California and Virginia Privacy Policy

Effective Date: January 1, 2023

This California and Virginia Privacy Policy (the “Policy”) is adopted by Coalfire Systems, Inc. and its subsidiaries (“Coalfire”) to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”) and the Virginia Consumer Data Protection Act. This Policy supplements the information contained in the Privacy Policy published by Coalfire at www.coalfire.com (the “Website”), and it applies only to visitors who browse our Website and users who voluntarily provide Coalfire with contact information in order to receive certain content or marketing emails who reside in the states of California or Virginia (each a “consumer" or "you").

I. INFORMATION WE COLLECT 
Coalfire (including through our website) collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (collectively, "Personal Information").

In particular, we collect the following categories of Personal Information:

CategoryExamples
A. IdentifiersA real name, alias, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)).A name, signature, address, or telephone number.
Some personal information included in this category may overlap with other categories.
C. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
D. Internet or other similar network activity.Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
E. Geolocation data.Physical location or movements.

Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Coalfire obtains the categories of Personal Information listed above from the following categories of sources:

  • Directly from you. For example, from forms or surveys you complete.
  • Indirectly from you. For example, from observing your actions on our Website using ‘cookies’ and other similar tools deployed on parts of the Website.
  • From third party service providers.

II. USE OF PERSONAL INFORMATION

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information.
  • To respond to requests for information, including service quotes and free white papers.
  • To register you for Coalfire promotional materials and events.
  • To contact you for marketing, advertising, and sales purposes.
  • To respond to questions and feedback.
  • To provide, support, personalize and develop our Website and services.
  • To create, maintain, customize and secure your account with us.
  • To provide you with support and to respond to your inquiries.
  • To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets and business.
  • For testing, research, analysis and product development.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your Personal Information.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Coalfire’s assets.
  • To comply with the law or to protect the rights, property, or safety of Coalfire, our users, or others.

Coalfire will not collect additional categories of Personal Information or use the Personal Information we collect for materially different, unrelated or incompatible purposes without providing you notice.

III. DISCLOSURES OF PERSONAL INFORMATION

Coalfire may disclose your personal information to third parties for the business purposes described in the section above entitled “Use of Personal Information.”

We disclose personal information to the following categories of third parties:

  • Service providers
  • Attorneys and other professional advisors
  • Potential buyers of Coalfire and acquisition targets
  • As required by law, regulation or court order

In the preceding twelve (12) months, Coalfire has disclosed the following categories of personal information for the business purposes described above:

  • Identifiers.
  • California Customer Records personal information categories.
  • Internet or other similar network activity.

IV. HOW LONG WE RETAIN PERSONAL INFORMATION

In general, we keep personal information for as long as we need it to carry out the purposes described above. We also keep personal information as we reasonably determine to be necessary to exercise or preserve our legal rights, or comply with other legal obligations we might have, such as in connection with litigation.

V. NO SALES OR SHARING OF PERSONAL INFORMATION

We do not sell and have not sold personal information or shared personal information for cross-context behavioral advertising purposes within the preceding 12 months, as “sale” and “share” are defined under applicable law.

Without limiting the foregoing, we do not sell or share the personal information, including the sensitive personal information, of minors under age 16.

VI. YOUR RIGHTS AND CHOICES

For residents of California:

Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), if you are a California resident, you have the right to make the following requests:

  1. Request to Know
    You may request that we disclose to you:
    • The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
    • The specific pieces of Personal Information we collected about you;
    • The categories of Personal information about you that we “shared” (as defined under the CCPA) and the categories of third parties with whom we “shared” such personal information;
    • The business or commercial purpose for collecting or “sharing” (if applicable) Personal Information about you; and
    • The categories of Personal Information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).
  2. Request to Delete
    • You may request that we delete Personal Information we collected from you.
  3. Request to Correct
    • You may request that we correct inaccuracies in your Personal Information.
  4. Request to Opt Out of “Sharing”
    • You may request to opt out of any future “sharing” or your Personal Information for purposes of cross-context behavioral advertising.

To exercise the rights described above, please submit a verifiable consumer request to us by either:

  • Emailing us at privacy@coalfire.com
  • Calling the Coalfire toll free telephone number: (877) 224-8077

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

You have the right to be free from unlawful discrimination or retaliation for exercising these. Coalfire will not discriminate against you for exercising these rights. Unless permitted by applicable law, we will not:

  • Deny you any products or services.
  • Charge you different prices for products or services, including through denying benefits or imposing penalties.
  • Provide you with a different level or quality of products or services.
  • Threaten you with any of the above.

Authorized Agents: If you want to make a request as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide, as applicable:

  • Proof of your registration with the California Secretary of State to conduct business in California;
  • A power of attorney from the California resident pursuant to Probate Code sections 4121-4130;
  • Written permission that the California resident has authorized you to make a request on the resident’s behalf. This permission must be signed (via physical or e-signature) by the California resident.

If you are making a Request to Know, Correct or Delete on behalf of a California resident and have not provided us with a power of attorney from the resident pursuant to Probate Code sections 4121-4130, we may also require the resident to:

  • Verify the resident’s own identity directly with us; or
  • Directly confirm with us that the resident provided you with permission to submit the request.

For residents of Virginia

Virginia law grants Virginia residents certain rights and imposes restrictions on particular business practices as set forth below.

  • Right to Access: Virginia residents have the right to confirm whether or not we are processing their personal information and to access such personal information.
  • Right to Correction: Virginia residents have a right to correct inaccuracies in their personal information, taking into account the nature of the personal information and our purpose for processing their personal information.
  • Right to Delete: Virginia residents have the right to request the deletion of their personal information that we have collected about them and to have such personal information deleted.
  • Right to Data Portability: Virginia residents have a right to obtain a copy of their personal information previously provided to us in a portable and, if feasible, readily usable format.
  • Right to Opt-Out: Virginia residents have a right to opt-out of the processing of their personal information for purposes of (i) targeted advertising; (ii) the sale of personal information; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects. Under Virginia law, “sale” means only if we exchange personal information for monetary consideration with a third party.
  • Right to Non-Discrimination: Under Virginia law, we are prohibited from discriminating against Virginia residents for exercising their rights listed above.

Submitting Requests: To make a request to exercise one of these rights, please contact us at privacy@coalfire.com, or our toll free telephone number: (877) 224-8077.

VII. RESPONSE TO REQUESTS

We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. We may need to request additional Personal Information from you, such as email address, state of residency, or mailing address, in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Information. If you make a Request to Delete, we may ask you to confirm your request before we delete your Personal Information.

To request to opt out of any future “sharing” of your Personal Information for purposes of cross-context behavioral advertising, click on the “Do Not Share My Personal Information” options for the applicable webpage containing your Notice of Right to Opt-Out and enabling consumers to opt out, or contact us at privacy@coalfire.com or our toll free telephone number (877) 224-8077.

VIII. RESPONSE TIMING AND FORMAT

  • We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
  • If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
  • Any disclosures we provide will only cover the 12-month period preceding the date we receive your verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
  • We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

IX. OTHER CALIFORNIA PRIVACY RIGHTS

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email or write to us at the addresses set out in the “Contact Information” section below.

X. CHANGES TO OUR PRIVACY POLICY

Coalfire reserves the right to amend this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on the Website and update the notice's effective date. Your continued Contact or Use of our Website following the posting of changes constitutes your acceptance of such changes.

XI. CONTACT INFORMATION

If you have any questions or comments about this Policy, the ways in which Coalfire collects and uses your information, or your choices and rights regarding such use, or if you wish to exercise your rights under California or Virginia law, please contact us at:

Email: privacy@coalfire.com

Toll Free Telephone Number: (877) 224-8077

Website: www.coalfire.com

Postal Address:
Coalfire Systems, Inc.
Attn: Privacy c/o Legal
11000 Westmoor Circle, Suite 450
Westminster, CO 80021