Privacy Policy

Effective Date: 03/19/2025

Contact Discovery Privacy Policy

Contact Discovery Services, LLC, and our authorized technology partners (collectively)(“Company”, “Organization”, “We”, “Contact Discovery”, Or “CDS”) respect your privacy and commit to protecting it through our compliance with the practices described in this notice.

This notice describes our practices for collecting, using, maintaining, protecting, and disclosing the personal data we may collect from you or that you may provide when you visit our website or other digital properties, communications, or forms that link or refer to this notice (our “Website”). This notice applies to the personal data collected through our Website, regardless of the country where you are located.

The Website may include links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. We do not control these third-party websites, and we encourage you to read the privacy notice of every website you visit or service you enable.

Please read this notice carefully to understand our policies and practices for processing and storing your personal data. By engaging with our Website, you accept and consent to the practices described in this notice. This notice may change from time to time (see Changes to Our Privacy Notice). Your continued engagement with our Website after any such revisions indicates that you accept and consent to them, so please check the notice periodically for updates.

Data We May Collect About You

We collect and use different types of data from and about you including:

Personal data that we could reasonably use to directly or indirectly identify you, such as your name, postal address, email address, telephone number, user name or other similar identifier, or any other identifier we may use to contact you online or offline (“personal data”). Contact Discovery may collect information from individuals as a result of the employment application process, in addition to the above information, such as date of birth, Social Security number, and employment, financial, or health information which appear on any resume or job application which you provide.
Non-personal data that does not directly or indirectly reveal your identity or directly relate to an identified individual, such as demographic information, statistics, or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific Website feature.
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, or operating system and platform.
Non-personal details about your Website interactions, including the full Uniform Resource Locators (URLs), clickstream information to, through, and from our Website (including date and time), products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from the page.

If we combine or connect non-personal, demographic, or technical data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data.

How We Collect Data About You

We use different methods to collect data from and about you including through:

Direct interactions. You may give us information about you by filling in forms or by corresponding with us by phone, email or otherwise. This includes information you provide when you complete forms on the Website, information provided when entering a contest or promotion sponsored by the organization, conduct search queries, communicate with us via email addresses specified on our sites, any correspondence where you reach out to us using Contact Web Media, when you participate in a survey, inquire about products or services, apply for a position of employment, and when you report a problem with our Website.
Automated technologies or interactions. As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns as specified above. We collect this information by using cookies, server logs, and other similar technologies (see Cookies and Automatic Data Collection Technologies).
Third parties or publicly available sources. We may receive information about you if you visit other websites employing our cookies or from third parties including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, data brokers, or aggregators.

Cookies and Automatic Data Collection Technologies

Our Website uses cookies (small files placed on your device) or other automatic data collection technologies to distinguish you from other Website users. Our Website pages and emails may contain web beacons (small transparent embedded images or objects, also known as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count website page visitors or email readers, or to compile other similar statistics such as recording Website content popularity or verifying system and server integrity.

This helps us deliver a better and more personalized service when you browse our Website. It also allows us to improve our Website by enabling us to:
Estimate our audience size and usage patterns.
Store your preferences so we may customize our Website according to your individual interests.
Speed up your searches.
Recognize you when you return to our Website.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Please contact us at privacy@contactdiscoveryservices.com for information on how you can opt out of behavioral tracking on this Website and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.

You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, certain parts of our Website may become inaccessible and certain features may not work correctly. Unless you adjust your browser settings to refuse cookies, our system will issue them.

Automatic Web Collection Technologies We Use

Our Website uses the following automatic data collection technologies:

Browser Cookies: A small file generated by a website and saved by your web browser for the purposes of remembering information about, like a preference file that the website uses to create a better experience the next time you visit the site. You may disable the cookie feature within your browser by selecting the appropriate setting but be advised that portions of the site may not function as expected.
Flash Cookies: Features of a website, similar to browser cookies, that store information specific to an interaction with a flash element on a website. They are just another form of a preference file used to create a better experience upon return to the site.
Web Beacons: A web beacon (also called web bug, tracking bug, tag, web tag, page tag, tracking pixel, pixel tag, 1×1 GIF, or clear GIF) is a technique used on web pages or email to unobtrusively (usually invisibly) allow checking that a user has accessed some content on a website.
Marketing Pixels: A Pixel is a tracking technology that allows the organization the ability to gather information about a visitor and then target paid ads based on that usage data that would be most interesting to them.
Google Analytics: Google Analytics is a tool the organization uses to track website activity such as session duration, pages per session, bounce rate etc. of individuals using the site, along with the information on the source of the traffic. Click Here to access Google Analytics terms of services.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Website are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. They may associate the information collected with your personal data or they may collect information, including personal data, about your online activities over time and across different websites or other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control how these third-party tracking technologies operate or how they may use the collected data. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Your Personal Data Use Choices.

How We Use Your Personal Data

We use your personal data to provide you with products, offer you services, communicate with you, deliver advertising and marketing, or to conduct other business operations, such as using data to improve and personalize your experiences. Examples of how we may use the personal data we collect include to:

Our website offers you access to information, services, and support that are available and that you may request from us.
Meet our obligations and enforce our rights arising from any contracts with you, including for billing or collections, or comply with legal requirements.
Fulfill the purposes for which you provided the data or that were described when it was collected.
Notify you about changes to our Website, products, or services.
Ensure that we present our Website content in the most effective manner for you and for your computer.
Administer our Website and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes.
Improve our Website, products or services, marketing, or customer relationships and experiences.
Enable your participation in our Website’s interactive, social media, or other similar features.
Protect our Website, employees, or operations.
Measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you.
Make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.
Create a good user experience for our Contact Web Media interactions and present our product offering in a positive light.
Schedule Demos or follow ups to build a business relationship.
Contact you if you have been found to be using the site inappropriately.
Fulfill a request made by you in the normal course of business.
Allow for the use of certain features of Contact Web Media
Target ads to usage data.
For any other purpose for which you have provided consent.

We may also use personal data to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your data in this way, please check the relevant box located on the form where we collect your data. For more information, see Your Personal Data Use Choices.

We may use personal data to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your personal data for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

We may use non-personal data for any business purpose.

Disclosure of Your Personal Data

We do not sell, rent, or share any of your personal information collected through Contact Web Media to any third parties, and only share your information as described in this Privacy Policy. We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may from time to time use the information collected in conjunction with a third-party application or service as a delivery mechanism to run marketing outreach campaigns. We take care in selecting third party companies to partner with and perform due diligence into their procedures on how the data is handled if a cloud service is being leveraged. We may share your information with vendors who provide services to us, such as providing data processing and other information technology services, auditing, compliance, and corporate governance functions.

We may share your personal data with:

Any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, and our affiliates.
Business partners, suppliers, service providers, sub-contractors, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization). We contractually require these third parties to keep that personal data confidential and use it only for the contracted purposes.
Advertisers and advertising networks that require the data to select and serve relevant ads to you and others. We do not disclose data about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in a specific location). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience. We do not share personal information with third parties for their own direct marketing purposes.
To fulfill the purpose for which you provide it.
For any other purposes that we disclose in writing when you provide the data.
With your consent.

We may also disclose your personal data to third parties:

In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
To a buyer or other successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.
To comply with any court order, law, or legal process, including responding to any government or regulatory request.
To enforce or apply our terms of use and other agreements.
To protect the rights, property, or safety of our business, our employees, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of cybersecurity, fraud protection, and credit risk reduction.

We may share non-personal data without restriction.

Your Personal Data Use Choices

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:

Promotional Offers from the Company. If you do not want us to use your email address/contact information to promote our own products and services, or third parties’ products or services, you can opt-out by sending us an email with your request to info@contactdiscoveryservices.com. You may also opt-out of further marketing communications by replying to any promotional email we have sent you or following the opt-out links on that message.
Third-Party Advertising. Some content or applications, including advertisements, on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Website may become inaccessible or not function properly. For more information about tracking technologies, please see Cookies and Automatic Data Collection Technologies.
Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out. For information on how you can opt out of behavioral tracking on this Website, please contact us at info@contactdiscoveryservices.com.

Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates, or include plug-ins enabling third-party features. If you follow a link to any third-party website or engage a third-party plug-in, please note that these third parties have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.

Accessing and Correcting Your Personal Data

You can access, review, and change your personal data by sending a request via email to privacy@contactdiscoveryservices.com. You may request access to, correct, or delete personal data that you have provided to us. We may not accommodate a request to change or delete information if we believe the change or deletion would violate any law or legal requirement or negatively impact the information’s accuracy.

Jurisdiction Specific Rights

U.S. State Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia provide (now or in the future) state residents with certain rights. Such rights may include the following:

Right to Know. You have the right to confirm whether we are processing your personal data and access such data, including:
- The categories of personal information we have collected about you;
- The purpose for processing your personal information;
- How you can exercise your rights and appeal a decision regarding your request;
- The categories of personal information that we have shared with third parties; and
- The categories of third parties with whom we have shared your personal information.
Right to Correct. You have a right to correct inaccuracies in the personal data we have collected about you, considering the nature of the personal data and the purposes of the processing of your personal data (excluding Iowa)
Right to Delete. You have the right to request that we delete the personal information we have collected from you unless we need to retain that information for a specified purpose as exempted under state law.
Right to Obtain a Copy. You have a right to obtain a copy of the personal data we have collected on you.
Right to Opt Out. You have the right to opt out of the processing of your personal data for purposes of (i) targeted advertising(excluding Iowa), (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you (excluding Iowa and Utah).
Right to Appeal. If we decline to act regarding your request, you have the right to appeal this decision. We will decide the outcome of your appeal within 60 days of receipt of such appeal, and we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
Other Rights. You also have the right not to be discriminated against for exercising any of the rights listed above.

The exact scope of these rights may vary by state. In addition to the above, Nevada law provides Nevada residents with the right to request that we do not sell your personal information. However, please know we do not currently sell data triggering that statute’s opt-out requirements. Further, Delaware law provides residents with a right to obtain a list of the categories of third parties that we have disclosed the respective individual’s personal data.

To exercise any of these rights please email us at privacy@contactdiscoveryservices.com. We will address your request within forty-five (45) days. To appeal a decision regarding a consumer rights request you may send an email to privacy@contactdiscoveryservices.com, stating the reasons for your appeal. We cannot guarantee specific outcomes regarding appeal requests. You will receive a response to your appeal request within forty-five (45) days.

To request access to or deletion of your personal information, or to exercise any other data rights provided above, please contact us via email at privacy@contactdiscoveryservices.com. Please include your full name, residential address, e-mail address, and phone number, along with why you are writing, so that we can process your request in an efficient manner.

We aim to respond to a consumer request for access or deletion within forty-five (45) days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing. If we decline to act regarding a consumer request, we will inform you of the reason within forty-five (45) days of receiving that request.

California

This Privacy Policy for California residents supplements the information contained in any privacy related policies of Contact Discovery and its subsidiaries (collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act (“CPRA”), and other California privacy laws. Any terms defined in the CCPA and CPRA have the same meaning when used in this notice.

I. Information We Collect

The CCPA and CPRA define “Personal information” as information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household. Under the CPRA, “Personal Information” further includes “Sensitive Personal Information” such as social security number, driver license number, state identification card, passport number, financial data, genetic data, biometric data, precise geolocation, and racial and ethnic origin, content of consumer communications (email, mail, or text), unless the business is the intended recipient, genetic data, and information collected concerning a consumer’s health, sex life, or sexual orientation.

Personal Information does not include:

Publicly available information from government records.
De-identified or aggregated consumer information.
Other regulated information that is excluded from the CPRA’s scope, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We may collect information from you in different ways and for different purposes. The types of information we collect will depend on your interaction with us, including the types of products or services you use and what you do on our website. Further, your personal information will be deleted or blocked as soon as the purpose for the storage no longer applies and the storage is no longer necessary to comply with regulatory requirements, usually for the duration of the respective contractual relationship, including any applicable statutory retention period. The below section includes the categories of information that we may have collected within the last twelve (12) months or may collect and includes the examples of information under each category:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, name, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, , , telephone number, employment, Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	NO
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	NO
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
G. Geolocation data.	Physical location or movements.	YES
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO
L. Sensitive Personal Information	Identifiers listed in the preceding category B and precise geolocation, racial and ethnic origin.	NO

II. How Is Personal Information Collected

We obtain the categories of Personal Information listed above from the following categories of sources:

Directly from customers, suppliers, employees or their agents. For example, from documents that our customers provide to us related to the goods and/or services for which they engage us.
Indirectly from our customers, suppliers, employees or their agents. For example, through information we collect from our customers in the course of providing goods and/or services to them.
Directly and indirectly from activity on our websites. For example, from submissions through website portals or website usage details collected automatically.
From third-parties that interact with us in connection with the services we perform. For example, recruitment agencies or other contractors used in connection with human resources.

III. Use of Personal Information

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

To fulfill or meet the reason for which the information is provided.
To provide you with information, products or services that you request from us.
To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To improve our website and present its contents to you.
For testing, research, analysis and product development.
As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described to you when collecting your personal information or as otherwise set forth in the CCPA/CPRA.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

IV. Use of Sensitive Personal Information

We may use or disclose the Sensitive Personal Information we collect for one or more of the following business purposes:

To evaluate job applications and job applicants
For the business or employment purpose for which the information was collected or shared

V. Sharing Personal Information

We may disclose your Personal Information to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

  Category A: Identifiers.
  Category B: California Customer Records personal information categories.
  Category F: Internet or other similar network activity.
  Category G: Geolocation data.

We disclose your personal information for a business purpose to the following categories of third parties:

Our affiliates.
Service providers.
Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

VI. Your Rights

The CCPA and CPRA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA and CPRA rights and explains how to exercise those rights.

A. Right to Access
You have the right to know the information contained in this policy and our website Privacy Policy, and to request access to a copy of the Personal Information that we have collected about you directly or indirectly, including Personal Information collected by a service provider or contractor on our behalf.

B. Request to Know
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request to know, we will disclose to you:

The categories of Personal Information we collected about you.
The categories of sources for the Personal Information we collected about you.
Our business or commercial purpose for collecting that Personal Information.
The categories of third parties with whom we share that Personal Information.
The specific pieces of Personal Information we collected about you.
If we disclosed your Personal Information for a business purpose, the Personal Information categories that each category of recipient obtained.

C. Request to Delete
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request to delete, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your request to delete if retaining the information is necessary for us or our service providers to:

Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

D. Right to Correct
In certain circumstances, you have the right to request correction of any inaccurate personal information.

E. Right to Opt-Out/Do Not Sell Personal Information
We do not sell your Personal Information for monetary or other valuable consideration.
We do not share your Personal Information for the purposes of cross-context behavioral advertising. Cross-context behavioral advertising under the CPRA is “the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts.

F. Right to Limit the Use of Sensitive Personal Information
We limit our use of Sensitive Personal Information to only the purposes necessary to perform covered services, and for certain business and commercial purposes described above.

G. Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. Unless permitted by the CCPA/CPRA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

H. Exercising Your Rights
To exercise your rights to requests described above, please submit a verifiable consumer request to us by either:

Calling us toll-free at 855-998-9500
Using the web form available at contactdiscoveryservices.com/contact-us/
Emailing us at privacy@contactdiscoveryservices.com with the subject line “California Rights Request”

Only you or a person legally authorized to act on your behalf, may make a verifiable consumer request to know or request to delete. You may also make a verifiable consumer request on behalf of your minor child. A verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

You may only make a verifiable consumer request to know twice within a 12-month period.

We cannot respond to your request to know or request to delete if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. Depending on your type of request or the information requested by you, we may require additional information in order to verify your identity and fulfil your request. To verify your identity, we will ask that you provide the following information when you submit your request:

First Name
Last Name
Email Address
Mobile Phone Number
Address
City
State
Zip Code
Brief description of your relationship with Contact Discovery and the nature of your request.

We will only use this information to confirm your identity. If we cannot successfully verify your identity, we will inform you of that fact.

I. Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact privacy@contactdiscoveryservices.com. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request to know or request to delete unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

VII. Requesting Notice in Alternative Format/Language

You may be able to request this Notice in another language where we provide such notices in the ordinary course of business or in an alternative format if you have a disability. Please contact the Privacy Representative below to request an alternative format.

VIII. Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share your information with third parties for their direct marketing purposes.

IX. Changes to our Privacy Policy

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you through a notice on our website homepage.

X. Affiliates Providing This Notice

This policy is provided by Company and its subsidiaries that act as a business within the meaning of the CCPA and CPRA.

XI. Contact Information

If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us via email at privacy@contactdiscoveryservices.com.

European Economic Area (EEA) and United Kingdom (UK): Your Rights

Please note: To protect your privacy, we may ask for additional information to verify your identity in order for us to respond to your request

Under EU Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, including the United Kingdom’s substantially similar law as it takes effect in the United Kingdom by virtue of the Data Protection Act 2018 (collectively the “GDPR”), you have a number of rights when it comes to your personal information. Further information and advice about your rights can be obtained from the data protection regulator in your country of residence. You can exercise any of these rights by contacting us through our email, phone or mailing address in the “Contact Us” section below.

The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Information and your rights. This is why we’re providing you with the information in this Policy.
The right of access. You have the right to obtain access to your Personal Information, so you’re aware and can check that we’re using your information in accordance with data protection law.
The right to rectification. You are entitled to have your Personal Information corrected or amended if it is no longer inaccurate or incomplete or, as the case may be, collected in violation of the EU-US Data Processing Framework.
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
The right to restrict processing. You have rights to ‘block’ or suppress further use of your Personal Information. When processing is restricted, we can still store your Personal Information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.
The right to data portability. You have rights to obtain and reuse your Personal Information for your own purposes across different services. This is not a general right and there are exceptions.
The right to object to processing. You have the right to object to certain types of processing, and may change your preferences as described above.
The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator:
- UK Information Commissioner’s Office (ICO) at www.ico.org.uk
- EU authorities at http://ec.europa.eu/justice/article-29/structure/data-protectionauthorities/index_en.htm
- Swiss FDPIC at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

The right to withdraw consent. As noted above, if you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Information with your consent up to that point is unlawful). You can withdraw your consent to the processing of your personal information at any time.

Former, current, or prospective corporate customer contacts have the right to exercise choice (opt-out) from our use of their GDPR Personal Data for direct marketing purposes. To exercise this right, please follow the instructions in any direct marketing message you may have received (e.g., click the provided opt-out link in the email message or send us an email or postal mail request to opt-out in accordance the instructions provided in the direct marketing message). In certain situations, we may be required to disclose GDPR Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

Please contact us at privacy@contactdiscoveryservices.com if you have any questions, wish to exercise your rights of access, or seek other assistance as described above.

EU Data Subjects and Extra-Territorial

Contact Discovery safeguards personal data received in the United States from the UK, European Union, or EEA about former, current, or prospective corporate customer contacts and which is regulated by the (UK) GDPR. We are committed to protecting such GDPR Personal Data in accordance with our obligations under applicable law, such as GDPR Articles 45 to 50, and the Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.

Contact Discovery has implemented appropriate cross-border transfer solutions in accordance with the GDPR, such as European Commission Standard Contractual Clauses (also known as Model Contractual Clauses) and the UK’s International Data Transfer Addendum (UK Addendum) as the legal basis for transferring personal data to third countries, including the United States. To the extent permitted by applicable law, your use of this site constitutes your consent to the transfer of your Personal Data to Contact Discovery in the United States in the context of the EU-US Data Privacy Framework as set out in Commission Implementing Decision of July 10, 2023 pursuant to the GDPR on the adequate level of protection of personal data under the EU-US Data Privacy Framework.

Contact Discovery complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Contact Discovery has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Contact Discovery has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in the privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more above the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Contact Discovery Services, LLC’s compliance with the Data Privacy Framework is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

To view our DPF Privacy Policy, please visit https://contactdiscoveryservices.com/data-privacy-framework-program/.

In all cases where Contact Discovery transfers personal information to a third party acting as a controller, Contact Discovery will comply with the Notice and Choice Principles. Contact Discovery will enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by you and that the recipient will provide the same level of protection as the Principles and will notify Contact Discovery if it makes a determination that it can no longer meet this obligation. The contract also provides that when such a determination is made the third-party controller will cease processing or takes other reasonable and appropriate steps to remediate.

In all cases where Contact Discovery transfers personal data to a third party acting as an agent (processor for GDPR purposes), Contact Discovery will:

Transfer such data only for limited and specified purposes;
Ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles;
Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles;
Require the agent to notify Contact Discovery if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
Upon notice, including under IV, take reasonable and appropriate steps to stop and remediate unauthorized processing; and,
Provide a summary or a representative copy of the relevant privacy provisions of Contact Discovery’s contract with that agent to the U.S. Department of Commerce upon request.

When we transfer your information to third parties, we comply with the requirements of the legal protections that cover your information. For example, when we perform an onward transfer of your information protected under the GDPR, we remain responsible for the processing of your personal information. For information subject to an onward transfer by us under the Data Privacy Framework, we will remain liable under the Data Privacy Framework Principles if a recipient of your protected personal information processes such personal information in a manner inconsistent with the Principles, unless we are able to prove that we are not responsible for the event giving rise to the damage.

Dispute Resolution. If a privacy complaint or dispute relating to Personal Data received by Contact Discovery Services, LLC in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/public-resources/dispute-resolution/submit-dispute/ If a complaint or dispute cannot be resolved through our internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.

Binding Arbitration. If your dispute or complaint related to your Personal Data that we received in reliance on the Data Privacy Framework cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.

Data Security

The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorized access, use, alteration, or disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website.

Children’s Online Privacy

We do not direct our Website to minors and we do not knowingly collect personal data from children under 18 or as defined by local legal requirements. If we learn we have mistakenly or unintentionally collected or received personal data from a child without appropriate consent, we will delete it. If you believe we mistakenly or unintentionally collected any information from or about a child, please contact us at privacy@contactdiscoveryservices.com.

Changes to Our Privacy Notice

We will post any changes we may make to our privacy notice on this page and indicate on the Website home page that we updated this privacy notice. If the changes materially alter how we use or treat your personal data we will notify you through a notice on the Website home page. Please check back frequently to see any updates or changes to our privacy notice.

Contact Information

Please address questions, comments, and requests regarding this privacy notice and our privacy practices to:

Contact Discovery Services
Attn: Privacy Representative
1100 13th Street NW, Suite 925
Washington, DC 20005
privacy@contactdiscoveryservices.com
Our appointed privacy representative is Rashida Truesdale.

Processor Compliance and Security

We are committed to ongoing compliance with applicable regulatory and statutory requirements prescribed by Data Protection Laws, including compliance with the principles of the General Data Protection Regulation (GDPR) and upholding our obligations under the Data Protection Act 2018 and any other relevant data protection legislation or regulations (“Data Protection Law”) that apply to our processing of personal data when acting on behalf of our clients.

The security of our client’s data is very important to us. Contact Discovery maintains an effective information security management protocol and technical framework for enterprise security monitoring and compliance that is designed to protect your data. Our Data Transfer Agreement enumerates our comprehensive approach to managing data including an overview of our Information Security Program, risk assessment and management, data collection and retention policies and procedures, personnel education standards, and vendor management and oversight standards.

Contact Discovery utilizes industry standard technological, physical, administrative, and procedural safeguards and infrastructure. We are ISO 27001 certified, assessed by NSF ISR, for the management of information and business activities that support functions related to forensics, processing, analytics, hosting, review, data management, and consulting services provided to law firms, corporations, and government agencies.

We regularly test, monitor, and evaluate the sufficiency and effectiveness of our Information Security Program, including Information Security Incident Response Procedures.

Contact Discovery Sub-processors and Affiliates

Contact Discovery Sub-processors may process Company Personal Data as described in the Master Services Agreement and Data Transfer Agreement, and in accordance with GDPR and other regulations. We disclose whether we intend to utilize the services any of these Sub-processors to you prior to our engagement. Sub-processors are restricted in processing your data only to the extent necessary to perform the engaged services and must implement appropriate technical and organizational measures to safeguard data.

Third-party Sub-processors that Power Integrated Cloud Technologies

The following Sub-processors power technologies that are integrated with Lighthouse Services and in part power the Lighthouse cloud functions. The Sub-processors identified may process, store, or otherwise access Customer Data and Personal Data while helping to provide that service.

Entity Name	Sub-processing Activity	Processing Location(s)	Address	Headquarters	Parent Company	Contact Information
Microsoft Azure	Cloud Hosting and Storage	US and UK	1 Microsoft Way, Redmond, WA, 98052	Seattle, US	Microsoft Corporation	Microsoft Privacy +1 (425) 882-8080
Relativity ODA LLC	Cloud Hosted Relativity Instance for RelativityOne Services	In accordance with the customer-specified regionality	231 South LaSalle St., 8th Floor, Chicago, IL 60604	Chicago, US	Relativity ODA LLC	Privacy Team privacy.inquiries@relativity.com

Third-party Sub-processors that are Fully Owned Subsidiaries/Affiliates

The following Sub-processors provide services to help support, operate, and maintain Contact Services. In such cases, the Sub-processors identified may process, stored, or otherwise access Customer Data and Personal Data while providing their services.

Entity Name	Sub-processing Activity	Processing Location(s)	Address	Parent Company	Contact Information
Contact Government Services, LLC.	Support Contactby fulfilling contract resources, providing management and oversight of federal programs based on a project requirement, regulatory support for the development and implementation of government policies or technical solution support for internal initiatives. CGS resources and processing activities are performed in the United States. ISO/IEC 27001:2022 Certified	US	1100 13^th Street NW, Suite 925 Washington, DC 20005	Contact Discovery Services,LLC.	Contact Government Services +1 (888) 680-5916
Contact Review	Provide US-based reviewers, performed within Contact’s Relativity Server or RelativityOne instances. At the direction of the Client, Contact Review also can provide non-US based reviewed, performed by Aeren and conducted within Contact Review’s RelativityOne – US instance.	US, India	1100 13^th Street NW, Suite 925 Washington, DC 20005	Contact Discovery Services,LLC.	Contact Review
Cytrex Cyber	Provides breach review services	US	1100 13^th Street NW, Suite 925 Washington, DC 20005	Contact Discovery Services,LLC.	Cytrex Cyber+1 (877) 998-0949

Third-party Organizations that Provide Ancillary Support

The following organizations provide contract staff who work in close coordination with Contact employees to operate, deliver, and maintain Contact services. While doing so, the staff of these organizations may process Customer Data or Personal Data on our behalf. In all such chases the data resides only on Contact systems and is subject to Contact policies and supervision.

Entity Name	Sub-processing Activity	Processing Location(s)	Address	Parent Company	Contact Information
Aeren, LPO	Providing offshore review support for our managed review projects. All work performed by Aeren LPO is conducted within Relativity instances, hosted within the United States. ISO/IEC27001:2022 Certified	India	Plot No. 14, Rajiv Gandhi Chandigarh Technology Park, Chandigarh – 160101India	Aeren IT Solutions Private Limited	Contact Government Services +1 (888) 680-5916