Welcome to the Chaos Global Consumer Privacy Policy.
Chaos Software GmbH and its affiliates (together, Chaos or We) take your right to privacy seriously. We appreciate that you trust us with your personal information and respecting your privacy is at the core of our interactions with you.
We respect the privacy of all users, customers, and business contacts. This Privacy Policy describes the ways and conditions under which We process and use your personal data. We recommend that you read this Privacy Policy to get more information about the processing of your personal data.
Effective Date: July 5, 2024
The Chaos Global Consumer Privacy Policy (Privacy Policy) describes the personal information that Chaos collects from or about users of the Websites, Mobile Applications (Apps), Desktop Software Products (Software Products), Plug-In Software Products (Plugins), Cloud Rendering Services and other online and offline products and services that Chaos operates (together, the Websites, Products and Services) and how we use and protect that personal information. This Privacy Policy also explains how users can make choices about their personal information.
When we refer to personal information (sometimes referred to as personal data under some laws) in this Privacy Policy, we mean information that identifies or can be used to identify an individual human being. This includes information such as name, address, email, billing address or telephone number. Information that is not directly related to your identity (for example, the number of users on the Websites) does not fall within this category. When we refer to you or a user, we mean someone who uses any of the Websites, Products and Services. When we refer to a controller, we mean the person or entity that determines what personal information is collected from or about you and how that personal information is used and protected.
Governing law applicable to this Privacy Policy is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR) and other applicable privacy laws and regulations in countries where we operate.
How we collect, use, and protect your personal information is subject to the laws in the places in which we operate. This means that we may have different practices in different places. For more information, please see Section 14. Privacy Rights and Choices, which includes additional descriptions of your rights and our obligations in certain key jurisdictions and who to contact.
The Privacy Policy applies to the personal information collected from users of our Websites, Products and Services in which the Privacy Policy is posted or linked, when the Privacy Policy is specifically referenced in the Websites, Products and Services or when Chaos asks you to acknowledge it. This Privacy Policy also covers personal information that we collect from consumers who contact us by email, telephone and offline, such as during in-person events.
If you are one of our Partners or Resellers, this policy also tells you how we process personal data when we conduct business with you.
This Privacy Policy also may apply to personal information provided to us by consumers who engage with us through social media.
This Privacy Policy aims to provide you with comprehensive information in a clear and understandable language about what actions are taken with the personal data you provide to us, including:
With this Privacy Policy, Chaos declares that it has implemented all technical and organizational measures to protect the personal data of individuals prescribed by applicable law.
The data controller in the sense of the GDPR and other applicable data protection laws is:
Chaos Software GmbH, a limited liability company incorporated under the laws of the Federal Republic of Germany, Amtsgericht Mannheim, HRB 726749.
Chaos is part of a corporate group of entities operating in and outside of Germany. Chaos may share your personal data with other Affiliates within this Corporate Group if the applicable legal requirements are met. For avoidance of doubt Affiliate should mean an entity that controls, is controlled by or is under common control with Chaos Software GmbH. For purposes of this defined term, “control” means ownership of more than fifty (50%) percent of the voting stock or other ownership interest in an entity.
In certain cases, the immediate data controller may be one of Chaos Software GmbH’s Affiliates, please see Section 14. Privacy Rights and Choices, which includes additional descriptions of your rights and our obligations in certain key jurisdictions and who is the responsible data controller depending on your country of residence.
If you have any questions and / or requests related to your personal data that Chaos processes, you can contact us at: An der Raumfabrik 33b, 76227 Karlsruhe, Germany, or email: dpo@chaos.com
You can contact our Data Protection Officer at the following email: dpo@chaos.com
Please see Section 14. Privacy Rights and Choices, which includes additional descriptions of your rights and our obligations in certain key jurisdictions and who to contact depending on your country of residence.
Chaos develops 3D visualization technology for architecture, engineering, construction, product design, manufacturing, and media and entertainment.
Our Websites, Products and Services are strictly professional and are not aimed at children under 18 years old and we will not deliberately collect, use, provide or process in any other form any personal information of children under the age of 18. We therefore also ask you, if you are under 18 years old, please do not provide us with your personal information (for example, your name, address, and email address). In case you are under 18 years old and wish to use our Websites, Products and Services please ask your parent or guardian to register and buy a license for you. If we learn that we have collected personal data through our Websites, Products and Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.
Any information and data by which an individual can be identified falls directly or indirectly under the definition of “personal data”.
For example, indirect identification is your mobile number. Direct identification is achieved when you provide a unique identifier such as Personal Identification Number (PIN), passport number, etc.
"Special categories of personal data" means for example data revealing racial or ethnic origin, political views, religious or philosophical beliefs or membership of trade unions, as well as the processing of genetic data, biometric data for the sole purpose of identifying an individual, health data or data about the sexual life or sexual orientation of the individual.
We collect personal data directly from you, for example when you create an account with us or contact us. We also collect data when you use our Websites, Products and Services including usage data. We sometimes collect data from third parties, including our Resellers and Partners.
This personal data that Chaos collects and processes for our Websites, Products and Services may include the following categories:
Categories of personal data | Types of personal data |
Information about you | Name, surname, family name |
Account information | Password, username |
Image data | Avatar or photo should you choose to provide one for the forum |
Contact details | Email, telephone number |
Personal identifiers | Personal identifiers, required only for invoicing upon request of the customer |
Information about your employer and your interests | Name of the company you work for and information about the industrial interest you have in software products (e.g. Film, VFX, Television, Architecture, etc.) |
Data about the persons who are eligible for discounts | Copy of documents evidencing that the consumer is an active student in a university |
Address details | Billing address, country, city, ZIP and/or postcode |
Bank data | Partial data about your bank account. Payment card purchases are processed by third-party payment processors. Chaos does not have access to complete bank account numbers, credit card numbers or debit card numbers. |
Purchase history | Data about purchased or used Products or Services |
Information collected from our Products and Services | Account information for authenticating license, Product Version, Error Reports, IP address and broad geographic location (e.g. country location), Information about your computer or mobile device (such as device type and identification number, operating system, CPU and GPU drivers), Information about 3D scene being rendered by our Products and Services (such as number of objects or lights and render settings, without collecting the scenes or assets themselves) |
Product Usage Data (Telemetry) | Anonymized Telemetry (product usage data that is not tied to an individual personalized license) and/or Personalized Telemetry (product usage data that is tied to an individual personalized license) can be collected and processed only if enabled by user |
Internet data | Data about your IP address, location data, cookie data, etc. |
Copy of communication on our website | Copies of emails or other forms of communication you might have while using our Website, Products and Services and our communication system tools |
Information received from third parties | The types of personal information that we receive from third parties include: Personal information that is commercially available from marketing services providers or collected by marketing partners through campaigns and events, which is used to help identify individuals who may be interested in learning more about Chaos and to supplement personal information we already have. This personal information includes insights from matching our pseudonymised data sets with third parties’ pseudonymized data sets. Sometimes when you purchase our Products or Services through a Partner or Reseller we may acquire Information about you and Account data from that Partner or Reseller. |
User generated content | When using our cloud services You may choose to upload some of your user generated content like images, 3D scenes, 3D assets, 3D data (data about materials and textures added to a scene or image), video, text prompts or other data to the cloud. |
Other data | Other types of personal information, which you may provide by contacting us and/or making a request / inquiry |
We collect Personal Data via cookies, pixel tags, or similar technologies when you use our Websites, Products and Services (collectively referred to as Cookies), including for conducting analytics and advertising. For more information on our use of cookies, please read our Cookie Policy or use the Cookie Settings functionality available in our Websites, Products and Services that implement cookies.
Chaos does not collect any special categories of personal data since such are not required for the use of our Websites, Products and Services. If sensitive categories of personal data are provided by you during your communication with the Company or use of our Websites, Products and Services, it will be deleted as soon as possible after the processing of such data is established.
The processing of personal data includes the collection, storage, destruction, transfer, correction, updating, deletion, and all other activities carried out with your personal data.
Chaos processes personal data on the grounds of the performance of a contract with the consumer (Article 6, paragraph 1, item "b" of the GDPR). We may also process personal data after obtaining clear, free, and unambiguous consent from you for the purposes of processing expressed through your voluntary registration or provision of data in our Websites, Products and Services or trough clicking onto optional checkboxes (Article 6, paragraph 1, item “a” of the GDPR). The consent you provide can always be withdrawn by contacting us or using the contact form available on our website.
Some of our processing activities are based on legitimate interest (Article 6, paragraph 1, item “f” of the GDPR), but only after we have carefully assessed that such interests do not concern the fundamental rights and freedoms of the data subject.
Lastly, in a very limited number of cases we process your personal data for compliance with a legal obligation to which Chaos is subject (Article 6, paragraph 1, item “c” of the GDPR).
Chaos operates in different countries across the world which may use different legal bases for processing according to applicable laws in different jurisdictions. In any case We make sure that we process your personal information lawfully and we apply the following principles:
The personal data provided by you shall be used for the following purposes, including but not limited to:
Your personal data is not subject to automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR.
When you visit our Websites or use our Products and Services, Chaos processes (collects) your personal information in the following ways:
Depending on the legal ground based on which we process your personal data, the storage period of personal data may be different.
Your personal data is stored as long as we have valid legal grounds for processing it. After this period has expired and in case there is no legal ground to continue storing your personal data, your information shall be fully anonymized or deleted.
Chaos respects your privacy and keeps your data secured. Subject to statutory requirements or business needs, Chaos may disclose your personal data to the following categories of recipients:
Legal: Information about our users, including Personal Data, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Chaos, our users, a third party, or the public.
In principle, Chaos and many of its Affiliates that are based in Europe store and process personal data predominantly in the European Union (“EU”), the European Economic Area (“EEA”) and the United Kingdom (“UK”).
Chaos may transfer personal information across borders to any of the places where we and our Affiliates, Partners and Resellers operate. These other places may have data protection laws that are different from (and, in some cases, less protective) than the laws where you reside.
If your personal information is transferred across borders by us or on our behalf, we use appropriate safeguards to protect your personal information in accordance with this Privacy Policy and applicable law. These safeguards include agreeing to standard contractual clauses or model contracts for transfers of personal information among our Affiliates and among our Partners and Resellers. When in place, these contracts require our Affiliates, Partners and Resellers to protect personal information in accordance with applicable privacy laws.
For more information about how we transfer Personal Data internationally, please contact us as set out in Section 3 above.
This Section applies to residents in the EU, EEA and UK, as well as any resident of a country that is not listed in Section 14 and provided with specific rights applicable per their local legislation in the country of residence.
Subject to European law (GDPR) and the privacy laws applicable in the UK, you may have the following rights to your personal data processed by Chaos:
You can exercise any of the above rights by submitting a formal request to the following address: An der Raumfabrik 33b, 76227 Karlsruhe, Germany, or email: dpo@chaos.com. In order to exercise your rights, it is mandatory to establish the identity of the claimant when submitting a request for exercising your rights. For your convenience we have created a policy for data subjects’ rights where you can find a lot more information about your rights related to data privacy and how to exercise them.
If you are a European resident, you also have the right to file a complaint with the respective data protection authority where you live, work or where you think we have violated data protection laws, when the relevant prerequisites are in place.
You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email or by contacting us at dpo@chaos.com. You may continue to receive service-related and other non-marketing emails.
This policy may be updated periodically to reflect changes in personal data protection legislation and best practices. When Chaos updates this Privacy Policy, We will post the updated version and change the Effective Date above. We will also take appropriate measures to inform you in advance of significant changes that We believe affect your privacy rights either via email or including a just-in-time notice displayed in our Products or Services. If your consent is required by applicable privacy laws, we will obtain your consent to changes before the revised Privacy Policy applies to you. Please regularly check this Privacy Policy to ensure you are aware of the updated version.
RESIDENTS OF SOUTH AFRICA
Personal information that is collected from you is required for you to have access to Chaos’ Websites, Products and Services. Failure to provide this personal information may prevent you from accessing or using any or all of our Websites, Products and Services. Under the Protection of Personal Information Act 4 of 2013 (POPIA), personal information of juridical persons also is protected; therefore, in the event that our Websites, Products and Services are accessed on behalf of a juridical person (legal entity), personal information of such legal entity should be protected.
Direct Marketing
All electronic direct marketing communication will be sent to you (until you opt out) when:
Your Rights
You have the right to make the following requests about your personal information:
We may (and in some cases are required to) verify your identity before we can act on your request to exercise your privacy rights.
How to contact us to exercise your privacy rights
To exercise your privacy rights, please contact Chaos using one of these options:
You have a right to lodge a complaint with the Information Regulator (South Africa) https://inforegulator.org.za/
Email: POPIAComplaints@inforegulator.org.za
Other Processing Details
We also automatically collect the following information:
We also permit third-party online advertising networks, social media companies and other third-party services to collect information about the user’s use of the Services over time so that they may play or display ads on the Services used by the user and on other devices the user may use
For some of the Services, we use third-party tools to monitor user experience information. These tools automatically collect usage information, including mouse clicks and movements, page scrolling and any text keyed into website forms. The information collected does not include passwords, payment details, or other sensitive personal information. We use this information for site analytics, optimization and to improve website usability. We do not permit this information to be shared with or used by third parties for their own purposes.
Our online and email advertising-related vendors may use pixel tags, web beacons, clear GIFs or other similar technologies in connection with the Services to help manage our online and email advertising campaigns and strengthen the effectiveness of such campaigns. For example, if a vendor has placed a unique cookie on the user’s computer, the vendor may use pixel tags, web beacons, clear GIFs or other similar technologies to recognize the cookie during the user’s visit to the Services and to learn which of our online advertisements may have brought the user to the Services, and the vendor may provide us with such other information for our use. We may link such other information provided to us by our vendors to Personal information about the user that we have previously collected.
We may use third-party advertising companies to serve advertisements on the Services. These companies may use information (not including the user’s name, address, email address or telephone number) about a user’s visits to the Services to provide advertisements about goods and services of interest to the user.
We may link or combine the user’s activities and information collected from the user through the Services with information we collect automatically through tracking technologies. This allows us to provide the user with a personalized experience regardless of how the user interacts with us through the Services.
RESIDENTS OF BRAZIL
Chaos Software GmbH and its Affiliates (together, Chaos or We) take your right to privacy seriously. We appreciate that you trust us with your personal information and respecting your privacy is at the core of our interactions with you.
We respect the privacy rights of all our consumers who are residents of Brazil. We aim to comply fully with the requirements of the Brazil’s Lei Geral de Proteção de Dados Pessoais do Brasil, also known as LGPD. In addition to our Privacy Policy above we recognize that all Brazilian residents have the following rights as per the LGPD:
You can exercise your privacy rights by sending an email to dpo@chaos.com. In your request, please make clear the personal information to which your request relates. For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.
The controller of your personal information is: Chaos Software EOOD, UIC 131375768, a limited liability company incorporated under the laws of Republic of Bulgaria, with seat and registered address at: 145 Tsarigradsko shose Blvd., Sofia Office Center, 12th floor, 1784 Sofia, Bulgaria
The Data Protection Officer is: Yordan Astardzhiev
Data Protection Regulator:
Autoridade Nacional de Proteção de Dados
RESIDENTS OF CANADA
Chaos Software GmbH and its Affiliates (together, Chaos or We) collects, uses, and discloses Personal Information for the purposes identified in our Privacy Policy and for any additional purposes, as permitted by law, with notice to you and your express or, where permitted, implied consent.
You have certain rights in respect of your information. To access or correct your Personal Information, please send us an email at: dpo@chaos.com. Please note we may verify your identity before we can act on your request.
For residents of Quebec: The person in charge of the protection of personal information about individuals residing in Quebec is Yordan Astardzhiev, who can be contacted by email at dpo@chaos.com.
The controller of your personal information is Chaos Software EOOD, UIC 131375768, a limited liability company incorporated under the laws of Republic of Bulgaria, with seat and registered address at: 145 Tsarigradsko shose Blvd., Sofia Office Center, 12th floor, 1784 Sofia, Bulgaria
FOR RESIDENTS OF EUROPE AND THE UNITED KINGDOM (UK)
RESIDENTS OF BULGARIA.
The controller for the personal information collected in connection with use of our Websites, Products and Services in Bulgaria is Chaos Software EOOD, UIC 131375768, a limited liability company incorporated under the laws of the Republic of Bulgaria.
Address: 145 Tsarigradsko shose Blvd., Sofia Office Center, 12th floor, 1784 Sofia, Bulgaria.
Email: dpo@chaos.com
The Privacy Policy above is fully applicable for residents of Bulgaria apart from the applicable personal data controller and the contact details listed in this section. You also have the right to file a complaint with the Bulgarian Commission for Protection of personal Data (https://www.cpdp.bg/en/index.php?p=home&aid=0).
RESIDENTS OF CZECH REPUBLIC.
The controller for the personal information collected in connection with use of our Websites, Products and Services in the Czech Republic is Chaos Czech a.s., a joint-stock company incorporated under the laws of the Czech Republic
Address: Karlovo namesti 288/17, 120 00 Prague, Czech Republic.
Email: dpo@chaos.com
The Privacy Policy above is fully applicable for residents of The Czech Republic apart from the applicable personal data controller and the contact details listed in this section. You also have the right to file a complaint with the Czech’s supervisory body, which is The Office for personal data protection, Pplk. Sochora 27, 170 00 Prague, Czech Republic, (www.uoou.cz).
RESIDENTS OF DENMARK
The controller for the personal information collected in connection with use of our Websites, Products and Services in Denmark is Cylindo International ApS, a company incorporated under the laws of Denmark,
Address: Livjaegergade 17B, 2. th., 2100 Copenhagen, Denmark.
Email: hello@cylindo.com
The Privacy Policy above is fully applicable for residents of Denmark apart from the applicable personal data controller and the contact details listed in this section. You also have the right to file a complaint with the Danish Data Protection Agency at https://www.datatilsynet.dk/.
RESIDENTS OF ITALY
The controller for the personal information collected in connection with use of our Websites, Products and Services in Italy is AXYZ design S.R.L., with registered office in Melegnano (MI), via Monte Suello n.15.
Address: Melegnano (MI), via Monte Suello n.15.
Email: support@axyz-design.com
The Privacy Policy above is fully applicable for residents of Italy apart from the applicable personal data controller and the contact details listed in this section. In addition, residents of Italy have the right to lodge a complaint with a supervisory authority (for further information, see the institutional website of the Privacy Guarantor www.garanteprivacy.it).
RESIDENTS OF REPUBLIC OF NORTH MACEDONIA
The controller for the personal information collected in connection with use of our Websites, Products and Services in the Republic of North Macedonia is Chaos Software DOOEL, a limited liability company incorporated under the laws of the Republic of North Macedonia.
Address: 3 Dobrivoe Radosavlevik str., Bitola, North Macedonia.
Email: hello@cylindo.com
The Privacy Policy above is fully applicable for residents of the Republic of North Macedonia apart from the applicable personal data controller and the contact details listed above. You also have the right to file a complaint with the North Macedonian Data Protection Agency at https://azlp.mk/.
RESIDENTS OF THE UNITED KINGDOM
The controller for the personal information collected in connection with use of our Websites, Products and Services in the United Kingdom is Chaos Software Ltd., a limited liability company incorporated under the laws of the United Kingdom.
Address: 2 Wellington Road | St John's Wood, Westminster NW8 9SP | United Kingdom
Email: dpo@chaos.com
The Privacy Policy above is fully applicable for residents of the United Kingdom apart from the applicable personal data controller and the contact details listed above. You also have the right to file a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/.
RESIDENTS OF JAPAN
The controller for the personal information collected in connection with use of our Websites, Products and Services in Japan is Chaos Group Japan Co. Ltd.
Address: Tokyo, Setagaya district, Seijo 4-33-3-402, Japan
Email: dpo@chaos.com
The Privacy Policy above is fully applicable for residents of Japan apart from the applicable personal data controller and the contact details listed above.
RESIDENTS OF SOUTH KOREA
The controller for the personal information collected in connection with use of our Websites, Products and Services in South Korea is Chaos Group Incorporated.
Address: A-1510, 606, Seobusaet-gil, Geumcheon-gu, Seoul, Korea, (gasan-dong, Daesung D-POLIS Knowledge Industry Center), South Korea.
Email: dpo@chaos.com
The Privacy Policy above is fully applicable for residents of South Korea apart from the applicable personal data controller and the contact details listed above.
RESIDENTS OF THE UNITED STATES
Throughout this section for Residents of the United States, we use the following terms with the following meanings:
CONTROLLER
The controller for the personal information collected in connection with use of our Websites, Products and Services in the United States is Chaos Software Inc., a company with registered office at 80 Pine Street, Floor 24, New York, NY 10005-1732. Chaos Software Inc. is hereinafter referred to in this section as Chaos or We.
RESIDENTS OF CALIFORNIA.
This California Privacy Notice (California Privacy Notice) applies to Chaos’s processing of personal information of residents of the U.S. State of California (California Consumers) as required by the California Consumer Privacy Act of 2018, as amended (CCPA). This "Residents of California" section contains our Notice at Collection under CCPA.
If you are a California Consumer, this California Privacy Notice is designed to help you understand the categories of personal information that we collect about you, where we get that personal information, why we process it, who we share it with, and the rights you have to know and control your personal information. If this California Privacy Notice and any provision in the rest of our Privacy Policy conflict, then this California Privacy Notice applies for the processing of personal information of California Consumers. This California Privacy Notice does not apply to Chaos’s employees, contractors, contingent workers, job applicants, business partners and resellers residing and operating in the U.S. State of California.
In this "Residents of California" section, Business Purposes means providing the Products and Services, operating the Websites; managing and processing interactions and transactions with California Consumers; securing and debugging the Products and Services; advertising and marketing; quality assurance; research and development; and other business purposes as may be defined in CCPA from time to time; and Service Providers means organizations that process personal information on behalf of Chaos and contractors and other organizations with which Chaos shares personal information pursuant to a contract for Business Purposes.
NOTICE AT COLLECTION
For CCPA purposes, Chaos generally acts as a “Business” with respect to your personal information, which means that Chaos determines how and why the personal information that Chaos collects from or about you is handled. (A “Business” is similar to a “controller” which is defined in the preamble to this Privacy Policy.)
This Notice at Collection of personal information describes our personal information collection practices when we are acting as the Business, including a list of the categories of personal information we collect, the purposes for which we collect personal information and the sources from which we collect personal information.
This Notice at Collection covers the twelve (12) months prior to the "Last Updated" date above. This Notice at Collection is updated at least once per year. If this Notice at Collection conflicts with the Privacy Policy, this Notice at Collection will govern as to California Consumers, unless expressly stated otherwise. If Chaos’s processing materially changes between updates to this Notice at Collection, Chaos will provide a supplemental notice when or before the changes apply.
Although we already explain what personal information we collect and why above in this Privacy Policy, the CCPA requires that we make certain disclosures using the categories of personal information used in the definition of personal information in the CCPA.
In the preceding 12 months, Chaos has collected the following categories of personal information:
Categories of Personal Data: | Source: | Purpose: | Third-party recipients: | Sold/Shared: |
Personal identifiers | Directly from you / From our business partners and resellers | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Account information | Directly from you | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Image data | Directly from you | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Contact details | Directly from you / From our business partners and resellers | Providing our Products or Services / advertising and marketing | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Information about your employer and your interests | Directly from you | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Data about the persons who are eligible for discounts | Directly from you | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Address details | Directly from you | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Bank data | Directly from you / from our third party payment processor | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Purchase history | Directly from you / from our third party payment processor | Providing our Products or Services / advertising and marketing | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Information collected from our Products and Services | Directly from you | Securing and debugging the Products and Services; advertising and marketing; quality assurance; research and development | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Internet data | Directly from you, Automatically collected during use of the Services | Providing our Products or Services / advertising and marketing | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Copy of communication on our website | Directly from you | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
User generated content | Directly from you | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Other data | Directly from you | Providing our Products or Services | Service providers, including marketing vendors, Affiliates and resellers, other third parties | No |
Generally, when we collect precise geolocation information or other personal information that is “sensitive” under California law, Our use of this personal information is to perform a Service you have requested and is consistent with the permitted business purposes in California Civil Code § 1798.100 et seq. and implementing regulations. We will collect your consent for any other use.
Chaos does not collect:
Your California Consumer Privacy Rights
CCPA offers California Consumers the following key privacy rights:
To submit a request to exercise your California privacy rights, please:
Please note:
Notice of Financial Incentive
We may offer discounts or other benefits to California Consumers enrolled in certain rewards or promotional programs.
Chaos does not generally assign monetary or other value to consumers’ personal information and our promotional activity changes continually. To the extent California law requires that a value be assigned to such programs, or the price or service differences they involve, Chaos values the personal information collected and used under each program as being equal to the value of the discounts or other financial incentives provided in each such program, based upon a practical and good-faith effort to assess on an aggregate basis for all collected information: (1) the type of personal information collected in each program (e.g., email address), (2) the use of such information by Chaos in connection with its marketing activities, (3) the range of discounts provided (which can depend on each consumer’s purchases under such offers), (4) the number of individuals enrolled in respective programs, and (5) the products for which the benefits (such as price difference) can apply. These values can change over time. Note that this description is without waiver of any proprietary or business confidential information, including trade secrets, and it does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.
A different California law permits California residents to request a notice disclosing the categories of Personal Information about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. At this time, Chaos does not share Personal Information with third parties for their direct marketing purposes.
RESIDENTS OF OTHER U.S. STATES.
The U.S. Privacy Laws offer Consumers certain rights with respect to their personal information. Chaos will honor these rights for any U.S. resident. They include:
To protect Consumers, if we are unable to verify a privacy rights request, we are unable to honor the request. We will use personal information provided in a verified privacy rights request only to verify identity or agent authority to make the privacy rights request and to track and document responses unless Chaos also received the personal information for another purpose.
Agent Requests
You may use an authorized agent to make a privacy rights request for you. We may require that you directly confirm that you authorized the agent to submit requests on your behalf or request provision of evidence for the authorization. Please note that it may take additional time to verify and fulfill agent-submitted requests. Once confirmed, your authorized agent may exercise privacy rights on your behalf, subject to the requirements of applicable law.
Appeals
You may appeal Chaos's decision regarding a request by email at dpo@chaos.com. Please use the same email address that you used to submit the initial privacy rights request when you submit your Request to Appeal and please add “Request to Appeal” in the subject line of the email. If you do not use the same email address, Chaos cannot link your Request to Appeal to your initial privacy rights request.
Chaos's Responses
Some personal information that we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., data tied only to a pseudonymous browser ID). We do not include that personal information in response to those requests. If we deny a request, in whole or in part, Chaos will explain the reasons in our response.
Chaos will make commercially reasonable efforts to identify personal information that we process to respond to a privacy rights request. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your personal information and give you the opportunity to select whether you want the rest. We reserve the right to direct you to where you may access and copy responsive personal information yourself. We typically do not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided with a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
Retention of your Personal Information
We retain personal information about a Consumer for as long as the Consumer’s account is active and otherwise as long as necessary for the purposes described above. We also retain personal information as long as necessary to comply with legal obligations, resolve disputes and enforce our agreements. When determining the retention period, we consider various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you and mandatory retention periods under applicable law.