top of page

VIRGINIA PRIVACY NOTICE  

PURSUANT TO VIRGINIA CONSUMER DATA PRIVACY ACT (VCDPA)

 

EFFECTIVE DATE: April 22, 2024 

 

Please read this Privacy Notice carefully. 

 

THIS VIRGINIA PRIVACY NOTICE SUPPLEMENTS OUR GENERAL PRIVACY POLICY AND ONLY APPLIES TO USERS WHO ARE RESIDENTS OF THE COMMONWEALTH OF VIRGINIA AND WHO EITHER (A) RECEIVE SERVICES DIRECTLY FROM OTUVY, INC., A UTAH CORPORATION (TOGETHER WITH ITS AFFILIATES AND SUBSIDIARIES, “COMPANY,” “WE,” or “US”), OR (B) ARE USERS OF THE SITES.  

 

This Virginia Privacy Notice has been adopted to comply with the Virginia Consumer Data Privacy Act, as amended (together with all applicable regulations, “VCDPA”), and terms defined in the VCDPA have the same meaning when used in this Notice, unless those terms have been otherwise defined in the General Privacy Policy. Accordingly, this Privacy Notice should be reviewed in conjunction with our General Privacy Policy

 

We do not sell the personal information we collect. We do not engage in behavioral advertising and will not otherwise share personal information with third parties for behavioral advertising. 

 

Special Note: The Sites are general audience sites and are not designed or intended to target children younger than 16. We do not knowingly target or collect personal information from any person younger than 16. 

 

What Information Do We Collect and Disclose? 

 

We may collect information that identifies or is linked, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”). In particular, we may have collected the following categories of personal information from consumers within the last twelve (12) months:

Category
Examples
Collected
A. Personal Information and Identifiers.
Real name, postal address, email address, telephone numbers, account name, social security number, driver’s license or state identification card number, passport number or other similar information, physical characteristics or description, insurance policy number, education, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
YES
B. Commercial Information.
Records of personal property, products or services purchased, obtained, or considered, account or other purchasing or consuming histories or tendencies.
YES
C. Internet and Network Information.
Internet protocol (IP) address, registration date, and one or more cookies that may uniquely identify a user’s browser; internet domain and the specific path, actions and navigation choices; the internet address of the site from which Sites were linked, the time and date the Sites were accessed, and the frequency and duration of visits to the Sites; browsing history, search history, information on users interaction with the Sites or other websites and applications or advertisements; or browser software, operating system and browser language, and information about location and mobile device, including a unique identifier for the mobile device.
YES
D. Non-Public Education Information
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
NO

For the previous 12 months, we may have collected the following categories of sensitive personal information:

Category
Examples
Collected
E. Protected Class Information
Personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status.
NO
F. Genetic and Biometric Information.
Fingerprint, voiceprint, eye retinas, irises, or other unique biological patterns or characteristics that is used to identify a specific individual, or other data generated by automatic measurements of an individual’s biological characteristics.
NO
G. Precise Geolocation Information.
Physical location or movements or other information derived from technology regarding location or movements.
YES

Please Note: Personal data, as defined by the VCDPA, does not include publicly available information from government records, de-identified or aggregated consumer information, or information excluded from the VCDPA’s scope, such as (i) Protected health information (PHI), defined and regulated under HIPAA; (ii) substance use disorder patient records, defined and regulated under the federal substance use disorder data confidentiality statute and rules (42 U.S.C. § 290dd-2; 42 C.F.R. §§ 2.1 to 2.67); (iii) health records, defined and regulated under Virginia's health records privacy law (Va. Code Ann. § 32.1-127.1:03); (iv) clinical trial data governed by human subject research rules; (v) Data derived from PHI or other data processed in the same manner as either (a) PHI processed by a HIPAA-covered entity or business associate; or (b)substance use patient records processed by a program or a qualified service organization as defined by 42 C.F.R. §§ 2.1 to 2.67; (vi) personal data used for public health activities, as authorized by HIPAA; (vii) personal data governed by the Health Care Quality Improvement Act of 1986; (vii) personal data governed by the Patient Safety and Quality Improvement Act; (viii)  

Personal data collected, processed, sold, or disclosed in compliance with the federal Driver's Privacy Protection Act of 1994; (ix) personal data regulated by the Family Educational Rights and Privacy Act; (x) personal data regulated by the Farm Credit Act; (xi) Emergency contact information used for emergency contact purposes; (xii) personal data necessary to administer benefits; (xiv) Personal data governed by the federal Fair Credit Reporting Act; and (xv) all other information exempt from application of the VCDPA. 

 

Employment Information: Please note that, under the VCDPA, personal data does not include personal data of persons acting in a commercial or employment context. VCDPA further excludes data collected or used within the context of an individual’s role as an employee, an applicant, independent contractor, or as an agent.

How Do We Collect Information? We may collect this information from you through information you submit to us or passively by observing your actions relative to the Sites and Services and through cookies and related technologies. We may also collect information by gathering, buying, obtaining, receiving, and accessing the information from third parties, including customers, service providers and vendors, auditors, advisors, and data brokers. For more information regarding our data collection practices please read our General Privacy Policy

 

Why Do We Collect and Process Information? We collect and process personal information for business and commercial purposes. To learn more about why we collect and process information, please review our General Privacy Policy

 

Why Do We Collect and Process Sensitive Data? We only collect and process Sensitive Personal Data for those exempt purposes set forth in Section 582 of the VCDPA, specifically: 

  • comply with federal, state, or local laws, rules, or regulations; 

  • comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities; 

  • cooperate with law-enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local laws, rules, or regulations; 

  • investigate, establish, exercise, prepare for, or defend legal claims; 

  • provide the Services specifically requested by you, perform a contract to which you are a party, including fulfilling the terms of a written warranty, or take steps at your request prior to entering into a contract; 

  • take immediate steps to protect an interest that is essential for the life or physical safety of either you or another person; 

  • prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity; preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action; 

  • assist another controller, processor, or third party with any of the obligations set forth in Section 582; 

  • conduct internal research to develop, improve, or repair products, Services, or technology; 

  • effectuate a product recall; 

  • identify and repair technical errors that impair existing or intended functionality; and 

  • perform internal operations that are reasonably aligned with your expectations or reasonably anticipated based on your existing relationship with us or are otherwise compatible with processing data in furtherance of the provision of the Services specifically requested by you or the performance of a contract to which you are a party. 

Do We Share Information With Third Parties? Yes.  We take reasonable precautions that affiliates and non-affiliated third party service providers, to whom we disclose your personally identifiable information, are aware of our privacy policies and treat the information in a similarly responsible manner. Our contracts and written agreements with non-affiliated third party service providers that receive information from us about you to prohibit those parties from transferring the information other than to provide the Services that you obtain from us. To learn more about why we share information with third parties please see our General Privacy Policy

 

        In the preceding twelve (12) months, we may have disclosed the following categories of personal information for a business purpose to those corresponding third parties listed below:

Categories of Personal Information
Third Parties Disclosed to:
Category A: Personal Information and Identifiers.
Service providers, affiliates, partners, parent or subsidiary organizations, internet cookie data recipients, data brokers or aggregators, social networks, operating systems and platforms, government entities, data analytic providers, internet service providers, advertising networks.
Category B: Commercial Information
Service providers, affiliates, partners, parent or subsidiary organizations, internet cookie data recipients, data brokers or aggregators, social networks, operating systems and platforms, government entities, data analytic providers, internet service providers, advertising networks.
Category C: Internet and Network Information
Service providers, affiliates, partners, parent or subsidiary organizations, internet cookie data recipients, data brokers or aggregators, social networks, operating systems and platforms, government entities, data analytic providers, internet service providers, advertising networks.
Category D: Non-Public Education Information
Not Applicable.
Category E: Protected Class Information
Not Applicable.
Category F: Genetic and Biometric Information
Not Applicable.
Category G: Precise Geolocation Information
Service providers, affiliates, partners, parent or subsidiary organizations, internet cookie data recipients, data brokers or aggregators, social networks, operating systems and platforms, government entities, data analytic providers, internet service providers, advertising networks.

To learn more about why we share information with third parties, please see our General Privacy Policy

 

Do We Sell Your Information? No. Although we may share data with third parties as outlined in our General Privacy Policy, we do not sell any of your personal information to any third party. 

 

Do We Share Your Information for Behavior Advertising Purposes or Otherwise Engage In Behavioural Advertising? No. Although we may share data with third parties as outlined in our General Privacy Policy and this VCDPA Privacy Notice, we do not share your personal information for behavioural advertising purposes or otherwise engage in behavioural advertising as defined by the VCDPA. 

 

How Do We Protect Personal Data? We protect data using administrative, technical, and physical safeguards.  When we use third-party service providers, we ask those providers to implement similar safeguards. However, we cannot guarantee that your information is completely secure either within Company or on the systems of third party service providers. 

 

How Long Do We Keep Your Personal Data? We retain personal data we collect from you when we have an ongoing legitimate business need to do so (i.e., to provide you with the Services you have requested, to comply with applicable legal requirements). When we no longer have an ongoing legitimate business need to process your personal information, we will physically destroy, delete or anonymize it or, if this is not possible, then we will securely store your personal data and isolate it from any further processing until deletion is possible. 

 

What Are My Virginia Consumer Privacy Rights? If you are a Virginia resident and are engaged in a direct business relationship with Company as a consumer for provision of the Sites or Services, you may have the following rights: 

  • Right to Access and Data Portability. You may request that we provide to you certain information about our collection and use of your personal information for the 12 month period preceding your request, such as (i) requesting confirmation as to whether or not we collect your personal data and process your personal data, and (ii) accessing or otherwise receiving a copy of your personal data collected by the Company (data portability request), including the categories of personal information we collected about you.

  • Though you may request specific pieces of your personal information that we have collected, we may not provide certain information in order to protect the security of such information.  

  • Right to Correct Inaccurate Data. Under certain circumstances, you may request that we correct your personal data to the extent that it is inaccurate. We may deny your request depending on factors relating to the nature of the personal data and the processing purposes.

  • Right to Request Deletion. Under certain, limited circumstances, you may request that we delete personal information that we have collected from you or maintain about you. Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining such information is necessary for us or our service providers to: 

  • Comply with federal, state, or local laws, rules, or regulations; 

  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities; 

  • Cooperate with law-enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; 

  • Investigate, establish, exercise, prepare for, or defend legal claims; 

  • Provide a product or service specifically requested by a consumer; 

  • Perform a contract to which you are a party, including fulfilling the terms of a written warranty, or take steps at your request prior to entering into a contract; 

  • Take immediate steps to protect an interest that is essential for the life or physical safety of you or of another natural person; 

  • Prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity; preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action; 

  • Engage in public or peer-reviewed scientific or statistical research in the public interest that adheres to all other applicable ethics and privacy laws and is approved, monitored, and governed by an institutional review board, or similar independent oversight entities; 

  • Assist another controller, processor, or third party with any of the obligations under the VCDPA. Make other internal and lawful uses of that information that are compatible with the context in which you provided it; or 

  • We obtained the personal data from a source other than you and we either (i) maintain a record of the deletion request and retain only the minimum data necessary to ensure your personal data remains deleted, or (ii) stop processing your personal data subject to the deletion request, other than processing for purposes excluded by VCDPA from application.

How Do I Submit a Virginia Privacy Rights Request? If you are a Virginia Resident and you have a direct business relationship with Company or you otherwise use the Sites or Services, you may make a request pertaining to the rights described above by clicking here for a Request for Disclosure and emailing or sending the Request to the email address or mailing address listed below:

Email Address:

Mailing Address:

460 North University Ave. Ste 203, Provo, UT 84601

PLEASE NOTE THAT YOUR REQUEST WILL NOT BE PROCESSED UNTIL YOUR IDENTITY HAS BEEN VERIFIED. ONCE YOUR IDENTITY HAS BEEN VERIFIED, YOUR REQUEST WILL BE PROCESSED IN ACCORDANCE WITH THE VCDPA. IF NECESSARY, WE WILL PROVIDE ADDITIONAL DETAILS AND DIRECTIONS ON IDENTITY VERIFICATION, AND AS APPROPRIATE, UPON RECEIVING YOUR REQUEST.  

 

With respect to your Virginia Privacy Rights Request, please also note the following:

  • If you choose to email or mail your request, please include “Virginia Privacy Rights Request” in the subject line. 

  • We will confirm receipt of your request within 10 business days. If you do not receive confirmation with the 10 business day timeframe, please contact privacy@otuvy.com.  

  • Once we have verified your identity, we will respond to your request within 45 days. If we require more time (up to an additional 45 days), we will notify you in writing of the reason and the extension period. 

  • Making a verifiable consumer request does not require you to create an account with us, and we will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request. 

  • If you have an account with us, we will deliver our written response to that account. If you do not have account with us, we will deliver our written response by mail or electronically, at your option. 

  • Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, as applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from entity to another entity without hindrance, specifically CSV or TSV.  

  • We, at our option, may not respond to more than two requests in a 12 month period. 

  • We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

What are My Personal Information Sales and Sharing Opt-Out and Opt-In Rights? We do not sell personal information, nor do we share personal information for behavioral advertising purposes or otherwise engage in behavior advertising. 

 

What are My Profiling Opt-Out Rights? We do not engage in the automated processing of personal data for purposes of profiling our consumers as defined under the VCDPA. 

 

What are My Sensitive Personal Information Opt-Out Rights? We do not collect or process your sensitive personal data for any purpose except (i) as necessary to perform or otherwise provide the Services to you, and (ii) for those exempt purposes set forth in Section 582 of the VCDPA. 

 

Do I have Right to Non-Discrimination? We will not discriminate against any consumer who has chosen to exercise their rights under the VCDPA. Unless permitted by the VCDPA, we will not deny you the Services, charge you different prices/rates for the Services (including through granting discounts or other benefit or imposing penalties), provide you a different level of quality of service, or suggest that you may receive a different price or rate for the Services or a different level or quality of Services. However, we can deny you access to our Services if such Services require your personal data that we do not collect or maintain. 

 

Changes To This Privacy Notice: We reserve the right to amend this Privacy Notice at our discretion and at any time. We may make changes to this Privacy Notice without providing you prior notice. However, after we make any changes to this Privacy Notice, we will give notice to you via (i) the Sites or (ii), where feasible, and at our discretion, contact information available to us. We encourage you to periodically review this Privacy Notice so as to remain informed on how we protect and use your information.  YOUR CONTINUED USE OF OUR SITES AND/OR SERVICES FOLLOWING THE POSTING OF CHANGES CONSTITUTES YOUR ACCEPTANCE OF SUCH CHANGES. 

 

How To Contact Us. If you have any questions regarding this Privacy Notice or exercising any of your privacy rights, please contact us at the email address or mailing address listed below: 

Email Address:

Mailing Address:

460 North University Ave. Ste 203, Provo, UT 84601

1661465

bottom of page