California Disclosures and Privacy Policy (“California Privacy Policy”)

January 3, 2023

The State of California requires that we provide privacy information for individuals who reside in California.  If you do not reside in California, the provisions of this California Privacy Policy will not apply to you.

For California residents, here is a summary of what you will learn from this California Privacy Policy:

  1. Personal Information We Collect
    1.1  Categories of personal information collected
    1.2 How we obtain your personal information
    1.3 How we use your personal information
    1.4 How long we retain your personal information
    1.5 Who we disclose your personal information with
    1.6 Sale of personal information
    1.7 Sharing of personal information
    1.8 Employees / Former Employees / Applicants
  2. Your rights under the CCPA
    2.1 Right to Know
    2.2 Right to Delete
    2.3 Right to Correct
    2.4 Right to Limit Use of Sensitive Personal Information
    2.5 Right to Opt-Out and How to Submit an Opt-Out Request
    2.6 Right to Non-Discrimination
  3. Submitting a Request to Know, Request to Delete or Request to Correct
    3.1 How to submit a request
    3.2 Authorized agents
    3.3 Response timing and delivery method
  4. Do Not Track Signals
  5. Social Media
  6. Changes to California Privacy Policy
  7. How to contact us

Below is the legal information we are required to share:
The California Privacy Policy applies to Hart Howerton, and all of its operating affiliates and subsidiaries, and the website www.harthowerton.com (collectively, “Hart Howerton,” “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”).  We adopt these California Disclosures and Privacy Policy to comply with California privacy laws. The California Consumer Privacy Act and the California Privacy Rights Act are collectively referred to as “CCPA. ” Any terms defined in the CCPA have the same meaning when used in this California Privacy Policy.

1

Personal Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual consumer, device, or household (“personal information”).  It does not include, amongst others, information that is publicly available, aggregated, or de-identified.

1.1 Categories of Personal Information We Collect
We collect the following categories of personal information:

  • Sensitive Personal Information” such as Federal Employer Identification Numbers (FEINs), Social Security numbers (SSNs), Driver’s license, financial account or card numbers, Racial and ethnic characteristics, Contents of mail, email and text messages,.
  • Identifiers” such as name, alias, address, unique identifier, internet protocol address, email address, account number, Federal Employer Identification Number, Social Security Number, or government identification number;
  • Other Personal Information” such as name, signature, Federal Employer Identification Number, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories;
  • Protected Characteristics” under California or federal law for classifications such as race, color, ancestry, national origin, citizenship, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, or veteran or military status;
  • Commercial Information” such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Internet or Network Activity” such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement;
  • Biometric Information” such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, or gait;
  • Geolocation” such as physical movements or location;
  • Sensory Data” such as audio, electronic, or visual information  when you participate in telephone screens or video interviews with us;
  • Professional or Employment Related Information” such as current or past job history or performance evaluations; and
  • Inferences” such as profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

1.2 How We Obtain Your Personal Information

Directly from you.

You enter or provide us with information online, by email, by phone, or by document upload.

For example, when you engage our services or provide vendor services.

From internet searches or social media.We may collect information from your interaction with our network or website.
From vendors that interact with us in connection with the products and services we provide.For example, companies that work with us to market our products to you, or the software programs that we use in our design process.

1.3 How We Use Your Personal Information
We may collect, use, or disclose the personal information we collect for one or more of the following purposes:

  1. Performing services such as maintaining or servicing accounts, providing customer service, processing, or fulfilling transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytic services, or storing client records. Examples of such activities:
    1. To fulfill or meet the reason for which the information is provided.
    2. To provide you with information, products, or services that you request from us.
    3. To provide you with email alerts and other notices concerning our products or services, or events or news, that may be of interest to you.
    4. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
  1. Undertaking internal research for technological development and demonstration.
  2. Debugging to identify and repair errors that impair existing intended functionality.
  3. Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes.
  4. Short-term, transient use, provided the consumer’s personal information is not disclosed to another third party and is not used to build a profile about a the consumer or otherwise alter the consumer’s experience outside the current interaction with the business.
  5. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
  6. To comply with our legal or regulatory obligations.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

1.4 How Long We Retain Your Personal Information
Based on contractual requirements and/or legal requirements, personal information is maintained for a specified period of time, as required by legal, regulatory, or industry requirements.  Additional information such as emails, client designs, and vendor agreements are maintained for business purposes for an indefinite amount of time.

1.5 Who We Disclose Your Personal Information To
We may disclose your personal information to a service provider, contractor, or third party. When we disclose personal information to a service provider or contractor, we enter a contract that describes the purpose and requires the service provider to both keep that personal information confidential and not use it for any purpose except performing the contract or as otherwise allowed under the CCPA. We disclose personal information to third parties as follows:

With account servicing systems, payment processors, and fraud prevention vendors we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Commercial Information, Internet and Network Activity, Professional or Employment Related Information.

With shipping providers we disclose Identifiers and Other Personal Information.

With software applications and design services, we disclose Identifiers, Other Personal Information, Commercial Information,  Internet and Network Activity, Professional or Employment Related Information.

With data analytics, network monitoring services, and incident response providers, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Geolocation, Biometric Data, Internet and Network Activity, Professional or Employment Related Information, Inferences.

With word processing, communication applications, and calendar providers we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Geolocation, Internet and Network Activity, Professional or Employment Related Information, Inferences.

With our advisors such as lawyers, accountants, auditors, banks / lenders, insurers, and consultants, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Geolocation, Biometric Data, Internet and Network Activity, Professional or Employment Related Information, Inferences.

With our governmental and regulatory agencies, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Biometric Information, Geolocation, Sensory Data, Professional or Employment Related Information, and Inferences.

With law enforcement, courts, and pursuant to legal process where required by law, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Biometric Information, Geolocation, Sensory Data, Professional or Employment Related Information, and Inferences.

1.6 Sale of Personal Information:
We do not sell your personal information.  We do not sell the personal information of minors under 16 years of age without affirmative authorization.

1.7  Sharing of Personal Information:
We do not share your personal information.  Our site is not intended for or directed to minors.  We do not knowingly share the personal information of minors under 16 years of age.   (“Sharing” is means the disclosure of personal information for cross-contextual behavioral advertising.)

1.8 Employees / Former Employees / Applicants:
If you are an employee, former employee, owner, officer, director, or job applicant with Hart Howerton, please visit our for information on your rights and how to exercise those rights.  This information was previously provided to you in relation to your employment or application for employment.

2

YOUR RIGHTS UNDER THE CCPA
The CCPA provides California residents with specific rights regarding their personal information – the Right to Know, the Right to Delete, the Right to Correct, the Right to Limit use of Sensitive Personal Information, the Right to Opt-Out of the Sale of Personal Information or Sharing of Personal Information, and the Right to Non-Discrimination. This section describes your CCPA rights and explains how to exercise those rights, if applicable.

2.1 Right to Know:
You have the right to request that we disclose certain information to you about our collection, use, and disclosures of your personal information (“Right to Know”).  Once we receive and verify your request, we will disclose to you:

  • Categories of Personal Information Collected, Disclosed, Sold, and/or Shared
    • The categories of personal information we collected about you.
    • The categories of sources for the personal information we collected about you.
    • Our business or commercial purpose for collecting that personal information.
    • The categories of third parties with whom we share that personal information.
    • If we disclosed your personal information for a business purpose, the categories of personal information shared with each category of third party recipients.
    • If we sold or shared your personal information for cross-contextual behavioral advertising, the categories of personal information sold or shared.
  • Specific Information
    • The specific pieces of personal information we collected about you.

2.2 Right to Delete:
You have the right to request that we delete any of your personal information that we collected and retained, subject to certain exceptions (“Right to Delete”). Once we receive and verify your request, we will delete, de-identify, or aggregate your personal information (and direct our service providers to do the same), unless an exception applies.

We may deny your Request to Delete if retaining the personal information is necessary for us or our service providers to:

  • Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
  • To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
  • Comply with a legal obligation.
  • Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

2.3 Right to Correct:
You have the right to request that we correct your personal information if it is inaccurate (Right to Correct).  Once we verify your identity and confirm that your personal information is inaccurate, we will correct your personal information (and direct our service providers to do the same).

2.4 Right to Limit the Use of Sensitive Personal Information:
You have the right to direct a business that collects your sensitive personal information to limit its use to uses which are necessary to perform the services or provide the goods reasonably expected.  However, we only use Sensitive Personal Information as exempt from the CCPA; to provide the goods and services requested by you; to prevent, detect, and investigate security incidents; to resist malicious, deceptive, fraudulent, or illegal actions and to prosecute those responsible for such actions; to ensure people’s physical safety; to perform services on our behalf; to verify or maintain the quality or safety of our products, services, and devices.

2.5 Right to Opt-Out and How to Submit a Request to Opt-Out
The CCPA gives consumers the right to opt-out of 1) the sale of their personal information, 2) the sharing of their personal information for cross-context behavior advertising, or 2) for use in automated decision making.

2.5.1 Sale of Personal Information
We do not sell your personal information.  We do not sell the personal information of minors under 16 years of age without affirmative authorization.

2.5.2 Sharing Information for Cross-Contextual Behavioral Advertising
We do not share your personal information.  Our site is not intended for or directed to minors.  We do not knowingly share the personal information of minors under 16 years of age.

2.5.3 Automated Decision Making
The CCPA gives consumers the right to opt-out of the use of automated decision-making technology in connection with decisions about the consumer’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.  However, we do not use automated decision-making technology for these purposes.

2.6 Right to Non-Discrimination:
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not deny you goods or services, charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, provide you a different level or quality of goods or services, suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

3

SUBMITTING A REQUEST TO KNOW, REQUEST TO DELETE, REQUEST TO CORRECT

3.1 How to submit a request:
To make a Request to Know, Request to Delete or Request to Correct, please contact us by either:


Please provide us with:

  • name,
  • address,
  • company name,
  • email address, and
  • phone number.


Only 1) you or 2) a person authorized by you to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a request on behalf of your minor child.

You may only make a Request to Know twice within a 12-month period.

A Request to Know, Request to Delete, or Request to Correct must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
  • If you are submitting a Request to Know specific pieces of personal information, you will need to submit a declaration under the penalty of perjury confirming you are only correcting information about yourself.

3.2 Authorized Agents

Before we can respond to a Request to Know, Request to Delete, or Request to Correct submitted by an authorized agent, we need to verify not only that person or entity’s authority to act on your behalf but also verify the identity of the authorized agent.

If you are authorized to submit a request on behalf of a California resident, please email us at: privacy@harthowerton.com and provide the following information:

  1. To verify your authorization to request on behalf of a California resident, please attach a copy of one or more of the following to your request email:
    • written permission from the California resident, or
    • a valid power of attorney
  1. To verify your identity, please attach copies of the following to your request email:
    • Valid Government Issued ID (not expired) AND
    • a utility bill, bank statement, or similar documentation to verify your name and address.
  1. To verify the identity of the consumer for whom you are submitting the request, please attach the following with your request email:
    • name,
    • address,
    • company name,
    • email address, and
    • phone number.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.

3.3 Response Timing and Delivery Method:

We will acknowledge receipt of your request within 10 business days of its receipt.  We will respond to a request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

DO NOT TRACK SIGNALS
We do not respond to Do Not Track signals.

5

SOCIAL MEDIA
We encourage you to review your privacy options and settings with the social media platforms and networks you use to understand what choices you have about disclosing your information through those platforms and networks with us.

6

CHANGES TO OUR PRIVACY POLICY
We reserve the right to amend these California Disclosures and Privacy Policy at our discretion and at any time. When we make material changes to this privacy policy, we will notify you by email or through a notice on our website homepage.

7

HOW TO CONTACT US

If you have any questions or comments about this policy, the ways in which we collect and use your personal information, your rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Privacy Support Phone:                (415) 439-2200

Privacy Support E-Mail:                privacy@harthowerton.com

Postal Address:                              Attn:  Privacy

Hart Howerton

One Union Street

San Francisco, CA 94111

Effective Date 01/01/2023