Privacy Policy

Last modified on April 25, 2024

This privacy policy (“Policy”) outlines the data processing practices of Shippers LLC. (“Company”, “we”, “us”, or “our”) concerning your use or access of our Case Tracker for USCIS mobile application (”App”). This Policy is an integral part of our Terms of Use (“Terms”), governing the collection, processing, and transfer of data when installing and using the App. Definitions used herein but not defined shall have the meanings ascribed to them in our Terms. This Policy elucidates the data we may collect from you, how such data may be utilized or shared with others, how we protect it, and how you may exercise your rights related to your Personal Data (as defined below), among other matters. Where applicable, this policy complies with the EU General Data Protection Regulation (“GDPR”), the Brazilian General Data Protection Law (as amended by Law No. 13,853/2019) (LGPD), the California Consumer Privacy Act (“CCPA”), and other US state laws, as further detailed below.

If you have any questions regarding this Policy or our data practices, you are welcome to contact us at: shipersllc@gmail.com

1. POLICY AMENDMENTS

We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be available on the App. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice if these changes are material and, if required under applicable laws, we will obtain your consent prior to enforcing such revisions and modifications. Otherwise, any amendments to the Policy will become effective within 30 days. We recommend you review this Policy periodically.

2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION

Shipers LLC. is incorporated under the laws of the State of Delaware and is the Data Controller of (as such term is defined under the EU General Data Protection Regulations “GDPR” or equivalent privacy legislation).

3.THE SERVICES, LICENSE & INTELLECTUAL PROPERTY

Non-Personal Data We may collect aggregated, non-personal non-identifiable information which may be collected directly or indirectly through your use of the App (“Non-Personal Data“). Non-Personal Data that includes technical information transmitted from your device, such as browser version, type of operating system, mobile network information, internet service provider, mobile carrier, device settings, language preference, etc.

Personal Data

We may also collect individually identifiable information, namely information that identifies an individual or may with reasonable effort be used to identify an individual (“Personal Data”). For the purpose of this Policy, Personal Data shall also include “Personal Information” as defined under applicable data protection laws. For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data if such connection or linkage exists. We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning a persons health, or data concerning a persons sex life or sexual orientation (“Special Categories of Personal Data” or “Sensitive Data”). Please do note however, some jurisdictions consider GEO location data (i.e., GPS data) to be “Sensitive Data” and thus, as detailed below, it will be treated as such.

The following table describes the Personal Data we may process while installing, downloading and using the App:

DATA SETS PURPOSE AND OPERATIONS LAWFUL BASIS UNDER THE GDPR
Online Identifiers and Device ID: When you install, access and use our Apps, we collect certain identifiers such as your Internet Protocol (“IP”) address, device ID, Google advertising ID (GAID), etc. (collectively “Online Identifiers”).We process such Online Identifiers for the following purposes:

(1) Providing the services, enabling the operation of the App;

(2) Security and fraud prevention purposes (i.e., to prevent or to be able to address any errors or technical issues in the App); and

(3) Telemetry data, as detailed below, as well as for analytics, marketing, and measurements and providing you with personalized ads.

Where we process such Online Identifiers for operational, functional, and security purposes, we process your data based on our legitimate interest. Where we use the Online Identifiers for marketing, personalized ads, and tracking it will be based on your consent provided through the Apps organic permissions. You may withdraw consent at any time through the App settings or the device setting (i.e., opt-out from advertising ID or tracking).
Telemetry and Usage Data: We further collect information related to your use and interaction with the App, such as access time, date logs, activity logs, the features and content you interact with, and your interaction with ads, etc.We process such data for the purpose of:

(1) Operating and improving the services, as well as securing and correcting any error in our Apps.

(2) Internal analytics for future improvement of the App.

(3) We may also use data related to the ads you interact with to help advertisers understand the performance of their ad campaigns and provide them with applicable reports.

We process your data subject to our contractual obligations with you, to enable the installation, operation, and function of our Apps, and to improve our App and your UX. Other purposes, such as operational and security, are based on our legitimate interests. Where we collect such data for analytic and advertising purposes, we process the data based on your consent provided through the onboarding permissions.
Case Tracking Data: When you use our App and search for a USCIS Case or NVC Case, we may receive from governmental public sources information associated with your application such as your USCIS/NVC unique receipt number, the status of your application, and other identifiable information such as your name, gender, date of birth, national origin, citizenship, passport number, etc..We process such data for the purpose of providing the services.We process your data subject to our contractual obligations with you, to enable you to track your application and enable the functionality of our Apps.
Contact Information: If you voluntarily contact us for support or other inquiries, you may be required to provide us with certain contact information such as your full name, email address, and any additional information you choose to provide us.We process such data to provide you with the support you requested or to respond to your inquiry. The correspondence with you may be processed and stored by us to improve our customer service. Further, we retain such correspondence in the event we reasonably believe it is required to protect our legitimate interests, for example, in the event of any possible future disputes or legal claims, or to provide you with any further assistance (if applicable).We process such data based on our legitimate interests. In the event you contact us for customer support, we will process such data to provide you with the support as part of our contractual obligations to you.
Transaction Data: When you decide to make a purchase on our App, the payments are in-app payments and shall be subject to the app store terms and privacy:Google Terms of ServiceGoogle Privacy PolicyApp Store Terms of UseApp Store Privacy PolicyWe do not keep any payment data, however, we process commercial transaction data such as records of purchases and email address.We process such data to provide you with the support you requested or to respond to your inquiry. The correspondence with you may be processed and stored by us to improve our customer service. Further, we retain such correspondence in the event we reasonably believe it is required to protect our legitimate interests, for example, in the event of any possible future disputes or legal claims, or to provide you with any further assistance (if applicable).We process such data to perform our contract with you, and to enable you to use certain features of our services.

We use various technologies to collect and store the information listed above, including SDKs, pixel tags, local storage, and databases. We use different technologies to process your information listed above. Therefore, the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. Transfer of Personal Data to third-party countries as further detailed in the International Data Transfer section is based on the same lawful basis as stipulated in the table above. Our Services may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the App and to enforce our policies and agreements, as well as to protect the security or integrity of our databases and the App, and to take precautions against legal liability. Such processing is based on our legitimate interests.

4. HOW WE COLLECT INFORMATION

Depending on the nature of your interaction with the App, we may collect information as follows:

(i) Automatically - We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services.

(ii) Publicly accessible sources - We will process data related to your application from governmental public sources.

(iii) Provided by you voluntarily - we will collect and process Personal Data if you choose to contact us for support, make a purchase, or any information you uploaded to our Apps.

5. TRACKING TECHNOLOGIES

We use “cookies” and similar tracking technologies such as software developer kits (”SDKs”) when you access or use our App. Such tracking technologies are small text files that a website (cookie) or an application (SDK) places and stores on your device while you are viewing or using such interfaces. Such tracking technologies are very helpful and can be used for various purposes. These purposes include: (i) allowing you to navigate between pages efficiently; (ii) enabling automatic activation of certain features; (iii) remembering your preferences; and (iv) making the interaction between you and our App quicker and easier.

Cookie & SDKPurposePrivacy Policy
Google AnalyticsAnalytical & Measurementwww.google.com/policies/privacy/partnershttps://policies.google.com/technologies/cookies?hl=en#managing-cookieshttps://tools.google.com/dlpage/gaoptout

For additional information regarding our use of Google products, click HERE.

Google AdMobAdvertisinghttps://policies.google.com/privacy?fg=1
IronSourceAdvertisinghttps://www.is.com/privacy-policy/

We may disclose certain information collected through third-party tracking tools for the purposes of: (1) Providing you with our services, including enabling the operation of the App (such as language preferences); (2) Security and fraud prevention purposes (i.e., to prevent or to be able to address any errors or technical issues in our services); (3) For analytics, marketing, and measurements for tracking and providing you with personalized ads. When the processing is for marketing or tracking, we will process the Personal Data solely based on the consent you provide us as part of the onboarding permissions. Otherwise, we will process these SDKs subject to our legitimate interests.

6. SHARING DATA - CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH

We share your Personal Data with third parties, including with business partners or service providers that help us provide our services. You can find here information about the categories of such third-party recipients.

CATEGORY OF RECIPIENTDATA THAT WILL BE SHAREDPURPOSE OF SHARING
Within the Company groupAll types of Personal DataWe may share information about you with other members within the Company group as part of internal engagements and the related entities (applications, extensions, website, etc.) where we believe, for example, your inquiry applies to such entity or where required to meet our legal and regulatory obligations around the group or to offer relevant services and products that may interest you.
AdvertisersAdvertising IDWe provide such information to our advertisers, so they will be able to display ads or content that best suit such user, as part of our services.
Service providersAll types of Personal DataWe employ other companies and individuals to perform functions on our behalf. Examples include sending communications, processing payments, analyzing data, identifying errors and crashes, conducting customer relationship management, etc. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purposes other than providing us with requested services.
Compelled disclosureSubject to your requestWe may share Personal Data in the event you request us to do so. In such event, the provisions of your Personal Data will be subject to such third parties policies and practices only.
Enforcement of our rights and security detectionsAll types of Personal DataWe may disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.
Any acquirer of our businessAll types of Personal DataWe may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale). In the event of the above, our affiliated companies or acquiring companies will assume the rights and obligations as described in this Policy.

When we share information with service providers and agents, we ensure they only have access to such information that is strictly necessary for us to provide you with the services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).

7. YOUR RIGHTS

According to the data protection and privacy laws may grant you with certain rights with regards to your Personal Data, all according to your jurisdiction. The rights may include one or all of the following: (i) request to amend your Personal Data we store accessing; (ii) review and access your Personal Data that we hold; (iii) request to delete your Personal Data that we hold (as long as we do not have a legitimate reason for retaining the data); (iv) restrict or object to the process your Personal Data; (v) exercise your right of data portability (vi) contact to a supervisory authority in your jurisdiction and file a complaint; and (vii) withdraw consent (to the extent applicable). If you wish to submit a request to exercise your rights, please fill out the Data Subject Request Form (“DSR”) available here and send it to our email at: shipersllc@gmail.com

When you contact us and request to exercise your rights regarding your Personal Data, we will require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort, as required or permitted under applicable law. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.

You have the right to lodge a complaint with the EU Member State supervisory authority if you are not satisfied with the way in which we handled the complaint.

For additional rights under various jurisdictions, please refer to Section 12 “JURISDICTION-SPECIFIC NOTICES”

Certain rights can be easily executed independently by you without the need to send us a request:

You can opt out from receiving our marketing emails by clicking the “unsubscribe” link.

You can delete your data through the account setting.

NOTE THAT DELETING THE APP FROM YOUR DEVICE WILL NOT RESOLVE IN DELETING YOUR PERSONAL DATA.

8. DATA RETENTION

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you will express your preference to opt out, where applicable. The retention periods are determined according to the following criteria: (i) For as long as it remains necessary to achieve the purpose for which the Personal Data was initially processed. For example: if you contact us, we will retain your contact information at least until we address your inquiry. (ii) To comply with our regulatory obligations. For example: transactional data will be retained for up to seven years (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes. (iii) To resolve a claim or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods. Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.

9. SECURITY MEASURES

We work hard to protect Personal Data we process from unauthorized access or unauthorized alteration, disclosure or destruction. We have implemented physical, technical and administrative security measures that comply with applicable laws and industry such as: encryption using SSL, we minimize the amount of data that we store on our servers, restrict access to Personal Data to the Companys employees, contractors and agents, etc. Note that, we cannot be held responsible for unauthorized or unintended access that is beyond our control, and we make no warranty, express, implied or otherwise, that we will always be able to prevent such access.

Please contact us at: shipersllc@gmail.com if you feel that your privacy was not dealt with properly, in a way that was in breach of our Policy or if you become aware of a third partys attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

10. INTERNATIONAL DATA TRANSFER

Our data servers in which we host and store the information are located in the U.S. The Companys HQ is based in Delaware in which we may access the information stored on such servers or other systems such as the Companys ERP, CRM and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area (EEA) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments and or assurances from the data importer to protect your Personal Data, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well recognized certification schemes.

11. ELIGIBILITY AND CHILDREN PRIVACY

The App is not intended for use by children (the phrase child shall mean an individual that is under the age defined by applicable law which concerning the EEA is under the age of 16 and concerning the US, under the age of 13) and we do not knowingly process childrens information. We will discard any information that we receive from a user who is considered a child immediately upon our discovery that such a user shared information with us. Please contact us at: shipersllc@gmail.com if you have reason to believe that a child has shared any information with us.

12. JURISDICTION SPECIFIC NOTICES:

Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. Depending on your jurisdiction and the applicable data protection laws that apply to you, you have different rights and control over your data. This section apply on user in the following jurisdictions:

A. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

If you are a California resident, please see the CCPA Privacy Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

B. ADDITIONAL NOTICE TO COLORADO RESIDENTS

Under the Colorado Privacy Act (“CPA”) if you are a resident of Colorado, acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your personal data are described below. “Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Drivers Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

Sensitive Data includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data.

Under Section 3 “WHAT INFORMATION DO WE COLLECT AND HOW DO WE USE IT” of this Policy, we describe our collection and processing of personal data, the categories of personal data that are collected or processed, and the purposes. Additionally, in Section 6 “SHARING DATA - CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH” details the categories of third-parties the controller shares for business purposes.

(I) YOUR RIGHTS UNDER CPA:

Herein below, we will detail how consumers can exercise their rights, and appeal such decision, or if we sell the personal data, or sells the personal data for advertising and how to opt-out. :

(
Right to Access/ Right to KnowYou have the right to confirm whether and know the Personal Data we collected on youYou can exercise your right by reviewing this Privacy Policy, in case you would like to receive the Personal Data please fill in this form to receive a copy of your data: here
Right to CorrectionCorrection of inaccuracies in Personal DataYou have the right to correct inaccuracies in your Personal Data. You can exercise this right directly through your account or by filling in this form.
Right to DeletionDeletion of Personal DataYou have the right to delete the Personal Data. This right is not absolute and in certain circumstances, we may deny such request. If you would like to delete your Personal Data please fill in this form.
Right to PortabilityObtaining personal data in a portable formatYou have the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. If you would like to receive the Personal Data please fill in this form.
Right to opt out from selling Personal DataOpting out from the sale of Personal DataYou have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. We do not sell your personal information, so we do not offer an opt-out. You may indicate your choice to opt-out of the sharing of your personal data with third parties for personalized advertising on third party sites.
Right to AppealAppealing a declined requestIf we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. If we deny the appeal, you may contact the Colorado Attorney General.
Duty not to violate existing laws against discrimination or non-discriminationAvoiding discriminationSuch discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our users.
(II) HOW TO SUBMIT A REQUEST UNDER CPA?

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If the DSR is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required. We will respond to your request within 45 days after receipt of a verifiable Consumer Request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period of time by contacting us at shipersllc@gmail.com and specifying your wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/ Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

C. ADDITIONAL NOTICE TO VIRGINIA RESIDENTS

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data. Personal data means any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal data does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Drivers Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The VCDPA requires us to disclose the Categories of data processing and the purpose of each category, as detailed in Section 3 “WHAT INFORMATION DO WE COLLECT AND HOW DO WE USE IT” of this Policy, the categories of data shared and the third parties with whom it is shared, as detailed in Section 6 “SHARING DATA - CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Disclosure of sale of data or targeted advertising are detailed in Section I.K OPT OUT OPTIONS above, and in the DSR Form. Further, the rights details in the table above, details the rights you have under VCDPA and how you may exercise your rights.

(I) HOW TO SUBMIT A REQUEST UNDER VCDPA?

We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period of time by contacting us at shipersllc@gmail.com and specifying your wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.

D. ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of a business, non-profit or governmental entity), your rights with respect to your personal data are described below. Personal data means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Drivers Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act. The categories of personal data processed, purpose of processing, are detailed in Section 3 “WHAT INFORMATION DO WE COLLECT AND HOW DO WE USE IT”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section 6 “SHARING DATA - CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Instructions on how to exercise your rights are detailed in the table above that details the rights you have under CDPA and how you may exercise your rights.

(I) HOW TO SUBMIT A REQUEST UNDER CDPA?

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 day response period, together with the reason for the extension. If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318. We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

E. ADDITIONAL NOTICE TO UTAH RESIDENTS

Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below. Personal Data refers that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data. The categories of personal data processed, purpose of processing, are detailed in Section 3 “WHAT INFORMATION DO WE COLLECT AND HOW DO WE USE IT”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section 6 “SHARING DATA - CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Disclosure of sale of data or targeted advertising are detailed in the DSR Form. Further, the table above details the rights you have under CDPA and how you may exercise your rights.

F. NOTICE TO NEVADA RESIDENTS

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to shipersllc@gmail.com