitive personal information to us, other than geolocation data submitted through the services, you will be considered to have explicitly consented to us processing that sensitive personal information. In such case, we will use and process the sensitive personal information solely for the purposes of deleting it, if and when we become aware of the same.

Publicly Available Information: Please be advised that some information you provide may be publicly accessible, such as information posted in forums or comment sections (“Publicly Available Information”). Content, including such posted information, comments, feedback, and notes that you choose to post through features of our Website available to the public becomes public information for both us and other users to use and share without restriction. Please do not disclose Protected Health Information via such methods unless you intend for that data to become public. We reserve the right, but do not have the obligation, to review and monitor such posting or any other content on our Website, and to remove postings or content that may be viewed as inappropriate or offensive to others. You further agree that we are under no obligation of confidentiality, express or implied, with respect to the Publicly Available Information and may use this information as described in this Privacy Policy.

Purpose for Collection and Use of Personal Data

This section describes more specifically how our use of personal data relates to the purposes for which we collected the data. We also allow third party advertisers, such as GoogleAds, Facebook, Twitter and LinkedIn to collect personal data on our websites and social media pages for the purpose of selling targeted advertisement services.  See Advertising Ecosystem.  We allow some of our service providers, such as Intercom, G2, and Capterra to use information about visitors that they collect on our site for the purpose of improving their services generally.

Visitors:  We collect data about visitors:

• to operate our website – web servers, by their nature, must capture your IP address and information about your browser and device to display our site to you;

• to develop our website and help us develop of product offerings  – we use the information to help us understand what part of our website and products offerings is of interest to different kinds of visitors so that we can modify and improve our site content and other marketing materials to be more appealing to prospective customers;  we may also use the information about your site visits and other visitor interactions to help us measure interest in our services or various features of our services;

• to show you personalized content when you visit our site – we use information about your prior visit to our site to customize your subsequent visits;  for example, we may make information about products or services that appear to be of interest to you based on your prior visit more visible to you as part of your navigation of our site;

• to measure the success of our advertising efforts – we use visitor information to verify whether the ad services we purchase from third parties are actually resulting in visits to our site or other visitor interactions;

• to register you for webinars, office visits, or other online or off-line events we may host; and

• to communicate with you as part of our marketing efforts – if you provide us with contact information we may use it to send you communications about our company, our products or services, or related topics that we think you may find of interest.

Account Users:  we use data collected about and from account users (alone or as combined with data collected as part of an account user’s visits (such as pre-login activity on the Website):

• for the performance of a contract for the products, items or services customers have purchased or of any other contract with us. This may include the use of login credentials to authenticate individuals as authorized users of our services.
• we use contact information to send invoices and other account communications, authenticate individuals who request information or support on the customer’s behalf, and administer your account, such as processing billing information to complete your purchases; we may also use your contact information to communicate with you about service issues, provide support

• to review compliance with usage terms in our services agreements; for example if the customer’s use of our services is limited to a certain number of individuals we may use personal data to help us monitor compliance with the usage restrictions;

• to help us develop our service offerings – we use information about your use of our services to measure interest in various features and plan enhancements or new features, and to improve user experience;

• to communicate with you as part of our marketing efforts – we use contact information and information about your use of our services to send you communications about our products or services, or related topics that we think you may find of interest; and

• to market our services – if you provide a customer testimonial or other content for marketing purposes we will publish the content with your name or other identifying information that you authorize us to use;  if you agree that we may use you as a reference, we may provide your name and contact information to prospective customers for our services so that they may contact you to discuss your experience with our services.

Subscriber data: We use and process personal data about our customers’ subscribers that our customer provides to the services or creates as part of its use of our services, or that the subscribers communicate to our customers as part of their use of our services.  For example, our customers may enter the name, email address, payment details, and physical address to establish an invoicing record for each of their subscribers. The invoices and other billing communications our customers send using our service will describe the products and services that their subscribers purchased from them.  Our customers will use our services to track whether their subscribers have paid for their products and services and whether the payments are late or on time. Our service includes an email feature to facilitate our customers’ communications with their subscribers.  If our customers or their subscribers include personal data in those emails then we will transmit that data for our customer as part of our services, using our third-party email services provider.

Our service includes a feature that allows subscribers to enter full payment details in a frame we host.  We do not process or store full payment details other than to pass it, in encrypted form, to the payment card processor selected by our customer.

Some of our customers are subject to special data privacy laws, such as the General Data Protection Regulation adopted by the European Union in May 2018 (the “GDPR”) and the California Consumer Privacy Act. (the “CCPA”). We make appropriate contractual commitments to our customers in support of their obligations under the GDPR, CCPA or other data privacy and protection laws applicable to them.

Please contact us at the address above if you have questions or concerns regarding our processing of the data described in this Section. We ask, however, that your first contact our customer if you have a request to access, block, erase or take other action with respect to data that we have solely as a data processor for our customer.

We may also disclose and use data collected about visitors, account users and subscribers (alone or as combined with other data collected as described in this Policy):

• to evaluate or conduct a business transfer, which may be structured as a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our Website users is among the assets transferred.
• to comply with applicable legal or regulatory requirements and our policies, and to protect against criminal activity, claims and other liabilities.
• to protect our information and systems from unauthorized actions that compromise their security or availability, such as disclosures as part of industry initiatives to identify and block malicious actors.

Information Collected through Technology

We automatically collect certain types of usage information when users view the Website. We may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Website (e.g., the pages you view, the links you click and other actions you take on the Website) and allows us to track your usage of the Website over time. We may collect log file information from your browser or mobile device each time you access the Website. Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, number of clicks and how you interact with links on the Website, pages viewed, features used, and other such information. We may also use tracking pixels in our Website or emails. A tracking pixel, also known as a web bug or web beacon, is a small graphic (usually 1 pixel x 1 pixel) invisible to the eye, that is embedded in web content or email. When content that has an embedded web beacon is viewed, the browser will request content from a web server, which in turn will set a cookie. We use these tracking pixels to determine whether an email has been opened and acted upon.

We use or may use the data collected through cookies, log files, device identifiers, clear gifs information and other similar data (collectively, “Cookies”) to: (i) remember information so that a user will not have to re-enter it during subsequent visits; (ii) provide custom, personalized content and information; (iii) to provide and monitor the functionality and effectiveness of our Website; (iv) monitor aggregate metrics such as total number of visitors, traffic, and usage on our Website; (v) diagnose or fix technology problems; and (vi) help users efficiently access information after signing in.  We may also disclose such data and information to our third-party partners whose services or applications interact or interface with our Website, but only as described in this Privacy Policy. Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.

• Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

• Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time You use the Website.

You can manage browser cookies through your browser settings. The ‘Help’ feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to disable cookies, and when cookies will expire. If you disable all cookies on your browser, neither we nor third parties will transfer cookies to your browser. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some features and services may not work.

Our servers do not recognize or respond to any “do not track” setting you may have in your browser.

The third parties who we permit to collect data on our site have features that allow you to block their data collection via cookies. See their privacy policies and cookie policies.

Advertising Ecosystem

We use online advertising services that enable a practice referred to as “online behavioral advertising.” These services aggregate data about an individual’s behavior on many different sites and online services, and use that data to sell targeted advertising services. For example, we permit Google’s advertising services to collect data about your behavior on Maxio, or its subsidiaries, Websites, as do many other website operators who use Google’s ad services. Google combines the data about an individual that it collects from different sources, and uses this aggregate data to sell advertising services that target the display of ads to web users who meet certain behavioral criteria. Google does not disclose this aggregate data to Maxio, or its subsidiaries,, but we are able to infer that users who interact with our ad meet the advertising criteria we provided. Google collects this data using cookies, web server logs (its own and its advertising customers), clear gifs and other online data collection techniques. See Information Collected Through Technology and Choices About Your Information for information on how to disable these cookies.

How We Share Information

Maxio only shares personal information in a few limited circumstances, described below. We do not rent or sell information for marketing purposes. The California Consumer Privacy Act includes a definition of “sale” that may include permitting third party advertisers to collect data about our Website visitor for use as part of their advertising services generally.  During the prior 12 months we have permitted Google Ads, Facebook, Twitter, and LinkedIn to collect data on our site by means of advertising cookies.  See Information Collected Through Technology and Choices About Your Information for information on how to disable these cookies.

• With third-party providers (either ours or our customers’) whose software or services interface with or otherwise may receive information from, or provide information to, the Wesbite, the services or our other systems, but only as directed or approved by our users or as necessary for us to fulfill requests submitted by our customers or their users.

• With third-party providers that provide us with technology or other support services (e.g. web hosting and analytics services), but strictly for the purpose of carrying out their work for us. Certain third-party tools may be enabled or used in the services only with customer authorization or consent. We maintain a list of these third-party service providers (or “subprocessors” for purposes of our contractual data processing obligations with respect to our customers) at https://www.maxio.com/subprocessors, but reserve the right to change these service providers at any time with or without notice to you, except to the extent required by law or our contractual commitments to our customers.

• With our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include any companies that control, are controlled by or are under common control with Maxio.

• With other users with whom you share information or otherwise interact with via interactive features of our Wesbite; any information shared in such forums may be viewed by all users with appropriate access permissions and may be publicly distributed outside.

• With your employer and safety, security or other first responder personnel, if necessary to provide the services subscribed to by our customer.

• With Your consent, we may use or disclose your personal information for any other purpose.

• With law enforcement or other third parties when compelled to do so by court order or other legal process, to comply with statutes or regulations, to enforce our contracts, or if we believe in good faith that the disclosure is necessary to protect the rights, property or personal safety of our users or our company, or otherwise to protect against a legal liability or to comply with a legal obligation.

• In the event of a change of control (e.g., if we sell, divest or transfer the business or a portion of our business), we may transfer information to the new owner of the business.

We may use, store, transfer and disclose aggregated information about our users, and information that does not identify any individual, without restriction.

Special Note on Payment Processors:  As part of our MAXIO Payments services to our customers we provide an integration for online data exchange between our services and various payment processors. The payment processors are not our subprocessors, but are our customer’s subprocessors. Our customers’ use of MAXIO Payments is subject to the Supplemental Terms of Service for MAXIO Payments https://www.maxio.com/payments-terms-and-conditions (“Payments Terms”), pursuant to which such customers entering into contracts with the payment processors we make available through MAXIO Payments; each such payment processor has their own privacy policies, and our customers are responsible for ensuring that such privacy commitments are appropriate for such customers’ businesses. Our processing of personal data as part of the provision of MAXIO Payments offering involves only transmission between the payment processor and our customer’s instance of our service and is completed in accordance with the Payments Terms and the payment processors’ standards.

How We Protect Your Information

We regularly review our data collection, storage, and processing practices to ensure that we only collect, store, and process the minimum personal information needed for the purpose collected. We take reasonable steps to ensure that the personal information that we process is accurate, complete, and current, but we depend on our account users to update their personal data as necessary.

Storage and Processing: Except as we may otherwise agree with our customers, any information collected through our Website is stored and processed in the United States. If you access or use our Website outside of the United States, you consent to have your data transferred to the United States. If you are a subscriber and have any questions about where your information is stored and processed, please contact you’re the applicable customer to verify the same.

Keeping Your Information Safe: Maxio maintains industry standard administrative, technical and physical procedures to protect information stored in the servers we utilize, which are located in the United States. While no service provider can guarantee absolute security when communicating over the internet or wireless networks, we are committed to taking steps to help secure any personal information that may be in our possession.  Access to information by Maxio personnel is limited (through user/password credentials and optional two factor authentication) to those employees and agents who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard subscriber data transmitted to or from the services.  Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our files. Regardless, you should always be mindful and responsible whenever disclosing information online that the information is potentially accessible to the public, and consequently, could be collected and used by others without your consent.

If you use the services, you are responsible for maintaining the confidentiality of your access information and password. You are responsible for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your password. We cannot secure any personal information that you release on your own, that you request us to release or that is released through another third party to whom you’ve given access.

Where required under applicable law or by contract, we will notify the appropriate parties or individuals of any loss, misuse or alteration of personal information so that such parties or individuals can take the appropriate actions for the due protection of their rights. If such personal information is customer Data, we will notify the applicable customer and coordinate with them regarding any required notices to particular individuals.

Choices About Your Information

Please send us a request if you would like to know what personal data we have about you, or would like us to correct inaccurate data, delete your personal data, or restrict the use of your personal data. Our contact information appears above under How to Contact Us. Where our use of your data is based on your consent, you may withdraw your consent at any time.  We commit to responding to your request promptly and honoring your reasonable requests. We will comply with all applicable legal requirements related to your requests, but please note that we are not required by law to delete or restrict the use of your data in a way that prevents us from complying with our legal obligations to our customer or that interferes with our reasonable record keeping as necessary to demonstrate compliance with our contracts and applicable law.

Account Information and Settings: Customers or account users who maintain registered user accounts may update account information by contacting us.

Promotional Emails: In general, Wesbite users can opt-out of receiving promotional email from us by following the opt-out procedure outlined in such communications. customers or customer personnel who maintain registered User accounts cannot unsubscribe from Service-relating messaging. You may also contact us directly to request that we remove you from our marketing lists. Please note that it may take up to ten days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.

If you have any questions about reviewing or modifying account information for registered user or any other user information (other than subscriber data) maintained in our files, contact us directly.

Subscriber Data: Subscriber data is provided and controlled by our customers or the applicable account user. If you have any questions about reviewing, modifying, or deleting any subscriber data, please contact the customer with whom such data is associated directly.

Deleting or Disabling Cookies:  Certain parts of our Wesbite or services require Cookies on your browser to work.  If you disable cookies, such features of the Wesbite or services may not work properly. You can instruct your browser to refuse all browser Cookies or to indicate when a browser Cookie is being sent. For more information on how you can delete flash Cookies (i.e., local stored objects), please search the “Help” index of your browser or read “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_

How Long We Keep User Content: Maxio may retain user personal information for a commercially reasonable time for backup, archival, or legal compliance and audit purposes. We may maintain anonymized or aggregated data, including usage data, for analytics purposes.  Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Wesbite, or we are legally obligated to retain this data for longer time periods.  When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize your information, or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

If you have any questions about data retention or deletion, please contact us at maxio@privacy.maxio.com.

Additional Privacy Rights for Certain Users

Certain non-U.S. countries or territories (such as the European Economic Area (EEA) and the United Kingdom (UK)), as well as certain U.S. states (such as California, Nevada, Connecticut, Colorado, Virginia and Utah), have personal or consumer privacy laws that may provide their residents with additional rights regarding our use of their personal information.  This section is applicable to residents of such states (sometimes called “consumers”), as applicable, who live in the applicable state on a permanent basis. This section uses certain terms that have the meaning given to them in each state’s privacy law, as applicable, including “Personal Information”, which shall be used interchangeably with privacy laws that similarly define “Personal Data”.

European Economic Area (EEA) and Certain Other Territories: Your Rights under the General Data Protection Regulation

If you are from certain territories (such as the EEA), you may have the right to exercise additional rights available to you under applicable laws, including:

• Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.

• Right to object to processing: You may have the right to request that Maxio, or one of its subsidiaries, stop processing your personal information and/or to stop sending you marketing communications.

• Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).

• Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.

If you would like to exercise any of the rights provided, please refer to the Consumer Requests and Verification section below. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here. https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

The European Union’s General Data Privacy Regulation (GDPR) and the equivalent law in the UK require that processors of Personal Data meet one of the “lawful basis” or “legal basis” grounds defined in those laws. Our lawful basis for processing under these laws is either consent (for visitors) or the necessity of fulfilling our contractual obligations to our customer (for subscribers).  In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person. Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.

Shine The Light

Under California Civil Code Section 1798.83 (“Shine the Light”), California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of Personal Information, such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us as directed in the How to Contact Us section above with a reference to California Disclosure Information.

California Consumer Privacy Act (CCPA)

The Personal Information we collect and the sources from which we collect is described above in Information We Collect. The Personal Information we disclose for business or commercial purposes is described above in How We Share Information. The length of time that we retain your Personal Information is described above in Choices About Your Information.

We do not sell or share your Personal Information in exchange for monetary consideration; however, we may use third-party tools as described above, which may be interpreted as sharing your Personal Information. As such, please reference the above How We Share Information regarding opting out of the use of these tools.

Under CCPA, consumers have certain rights regarding their Personal Information, as described below.

• Right of Access: You have the right to request, twice in a 12-month period, that we disclose to you the following information about you, limited to the preceding twelve (12) months:
  • The categories of Personal Information that we collected about you;
  • The categories of sources from which the Personal Information is collected;
  • The business or commercial purpose for collecting or selling Personal Information;
  • The categories of third parties with whom we share Personal Information;
  • The specific pieces of Personal Information that we have collected about you;
  • The categories of Personal Information that we disclosed about you for a business purpose or sold to third parties; and
  • For each category of Personal Information identified, the categories of third parties to whom the information was disclosed or sold.

• Right of Deletion: You have the right to request that we delete any Personal Information about you which we have collected from you, subject to exceptions within the law.

• Right to Opt-Out: You have the right to opt-out of the disclosure of Personal Information about you for monetary or other valuable consideration. However, we do not sell your Personal Information in exchange for monetary consideration. We may use third-party tools as described above, which may be interpreted as sharing your Personal Information. As such, please see the above How We Share Your Information section for more information regarding opting out of the use of these tools.

• Right to Opt-In: We do not have actual knowledge that we collect, share, or sell the Personal Information of minors under the age of 16 without proper consent of a parent or guardian.

• Right to Limit Use and Disclosure of Sensitive Personal Information: You may request specific limitations on further sharing, use, or disclosure of your Sensitive Personal Information that is collected or processed for certain reasons outside of providing the Site. However, we do not collect or process Sensitive Personal Information for any of these reasons.

• Right to Correction: You have the right to request that we maintain accurate Personal Information about you and correct any Personal Information about you which we have collected from you, subject to exceptions within the law.

If you would like to exercise any of the rights provided, please refer to the Consumer Requests and Verification section below.

Virginia, Colorado, Connecticut, Utah Privacy Rights

This section applies only to Virginia, Colorado, Connecticut residents to the extent their Personal Information is subject to the Virginia Consumer Data Protection Act (VCDPA), or the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA) or any amendments or acts thereto upon their effective dates.

The Personal Information we collect and the sources from which we collect is described above in Information We Collect. The Personal Information we disclose for business or commercial purposes is described above in How We Share Information. The length of time that we retain your Personal Information is described above in Choices About Your Information.

Virginia, Colorado, Connecticut, and Utah privacy law provides residents with specific rights regarding Personal Information, including:

• Right to Access. You have the right to confirm whether or not we are processing your Personal Information and to access such information.

• Right to Correction. You have the right to correct inaccuracies in your Personal Information which we have collected, taking into account the nature of the Personal Information and the purposes of processing the Personal Information.

• Right to Deletion. You have the right to request deletion of Personal Information provided by or obtained about you, subject to legal exemptions.

• Right to Data Portability. You have the right to obtain a copy of your Personal Information.

• Right to Opt-Out. You have the right to opt out of the processing of Personal Information for purposes of (1) targeted advertising; (2) the sale of Personal Information; or, if you are in Virginia or Colorado (3) profiling in furtherance of decisions that produce legal or similarly significant effects.

If you would like to exercise any of the rights provided, please refer to the Consumer Requests and Verification section below.

Nevada Privacy Rights

We comply with the requirements of the Nevada Privacy law, which in some instances provides residents with choices regarding how we share information. Nevada Covered Personal Information (“Nevada PI”) includes personally identifiable information about a Nevada consumer collected online, such as an identifier that allows the specific individual to be contacted. Nevada PI also includes any other information about a Nevada consumer collected online that can be combined with an identifier to identify the specific individual. We may collect the following categories of covered information about you through our Site or Services:

• First and Last Name
• Physical Address
• Email Address
• Telephone Number
• Username
• Geographic location

We may share such covered information with categories of third parties including marketing. Third parties may collect covered information about your online activities over time and across different Internet websites or online services when you use our Site.

You have the right to request that we not sell your Personal Information. Although we do not currently sell Personal Information, you may submit a request directing us not to sell Personal Information if our practices change in the future.

If you would like to exercise any of the rights provided, please refer to the Consumer Requests and Verification section below.

Consumer Requests and Verification

Right to Non-Discrimination

We may not discriminate against you because you exercise any of your privacy rights contained in this Privacy Policy including, but not limited to:

• Denying goods or services to you;
• Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Providing a different level or quality of goods or services to you; or
• Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Verifying Requests

You may request to exercise your rights of access, deletion, or correction by contacting us as described in the How to Contact Us section above. To help protect your privacy and maintain security, we will take steps to verify your identity before processing your request. If you request access to or deletion of your Personal Information, we may require you to provide any of the following information: name, date of birth, email address, telephone number, or postal address. When you make such a request, you can expect the following:

• As required under applicable law, we will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.

• We will confirm that you want your information accessed, corrected, and/or deleted.

• We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.

• We will respond to your request within 45 days upon receipt of your request. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.

• In certain cases, a request for access, correction, or deletion may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing products or services or completing an order. If we deny your request, we will explain why we denied it and delete any other information that is not protected and subject to denial.

Authorized Agents

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us as described in the How to Contact Us section below to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law, require:

• The authorized agent to provide proof that you provided signed permission to the authorized agent to submit the request;

• You to verify your identity directly with us; or

• You to directly confirm with us that you provided the authorized agent permission to submit the request.

Virginia and Connecticut Appeal Process

If you have made a request to access, correct, or delete your Personal Information under VCDPA and CTDPA, and we have declined to take action, you may appeal our decision within 45 days of the denial. When you make such an appeal, you can expect the following:

• We will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.

• We will review your appeal and respond in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision, within 45 days upon receipt of your appeal. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.

• In certain cases, an appeal may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing products or services or completing an order. If we deny your appeal, we will explain why we denied it and provide you with a method to contact your state’s Attorney General to submit a complaint.

International Transfers

We will comply with laws applicable to the transfer of personal data across international borders.  We provide appropriate contractual commitments to our customers in the European Union and countries in the European Economic Area that are not part of the European Union, as well as the United Kingdom and other jurisdictions that require protections around transfer of personal data to the United States.

Maxio, and/or its subsidiaries, has appointed a representative in the European Union and the United Kingdom under Article 27 of the European Union’s General Data Privacy Regulation and the UK equivalent as follows:

United Kingdom Art 27 Data Protection Representative

VeraSafe has been appointed as Maxio’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation as amended by Schedules 1 and 2 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419). If you are located within the United Kingdom, VeraSafe can be contacted only on matters relating to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 20 4532 2003. Alternatively, VeraSafe can be contacted at: VeraSafe United Kingdom Ltd., 37 Albert Embankment, London, SE1 7TL, United Kingdom.

European Union Art 27 Data Protection Representative

VeraSafe has been appointed as Maxio’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are located within the EEA, VeraSafe can be contacted only on matters relating to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031. Alternatively, VeraSafe can be contacted at: VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23AT2P Ireland.

Children’s Privacy

BY USING THE WEBSITE OR OUR SERVICES, YOU ARE ATTESTING THAT YOU ARE 18 YEARS OF AGE OR OLDER.  We do not knowingly collect personal information from anyone under 16.  If we discover that we have information about a child, we will delete that information. If you are the parent or guardian of a child and you believe we have personal data about the child without your consent, please contact us as noted under How to Contact Us, and we will delete that information.

Links to Other Websites and Applications

Please remember that this Privacy Policy applies to our Website only and not other websites or third party websites or software applications that may be linked via our Webite or Services, which may have their own privacy policies. You should carefully read the privacy practices of each linked site before agreeing to engage with the linked site through the Website or services. We assume no responsibility or liability for the privacy practices of any vendor or operator of linked sites.

Questions, Complaints and Disputes

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us as noted under How to Contact Us. We will respond to your inquiries as soon as is practicable.

CLASS ACTION WAIVER. YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

DISPUTE RESOLUTION. Except as otherwise expressly provided above (or with respect to a customer, the applicable contract with such customer) or otherwise required by applicable law, you agree that (i) this Policy is governed by the laws of the State of Delaware, United States of America; (ii) the exclusive jurisdiction of any actions arising out of, relating to, or in any way connected with, this Privacy Policy, shall be in the state or federal courts, as applicable, with jurisdiction over Gwinnett County, Georgia, United States of America; and (iii) any dispute, controversy, or claim arising out of or relating to this Privacy Policy or the collection, use, storage or transfer of any of your information or data, including, but not limited to, the arbitrability of the matter or the formation, interpretation, scope, applicability, termination, or breach of this Privacy Policy, shall be referred to and finally determined by arbitration in accordance with the JAMS Streamlined Arbitration Rules and Procedures, or JAMS International Arbitration Rules, if the matter is deemed “international” within the meaning of that term as defined in the JAMS International Arbitration Rules. The arbitration shall be administered by JAMS, shall take place before a sole arbitrator, and shall be conducted in the metropolitan Atlanta, Georgia, area. If the JAMS International Arbitration Rules apply, the language to be used in the arbitral proceedings will be English. Judgment upon the arbitral award may be entered by any court having jurisdiction. This section shall apply to and require arbitration of all disputes, controversies, and claims, regardless of whether such disputes, controversies, or claims concern a single individual, entity, or other person, multiple individuals, entities, or other people, or classes of individuals, entities, or other people. You hereby consent to receive service of process by electronic means or social media to the extent allowed by the applicable court. This constitutes express agreement of the parties regarding your consent pursuant to United States Federal Rule of Civil Procedure 5(b)(2)(E) and any applicable state (or other jurisdiction) equivalent.