Website Data Protection Policy and Privacy Notice
Website Data Protection Policy and Privacy Notice
1. INTRODUCTION
Renewbrook Energy (“Renewbrook”, “Company”, “we” or “us”) is committed to compliance with applicable legal and regulatory requirements relating to data protection, privacy and cybersecurity as further set out in our Code of Business Conduct and Ethics. At Renewbrook, we respect your privacy and this Privacy Policy (“Policy”), together with our Website Terms of Use which can be found here and our Cookie Policy which can be found here, governs how Renewbrook collects, processes (as defined below) and uses your Personal Data (as defined below) when you use the Websites (as defined below).
This Policy applies to users of the Websites (as defined below) as well as Renewbrook customers. Please note that Renewbrook has partnered with Omnidian to oversee the performance monitoring, on-site service, and technical support for the home solar systems of many PosiGen customers (the “Services”). We encourage you to review Omnidian’s privacy policy, which can be found here, regarding their data collection and processing practices.
If you are a Renewbrook employee, Renewbrook’s policies and practices regarding the collection and processing of your Personal Data are detailed in BID Solar’s Data Protection Policy. If you make an application for employment with Renewbrook, the collection and processing of your Personal Data is detailed in Renewbrook’s Applicant Data Protection Policy and Privacy Notice, which will be provided to you via our applications partner website before you submit your application.
For the purposes of applicable laws and regulations relating to data protection and privacy (“Data Protection Legislation”), Renewbrook acts as a controller (or equivalent term) in respect of your Personal Data.
This Policy may change from time to time and you should review it periodically. If we decide to change this Policy, we will post those changes here prior to the time they take effect. If we make material changes to the way we use Personal Data, we will notify affected users and customers through the Services as required by Data Protection Legislation.
This Policy was last updated on February 6, 2026.
2. DEFINITIONS
The following definitions shall apply to this Policy:
“Renewbrook”, “BID Solar”, “we”, “us”, “our” means BII BID Solar Aggregator LP entity to which this Website relates.
“Personal Data” has the meaning given to it or any similar term (e.g., “personal information”, “nonpublic personal information”, “PII”, “personally identifiable information”) in applicable Data Protection Legislation and for the avoidance of doubt means any information which directly or indirectly identifies or otherwise relates to an individual, which is in the possession or under the control of Renewbrook (or its representatives or service providers). Such Personal Data may include, without limitation, the name, age, identification number, email address, address, telephone number, location data, financial data, or online identifier of that individual.
“Process” or “processing” means any operation that is carried out in respect of Personal Data, including but not limited to collecting, storing, using, disclosing, transferring or deleting Personal Data.
“Sensitive Personal Data” has the meaning ascribed to this or any similar term provided by applicable Data Protection Legislation (e.g., “sensitive personal information”, “sensitive data”, or “special categories of personal data”).
“Websites” means Renewbrook websites that link to this Policy unless such websites have their own data protection policy and privacy notice.
3. THE TYPES OF PERSONAL DATA WE COLLECT
Renewbrook may collect and process the following categories of Personal Data about you from the sources identified as follows:
a) Website Data. When you browse the Websites, depending on how you interact with the Websites, we may collect from you (i) information submitted as part of completing online forms on the Websites (including, but not limited to, name, age, date of birth, e-mail address, address, telephone number, identification number, online identifier, location, gender, citizenship and contact information); and automatically collect (ii) technical information collected by cookies (see below) about the services that you use and how you use them, which may include device-specific information, your navigation throughout the Websites, and other technical and browsing preferences including your location and entry point to the Websites. Please note that if you choose not provide certain Personal Data to Renewbrook when requested (and where relevant, provide your consent) we may not be able to provide you with access to all areas of the Website or the Services.
b) Identity Verification Data. We may collect identity verification information from you, such as images of your government issued ID, passport, national ID card, or driving license, as permitted by applicable laws, or other authentication information.
c) Communications Data. We may collect Personal Data that you provide when you contact Renewbrook for any reason, such as to express an interest in obtaining additional information about the Services, direct questions or concerns about the Services to us, use a “Contact Us” form or similar features, sign up for our emails or attend an event, or download certain content. Such information may include contact information such as name, job title, company name, phone number, location and email address, and any other information that you choose to provide.
d) Reputation & Background Check Data. If you are a service provider or a business partner or are a representative of one of our service providers or business partners, we may collect Personal Data from you and from third parties that includes contact details, information concerning business practices, creditworthiness, reputation and business history, and job titles or roles.
e) Data Renewbrook Generates. We may generate or infer Personal Data about you when we interact with you or from your interactions with the Services. This data may include information about your relationship with us or the Services we are providing you.
f) Payment Information. We may collect payment and financial information, or other data in order to complete purchases, for example, credit card information and billing address.
COOKIES: Please refer to our Cookie Policy, which can be found here, which forms part of this Policy.
DO NOT TRACK: Your browser and other mechanisms may permit you to send do-not-track signals or other similar signals via your browser settings to express your preferences regarding online tracking. Due to the lack of any standard for how do-not-track signals should work on commercial websites, we do not currently respond to such signals. Third parties, such as our analytics providers, from time to time may collect Personal Data that relates to you on the Websites, over other websites. We cannot control third parties’ responses to do-not-track signals or other such mechanisms. Third parties’ use of Personal Data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.
4. HOW WE COLLECT YOUR PERSONAL DATA
Renewbrook may collect the types of Personal Data described above in Section 3:
a) Directly from you, including, for example, through your use of the website, when you send us an email, visit our premises, or otherwise contact or communicate with us;
b) From automated tracking technology and monitoring tools, for example, cookies that track your access and use of our Websites and other online services;
c) From within Renewbrook and from our affiliates;
d) From a third party acting on your behalf, for example, an intermediary, lawyer or service provider;
e) From publicly available sources; and;
f) From other organizations, third parties and other service providers.
5. HOW WE USE YOUR PERSONAL DATA
Your Personal Data will be collected, stored, disclosed and processed by Renewbrook for the following purposes, and with the following legal bases:
a) to provide you with communications and inform you about news and information relating to our business and Services, including marketing materials, new product launches, product updates and general business news (see Section 13 below for further information);
b) to understand your needs and interests and to respond to your enquiries;
c) to analyze and improve our Websites and Services;
d) for the management and administration of our business;
e) to provide you with the products and services for which you subscribe;
f) to comply with and in order to assess compliance with applicable laws, rules and regulations (including tax reporting purposes pursuant to tax legislation), industry codes, voluntary codes we decide to adopt, or good practice, anywhere in the world and internal policies and procedures including the Websites Terms of Use;
g) to confirm and verify your identity (this may involve the use of a credit reference agency or other third parties acting as our agents) and to conduct due diligence, background and related checks. We will also screen against publicly available government and/or law enforcement agency sanctions lists. We may use third party providers to conduct these verifications and searches;
h) to detect, investigate and prevent fraud and other crimes or malpractice;
i) for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings);
j) to obtain legal advice or to establish, exercise or defend legal rights;
k) the administration and maintenance of databases storing Personal Data;
l) to comply with our contractual obligations;
m) for ongoing review and improvement of the information, content and services provided on the Websites to ensure they are user friendly and to prevent any potential disruptions such as cyber-attacks;
n) to analyze and report on the Websites traffic, marketing and usage trends;
o) to allow you to use and access functionality provided by the Websites;
p) to conduct analysis required to detect malicious data and understand how this may affect your IT system;
q) for statistical monitoring and analysis of current attacks on devices and systems for the on-going adaption of the solutions provided to secure systems and devices against current attacks;
r) for in-depth threat analysis; and
s) for purposes otherwise set out in this Policy.
Renewbrook is entitled to use your Personal Data for these purposes because one or more of the following legal bases applies:
a) Renewbrook needs to do so in order to perform its contractual obligations to you (for example, in order to manage your investments and verify the information you provide);
b) Renewbrook has obtained your specific and informed consent (which may include written consent) unless an exemption provided under applicable law permits the use and disclosure of your Personal Data without your consent;
c) Renewbrook has legal or regulatory obligations that must be discharged;
d) Renewbrook may need to do so in order to establish, exercise or defend its legal rights or for the purpose of legal proceedings; or
e) the use of your Personal Data is necessary for our legitimate business interests or the legitimate interests of a third party provided such interests are not overridden by your rights or interests, including: (i) allowing Renewbrook to effectively and efficiently administer and manage the operation of its business; (ii) maintaining compliance with internal policies and procedures; (iii) monitoring the use of our copyrighted materials; (iv) offering optimal, up-to-date security solutions for mobile devices and IT systems; or (v) for internal research purposes.
You understand that by using the Websites or the Services, you accept the terms of this Policy and agree to Renewbrook collecting, using, storing, processing and disclosing your Personal Data as set out in this Policy. We may seek your consent by other means such as by asking you to click on a button or to enter into a contract. Where we do so, as required by applicable law, we will also offer you a way to revoke your consent.
6. DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES
Renewbrook may share or provide access to your Personal Data among its affiliates and business units and third party agents, service providers and contractors outside of Renewbrook. Except where otherwise indicated, Personal Data provided to third parties is subject to their respective privacy policies and practices:
a) Business Management. For the purpose of the management and administration of Renewbrook’s business (for example, Renewbrook’s insurers);
b) Provision of Renewbrook Services. In order to facilitate the provision and enhancement of Services to you;
c) Database Management. For the purpose of the administration and maintenance of the databases storing Personal Data (for example, Renewbrook’s cloud hosting providers and system development and support providers);
d) Vendor Services. For the purposes of Renewbrook receiving services (for example, Renewbrook’s accountants, administrators, auditors, service providers, custodians, depositories, third party managers, paying agents, professional advisors such as consultants and legal advisors, IT and communications providers or any entity we reasonably consider necessary for the purposes outlined above). These third parties will be expected to be subject to confidentiality requirements (either by contract, professional obligation, duty or otherwise) that require them to only use your Personal Data as described above;
e) System Protection. For the purpose of our IT operations or detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible; debugging to identify and repair errors that impair intended functionality;
f) Compliance with Law. To the extent required by law (for example, if Renewbrook is compelled by an obligation or a duty to disclose your Personal Data where we believe it is necessary or appropriate to comply with any legal obligation, rule, regulations or internal Renewbrook policies and procedures, including (without limitation) in order to comply with tax reporting requirements and other statutory reporting and disclosures to regulatory authorities), or to establish, exercise or defend its legal rights. This may include disclosure to regulatory bodies or government agencies, law enforcement or courts, and in order to investigate unauthorized attempts to modify the Websites, install harmful files or cause damage to the Websites or to Renewbrook;
g) Business Transactions. As part of a transaction, financing, or for other business needs (for example, if Renewbrook sells any of its businesses or assets, applies for a loan, or opens bank accounts, in which case Renewbrook may need to disclose your Personal Data to the prospective buyer, lender or bank, as the case may be, as part of certain due diligence processes); or
h) Change of Control. If Renewbrook or any of its affiliates, divisions or business units is sold to or acquired by a third party, including in the event of a merger, acquisition, bankruptcy, reorganization or other transaction to improve the business, in which case the information, including Personal Data, held by Renewbrook about you will be accessible to, and may be acquired by, the third party buyer.
Renewbrook may share de-identified or aggregated data with third parties such as service providers in order to facilitate our business operations.
The Websites may contain links to other party websites, including those of third-party service providers, that are not governed by this Policy. Renewbrook is not responsible for the information collection practices of these third-party websites. Information provided to or on such websites is subject to the privacy terms and notices of those third parties. Renewbrook encourages users to review the policies of those sites before submitting Personal Data.
While Renewbrook operations are based in the United States, we may utilize service providers, affiliates, agents or other third parties located outside of the United States. Personal Data may be processed and disclosed as described above in any country in which we have such a service provider, affiliate, agent or other third party. Accordingly, when you provide your Personal Data to Renewbrook, you acknowledge and agree that we may disclose your Personal Data to recipients (including, but not limited to service providers, Renewbrook affiliates or agents, and Renewbrook IT servers) located in non-U.S. jurisdictions, including, for example, Australia, Bermuda, Canada, the Cayman Islands, the EU, or the UK.
Renewbrook will abide by applicable Data Protection Legislation and will protect your information in accordance with Section 9. Where necessary under applicable Data Protection Legislation, we may employ appropriate cross-border transfer methods governing Personal Data.
9. HOW WE SAFEGUARD YOUR PERSONAL DATA
Renewbrook has implemented commercially reasonable controls and appropriate technical and organizational measures designed to protect Personal Data, as well as to maintain the security of our information and information systems in respect of Personal Data. Data is protected with safeguards according to the sensitivity of the information contained therein. Appropriate controls (such as restricted access) are placed on our computer systems and used where appropriate and we limit access to Personal Data to individuals who require the information for business operations. Reasonable measures are taken to ensure physical access to Personal Data is limited to authorized employees.
As a condition of employment, Renewbrook employees are required to follow applicable laws and regulations, including in relation to Data Protection Legislation.
When you contact Renewbrook, you may be asked to provide evidence of your identity (e.g., driver’s license or passport) and/or to confirm some details relating to the Personal Data Renewbrook holds about you. These types of safeguards are designed to ensure that only you, or someone authorized by you, has access to your file.
10. RETENTION AND DESTRUCTION OF PERSONAL DATA
We will retain your information for as long as needed in connection with the Services, or as necessary to comply with our legal obligations and to enforce agreements. The period for which Renewbrook will hold your Personal Data will vary and will be determined by the following criteria:
a) The purpose for which Renewbrook is using it. Renewbrook is required to retain the Personal Data for as long as is reasonably necessary to satisfy or meet the purposes for which it was obtained including applicable legal or regulatory requirements; and
b) Legal Obligations. Laws or regulations may set a minimum period for which Renewbrook must retain your Personal Data.
Depending on the requirements of the Data Protection Legislation of your jurisdiction, Renewbrook will take reasonable steps using appropriate technical methods in the circumstances to delete or destroy your Personal Data when we no longer have a legal basis to retain it or to ensure that the information is anonymized or irrecoverable. We may retain such information that no longer identifies you indefinitely.
To the extent provided by the law of your jurisdiction, you may have legal rights in relation to the Personal Data about you that Renewbrook holds. These rights may include:
a) the right to refuse to provide any Personal Data and the right to object to the processing of your Personal Data. Please note that such refusal or objection may prevent us from providing the Services to you;
b) the right to confirm whether we process your Personal Data and to obtain information regarding the processing of your Personal Data and access to the Personal Data about you that Renewbrook holds;
c) where consent was provided for certain processing activities, the right to withdraw your consent to the collection, processing, use and/or disclosure of your Personal Data. Please note, however, that this will not affect the lawfulness of any collection, processing, use or disclosure undertaken before your withdrawal and that Renewbrook may still be entitled to process your Personal Data if it has another legitimate reason (other than consent) or a consent exception for doing so. In some cases, withdrawing your consent to the collection, use process or disclosure of some or all of your Personal Data may prevent us from providing the Services to you;
d) in some circumstances, the right to receive a copy of some Personal Data in a structured, commonly used and machine-readable format and/or request that Renewbrook transmit that data to a third party where this is technically feasible. Please note that this right may, depending on the jurisdiction, only apply to Personal Data that you have provided to Renewbrook;
e) the right to request that Renewbrook correct or rectify your Personal Data if it is inaccurate or incomplete;
f) in some circumstances, and subject to exceptions under applicable law, the right to request that Renewbrook delete or erase your Personal Data. Please note that such a request may prevent us from providing the Services to you and there may be circumstances where Renewbrook is legally entitled to retain Personal Data regardless of any such request;
g) in some circumstances, the right to non-discrimination against you for exercising your legal rights in relation to your Personal Data;
h) where applicable, the right to lodge a complaint with the data protection regulator in your jurisdiction or appeal a case with regard to your request if you think that any of your rights have been infringed by Renewbrook; and
You can enquire about your rights, which are applicable to you, by contacting Renewbrook using the details listed below in Section 18.
Under applicable Data Protection Legislation, you can designate an authorized agent to submit data subject requests on your behalf. Users and authorized agents may contact us using the details below in Section 17 and Section 18 for further instructions.
The Websites and Services are intended for use by those over 18. We do not knowingly solicit or collect Personal Data on the Websites from children under the age of 18. If we become aware that we have collected Personal Data from a minor without the consent of parents or guardians, we will take prompts steps to remove such information. If you become aware that we have collected such Personal Data, please contact us using the details listed below in Section 18.
13. PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES
To the extent permitted by applicable law, we may contact you by mail, e-mail, SMS/text, telephone and other electronic means to provide information on products and services that we believe will be of interest, unless you object to receiving such information. If you do not want to receive such communications from us please contact us on the details set out below or by using the opt-out facilities provided within the relevant marketing material.
Your option not to receive promotional and marketing material: (a) shall not preclude us from corresponding with you, by email or otherwise, regarding your relationship with us (e.g., your account status and activity or our responses to questions or inquiries you pose to us); (b) shall not preclude us, including our employees, directors, officers, contractors, agents and other representatives, from accessing and viewing your Personal Data for our internal business purposes; (c) shall not preclude us from disclosing your Personal Data as described in this Policy for purposes other than sending you promotional and marketing materials; and (d) shall not preclude us from contacting you, including through email, phone or text, where you have previously consented to such communications.
If you are a resident of Colorado, Connecticut, Nevada, New Jersey, Rhode Island, Utah or Virginia, this section of the Policy is intended to provide you with additional information concerning our processing of Personal Data pursuant to the (i) Colorado Privacy Act, (ii) Connecticut Data Privacy Act, (iii) Nevada Revised Statutes Chapter 603A, (iv) New Jersey Consumer Data Privacy Act, (v) Rhode Island Data Transparency and Privacy Protection Act, (vi) Utah Consumer Privacy Act, and (vii) Virginia Consumer Data Protection Act (together, the “U.S. State Privacy Laws”). Details concerning your privacy rights, including under certain of the U.S. State Privacy Laws, and how you may exercise those rights, are set out in Section 11 and Section 16.
a) We do not “sell” or “share”, and have not “sold” or “shared”, as such terms are defined under U.S. State Privacy Laws, any categories of Personal Data to third parties for targeted advertising, or any other purpose.
b) We do not process any categories of sensitive data that require consumer opt-in under any of the U.S. State Privacy Laws, including biometric data used to uniquely identify a person and Personal Data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition, sexual orientation, or citizenship status.
c) In the event that Renewbrook shares anonymous or aggregated data with third parties such as service providers in order to facilitate our business operations, to the extent such data constitutes de-identified data under the U.S. State Privacy Laws, Renewbrook will maintain and use such data without attempting to re-identify the data.
d) We do not process Personal Data for purposes of profiling to infer decisions that produce legal or similarly significant effects concerning you. We may process some of your Personal Data automatically, but we do not use computer algorithms to make automated decisions based on your Personal Data.
If you are a resident of California, this section of the Policy is intended to provide you with additional information concerning our processing of Personal Data (also referred to as “Personal Information” under the CCPA and throughout this Section 15) pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and all implementing regulations thereto (together, the “CCPA”). The CCPA provides users with certain rights regarding their Personal Information, including those described in Section 11. Please contact Legal@Renewbrook.comto request this Policy in an alternative format.
Our collection, use, retention and disclosure of Personal Information.
a) Sale and Sharing of Personal Information. We do not “sell” or “share”, and have not “sold” or “shared”, as such terms are defined under the CCPA, any categories of Personal Information to third parties for the purpose of cross-context behavioral advertising.
b) Collection, Sources and Use of Personal Information. We have collected and used the following categories of Personal Information from the following sources and for the following business purposes during the 12-month period prior to the date of this Policy:
| Categories of Personal Information | Sources | Business Purposes |
| Internet or other electronic network activity information, Commercial Information, and Identifiers, such as Website Data, as described in Section 3(a)of the Policy. | Directly from you, as described in Section 4(a) of the Policy;From automated tracking technology and monitoring tools, as described in Section 4(b) of the Policy;From within Renewbrook and from our affiliates, as described in Section 4(c) of the Policy;From a third party acting on your behalf, as described in Section 4(d) of the Policy;From publicly available sources, as described in Section 4(e) of the Policy; andFrom other organizations, as described in Section 4(f) of the Policy. | Business Management, as described in Section 6(a) of the Policy;Provision of Services, as described in Section 6(b) of the Policy;Database Management, as described in Section 6(c) of the Policy;Vendor Services, as described in Section 6(d) of the Policy;System Protection, as described in Section 6(e) of the Policy;Compliance with Law, as described in Section 6(f) of the Policy;Business Transactions, as described in Section 6(g) of the Policy; andChange of Control, as described in Section 6(h) of the Policy. |
| Identifiers, and Personal information described in Cal. Civ. Code Section 1798.80(e), such as Identity Verification Data, as described in Section 3(b) of the Policy. | Directly from you; from automated tracking technology and monitoring tools; from within Renewbrook and from our affiliates; from a third party acting on your behalf; from publicly available sources; and from other organizations. | Business Management; Provision of Services; Database Management; Vendor Services; System Protection; Compliance with Law; Business Transactions; and Change of Control. |
| Identifiers such as Communications Data, as described in Section 3(c) of the Policy. | Directly from you; from automated tracking technology and monitoring tools; from within Renewbrook and from our affiliates; from a third party acting on your behalf; from publicly available sources; and from other organizations. | Business Management; Provision of Services; Database Management; Vendor Services; System Protection; Compliance with Law; Business Transactions; and Change of Control. |
| Identifiers, and Personal information described in Cal. Civ. Code Section 1798.80(e), such as Reputation & Background Check Data, as described in Section 3(d) of the Policy. | Directly from you; from automated tracking technology and monitoring tools; from within Renewbrook and from our affiliates; from a third party acting on your behalf; from publicly available sources; and from other organizations. | Business Management; Provision of Services; Database Management; Vendor Services; System Protection; Compliance with Law; Business Transactions; and Change of Control. |
| Inferences such as Data Renewbrook Generates as described in Section 3(e) of the Policy. | From data collected directly from you; from automated tracking technology and monitoring tools; from within Renewbrook and from our affiliates; from a third party acting on your behalf; from publicly available sources; and from other organizations. | Business Management; Provision of Services; Database Management; Vendor Services; System Protection; Compliance with Law; Business Transactions; and Change of Control. |
| Credit card number in combination with required credentials | Directly from you; from within Renewbrook and from our affiliates; from a service provider or other third party acting on your behalf. | Business Management; Provision of Services; Vendor Services; Compliance with Law; Business Transactions; and Change of Control. |
c) Children. We do not knowingly collect or solicit any categories of Personal Information from any individual under the age of eighteen (18).
d) Sensitive Personal Information. Sensitive Personal Information under the CCPA may include social security numbers, driver’s license numbers, or passport numbers; account credentials; precise geolocation; racial or ethnic origin; religious beliefs; biometric data; personal information concerning a consumer’s health or sex life or sexual orientation; as well as contents of a consumer’s mail, email and text messages. To the extent we collect your Sensitive Personal Information, we will not use or disclose such information in a way that triggers additional rights under the CCPA, and for purposes other than (A) to perform services that you reasonably expect from us; (B) to prevent, detect and investigate security incidents; (C) to resist illegal actions directed at the business and to prosecute and defend our rights; (D) to ensure the physical safety of others; (E) for short-term, transient use; (F) to perform services necessary for the business; (G) to verify and maintain the quality and safety of our product or services; and (H) generally for purposes that do not infer characteristics about you.
e) Retention of Personal Information. We retain Personal Information for as long as is reasonably necessary in connection with the purposes for which the Personal Information was collected. For additional information on how we store your Personal Information, please refer to Section 10 (Retention and Destruction of Personal Data) of the Policy.
f) Disclosures of Personal Information for Business Purposes. We have disclosed the following categories of Personal Information to the following categories of recipients for the following business purposes during the 12-month period prior to the “last updated’ date of this Policy:
| Business Purposes | Categories of Recipients | Categories of Personal Information |
| Business Management, as described in Section 6(a) of the Policy. | Renewbrook’s affiliates and business units (“affiliates”);Service providers, contractors, advisors and others who provide services to us or on our behalf (together, “service providers and contractors”);Professional services organizations, such as auditors, tax advisors and law firms (together, “professional advisors”);Prospective lenders to or creditors of an entity in which we have or are considering investing (together, “creditors”); andGovernment entities, including regulatory agencies and law enforcement (together, “government entities”). | Website Data; Identity Verification Data; Communications Data; [Reputation & Background Check Data]; Payment Information; and Data Renewbrook Generates. |
| Provision of Renewbrook Services, as described in Section 6(b) of the Policy. | Affiliates; service providers and contractors; professional advisors; creditors; and government entities. | Website Data; Identity Verification Data; Communications Data; [Reputation & Background Check Data]; and Data Renewbrook Generates. |
| Database Management, as described in Section 6(c) of the Policy. | Affiliates; service providers and contractors; and professional advisors. | Website Data; Identity Verification Data; Communications Data; [Reputation & Background Check Data]; and Data Renewbrook Generates. |
| Vendor Services, as described in Section 6(d) of the Policy. | Affiliates; service providers and contractors; professional advisors; and creditors. | Website Data; Identity Verification Data; Communications Data; [Reputation & Background Check Data]; Payment Information; and Data Renewbrook Generates. |
| System Protection, as described in Section 6(e) of the Policy | Affiliates; service providers and contractors; professional advisors; creditors; and government entities. | Website Data; Identity Verification Data; Communications Data; [Reputation & Background Check Data]; and Data Renewbrook Generates. |
| Compliance with Law, as described in Section 6(f) of the Policy. | Affiliates; service providers and contractors; professional advisors; creditors; and government entities. | Website Data; Identity Verification Data; Communications Data; [Reputation & Background Check Data]; Payment Information; and Data Renewbrook Generates. |
| Change of Control, as described in Section 6(h) of the Policy. | Affiliates; service providers and contractors; professional advisors; creditors; and government entities. | Website Data; Identity Verification Data; Communications Data; [Reputation & Background Check Data]; and Data Renewbrook Generates. |
g) Additional California Privacy Disclosures.
i) Do Not Track Signals. Your browser and other mechanisms may permit you to send do-not-track signals or other similar signals via your browser settings to express your preferences regarding online tracking. Due to the lack of any standard for how do-not-track signals should work on commercial websites, we do not currently respond to such signals. We further do not sell or share Personal Data as such terms are defined under the CCPA and as such practices would require us to recognize and honor Global Privacy Controls.
ii) Shine the Light Notice. California residents may request and obtain from us, once a year and free of charge, information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared Personal Information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided in Section 16(b) of this Policy.
16. YOUR PRIVACY RIGHTS UNDER THE CCPA AND THE U.S. STATE PRIVACY LAWS.
a) Pursuant to the CCPA and the U.S. State Privacy Laws, you may have certain choices regarding our use and disclosure of your Personal Data, as described below.
- Know. Residents of California, Colorado, Connecticut, New Jersey, Rhode Island, Utah and Virginia have the right to request that we provide (1) certain information about: (w) the categories of Personal Data we have collected about you; (x) the categories of sources from which the Personal Information is collected; (y) the business or commercial purpose for collecting your Personal Data; and (z) the categories of third parties to whom we have disclosed your Personal Data; and/or (2) the specific pieces of Personal Data we have collected, used, and disclosed about you. California and Virginia residents may make such requests twice in a 12-month period, and Colorado, Connecticut, New Jersey, Rhode Island and Utah residents may obtain such information free of charge once in a 12-month period.
- Deletion. Residents of California, Colorado, Connecticut, New Jersey, Rhode Island, Utah and Virginia have the right to request that we delete certain Personal Data we have collected from you and to tell our service providers to do the same, subject to certain exceptions.
- Correction. Residents of California, Colorado, Connecticut, New Jersey, Rhode Island, Utah and Virginia have the right to request that we correct or amend certain Personal Data we maintain about you if it is inaccurate.
- Limit. California residents have the right to request that we limit the use and disclosure of Sensitive Personal Information we have collected. If Renewbrook collects any Sensitive Personal Information, it will use it only for purposes listed this Policy. As such, any Sensitive Personal Information that we collect does not come within this right to limit use.
- Opt-out. Residents of California, Colorado, Connecticut, Nevada, New Jersey, Rhode Island, Utah and Virginia have the right to opt out of the sale of your Personal Data to third parties and/or the sharing of your Personal Data for cross-context behavioral advertising. As stated above, Renewbrook does not sell or share any Personal Data (as such terms are defined in the CCPA and the other U.S. State Privacy Laws).
- Automated Decisions or Profiling. Residents of Colorado, Connecticut, New Jersey, Rhode Island and Virginia have the right to opt out of certain automated decision-making (e.g., profiling). As stated above, Renewbrook does not use computer algorithms to make automated decisions based on your Personal Data.
- Appeal. Residents of Colorado, Connecticut, New Jersey, Rhode Island and Virginia have the right to appeal our decision not to take action on your request to exercise one of your privacy rights.
- Non-Discrimination. Residents of California, Connecticut, Colorado, New Jersey, Rhode Island, Utah and Virginia have the right to not experience discriminatory treatment, and we will not discriminate against you (unless that difference is reasonably related to the value provided by your data), because you have exercised any applicable privacy rights. We do not use the fact that you have exercised or requested to exercise any privacy rights for any purpose other than facilitating a response to your request.
b) How to Submit a Request. You may submit a request by emailing us at Legal@Renewbrook.com
c) Verifying Your Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your Personal Data or complying with your request. If we are successful in validating your identity, we will respond to your request within the time and in the manner required by the CCPA and the other U.S. State Privacy Laws. If we are unable to verify your identity, we will need to deny your request. We reserve the right to deny requests in certain circumstances, such as where we have a reasonable belief that the request is fraudulent or excessive.
i. Individual Verification. If you request to know, access, delete, and/or correct your Personal Data, we may require you to provide any of the following information: address, date of birth, state or country of residence, telephone number, email address, or details of a transaction. In addition, if you ask us to provide you with specific pieces of Personal Data, we may require you to sign a declaration under penalty of perjury that you are the consumer whose Personal Data is the subject of the request. We will use the information you submit and the Personal Data we have in our systems to try to verify your identity and to match the Personal Data we have collected about you, if any, to your identity.
ii. Authorized Agent. If you designate an authorized agent to make an access or deletion request on your behalf, we may require you to (1) provide the authorized agent written permission (e.g., via a notarized letter) to do so, and (2) verify your own identity directly with us (as described above), and confirm with us that you provided the authorized agent permission to submit the request.
in
If you have any questions or concerns about Renewbrook’s handling of your Personal Data, or about this Policy, please contact us using the contact information set out below.
We are typically able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, depending on your jurisdiction, you may have the option to escalate concerns to the applicable privacy regulator in your jurisdiction, the details of which can be obtained from us.
18. RENEWBROOK PRIVACY OFFICE CONTACT INFORMATION
Email: Legal@Renewbrook.com