RariMe Privacy Notice

Last Updated: May 31, 2024

This RariMe Privacy Notice (the "Privacy Notice") is designed to help you understand how Rarilabs Inc., a Delaware corporation, having its principal place of business at 1101 Brickell Avenue, South Tower, 8th Floor, Miami, FL 33131, the United States ("Rarilabs", "we", "us" or "our"), collects, uses, and shares your personal information, and to help you understand and exercise your privacy rights. This Privacy Notice is incorporated by the reference into the RariMe General Terms & Conditions (https://rarime.com/general-terms.html) (the "Terms") and together with the Terms constitutes a binding agreement between you and Rarilabs and describes our information handling practices when you access and use the Application (as defined in the Terms), Website (as defined in the Terms), and any other Services (as defined in below). If you choose to access or use the Application, Website or Services, such actions and any Dispute (as defined in the Terms) over privacy is subject to this Privacy Notice and Terms, including limitations on damages.

Capitalized terms used but not defined in this Privacy Notice shall take the meanings assigned to such terms by the Terms.

Notice at Collection. At or before the time of collection, California residents may have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared and how to opt out of such uses, and how long such information is retained. You can find those details in this statement by clicking on the above links.

1. SCOPE AND UPDATES TO THIS PRIVACY NOTICE 1

2. PERSONAL INFORMATION WE COLLECT 2

3. HOW WE USE YOUR PERSONAL INFORMATION 3

4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION 3

5. SPECIFIC INFORMATION ABOUT THE USE OF THE WEBSITE AND OUR SERVICES 4

6. YOUR PRIVACY CHOICES AND RIGHTS 7

7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION 9

8. RETENTION OF PERSONAL INFORMATION 10

9. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS 10

10. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS 13

11. CHILDREN’S INFORMATION 13

12. OTHER PROVISIONS 13

13. CONTACT US 14

SCOPE AND UPDATES TO THIS PRIVACY NOTICE

This Privacy Notice applies to personal information processed by us, including in the Application, on the Website, and in other online or offline offerings. To make this Privacy Notice easier to read, where the context allows, the Application, Website and other offerings are collectively called the "Services".

Changes to Our Privacy Notice. We may revise this Privacy Notice from time to time in our sole discretion. The revised Privacy Notice will be effective immediately at the time of posting, unless a later effective date is expressly stated therein. We will also revise the "Last Updated” date stated above. If there are any material changes to this Privacy Notice, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Notice if you continue to use our Services after the new Privacy Notice takes effect.

It is your responsibility to periodically review this Privacy Notice. The Users are bound by any changes to this Privacy Notice by using our Services after such changes have been first posted. If you do not agree to the new Privacy Notice, your only remedy is to discontinue use of the Services.

PERSONAL INFORMATION WE COLLECT

The categories of personal information we collect depend on how you interact with us, our Services, and requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.

Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

Identifying Information. We may collect personal information in connection with your use of certain parts of the Services, including your name, Digital Identity (as defined in the Terms), email address, activities.
Information Retrieved from Identifying Document (as defined in the Terms). The Application collects and processes personal information that is retrieved from the Identifying Document. This retrieved information consists of the Digital Identity.
Financial Information. We may collect personal information and details associated with your transactions with the Services, including Digital Assets Wallet (as defined in the Terms) address.
Your Communications with Us. We may collect any correspondence that you send to us and any personal information contained therein or related thereto, such as email address, phone number, or mailing address when you request information about Rarilabs or our Services, request support, or otherwise communicate with us.
Information Provided via Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
Information Submitted via Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services will be considered "public", unless otherwise required by applicable law, and is not subject to the privacy protections referenced herein.
Information Provided for Participation in Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
Information Provided for Participation at Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
Information Collected for Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

Personal Information Collected Automatically

Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, mobile carrier and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), blockchain information (such as your Digital Assets Wallet address, on-chain activities, interactions with the Services and other similar activities).

Personal Information Collected from Other Sources

Referrals and Sharing Features. Our Services may offer various tools and functionalities that allow you to provide personal information about your friends through our referral service. Our referral services may also allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Please only share with us contact information of people with whom you have a relationship (e.g., relative, friend, neighbor, or co-worker).

HOW WE USE YOUR PERSONAL INFORMATION

Provide Our Services. We use your personal information to fulfill our contract with you, to provide you with our Services and to comply with the law, such as:

Managing your information.
Providing access to certain areas, functionalities, and features of our Services.
Answering requests for customer or technical support.
Communicating with you, activities on our Services, and policy changes.
Processing your financial information.
Allowing you to register for events.

Administrative Purposes. We use your personal information for various administrative purposes, such as:

Pursuing our legitimate interests such as direct marketing, research, and development (including marketing research), network and information security, and fraud prevention.
Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
Measuring interest and engagement in our Services.
Improving, upgrading, or enhancing our Services.
Developing new products and services.
Ensuring internal quality control and safety
Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Notice.
Debugging to identify and repair errors with our Services.
Auditing relating to interactions, transactions, and other compliance activities.
Sharing personal information with third parties as needed to provide the Services.
Enforcing our agreements, policies and intellectual property rights.
Recommending new products or services to you.
Carrying out activities that are required to comply with our legal obligations.

With Your Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

HOW WE DISCLOSE YOUR PERSONAL INFORMATION

We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

Disclosures to Provide Our Services

Without the support of other companies, we would not be able to provide our Services in the desired form. To use the services of these companies, it is necessary to share your personal information with these companies to a certain extent. The disclosure of data is limited to selected third-party service providers and only to the extent necessary for the optimal provision of our Services.

The legal basis for this data processing is the performance of a contract within the meaning of Article 6(1)(b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR").

Your data may be disclosed to third parties to the extent necessary for the fulfilment of the contractual relationship. The legal basis for these disclosures is the necessity for the performance of a contract within the meaning of Article 6(1)(b) of the GDPR. For these data processing activities, the third-party service providers are considered data controllers under the data protection laws, and not us. It is the responsibility of these third-party service providers to inform you about their own data processing, which may extend beyond the mere sharing of data for the provision of services, and to comply with data protection laws.

The categories of third parties with whom we may share your personal information are described below.

Service Providers. We may share your personal information with our third-party service providers and vendors solely in the following jurisdictions: the United States, Ukraine and Gibraltar that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, payment processing, customer service, and related services.
Business Partners. We may share your personal information with business partners in the Cayman Islands to provide you with a product or service you have requested. We may also share your personal information with business partners in the Cayman Islands or United States with whom we jointly offer products or services.
Affiliates. We may share your personal information with our corporate affiliates.

Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in protecting our rights and fulfilling our obligations, as well as in the sale of our company or parts thereof.

Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

SPECIFIC INFORMATION ABOUT THE USE OF THE WEBSITE AND OUR SERVICES

When Accessing and Using Website

When you visit our Website, the web servers temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automatically deleted:

IP address of the requesting device.
Date and time of access.
Name and URL of the accessed file.
Website from which the access was made, if applicable, with the search word used.
Operating system of your computer and the browser you are using (including type, version, and language setting).
Device type in case of access from mobile phones.
City or region from which the access was made.
Name of your internet service provider.

The collection and processing of this data is carried out for the purpose of enabling the use of our Website (establishing a connection), ensuring the long-term security and stability of the system, and enabling error and performance analysis and optimization of our Website.

In case of an attack on the network infrastructure of the Website or suspicion of other unauthorized or improper use of the Website, the IP address and other data will be analyzed for clarification and defense purposes; if necessary, they may be used in civil or criminal proceedings for the identification of the respective User.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the purposes described above.

For the operation of our Website, we use the services of our hosting provider: Google LLC, having its principal place of business at 1600 Amphitheatre Parkway, Mountain View, California 94043, United States, or its affiliates, as described at https://cloud.google.com/terms/google-entity ("Google"). As a result, your data may be stored in a Google database, which may enable Google to access your data if this is necessary for the provision of the software and for support in using the software. For more information on data processing in relation to Google, see https://cloud.google.com/terms/data-processing-addendum. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in using the services of third-party providers.

When You Contact Us

If you contact us through our contact addresses and channels (e.g., by e-mail, phone), your personal information is processed. We process the data you provide us with, such as your name, email address, phone number, and your request. Additionally, the time of receipt of the request will be documented. We process this data to address your request (e.g., providing information about our products and services, providing customer and technical support, incorporating your feedback into the improvement of our products and services, etc.).

The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in addressing your request or, if your request is aimed at the conclusion or performance of a contract, in the implementation of the necessary measures within the meaning of Article 6(1)(b) of the GDPR.

When you Interact with Application

As described in the Terms, the Application consist of the web application "RariMe", available at the Website (the "Web Application"), MetaMask (as defined below) "snap" ("RariMe Snap") and corresponding mobile application (the "Mobile Application").

RariMe Snap

On our Website, you can access RariMe Snap. In general, RariMe Snap allows Users to store their Public Key (as defined in the Terms) through the Digital Asset Wallet, such as in the application "MetaMask" (https://metamask.io/) ("MetaMask").

RariMe Snap operates in combination with a browser extension, Web Application, mentioned below, and a software running on top of a blockchain network. The User may import the Public Key generated by the Mobile Application into RariMe Snap, which then store this Public Key in browser extension. Via RariMe Snap we do not have any access to the Identifying Document data.

The respective personal information is processed for the purpose of providing the identity storing and managing services. The legal basis for this data processing is the performance of a contract within the meaning of Article 6(1)(b) of the GDPR.

For providing RariMe Snap, we rely on the MetaMask browser extension provided by Consensys Software Inc., having its principal place of business at 49 Bogart Street NY 11206, the United States. Therefore, your data may be stored in a database of Consensys Software Inc., which may allow Consensys Software Inc. to access your data if this is necessary for providing the software and supporting its use. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in using the services of third-party providers. Information about data processing by Consensys Software Inc. can be found at https://consensys.io/privacy-policy.

We are not responsible for the data processing in connection with the base layer of the blockchain network. We are also not responsible for the verification activities initiated by the User.

Web Application

The Web Application is the Interface (as defined in the Terms) which reflects the Public Keys, which are stored in RariMe Snap, and allows manage them and use to access and exchange identity-related information.

The Web Application operates in combination with a browser extension, RariMe Snap, and a software running on top of a blockchain network. Via Web Application we do not have any access to the Identifying Document data.

The legal basis for this data processing is the performance of a contract within the meaning of Article 6(1)(b) of the GDPR.

Mobile Application

Downloading Mobile Application

When downloading the Mobile Application, the respective application store provider collects your personal information, in particular:

Username.
E-mail address.
Customer number.
Time of download.
Payment information if applicable.
Individual device identification number.

For the purposes and scope of such data processing, please refer to the privacy policy of the relevant application store providers:

Google Play (Android): Google LLC, having its principal place of business at 1600 Amphitheatre Parkway, Mountain View, California 94043, United States: https://policies.google.com/privacy?hl=en&gl=de.
App Store (iOS): Apple Inc., having its principal place of business at One Apple Park Way, Cupertino, California, the United States, 95014: https://www.apple.com/legal/privacy/.

By downloading our Mobile Application from the App Store or Google Play, you have legitimized yourself to the respective application store (e.g., via your Apple ID). A use by Apple Inc. or Google LLC of the data collected in connection with the download or use of the applications that is not in compliance with the GDPR can therefore not be ruled out on the part of Rarilabs. We have no influence on this. However, we do not pass on data to Apple Inc. or Google LLC.

The legal basis for the data processing is your consent by deciding to download the application within the meaning of Article 6(1)(a) of the GDPR and the performance of a contract within the meaning of Article 6(1)(b) of the GDPR.

Use of Mobile Application

The Application allows you to create a profile for the Digital Identity creation purposes in a privacy enhancing manner. For this purpose, the Identifying Document should be scanned via the Mobile Application. You decide what Identifying Document is scanned for this purpose. The Identifying Document data is stored encrypted on the Device (as defined in the Terms) and can only be decrypted with a passcode determined by the User. After scanning the Identifying Document data, the Application creates the Digital Identity, which is unique data associated with the respective User.

In the context of the Mobile Application, we do not have access to the Digital Identity and Identifying Document data, such information is stored solely and exclusively on the Device.

The Application publishes the Digital Identity upon request by the User on the blockchain. For this purpose, the Application is connected via interface with a service provided by us and operated on cloud machines. We use for this purpose cloud services provided by a third-party service provider. The cloud server is operated in the United States and Singapore. It cannot entirely exclude that the third-party service provider has access to the Digital Identity in exceptional circumstances. However, from the perspective of the third-party service provider the Digital Identity are qualified as anonymized data.

The legal basis for the data processing for this purpose is the performance of a contract within the meaning of Article 6(1)(b) of the GDPR.

We are not anymore responsible for the processing of the Digital Identity on the blockchain. We are neither data controller nor joint controller for any processing activities on the blockchain.

Third-Party Verification Process

When the User wants to initiate a verification process, the Application retrieves Identifying Document data from the local storage of the device. The Application generates a new zero-knowledge proof (the "ZKP") proving inter alia that the respective User has the Digital Identity. The Application discloses the ZKP to the verifier and the verifier runs the ZKP verification.

The legal basis for the data processing for this purpose is the performance of a contract within the meaning of Article 6(1)(b) of the GDPR.

We are not responsible for the processing activities of the verifier.

YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.

Email Communications. If you receive an unwanted email from us, you can may the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Notice).
Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in "Contact Us" below.
Phone Calls. If you receive an unwanted marketing phone call from us, you may opt out of receiving future phone calls from us by following the instructions which may be available on the call or by otherwise contacting us as set forth in "Contact Us" below.
"Do Not Track". Do Not Track (the "DNT") is a privacy preference that Users can set in certain web browsers. Please note that we do not respond to or honor the DNT signals or similar mechanisms transmitted by web browsers.

Your Privacy Rights. In accordance with applicable law, you may have the following rights:

Right of access: you have the right to request access to your personal information stored by us at any time and free of charge if we process such data. This gives you the opportunity to check what personal information concerning you we process and whether we process it in accordance with applicable data protection regulations.
Right to rectification: you have the right to have inaccurate or incomplete personal information rectified and to be informed about the rectification. In this case, we will also inform the recipients of the data concerned about the adaptations we have made, unless this is impossible or involves dis-proportionate effort.
Right to erasure: you have the right to obtain the erasure of your personal information under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a blocking of the data if the requirements are met.
Right to restriction of processing: you have the right to request that the processing of your personal information be restricted.
Right to data portability: you have the right to receive from us, free of charge, the personal information you have provided to us in a readable format.
Right to object: You have the right to object at any time to data processing, especially with regard to data processing related to direct marketing (e.g., marketing emails).
Right to withdraw consent: you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful due to your withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in "Contact Us" below. We will process such requests in accordance with applicable laws. Please note that many of the above rights are subject to exceptions and limitations. If we are not able to provide the requested information or make the change you requested, you will be provided with the reasons for such decisions.

Your rights and our responses will vary based on your country or state of residency. Please note that you may be located in a jurisdiction where we are not obligated, or are unable, to fulfill a request. In such a case, your request may not be fulfilled.

In the United States, state consumer privacy laws may provide their residents with additional rights regarding our use of such residents’ personal information. For example:

Colorado, Connecticut, Virginia and Utah each provide their state residents with rights to:

Confirm whether we process their personal information.
Access and delete certain personal information.
Data portability.
Opt out of personal data processing for targeted advertising and sales.

Colorado, Connecticut and Virginia also provide their state residents with right to:

Correct inaccuracies in their personal information, taking into account the information’s processing purpose.
Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.

If you would like to exercise any of these rights, please contact us as set forth in "Contact Us" below.

We do not discriminate against individuals who exercise any of their rights described in this Privacy Notice. However, we may require use of your personal information to provide access to the Services. Therefore, when you exercise your deletion right, in particular, you may lose access to certain aspects of the Services that require your personal information.

If applicable laws grant you an appeal right and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.

Supervisory Authority. If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Transfer of Personal Information to Third Countries

We have the right to transfer your personal information to third parties located abroad if it is necessary to carry out the data processing described in this Privacy Notice. Specific data transfers have been mentioned above. When making such transfers, we will ensure compliance with the applicable legal requirements for disclosing personal information to third parties. The legal provisions governing the disclosure of personal information to third parties are duly observed. The countries to which data is transmitted include those that, according to the decision of the Federal Council and the European Commission, have an adequate level of data protection (such as the member states of the EEA or, from the European Union's (the "EU") perspective, Switzerland), as well as those countries (such as the United States) whose level of data protection is not considered adequate (see Annex 1 of the Data Protection Ordinance and the website of the EC). If the country in question does not provide an adequate level of data protection, we ensure that your data is adequately protected by these companies by means of appropriate safeguards, unless an exception is specified on a case-by-case basis for the individual data processing (see Article 49 of the GDPR). Unless otherwise specified, this refers to the choice of companies certified under the Privacy Framework agreement or standard contractual clauses as referred to in Article 46(2)(c) of the GDPR, which can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EC. If you have any questions regarding the implemented measures, please contact us as set forth in "Contact Us" below.

Information on Data Transfers to the United States

For the sake of completeness, we would like to inform Users residing or based in Switzerland or EU that certain third-party service providers mentioned in this Privacy Notice are located in the United States. It is important to note that there are surveillance measures by the United States authorities in place that generally allow for the storage of all personal information of individuals whose data has been transmitted from Switzerland or EU to the United States. This occurs without differentiation, limitation, or exception based on the purpose for which the data is being collected and without an objective criterion that would restrict the United States authorities' access to the data and its subsequent use to specific, strictly limited purposes that can justify the interference associated with accessing and using the data. Furthermore, we would like to point out that affected individuals from Switzerland or EU do not have legal remedies or effective judicial protection against general access rights of the United States authorities, which would allow them to access the data concerning them and to rectify or delete it. We explicitly highlight this legal and factual situation to enable you to make an informed decision regarding your consent or opposition to the use of your data.

For Users residing in Switzerland or a member state of the EU, we also want to inform you that, from the perspective of the EU and Switzerland, the United States does not provide an adequate level of data protection, among other reasons, as explained in this paragraph. In cases where we have mentioned in this Privacy Notice that data recipients are located in the United States, we will ensure through the choice of companies certified under the Privacy Framework agreement or through contractual arrangements with these companies and, if necessary, additional appropriate safeguards, that your data is adequately protected at our third-party service providers.

RETENTION OF PERSONAL INFORMATION

How long we retain your personal information depends on the context in which, and purposes for which, we collected it. We store the personal information we collect as described in this Privacy Notice for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve Disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

This Supplemental Notice for California Residents supplements our Privacy Notice and only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (as amended from time to time) (the "CCPA").

The CCPA provides California residents with the right to know what categories of personal information Rarilabs has collected about them, whether Rarilabs disclosed that personal information for a business purpose (e.g., to a service provider), whether Rarilabs "sold" that personal information, and whether Rarilabs "shared" that personal information for "cross-context behavioral advertising" in the preceding twelve months. California residents can find this information below:

Category of Personal Information Collected by Rarilabs	Category of Third Parties To Whom Personal Information is Disclosed to for a Business Purpose	Category of Third Parties To Whom Personal Information is Sold and/or Shared
Identifiers	Service providers	N/A
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Service providers	N/A
Protected classification characteristics under California or federal law	Service providers	N/A
Commercial information	Service providers	N/A
Biometric information	N/A	N/A
Internet or other electronic network activity	Service providers	N/A
Geolocation data	N/A	N/A
Sensory data	N/A	N/A
Professional or employment-related information	N/A	N/A
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g, 34 C.F.R. Part 99))	N/A	N/A
Inferences drawn from other personal information to create a profile about a consumer	N/A	N/A
Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number	Service providers	N/A
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account	N/A	N/A
Personal information that reveals a consumer’s precise geolocation	N/A	N/A
Personal information that reveals a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership	N/A	N/A
Personal information that reveals the contents of a consumer’s mail, email, and text messages unless Rarilabs is the intended recipient of the communication	N/A	N/A
Personal information that reveals consumer’s genetic data	N/A	N/A
Biometric information that is processed for the purpose of uniquely identifying a consumer	N/A	N/A
Personal information collected and analyzed concerning a consumer’s health	N/A	N/A
Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation	N/A	N/A

The categories of sources from which we collect personal information and our business and commercial purposes for using and disclosing personal information are set forth in "Personal Information We Collect", "How We Use Your Personal Information", and "How We Disclose Your Personal Information" above, respectively. We will retain personal information in accordance with the time periods set forth in "Retention of Personal Information."

We may "sell" and "share" your personal information to provide you with "cross-context behavioral advertising" about Rarilabs’s products and services.

Additional Privacy Rights for California Residents

Opting Out of "Sales" of Personal Information and/or "Sharing" for Cross-Context Behavioral Advertising under the CCPA. California residents have the right to opt out of the "sale" of personal information and "sharing" of personal information for "cross-context behavioral advertising." California residents may exercise these rights by using the information found in "Contact Us".

Disclosure Regarding Individuals Under the Age of 16. Rarilabs does not have actual knowledge of any "sale" of personal information of minors under 16 years of age. Rarilabs does not have actual knowledge of any "sharing" of personal information of minors under 16 years of age for "cross-context behavioral advertising."

Disclosure Regarding Opt Out Preference Signals. Applicable law may provide for an opt out by broadcasting an Opt Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Disclosure Regarding Sensitive Personal Information. Rarilabs may only uses and discloses sensitive personal information for the following purposes:

To perform the Services reasonably expected by an average consumer who requests those goods or services.
To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
To resist malicious, deceptive, fraudulent, or illegal actions directed at Rarilabs and to prosecute those responsible for those actions.
To ensure the physical safety of natural persons.
To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Rarilabs, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Rarilabs.
For purposes that do not infer characteristics about individuals.

Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.

Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling requests submitted under the CCPA. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include Rarilabs’s request for the specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To authorize an agent, provide written authorization signed by you and your designated agent using the information found in "Contact Us" below and ask us for additional instructions.

SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in "Contact Us" below.

CHILDREN’S INFORMATION

The Services are not directed to children under 18 (eighteen) (or other age as required by local law), and we do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has uploaded personal information to our Services without your consent, you may contact us as described in "Contact Us" below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account, if applicable.

OTHER PROVISIONS

Third-Party Websites/Applications. The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our Users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

Verification Process. Only you, or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. If you designate an authorized agent to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us.

The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Our verification process may also include a request for additional information to confirm your identity or your authorized agent’s identity (such as your name, email address and date of birth) or to obtain proof that you have given your authorized agent permission to act on your behalf. If our verification process is successful, we will respond to your request within the time and in the manner required by applicable law. If we cannot validate the identity of you and/or your authorized agent or obtain proof that you have given your authorized agent permission to act on your behalf, we will attempt to contact you to inform you.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We will deliver our written response by mail or electronically, at your option. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the personal information from one entity to another entity without hindrance, specifically by electronic mail communication. Further, if you would like to appeal any decision we make about your request, you may contact us as stated in the "Contact Us" section below.

Rarilabs is the controller of the personal information we process under this Privacy Notice.

If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us at:

Name: Rarilabs, Inc., a Delaware corporation.
Address: 1101 Brickell Avenue, South Tower, 8th Floor, Miami, FL 33131.
Email: legal@rarilabs.com.