top of page

COLORADO PRIVACY NOTICE

PURSUANT TO COLORADO PRIVACY ACT (CPA)

 

EFFECTIVE DATE: April 22, 2024 

  

Please read this Privacy Notice carefully. 

 

THIS COLORADO PRIVACY NOTICE SUPPLEMENTS OUR GENERAL PRIVACY POLICY AND ONLY APPLIES TO USERS WHO ARE RESIDENTS OF THE STATE OF COLORADO AND WHO EITHER (A) RECEIVE SERVICES DIRECTLY FROM OTUVY, INC., A UTAH CORPORATION (TOGETHER WITH ITS AFFILIATES AND SUBSIDIARIES, “COMPANY,” “WE,” or “US”), OR (B) ARE USERS OF THE SITES.  

 

This Colorado Privacy Notice has been adopted to comply with the Colorado Privacy Act, as amended (together with all applicable regulations, “CPA”), and terms defined in the CPA have the same meaning when used in this Notice, unless those terms have been otherwise defined in the General Privacy Policy. Accordingly, this Privacy Notice should be reviewed in conjunction with our General Privacy Policy

 

We do not sell the personal information we collect. We do not engage in behavioral advertising and will not otherwise share personal information with third parties for behavioral advertising. 

 

Special Note: The Sites are general audience sites and are not designed or intended to target children younger than 16. We do not knowingly target or collect personal information from any person younger than 16. 

 

What Information Do We Collect and Disclose? 

 

        We may collect information that identifies or is linked, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”). In particular, we may have collected the following categories of personal information from consumers within the last twelve (12) months:

Category
Examples
Collected
A. Personal Information and Identifiers.
Real name, postal address, email address, telephone numbers, account name, social security number, driver’s license or state identification card number, passport number or other similar information, physical characteristics or description, insurance policy number, education, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
YES
B. Commercial Information.
Records of personal property, products or services purchased, obtained, or considered, account or other purchasing or consuming histories or tendencies.
YES
C. Internet and Network Information.
Internet protocol (IP) address, registration date, and one or more cookies that may uniquely identify a user’s browser; internet domain and the specific path, actions and navigation choices; the internet address of the site from which Sites were linked, the time and date the Sites were accessed, and the frequency and duration of visits to the Sites; browsing history, search history, information on users interaction with the Sites or other websites and applications or advertisements; or browser software, operating system and browser language, and information about location and mobile device, including a unique identifier for the mobile device.
YES
D. Non-Public Education Information
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
NO
E. Precise Geolocation Information.
Physical location or movements or other information derived from technology regarding location or movements.
YES

We do not collect, and for the previous 12 months have not collected, sensitive personal information as defined under the CPA and have not collected profile information. 

 

Please Note: Personal data, as defined by the CPA, does not include publicly available information from government records, de-identified or aggregated consumer information, or information excluded from the CPA’s scope, such as (i) Protected health information (PHI), defined and regulated under HIPAA collected, stored and processed by a covered entity or its business associates; (ii) information and documents created by a HIPAA covered entity for the purpose of HIPAA compliance; (iii) healthcare information governed by Colo. Rev. Stat. Ann. §§ 25-1-801 to 25-1-803; (iv) substance use disorder patient records, defined and regulated under the federal substance use disorder data confidentiality statute and rules (42 U.S.C. § 290dd-2; 42 C.F.R. §§ 2.1 to 2.67); (v) information derived from exempt healthcare-related information or deidentified using the HIPAA Privacy Rule's deidentification standards and approved methodologies; (vi) information maintained in the same manner as exempt healthcare-related information by (1) a HIPAA covered entity or business associate, (2) a health care facility or provider, or (3) a Part 2 qualified service organization's program; (vii) personal data collected and maintained for the Colorado Health Benefit Exchange; (viii) information used for public health activities and purposes authorized by HIPAA, community health activities, and population health activities; (ix) clinical trial, patient safety, and other similar health information that otherwise meet the criteria set forth in the CPA; (x) personal data collected, processed, sold, or disclosed in compliance with the Gramm-Leach-Bliley Act; (xi) personal information bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by consumer reporting agency, a furnisher or user that provides information for use in a consumer report, or a user of a consumer report; (xii) personal data regulated by the Family Educational Rights and Privacy Act; (xiv) personal data collected, processed, sold, or disclosed in compliance with the Driver's Privacy Protection Act of 1994; or (xv) personal data regulated by and collected, processed, and maintained in compliance with COPPA.  

 

Employment Information: Please note that, under the CPA, personal data does not include personal data of persons acting in a commercial or employment context. CPA further excludes data collected or used within the context of an individual’s role as an employee, an applicant, independent contractor, or as an agent.

How Do We Collect Information? We may collect this information from you through information you submit to us or passively by observing your actions relative to the Sites and Services and through cookies and related technologies. We may also collect information by gathering, buying, obtaining, receiving, and accessing the information from third parties, including customers, service providers and vendors, auditors, advisors, and data brokers. For more information regarding our data collection practices please read our General Privacy Policy

 

Why Do We Collect and Process Information? We collect and process personal information for business and commercial purposes. To learn more about why we collect and process information, please review our General Privacy Policy

 

Do We Share Information With Third Parties? Yes.  We take reasonable precautions that affiliates and non-affiliated third party service providers, to whom we disclose your personally identifiable information, are aware of our privacy policies and will treat the information in a similarly responsible manner. Our contracts and written agreements with non-affiliated third party service providers that receive information from us about you prohibit those parties from transferring the information other than to provide the Services that you obtain from us. To learn more about why we share information with third parties please see our General Privacy Policy

 

        In the preceding twelve (12) months, we may have disclosed the following categories of personal information for a business purpose to those corresponding third parties listed below: 

Categories of Personal Information
Third Parties Disclosed To:
Category A: Personal Information and Identifiers.
Service providers, affiliates, partners, parent or subsidiary organizations, internet cookie data recipients, data brokers or aggregators, social networks, operating systems and platforms, government entities, data analytic providers, internet service providers, and advertising networks.
Category B: Commercial Information
Service providers, affiliates, partners, parent or subsidiary organizations, internet cookie data recipients, data brokers or aggregators, social networks, operating systems and platforms, government entities, data analytic providers, internet service providers, and advertising networks.
Category C: Internet and Network Information
Service providers, affiliates, partners, parent or subsidiary organizations, internet cookie data recipients, data brokers or aggregators, social networks, operating systems and platforms, government entities, data analytic providers, internet service providers, and advertising networks.
Category D: Non-Public Education Information
Not Applicable.
Category E: Geolocation Information
Service providers, affiliates, partners, parent or subsidiary organizations, internet cookie data recipients, data brokers or aggregators, social networks, operating systems and platforms, government entities, data analytic providers, internet service providers, and advertising networks.

To learn more about why we share information with third parties, please see our General Privacy Policy

 

Do We Sell Your Information? No. Although we may share data with third parties as outlined in our General Privacy Policy, we do not sell any of your personal information to any third party. 

 

Do We Share Your Information for Behavioral Advertising Purposes or Otherwise Engage In Behavioural Advertising? No. Although we may share data with third parties as outlined in our General Privacy Policy and this CPA Privacy Notice, we do not share your personal information for behavioural advertising purposes or otherwise engage in behavioural advertising as defined by the CPA. 

 

How Do We Protect Personal Data? We protect data using administrative, technical, and physical safeguards.  When we use third-party service providers, we ask those providers to implement similar safeguards. However, we cannot guaranty that your information is completely secure either within Company or on the systems of third party service providers. 

 

How Long Do We Keep Your Personal Data? We may retain personal data we collect from you when we have an ongoing legitimate business need to do so (i.e., to provide you with the Services you have requested, to comply with applicable legal requirements). When we no longer have an ongoing legitimate business need to process your personal information, we will physically destroy, delete or anonymize it or, if this is not possible, then we will securely store your personal data and isolate it from any further processing until deletion is possible. 

 

What Are My Colorado Consumer Privacy Rights? If you are a Colorado resident and are engaged in a direct business relationship with Company as a consumer for provision of the Sites or Services, you may have the following rights: 

  • Right to Access and Data Portability. You may request that we provide to you certain information about our collection and use of your personal information for the 12 month period preceding your request, such as (i) requesting confirmation as to whether or not we collect your personal data and process your personal data, and (ii) accessing or otherwise receiving a copy of your personal data collected by the Company (data portability request), including the categories of personal information we collected about you.

 

  • Though you may request specific pieces of your personal information that we have collected, we may not provide certain information in order to protect the security of such information.

 

  • Right to Correct Inaccurate Data. Under certain circumstances, you may request that we correct your personal data to the extent that it is inaccurate, provided that we may not correct such information in our archive or backup systems. Moreover, in reviewing your request, we may ask you to provide us certain information and documentation to assess the inaccurate information at issue along with your request more generally. In certain situations, the Company may require you to correct such information by making the appropriate changes in your account settings, if we determine that doing so will correct the inaccuracies and will not be unduly burdensome. We may deny your request depending on factors relating to the nature of the personal data and the processing purposes.

 

  • Right to Request Deletion. Under certain, limited circumstances, you may request that we delete personal information that we have collected from you or maintain about you, provided that we may not delete such information from our backup or archive systems. Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining such information for those exempted purposes set forth in Section 1304 of the CPA.

How Do I Submit a Colorado Privacy Rights Request? If you are a Colorado Resident and you have a direct business relationship with Company or you otherwise use the Sites or Services, you may make a request pertaining to the rights described above by clicking here for a Request for Disclosure and emailing or sending the Request to the email address or mailing address listed below: 

Email Address:

Mailing Address:

460 North University Ave. Ste 203, Provo, UT 84601

PLEASE NOTE THAT YOUR REQUEST WILL NOT BE PROCESSED UNTIL YOUR IDENTITY HAS BEEN VERIFIED. ONCE YOUR IDENTITY HAS BEEN VERIFIED, YOUR REQUEST WILL BE PROCESSED IN ACCORDANCE WITH THE CPA. IF NECESSARY, WE WILL PROVIDE ADDITIONAL DETAILS AND DIRECTIONS ON IDENTITY VERIFICATION, AND AS APPROPRIATE, UPON RECEIVING YOUR REQUEST.  

 

With respect to your Colorado Privacy Rights Request, please also note the following:

  • If you choose to email or mail your request, please include “Colorado Privacy Rights Request” in the subject line. 

  • We will confirm receipt of your request within 10 business days. If you do not receive confirmation with the 10 business day timeframe, please contact privacy@otuvy.com.  

  • Once we have verified your identity, we will respond to your request within 45 days. If we require more time (up to an additional 45 days), we will notify you in writing of the reason and the extension period. 

  • Making a verifiable consumer request does not require you to create an account with us, and we will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request. 

  • If you have an account with us, we will deliver our written response to that account. If you do not have account with us, we will deliver our written response by mail or electronically, at your option. 

  • Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, as applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from entity to another entity without hindrance, specifically CSV or TSV.  

  • We, at our option, may not respond to more than two requests in a 12 month period. 

  • We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

What are My Personal Information Sales and Sharing Opt-Out and Opt-In Rights? We do not sell personal information, nor do we share personal information for behavioral advertising purposes or otherwise engage in behavioral advertising. 

 

What are My Profiling Opt-Out Rights? We do not engage in the automated processing of personal data for purposes of profiling our consumers as defined under the CPA. 

 

What are My Sensitive Personal Information Opt-Out Rights? We do not collect or process sensitive personal data.  

 

Do I have Right to Non-Discrimination? We will not discriminate against any consumer who has chosen to exercise their rights under the CPA. Unless permitted by the CPA, we will not deny you the Services, charge you different prices/rates for the Services (including through granting discounts or other benefit or imposing penalties), provide you a different level of quality of service, or suggest that you may receive a different price or rate for the Services or a different level or quality of Services. However, we can deny you access to our Services if such Services require your personal data that we do not collect or maintain. 

 

Changes To This Privacy Notice: We reserve the right to amend this Privacy Notice at our discretion and at any time. We may make changes to this Privacy Notice without providing you prior notice. However, after we make any changes to this Privacy Notice, we will give notice to you via (i) the Sites or (ii), where feasible, and at our discretion, contact information available to us. We encourage you to periodically review this Privacy Notice so as to remain informed on how we protect and use your information.  YOUR CONTINUED USE OF OUR SITES AND/OR SERVICES FOLLOWING THE POSTING OF CHANGES CONSTITUTES YOUR ACCEPTANCE OF SUCH CHANGES. 

 

How To Contact Us. If you have any questions regarding this Privacy Notice or exercising any of your privacy rights, please contact us at the email address or mailing address listed below: 

Email Address:

Mailing Address:

460 North University Ave. Ste 203, Provo, UT 84601

1661464

bottom of page