| Notice at Collection | |
| Inform consumers at or before the point of collection about the categories of personal information to be collected and the purposes for which they are used. | See Privacy Policy, How We Collect and Use Information; Security Statement, Section 3.2 |
| Right to Know/Access | |
| Provide consumers the right to request disclosure of the personal information the business collects, uses, discloses, and sells. | See Privacy Policy, Access to Individual Data; Security Statement, Section 6, "Viewing of RECORDS" |
| Right to Delete | |
| Provide consumers the right to request the deletion of their personal information collected by the business, subject to certain exceptions. | See Data Management Policy, section "Data & device disposal"; Security Statement, Section 6, "Removal of RECORDS" |
| Right to Correct | |
| Provide consumers the right to request the correction of inaccurate personal information. | See Security Statement, Section 6, "Correction of RECORDS" |
| Right to Opt-Out of Sale/Sharing | |
| Provide consumers the right to opt out of the sale or sharing of their personal information. "Sharing" is defined as sharing for cross-context behavioral advertising. | See Privacy Policy, How We Share Your Information (states data is not sold); Security Statement, Section 2 (states PII is not used for targeted advertising) |
| Right to Limit Use of Sensitive Personal Information | |
| Provide consumers the right to limit the use and disclosure of their sensitive personal information to purposes necessary to perform the services or provide the goods. | See Data Management Policy (defines and sets handling requirements for "Confidential" data); Privacy Policy, Individual Data (limits use to providing the Solutions) |
| Data Security | |
| Implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect personal information. | See Security Statement, Section 5; Privacy Policy, How We Store and Protect Your Information; multiple security policies including Access Control, Cryptography, and Operations Security. |
| Rules for Minors | |
| A business shall not sell or share the personal information of a consumer if the business has actual knowledge that the consumer is less than 16 years of age, unless the consumer (13-16) or the consumer's parent/guardian (under 13) has affirmatively authorized it. | See Privacy Policy, How We Share Your Information (states data is not sold); Terms Of Use, School Addendum, Section 1 (relies on school to obtain parental consent for children under 13) |
