Privacy Policy for Citizen Services
Citizen’s mission is to keep you safe and informed.
Protecting your privacy is fundamental to the way sp0n, Inc., the company that does business as Citizen and operates the Citizen mobile app and www.citizen.com, including its subsidiaries and affiliated entities under common ownership and control, (“sp0n” or “Citizen”, “Company”, “we”, “us”, or “our”) conduct business and provide our services. This Privacy Policy describes our collection, use and disclosure of the information we may collect from you whenever you visit any of our digital properties, website(s) (hereinafter a “Site” and collectively the “Sites”), or otherwise interact with us or access any of our application, products, services, and content (hereinafter the “Platform”). The Sites and the Platform are together referred to in this Privacy Policy as the “Services”.
This Privacy Policy applies to all visitors and customers accessing the Services. If you become an inactive customer, or if we close or suspend your account, we will continue to adhere to the Privacy Policy in place when we collect your personal information as long as we retain it in our databases. We may delete any or all of your information at any time without notice to you or for any reason or no reason unless we are otherwise required by law or retain it. You may have other privacy protections under state laws and we encourage you to refer to the Jurisdiction Specific Privacy Rights Statement to review these. Unless otherwise specifically noted, this Policy does not apply to your use of third-party sites linked to in the Services.
Updates and Supplemental Notices to this Privacy Policy
We may provide additional or supplemental privacy notices for specific products or services that we offer at the time of collection. Unless otherwise noted, those supplemental notices should be read together with this Privacy Policy.
This Privacy Policy may change from time to time. The “Effective Date” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy and your continued access to the Services is deemed to be your acceptance of those changes, so we encourage you to check back periodically for updates.
Citizen Privacy Practices
Our principles for protecting your data
- We record the information we need to provide our services: informing you of incidents happening around you, and helping you get emergency assistance when you’re in need.
- The personal information we do collect we store for as short a duration as possible. And, where possible, we store only de-identified or aggregate data that is not tied to you.
- We generally limit access to your data to a subset of the engineering team. We have specific systems to control data access, and all access is logged and regularly audited.
- We take protecting your location data seriously. We need accurate, real-time location data to alert you of any emergencies and to help you get emergency assistance, but we lower the resolution of historical location data where possible.
- We test the stability and security of our infrastructure, including annual penetration testing and review of our security systems and their configurations. We use an information security firm to provide these services under a strict non-disclosure agreement.
- Our services are designed to provide real-time notifications of incidents occurring near you, and to help you get assistance in the case of an emergency. We can only provide those services in certain areas, so if you are located outside of one of those areas, the services may not work for you. We only intend to provide our services in the United States.
Public data
- Content visible to any other user on the Citizen platform is considered public data (for example, publicly posted comments and videos). You have control over public data on Citizen tied to your account, and can delete comments and videos you have posted. You can also delete your account from the app or email support@citizen.com to request to delete your account.
Sections
This Privacy Policy is comprised of the following sections and you can jump to particular topics by going to the headings below:
- Personal Information We Collect and Purpose of Collection
- Why We Collect Personal Information
- Disclosure of Personal Information
- Data Security
- Retention of Personal Information
- Other Important Information
- Cookies and Tracking Technologies
- Privacy Rights and Choices
- International Data Transfers
- Contact Information
- Premium Service-specific Information
- Jurisdictions-Specific Rights Notices
- California Privacy Notice
1. Personal Information We Collect and Purpose of Collection
We collect personal information when you access and interact with our Services or provide information by contacting us via our Services when you make a comment or request in relation to our products and services. In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. This information may be provided by you voluntarily or automatically as part of your interaction with our Services. Detailed information about the personal information we collect, and why we collect it is provided in the chart below:
Context of Collection
Types of Data
Business Purpose for Collection and Use of Data
Identifiers
We may collect or access some of your contact and login details such as your name, login or screen name, postal address, IP address, email address so that we can provide you with the Services or support. In addition, we may need you to provide an image of your driver’s license or government issued ID, but we only do this if we need to confirm your identity in response to a request from you to access, update, or delete your personal information under your privacy rights. For marketing purposes, we also place cookies, pixel tags, and similar identifiers and tracking technologies that may collect additional information about you and how you interact with our Site and Services.
We have a legitimate interest in monitoring our networks and visitors to our Services and a contractual basis for fulfilling your request for services.
Contents of Communications
When you reach out to us for support, interact with the Platform, or ask to learn more about our Services, we collect personal information such as your email address and phone number.
We have a legitimate interest in monitoring our networks and visitors to our Services, responding to your communications and requests for information, and a contractual basis for fulfilling your request for services.
Audio/Video/Visual/Electronic
When you use our Services as intended, and voluntarily provide or upload any alerts to help our other users, we collect or receive photographs, audio, videos, recorded calls, voicemails, and electronic communications that you submit. These may include content made via a live or automated online interaction within the Services or submitted by you in the form of a photo, video, or other content.
We have a legitimate interest in monitoring our networks and Services and the content posted by users. We also provide the Services on a contractual basis to you.
Captured Content
The purpose of our Services is for all our users to alert one another of issues and incidents. If you use the Services as intended to capture a video or other content you wish to make publicly available, you do so voluntarily and we collect and store that content and additional information about the content and device you used and how you accessed the Services.
We have a legitimate interest in monitoring our networks and Services and the content posted by users.
Customer Records
We may collect digital and electronic signatures, and telephone numbers.
We have a contractual basis for fulfilling your request for services.
Online Account or Credit Card Info Combined with a Security/Access Code
We offer Premium Services that require payment from you. In order to collect and process those payments, we may use third party payment processors that collect credit or debit card numbers, or financial account information that is combined with a security or access code. This information, if collected, is considered sensitive personal information.
We have a contractual basis for fulfilling your request for services.
Inferences
We try to provide you with the Services you want and need and in those efforts, we may collect inferences about your preferences, characteristics, behavior and attitudes.
We have a legitimate interest in monitoring our networks and visitors to our Services.
Log and Usage Data
We take measures to protect and improve our Services. In these efforts, we may collect log and usage data for service related purposes such as diagnostic, usage, and performance information collected by our servers when you access or use our Services. We record this information in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about activity on the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you access), device event information (such as system activity, error reports, and hardware settings).
We have a legitimate interest in monitoring our networks and visitors to our Services.
Device Data
We take various measures to protect and improve our Services. In these efforts, we may collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet Service provider and/or mobile provider, operating system, and system configuration information.
We have a legitimate interest in monitoring our networks and visitors to our Services.
Location Data
We may use your location data to route real-time safety alerts to you, like a fire in your building, an abducted child or a dangerous situation near you. You choose whether to share your location, and can always revoke Citizen’s access to your location data in your device settings, but the app will not properly function if the app can’t access location data. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your location setting on your device but doing this may inhibit your access to certain aspects of the Services.
We have a contractual basis for fulfilling your request for services.
User Contacts
Because our Services are a network of users, when you share your contacts with us, you direct us to let your friends know that you have joined Citizen, so they may connect with you. In addition, when you use Citizen Premium, you direct us to share some of your information with the friends and family members you designate, with your emergency contacts, and with first responders in order to assist you in the event of an emergency.
We have a contractual basis for fulfilling your request for services.
2. Why We Collect Personal Information
We may collect the categories of personal information listed below. We use this information for one or more of the following “business purposes”:
- Customer Service and Support - to provide customer service and support, maintain, and service products and accounts, provide training for quality assurance purposes, and perform similar activities.
- Respond to Inquiries – to respond to your inquiries and provide you with requested services or resolve any issues you may have with our Services.
- Administration of Our Services – to send you details about our Services, update you about changes to our terms and policies, and other similar information.
- Advertising & Marketing – to send advertisements and marketing material via physical and electronic mail relating to product specials and other promotional events or offers, perform marketing research and data analytics, and perform similar activities.
- Counting Ad Impressions & Website Interactions – to audit interactions with our websites, applications, or advertisements, count ad impressions to unique visitors, verify position and quality of ad impressions, and perform similar activities to determine how to provide marketing and promotional campaigns that are most relevant to our customers.
- Identify Usage Trends – to better understand how our Services are being used so we can improve them.
- Request Feedback – to contact you and get your feedback about your use of the Services.
- User-to-User Communication – if you choose, to allow for communications with another use of our Services.
- Fraud Prevention – to help ensure security and integrity, such as necessary to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to address, as appropriate, with those responsible for that activity.
- Processing Transactions – to process or fulfill orders and transactions, verify customer information, process payments.
- Protect Individual Interests – to save or protect an individual’s vital interest, such as to prevent harm.
- Compliance with Legal Obligations – To comply with our legal and contractual obligations and to protect our legal interests, such as in the event of a complaint or dispute.
3. Disclosure of Personal Information
If you post videos to the Services we may share these videos publicly and/or on social media services as well as to news outlets and other public sites in select circumstances. We do not sell, exchange, transfer, or give your personal information to any other company or individual for any reason except as set forth in this Privacy Policy and as described below.
If you decide to provide us with your contact list, we may share some of your personal information, including your use of the Services, with others to invite them to connect with you through the Services or to suggest you as a connection to other users.
If you use certain Citizen Premium features, we may share some of your personal information with first responders and your emergency contacts in the event that you are experiencing an emergency and request assistance.
In addition to the specific situations discussed elsewhere in this policy, we may disclose personal information we collect from you:
- if we believe disclosure is necessary or appropriate to protect the rights, property or safety of us, our clients or others;
- to our authorized service providers such as our contractors and other third parties we use to support our business and fulfill the purposes set forth above;
- to emergency responders and service companies involved in the emergency response space to whom we disclose information for the purpose of providing the Services and helping keep you safe, if you are a Premium Services subscriber;
- to fulfill the purpose for which you provide it;
- to other Company-owned business entities for the purposes of coordinating our provision and development of products and services;
- and a buyer or other successor in the event of a sale, merger, reorganization or transfer of some or all of our business or assets;
- for any other purpose disclosed by us when you provide the information;
- to comply with applicable law including in connection with any court order, law enforcement investigation, legal process, including responding to any government or regulatory request;
- to professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they render to us, and subject to professional and contractual obligations of confidentiality;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
- to courts and public authorities to protect you, Company, or third parties from harm; or
- with your consent or as required to provide you with Services.
4. Data Security
Protecting you means protecting your data. Citizen limits access to your data to only those Citizen employees who require access in order to provide you with the Services. We have organizational and technical measures and safeguards in place that are designed to secure and protect your personal information. The use of, and access to, your personal information by us is restricted to authorized individuals who need to know that information to provide services to you, and who receive training about the importance of protecting personal information. Our service providers and business partners are also contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purposes.
Unfortunately, no method of transmission of information via the internet or electronic storage is completely secure. Although we use reasonable efforts to protect your personal information, we cannot guarantee the security of your personal information transmitted to us through our website or other electronic means. Any electronic transmission of personal information is at your own risk. In the event that we are required by law to inform you of a breach of your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
If you believe your information is not secure, please immediately notify us of the problem at the address provided in the Contact Information section below.
5. Retention of Personal Information
Generally, we will hold your personal information for as long as you remain a Customer of ours or as long as necessary to perform the activities described in this Privacy Policy, unless we have an ongoing legitimate business need that requires a different retention period. We retain the information in order to provide and maintain the quality of the Services you have requested, or if we are obliged to retain such information for legal, regulatory, fraud prevention, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use and/or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When our legitimate business need for retaining your personal information ceases to exist, we will either delete or anonymize your information so that it can no longer be attributed to you.
6. Other Important Information
A. Agent Call Recording
We may collect certain categories of personal information from you when you interact with one of our agents or through the use of session replay tools. Session replay is a visual tool that recreates your interactions with our Agent and through the Services, giving us a better understanding of this interaction to help maximize your user experience. Session replay tools that we may utilize include, but are not limited to, video-like playback, error tracking integration, application performance monitoring (APM) integration, real user monitoring (RUM) session timeline, and speed controls. Depending on your interaction with our agents or the Services (e.g. when you complete a “Contact Us” form), the categories of personal information we may also capture include, but are not limited to, name, phone number, email, mailing address, and other identifiers that you may provide. By interacting in this way, you are consenting to us capturing any interactions and any personal information you provide.
B. Links to Third Party Services
Our Services may include links to third party services where you might be able to post comments, reviews, or view third party information. Please note, the inclusion of a link on our Services to a third party’s service does not imply endorsement of the third party’s data handling practices, and does not imply that the third party’s practices are covered by this Privacy Policy. We are not responsible for the privacy practices of these entities.
C. Children’s Information
We do not knowingly contact or collect personal information from children under 18 and our Services are not intended to solicit information of any kind from children under the age of 18. It is possible that by fraud or deception we may receive information pertaining to children under 18. If we become aware of this, as soon as we verify the information, we will immediately comply with our legal obligations and delete the information from our servers. If you want to notify us of our receipt of information by children under 18, please do so by emailing us at support@citizen.com or at: sp0n, Inc., 197 Grand St, Ste 3W, New York, NY 10013, USA.
D. Conducting Data Analytics
We are an innovative business, which relies on developing sophisticated products and services by drawing on our experience from prior engagements. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you.
We are not concerned with an analysis of identifiable individuals, and we take steps to ensure that your rights and the legitimacy of our activities are ensured through the use of aggregated or otherwise de-identified data. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve our Services and to promote our business. We will not attempt to re-identify any such data, except as permitted by law.
E. Targeted Advertising Practices
We may rely on a third-party services provider to either display advertising on our Website or to manage our advertising on other sites. These service providers may use technologies such as cookies to gather information about your activities on our Services in order to provide you with advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
F. Non-Personal Information.
This Privacy Policy does not restrict our collection, use or disclosure of any aggregated information or information that does not identify, or cannot be reasonably linked to, any individual.
G. Accessibility
If you have a disability and require an alternative format to this Policy, please email us at support@citizen.com so that we may provide you with a more suitable format.
Cookie
Type
Duration
Source
Purpose and More information
sessionid
Necessary
Session
Citizen
This cookie, set by Citizen, is used by the website to store the user's session ID and is sent with each request to the ASP.NET application.
clientCountry
Other
Session
Citizen
No description
_ga
Analytics
Persistent
Google Analytics
This cookie is used to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gid
Analytics
Session
Google Analytics
This cookie is used to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_gat
Performance
Session
Google Analytics
This cookie is set to restrain request rate and thus limit data collection on high-traffic sites.
_s
Analytics
Persistent
Shopify
This cookie is associated with Shopify's analytics suite.
_ga_
Analytics
Persistent
Google Analytics
This cookie is set to store and count page views.
_gcl_au
Analytics
Persistent
Google Tag Manager
This cookie is set to experiment advertisement efficiency of websites using their services.
X-AB
Functional
Session
Adobe Analytics
This cookie is set in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation or edition of the site.
test_cookie
Advertisement
Session
Doubleclick.net
This cookie is set to determine if the user's browser supports cookies.
_ttp
Advertisement
Persistent
TikTok
This cookie is set to track and improve the performance of advertising campaigns, as well as to personalize the user experience.
_schnl
Other
Session
Citizen
No description
_scid
Functional
Persistent
Snapchat
This cookie is set by Snapchat to store Snapchat Pixel unique ID of the User.
_scid_r
Other
Persistent
Snapchat
This cookie is set for showing relevant advertising based on the user’s movement.
sc_at
Advertisement
Persistent
Snapchat
This cookie is set for showing relevant advertising based on the user’s movement.
_fbp
Analytics
Persistent
This cookie is set to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
_ttp_enable_cookie
Advertisement
Persistent
TikTok
This cookie is set to collect data about behavior and activities on the website and to measure the effectiveness of the advertising.
_ttp
Advertisement
Persistent
TikTok
This cookie is set to track and improve the performance of advertising campaigns, as well as to personalize the user experience.
We do recognize “Do Not Track” requests but do not currently have technology enabled to respond to the Global Privacy Control signals.
8. Privacy Rights and Choices
Depending on applicable law where you reside or are located, you may be able to assert certain rights with respect to your personal information. Any rights you may have in relation to your personal information are not absolute. We reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or taking the action requested.
For more information on the rights you may have, please refer to the information in the Jurisdiction Specific Notices found at the end of this Privacy Policy.
To make a privacy rights request, please contact us by email at support@citizen.com or contact use the webform available here. To confirm your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.
In your request, please make clear what information you would like to have changed, whether you would like to have your personal information corrected, deleted, or other limitations you would like to put on our use of your personal information. We may only implement requests with respect to personal information that is associated with the particular email address that you use to send your request.
You may use an authorized agent to submit a rights request on your behalf. If you use an authorized agent to submit requests on your behalf, we will require you to directly verify your identity with us, or have you directly confirm with us that the authorized agent has been authorized to act on your behalf.
Depending upon the applicable law, access to your rights may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another’s privacy; (c) to protect our rights and properties; or (d) where the request is frivolous or vexatious, or for other reasons.
9. International Data Transfers
We are a global business, with a primary location in the US, but we may store, process and transmit personal information in locations around the world, including locations outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.
10. Contact Information
If you have any general questions or comments for us, please contact us at:
sp0n, Inc dba Citizen
197 Grand St, Ste 3W
New York, NY 10013
Or via e-mail at support@citizen.com
Exercise your Data Subject rights via this webform.
Context of Collection
Types of Data
Business Purpose for Collection and Use of Data
Location Data
We may use your location data to route real-time safety alerts to you, like a fire in your building, an abducted child or a dangerous situation near you. If you sign up for Citizen Premium, we use your geolocation data to assist you and may in some cases share your geolocation data with your emergency contacts, Citizen agents, and first responders.
We have a contractual basis for fulfilling your request for services.
Protected Classes
If you sign up for Citizen Premium, we use your geolocation data to assist you and may in some cases share your geolocation data with your emergency contacts, Citizen agents, and first responders. The intent of our Services is to help make you In the course of providing you with the Services and we may collect information that is protected under state or federal law, such as your age or medical history and conditions.
We have a contractual basis for fulfilling your request for services.
Biometric Data
We may access certain information to help us assess your safety at a particular time, such as data on your heart rate, walking pace, medical history and conditions. We use this so that we can provide you with the Premium services.
We have a contractual basis for fulfilling your request for services.
12. Other Jurisdictions - United States Privacy Laws
This Section describes our additional information practices related to your Personal Information under applicable state laws. This Section DOES NOT cover information that is exempted, including information that is protected by the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).
- California. See our California Privacy Rights page.
- Connecticut (Effective July 1, 2023). Under the Connecticut Data Protection Act (“CTDPA”), if applicable to us, Connecticut residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the CTDPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a Connecticut resident, and we collect Personal Data subject to applicable Connecticut law, in addition to those rights outlined in Your Choices section above, you also have the following rights:
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of the CTDPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation or other valuable consideration. We do not “sell” Personal Information under this definition.
- Right to Appeal: If we decline to take action regarding your request, you have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you to contact the Attorney General to submit a complaint.
- Colorado (Effective July 1, 2023). Under the Colorado Privacy Act (“CPA”), if applicable to us, provides some Colorado residents with the right to receive certain disclosures regarding a business’ processing of “Personal Data” as defined under CPA. To the extent you are a Colorado resident, and we collect Personal Data subject to applicable Colorado law, in addition to those rights outlined in Your Choices section above, you also have the following rights:
- Right to Know: You can request the following information about how we have collected and used your Personal Data and to see what Personal Data we have collected about you in a portable format.
- Right to Correct: You can ask us to correct inaccurate personal information that we have collected about you.
- Right to Delete: You can ask us to delete the personal information that we have collected from you.
- Right to Opt-Out of Targeted Ads and Significant Profiling: You may have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the Site homepage.
- Nevada. This notice is provided to you pursuant to state law. Nevada state privacy laws permit us to make marketing calls to existing customers, but if you prefer not to receive marketing calls, you may be placed on our internal opt-out list by emailing us at support@citizen.com or you may also contact the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Ste 3900, Las Vegas, NV 89101; telephone 702-486-3132; email: AGCinfo@ag.nv.gov.
- Texas. If you have a complaint, first contact us by visiting our Site or emailing us at support@citizen.com.
- Utah (Effective December 31, 2023). Under the Utah Consumer Privacy Act (“UCPA”), Utah residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under UCPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a resident of Utah, and we collect Personal Data subject to applicable Utah law, in addition to those rights outlined in Your Choices section above, you also have the following rights:
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of UCPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation. We do not “sell” Personal Information under this definition. Utah residents have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the Site homepage.
- Vermont. In accordance with Vermont law, we will not share information we collect about you with companies outside of our group companies, except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.
- Virginia (Effective January 1, 2023). Under the Virginia Consumer Data Protection Act (“VCDPA”), Virginia residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the VCDPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a resident of Virginia and we collect Personal Data subject to applicable Virginia law, in addition to those rights outlined in Your Choices section above, you also have the following rights:
- Right to Opt-Out of Sale: Under the VCDPA, a “sale” includes disclosing or making available Personal Information to a third party in exchange for money. We do not “sell” Personal Information under this definition.
- Right to Opt-Out of Targeted Ads and Significant Profiling: You may have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the Site homepage.
- Right to Appeal: If we decline to take action regarding your request, you have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you to contact the Attorney General to submit a complaint.
California Privacy Notice
Last Updated: April 22, 2024
This California Privacy Notice (the “CA Notice”) supplements the information contained in our Privacy Policy and applies solely to individual residents of the State of California ("consumers" or "you"). The purpose of this California Privacy Policy is to provide consumers with a comprehensive description of Company’s online and offline practices regarding the collecting, use, disclosure, and sale of personal information and of the rights of consumers regarding their personal information under the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) (collectively “CA Privacy Laws”). This section does not apply to our collection, use, and sharing of personal information of our job applicants and employees.
Unless otherwise expressly stated, all terms in this CA Notice have the same meaning as defined in our Privacy Policy or as otherwise defined in the CA Privacy Laws.
Collection and Use of Personal Information
We collect personal information from and about consumers for a variety of purposes. To learn more about the types of personal information we collect and how we collect it, please refer to Sections 1 and 7 in the Privacy Policy above. To see the purposes for which we use this information, please refer to Sections 1, 2 and 7 in the Privacy Policy.
The CCPA defines a “business purpose” as the use of personal information for the business’s operational purposes, or other notified purposes, provided the use of personal information is reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or another operational purpose that is compatible with the context in which the personal information was collected.
Please note that because the categories of personal information collected and shared largely depends on how you interact with our Services, not all of the items listed in the tables below will be relevant to you.
The categories of other individuals or entities with whom we may share your Personal Information are listed in Section 3 of the Privacy Policy above.
Selling or Sharing for Targeted Advertising.
We do not “sell” personal information as most people would typically understand that term. However, we do allow certain third-party partners and providers to collect information about consumers directly through our Services for purposes of providing, analyzing and optimizing our Services and advertisements (ads), providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. To the extent this practice is interpreted to constitute a “sale” under the CA Privacy Laws, please see our Cookie Policy for more information including how to exercise your rights to opt-out of cookies, analytics and personalized advertising.
Rights and choices for California Residents.
As a California resident, you may have privacy rights in addition to those described in “Your choices”, and we list your rights below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law:
-
Right to Information. You can request the following information about how we have collected and used your personal information during the past 12 months:
-
The categories of personal information that we have collected.
-
The categories of sources from which we collected personal information.
-
The business or commercial purpose for collecting and/or selling personal information.
-
The categories of third parties with which we share personal information.
-
The categories of personal information that we sold or disclosed for a business purpose.
-
The categories of third parties to whom the personal information was sold or disclosed for a business purpose.
-
-
Right to Access. You can request a copy of the personal information that we have collected about you during the past 12 months.
-
Right to Correction. You can ask us to correct inaccurate personal information that we have collected about you.
-
Right to Portability. You have the right to receive a copy of the personal information we have collected about you in a structured, commonly used, and machine-readable format.
-
Right to Deletion. You can ask us to delete the personal information that we have collected from you.
-
Right to Opt-out. Your options
-
Opt-out of certain processing of personal information for targeted advertising purposes.
-
We do not currently have technology implemented to respond to Global Privacy Controls.
-
Opt-out of profiling/automated decision making. You can opt-out of automated processing or profiling performed on personal information to evaluate, analyze, or predict personal aspects related to a person's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
-
Opt-out of other sales of personal data. You can opt-out of other sales of your personal information. We do not sell your personal information, but you also have the right to tell us not to sell your personal information.
-
-
Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CA Privacy Laws. Unless permitted by the CA Privacy Laws, we will not deny you access to our products or services, charge, or suggest we charge you different prices or rates, or provide different levels of quality for goods and Services based on your exercise of these rights.
How to Exercise Your Privacy Rights
To exercise your rights to please submit your request to support@citizen.com or by using this webform. As mandated by CA Privacy Laws, we will acknowledge receipt of your request within 10 days and will respond within 45 days of receipt of your request, but if we require more time (up to an additional 45 days) we will let you know. In some cases, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of: (a) A completed written notice indicating that you have authorization to act on the consumer’s behalf signed by you and the consumer; and (b) if you are a business, proof that you are registered with the appropriate Secretary of State to conduct business in California. If we do not receive both pieces of information, the request will be denied.
Exercising your right to opt-out of the “sale” or “sharing” of your Personal Information. Like many companies, we use services that help deliver targeted ads to you as described above. California Privacy Laws may classify our use of some of these services as “selling” or “sharing” your personal information with the advertising partners that provide the services. You can submit requests to opt-out of certain processing of personal information for targeted advertising purposes or other sales of Personal Information [ here ], or via email to support@citizen.com.
Verification of identity; authorized agents. We will need to verify your identity in order to process your information/know, access, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.
Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CA Privacy Laws rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.
13. Non-U.S. Jurisdictions
Canada Privacy Notice
This Canada Privacy Notice (the "Canada Notice") supplements the information contained in our Privacy Policy and applies solely to individuals who are residents of Canada ("consumers" or "you"). The purpose of this Canada Notice is to provide users with a comprehensive description of Citizen's online and offline practices regarding the collection, use, disclosure, and protection of personal information and to inform Canadian residents of their rights under applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act ("PIPEDA").
If there is a conflict between the Privacy Policy and this Canada Notice, the Canada Notice controls with respect to Canadian users of our services. Unless otherwise expressly stated, all terms in this Canada Notice have the same meaning as defined in our Privacy Policy or as otherwise defined in PIPEDA and other relevant Canadian privacy legislation.
Collection and Use of Personal Information
We collect personal information from and about consumers for various purposes, and wherever necessary, with your express consent. In some instances this consent may be implied, as described in the Privacy Policy. We will only use or disclose your personal information for the purpose for which it was collected unless you have otherwise consented, or when required or permitted by law. For detailed information about the categories of personal information we collect, how we collect it and why, please refer to Section 1: Personal Information We Collect and Purpose of Collection in the Privacy Policy.
Privacy Officer
We have appointed a Privacy Officer responsible for overseeing our privacy practices and ensuring compliance with Canadian privacy laws. If you have questions or concerns about our privacy practices, you may contact the Privacy Officer by email at privacy@citizen.com or by mail at the following address:
Privacy Officer
sp0n, Inc.
197 Grand St, Ste 3W, New York, NY 10013, USA
Rights and Choices for Canadian Residents
As a resident of Canada, you have certain rights regarding your personal information. These rights include the following:
- Right to Access: You can request a copy of the personal information that we have collected about you.
- Right to Correction: You can ask us to correct inaccurate personal information that we have collected about you.
- Right to Withdrawal of Consent: You can withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. This includes the right to opt-out of cross context behavioral advertising or targeted advertising as described further below in this Canada Notice.
- Right to Deletion / Erasure: You can ask us to delete your personal information, which we will do subject to specific legal or contractual obligations.
- Right to File a Complaint: If you believe that your personal information has been handled in a manner inconsistent privacy laws, you have the right to file a complaint with us and with the Office of the Privacy Commissioner of Canada.
To exercise these rights or contact the Privacy Officer, please use the contact information provided above. We may need to verify your identity before processing your request. We will be as prompt as possible in responding to requests. For summary access or deletion of personal information this can sometimes take 30 days or longer depending on the request. For more detailed requests requiring archival or other retrieval methods, we may take longer to respond and there may be fees associated with such retrieval, but only where permitted by law.
Law Enforcement Requests
We will disclose personal information without your knowledge or consent if we receive an order, subpoena, warrant, or other legal requirement issued by a court, tribunal, regulator, or other person with jurisdiction to compel disclosure of your personal information.
International Data Transfers and Storage Outside of Canada
Your personal information may be transferred to jurisdictions outside of Canada, including the United States, where our servers are located. We ensure that your personal information, when transferred, is subject to adequate safeguards in accordance with Canadian law. These jurisdictions may have data protection laws that differ from those in Canada. Note that when your personal information is used or stored outside of Canada, it is subject to the laws of the country in which it is used or stored, and may be subject to disclosure pursuant to a lawful access request by U.S. courts or government authorities. For more information on how we handle international data transfers, please refer to Section 9: International Data Transfers in the Privacy Policy.
Targeted Advertising
We do not “sell” personal information as most people would typically understand that term. We will not provide your information to third parties for marketing purposes without your prior consent. With your consent, we allow certain third-party partners and providers to collect information about consumers directly through our Services for purposes of providing, analyzing and optimizing our Services and advertisements (ads), providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. Please see our Cookie Policy for more information including how to exercise your rights to opt-out of cookies, analytics and personalized advertising.