Last updated: July 1, 2021
2. OUR RELATIONSHIP TO YOU
Where You Reside
Your Operating Entity
Anywhere but the United States and Japan
Coinbase Custody International Limited (unless otherwise indicated in your service contract) Company No: 657718
70 Sir John Rogerson's Quay Dublin 2, Ireland
Anywhere but the United States, Germany, Singapore, and Japan
Digital Currency services
Coinbase Europe, Limited. Company No: 675475
70 Sir John Rogerson's Quay Dublin 2, Ireland
European Economic Area
Fiat Wallet services
Coinbase Ireland, Limited. Company No: 630350 CBI Register No: C188493
70 Sir John Rogerson's Quay Dublin 2, Ireland
Germany (as of 19 July 2021)
Digital Currency services
Coinbase Germany GmbH. Company No: HRB 213709 B. BaFin Register number 10158674
Kurfürstendamm 22, 10719 Berlin, Germany
Digital Currency services, Fiat Wallet services
Coinbase Singapore Pte. Ltd. Unique Entity No.: 201935002N
One Marina Boulevard, #28-00, Singapore 018989
Digital Currency services, Fiat Wallet services, Custodial services
Coinbase KK. Company No: 0100-01-173138 FSA Register No: Kanto Finance Bureau Directory-General No. 00028
Otemachi Building 4F FINOLAB, 1-6-1 Otemachi, Chiyoda-ku, Tokyo
United Kingdom (and select non-EEA countries in Europe)
Fiat Wallet services
CB Payments. Ltd Company No: 09708629 FCA Register No: 900635
5 Fleet Place, London, EC4M 7RD, United Kingdom
Digital Currency services, Fiat Wallet services
Coinbase, Inc. CA Entity No.: C3548456
Coinbase, Inc. c/o C T Corporation System 818 West Seventh St., Ste. 930 Los Angeles, California 90017
Coinbase Custody Trust Company, LLC (unless otherwise indicated in your service contract) NYS License # 122506
Coinbase Custody Trust Company, LLC c/o C T Corporation System 28 Liberty Street New York, New York 10005
Credit and Lending services, Margin Trading services
Coinbase Credit, Inc. CA Entity No.: C4315976
Coinbase Credit, Inc. c/o C T Corporation System 818 West Seventh St., Ste. 930 Los Angeles, California 90017
The CB operating entity you contract with determines the means and purposes of processing your personal information in relation to the Services provided to you (typically referred to as a “data controller”).
3. THE PERSONAL INFORMATION WE COLLECT
Information you provide to us. To establish an account and access our Services, we'll ask you to provide us with some important information about yourself. This information is either required by law (e.g. to verify your identity), necessary to provide the requested services (e.g. you will need to provide your bank account number if you'd like to link that account to CB), or is relevant for certain specified purposes, described in greater detail below. As we add new features and Services, you may be asked to provide additional information.
If you choose not to share certain information with us, we may not be able to serve you as effectively or offer you our Services. Any information you provide to us that is not required is voluntary.
We may collect the following types of information from you:
Personal Identification Information: Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.
Formal Identification Information: Government issued identity document such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.
Institutional Information: Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.
Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, and/or tax identification.
Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.
Employment Information: Office location, job title, and/or description of role.
Correspondence: Survey responses, information provided to our support team or user research team.
Audio, electronic, visual and similar information, such as call and video recordings.
Information we collect from you automatically. To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and Services, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:
Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
For example, we may automatically receive and record the following information on our server logs:
How you came to and use the Services;
Device type and unique device identification numbers;
Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);
How your device interacts with our Sites and Services, including pages accessed and links clicked;
Broad geographic location (e.g. country or city-level location); and
Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser.
We may also use identifiers to recognize you when you access our Sites via an external link, such as a link appearing on a third party site.
Information we collect from our affiliates and third parties. From time to time, we may obtain information about you from our affiliates or third party sources as required or permitted by applicable law. These sources may include:
Our Coinbase Family of Companies: Our “family of companies” is the group of companies related to us by common control or ownership (“Affiliates”). In accordance with applicable law, we may obtain information about you from our Affiliates as a normal part of conducting business, if you link your various Coinbase accounts (e.g., Coinbase Wallet account or Coinbase Commerce account in order to convert cryptocurrency into fiat and make withdrawals into your bank account), so that we may offer our Affiliates’ Services to you.
Blockchain Data: We may analyze public blockchain data to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under our Terms, and to analyze transaction trends for research and development purposes.
Joint Marketing Partners & Resellers: For example, unless prohibited by applicable law, joint marketing partners or resellers may share information about you with us so that we can better understand which of our Services may be of interest to you.
4. ANONYMIZED AND AGGREGATED DATA
Coinbase may use anonymized or aggregate customer data for any business purpose, including to better understand customer needs and behaviors, improve our Services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.
Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators.
5. HOW YOUR PERSONAL INFORMATION IS USED
Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our Services, content and advertising; and for loss prevention and anti-fraud purposes. We may use this information in the following ways:
1) To maintain legal and regulatory compliance
Most of our core Services are subject to laws and regulations requiring us to collect, use, and store your personal information in certain ways. For example, CB must identify and verify customers using our Services in order to comply with anti-money laundering laws across jurisdictions. This includes collection and storage of your photo identification. In addition, we use third parties to verify your identity by comparing the personal information you provide against third-party databases and public records. When you seek to link a bank account to your CB Account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not provide personal information required by law, we will have to close your account.
2) To enforce our terms in our user agreement and other agreements
CB handles sensitive information, such as your identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, enforce our agreements with third parties, and/or prevent and detect violations of our posted user agreement or agreements for other Services. In addition, we may need to collect fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. We may use any of your personal information collected for these purposes. The consequences of not processing your personal information for such purposes is the termination of your account.
3) To detect and prevent fraud and/or funds loss
We process your personal information in order to help detect, prevent, and mitigate fraud and abuse of our services and to protect you against account compromise or funds loss.
4) To provide Coinbase's Services
We process your personal information to provide the Services to you. For example, when you want to store funds on our platform, we require certain information such as your identification, contact information, and payment information. We cannot provide you with Services without such information. Third parties such as identity verification services may also access and/or collect your personal information when providing identity verification and/or fraud prevention services.
5) To provide Service communications
We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.
6) To provide customer service
We process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.
7) To ensure quality control
We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions.
8) To ensure network and information security
We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services.
9) For research and development purposes
We process your personal information to better understand the way you use and interact with Coinbase's Services. In addition, we use such information to customize, measure, and improve Coinbase's Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services.
10) To enhance your experience
We process your personal information to provide a personalized experience, and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.
11) To facilitate corporate acquisitions, mergers, or transactions
We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions.
12) To engage in marketing activities
Based on your communication preferences, we may send you marketing communications (e.g. emails or mobile notifications) to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable law.
13) To protect the health and safety of our employees and visitors, our facilities and our property and other rights. If you visit one of our locations, to maintain security at such locations you may be photographed or videotaped.
14) For any purpose that you provide your consent.
We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time, and as required under the applicable law, we may request your permission to allow us to share your personal information with third parties. In such instances, you may opt out of having your personal information shared with third parties, or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your personal information, certain features or CB Services may not be available to you.
6. LEGAL BASES FOR PROCESSING YOUR INFORMATION
For individuals who are located in the European Economic Area, the United Kingdom or Switzerland (collectively “EEA Residents'') at the time their personal information is collected, our legal bases for processing your information under the EU General Data Protection Regulation (“GDPR”) will depend on the personal information at issue, the specific context in the which the personal information is collected and the purposes for which it is used. We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or fundamental rights and freedoms, or where we have obtained your consent to do so. In some rare instances, we may need to process your personal information to protect your vital interests or those of another person. Below is a list of how CB uses your personal information, as described above in Section 5, with the corresponding legal bases for processing. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the "How to contact us" heading below.
Section & Purpose of Processing
Legal Bases for Processing
(2) To enforce our terms in our user agreement and other agreements (4) To provide Coinbase's Services (5) To provide Service communications (6) To provide customer service (7) To ensure quality control
Based on our contract with you or to take steps at your request prior to entering into a contract.
(9) For research and development purposes (10) To enhance your experience (11) To facilitate corporate acquisitions, mergers, or transactions (12) To engage in direct marketing activities
Based on our legitimate interests. When we process your personal data for our legitimate interests we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.
(1) To maintain legal and regulatory compliance (3) To detect and prevent fraud and/or funds loss (8) To ensure network and information security (13) To protect your or our’s vital interests
Based on our legal obligations, the public interest, or in your vital interests.
(10) To enhance your experience (12) To engage in third party marketing activities (14) For any purpose to which you consent
Based on your consent.
7. WHY WE SHARE PERSONAL INFORMATION WITH OTHER PARTIES
We take care to allow your personal information to be accessed only by those who require access to perform their tasks and duties, and to share only with third parties who have a legitimate purpose for accessing it. CB will never sell or rent your personal information to third parties without your explicit consent. We will only share your information in the following circumstances:
With third party identity verification services in order to prevent fraud. This allows CB to confirm your identity by comparing the information you provide us to public records and other third party databases. These service providers may create derivative data based on your personal information that can be used in connection with the provision of identity verification and fraud prevention services. For example:
With financial institutions with which we partner to process payments you have authorized.
With service providers under contract who help with parts of our business operations. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else. Examples of the types of service providers we may share personal information with (other than those mentioned above) include:
Document repository services
Internet (e.g. ISPs)
With companies or other entities that we plan to merge with or be acquired by. You will receive prior notice of any change in applicable policies.
With companies or other entities that purchase CB assets pursuant to a court-approved sale or where we are required to share your information pursuant to insolvency law in any applicable jurisdiction.
With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
With law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our User Agreement or any other applicable policies.
We share personal information about you with our Affiliates as a normal part of conducting business and offering Services to you.
Where we believe it is necessary in order to protect the vital interests of any person. If you establish a CB Account indirectly on a third party website or via a third party application, any information that you enter on that website or application (and not directly on a CB website) will be shared with the owner of the third party website or application and your information will be subject to their privacy policies. For more information see the “Third-Party Sites and Services” section below.
8. SPECIAL PROVISIONS RELATING TO COINBASE CARD USERS
If you sign up to use the Digital Currency backed debit card Service (the “Coinbase Card”) provided by CB via the dedicated app for that Service (the “Coinbase Card App”), we will process your personal information in accordance with this Policy.
We may at times need to share some of your personal information that we control with Paysafe to enable us and Paysafe to provide you with the Coinbase Card Service. Where we do this, Paysafe will act as a data processor and only process your personal information to the extent necessary to enable us and Paysafe to provide the Coinbase Card Service to you.
9. HOW WE PROTECT AND STORE PERSONAL INFORMATION
We understand how important your privacy is, which is why CB maintains (and contractually requires third parties it shares your information with to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us.
We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the US and elsewhere in the world where our facilities or our service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in the “How to contact us” section below.
10. RETENTION OF PERSONAL INFORMATION
We store your personal information securely throughout the life of your CB Account. We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below.
Personal information collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as required under such laws.
Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
Content that you post on our website such as support desk comments, photographs, videos, blog posts, and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).
Recording of our telephone calls with you may be kept for a period of up to six years.
Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.
11. THIRD-PARTY SITES AND SERVICES
If you authorize one or more third-party applications to access your CB Services, then information you have provided to CB may be shared with those third parties. A connection you authorize or enable between your CB account and a non-CB account, payment instrument, or platform is considered an “account connection.” Unless you provide further permissions, Coinbase will not authorize these third parties to use this information for any purpose other than to facilitate your transactions using CB Services. Please note that third parties you interact with may have their own privacy policies, and CB is not responsible for their operations or their use of data they collect. Information collected by third parties, which may include such things as contact details, financial information, or location data, is governed by their privacy practices and Coinbase is not responsible for unauthorized third-party conduct. We encourage you to learn about the privacy practices of those third parties.
Examples of account connections include:
Merchants: If you use your CB account to conduct a transaction with a third party merchant, the merchant may provide data about you and your transaction to us.
Your Financial Services Providers: For example, if you send us funds from your bank account, your bank will provide us with identifying information in addition to information about your account in order to complete the transaction.
Information that we share with a third party based on an account connection will be used and disclosed in accordance with the third party's privacy practices. Please review the privacy notice of any third party that will gain access to your personal information. Coinbase is not responsible for such third party conduct.
12. CHILDREN'S PERSONAL INFORMATION
We do not knowingly request to collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, CB will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.
13. INTERNATIONAL TRANSFERS
If you have a complaint about our privacy practices and our collection, use or disclosure of personal information please submit your request via our Support Portal.
Data transferred out of the EU
We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of personal information collected in the European Economic Area (“EEA”), the United Kingdom and Switzerland (collectively “European Personal Information”), to the extent the recipients of the European Personal Information are located in a country that the EU considers to not provide an adequate level of data protection. This includes transfers from our EU-based CB operating entities to our US-based operating entity, Coinbase, Inc. We may also rely on an adequacy decision of the European Commission confirming an adequate level of data protection in the jurisdiction of the party receiving the information, or derogations in specific situations.
Coinbase, Inc. is responsible for the processing of personal information it receives and subsequently transfers to a third party acting as an agent on its behalf. Before we share your information with any third party, Coinbase, Inc. will enter into a written agreement that the third party provides at least the same level of protection for the personal information as required under applicable data protection laws.
Coinbase, Inc., also participates in and has certified its compliance with the EU-US Privacy Shield Framework. Under the Privacy Shield Framework, Coinbase, Inc. is subject to the authority of the Federal Trade Commission. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield List at https://www.privacyshield.gov.
European data subjects with inquiries or complaints relating to our Privacy Shield certifications should first contact CB via our Support Portal or by emailing firstname.lastname@example.org. If we are unable to resolve your complaint or dispute, you may refer your complaint to our designated independent dispute resolution mechanism, the International Centre for Dispute Resolution ("ICDR"), operated by the American Arbitration Association ("AAA"). For more information and to file a complaint, you may contact the International Centre for Dispute Resolution by phone at +1.212.484.4181, or by visiting the website https://go.adr.org/privacyshield.html.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-ntroduction.
14. YOUR PRIVACY RIGHTS AND CHOICES
Depending on applicable law where you reside, you may be able to assert certain rights related to your personal information identified below. If any of the rights listed below are not provided under law for your operating entity or jurisdiction, CB has absolute discretion in providing you with those rights.
Your rights to personal information are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.
Access and portability. You may request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to a potential fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another data controller.
Rectification of incomplete or inaccurate personal information. You may request us to rectify or update any of your personal information held by CB that is inaccurate. You may do this at any time by logging in to your account and clicking the Profile or My Account tab.
Withdraw consent. To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of CB's processing based on consent before your withdrawal.
Restriction of processing. In some jurisdictions, applicable law may give you the right to restrict or object to us processing or transferring your personal information under certain circumstances. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
Automated individual decision-making, including profiling. CB relies on automated tools to help determine whether a transaction or a customer account presents a fraud or legal risk. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
Marketing communications. You can opt-out of receiving marketing communications from CB. Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. We will only contact you by electronic means (email or SMS) based on our legitimate interests, as permitted by applicable law, or your consent. If you do not want us to send you marketing communications, please go to your account settings to opt-out or submit a request via our Support Portal.
For users in the European Economic Area, the United Kingdom and Switzerland: To the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. We will contact you by electronic means for marketing purposes only if you have consented to such communication. You may raise such objections with regard to initial or further processing for purposes of direct marketing, at any time and free of charge.
How to make a privacy request
You can make privacy rights requests relating to your personal information by going to your Privacy Rights Dashboard or, if you cannot access the Dashboard, by contacting us via our Support Portal. Our Privacy Rights Dashboard also allows you to set your communication preferences and make individual rights requests relating to your personal information. We strongly encourage you to make any individual rights requests through the Privacy Rights Dashboard because it ensures that you have been authenticated already (based on the KYC information you have provided to open your account and by providing the necessary login credentials and multi-factor authentication to access the account). Otherwise, when we receive an individual rights request via other intake methods, we may take steps to verify your identity before complying with the request to protect your privacy and security.
How to lodge a complaint
If you believe that we have infringed your rights, we encourage you to first submit a request via our Support Portal so that we can try to resolve the issue or dispute informally. If that does not resolve your issue, you may contact the CB Data Protection Officer at email@example.com.
If you reside in the EU, you can file a complaint with the International Centre for Dispute Resolution by phone at +1.212.484.4181, or by visiting the website http://info.adr.org/safeharbor, or your relevant data protection authority.
In the UK, the relevant data protection authority is Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, 0303 123 1113, firstname.lastname@example.org.
In Ireland, the relevant data protection authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois; phone: +353 (0761) 104 800; LoCall: 1890 25 22 31; Fax: +353 57 868 4757; email: email@example.com
15. CALIFORNIA PRIVACY RIGHTS
In addition to the rights provided for above, if you are a California resident, you have the right to request information from us regarding whether we share certain categories of your personal information with third parties for the third parties' direct marketing purposes. To the extent we share you personal information in this way, you may receive the following information:
the categories of information we disclosed to third parties for the third parties' direct marketing purposes during the preceding calendar year; and
the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights in relation to their personal information, subject to limited exceptions. Any terms defined in the CCPA have the same meaning when used in this California Privacy Rights section. This section describes the categories of personal information CB has collected, the categories of personal information CB has disclosed, and a description of California residents’ rights.
Personal Information Category (corresponds to categories in CCPA §1798.140(o)(1))
Sources of Personal Information and Why We Collect this Information (see Section 5 above for more information)
Disclosure of Personal Information (see “Why We Share Personal Information With Other Parties” heading above for more information)
(A) Identifiers such as Personal Identification Information
Information you provide us; Information collected from third parties; Why we collect this information: see Section 5, subsections 1, 2, 3, 4, 5, 6, 8, 9, 11, and 12
- Third party identity verification services - Financial institutions - Service providers - Professional advisors - our Affiliates
(B) Customer records such as signature
Information you provide us; Information collected from third parties; Why we collect this information: see Section 5, subsections 1, 2, 5, 6, and 11
- Third party identity verification services - Financial institutions - Service providers
(C) Protected classifications under California and federal law, including gender, age and citizenship
Information you provide us; Information collected from third parties; Why we collect this information: see Section 5, subsection 1
- Third party identity verification services - Professional advisors
(D) Commercial information such as records of services purchased, obtained, or considered
Information you provide us; Information we collect from you automatically; Information collected from third parties; Why we collect this information: see Section 5, subsections 3, 4, 5, 6, 8, 9, 10, 11 and 12
- Third party identity verification services - Financial institutions - Service providers - Professional advisors - our Affiliates
(E) Biometric information
Information you provide us; Why we collect this information: see Section 5, subsection 1
- Third party identity verification services - Financial institutions
(F) Usage Data
Information we collect from you automatically; Why we collect this information: see Section 5, subsections 2, 3, 4, 6, 7, 8, 9, 10, and 12
- Third party identity verification services - Service providers - Professional advisors - our Affiliates
(G) Online Identifiers
Information we collect from you automatically; Why we collect this information: see Section 5, subsections 1, 3, 9 and 12
- Third party identity verification services - Service Providers
(H) Sensory data, such audio, electronic, visual information
Information you provide to us; Why we collect this information: see Section 5, subsections 3, 4, 5 and 7
(I) Professional or employment-related information
Information you provide us; Information collected from third parties; Why we collect this information: see Section 5, subsections 1, 12
- Third party identity verification services - Service providers - our Affiliates
(J) Inferences about preferences, characteristics, predispositions, etc.
Information you provide us; Information we collect from you automatically; Why we collect this information: see Section 5, subsections 9, 10, 12
- Service providers - Professional advisors - our Affiliates
California Residents’ Rights
Under the CCPA, you may have the following consumer rights. Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the CCPA:
For personal information collected by us during the preceding 12 months preceding your request that is not otherwise subject to an exception, California residents have the right to access and delete their personal information. CB will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services.
To the extent we sell your personal information to third parties, you also have the right to request that we disclose to you: (i) the categories of your personal information that we sold, and (ii) the categories of third parties to whom your personal information was sold. You have the right to direct us not to sell your personal information. CB does not sell your personal information in its ordinary course of business and will never sell your personal information to third parties without your explicit consent.
Should CB engage in any of the activities listed in this section, your ability to exercise these rights will be made available to you in your account settings. You can exercise your rights by going to your Privacy Rights Dashboard or contacting us via our Support Portal so that we may consider your request.
We will need to verify your identity before processing your request. In order to verify your identity, we will generally either require the successful login to your account or the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request to exercise your rights, certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know and right to deletion, particularly where we are unable to verify your identity.
If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. To do so, you must: (1) provide that authorized agent written and signed permission to submit such a request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4121 to 4130. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.
Do Not Track
Some Internet browsers - like Internet Explorer, Firefox, and Safari - include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, we do not currently process or respond to "DNT" signals.