We do not use automated processing, including profiling, to make decisions.
Within the last twelve (12) months, we may have disclosed each of the categories of PI we have collected to service providers and as described below.
These entities and individuals may have access to the PI we collect from you as permitted by law and as needed to perform their functions, in compliance with our privacy practices and policies. We require that these entities and individuals otherwise keep this information confidential.
We may disclose your PI to third parties for the following additional purposes:
To the extent that we request PI from you and you refuse to communicate that PI to us, this may affect our ability to maintain a business relationship with you or to comply with our legal obligations.
We do not use or disclose sensitive PI for purposes other than those specified in Section 7027(m) of the implementing regulations (the “CCPA Regulations”) of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (together with the CCPA Regulations, collectively, the “CCPA”). We do not “sell” or “share” (as such terms are defined by the CCPA) any of your PI that we collect to third parties.
How Long We Retain Your PI
For each of the categories of PI that we collect (listed above), we retain such PI only for as long as reasonably necessary to fulfill the purposes we collected it for, including for purposes of satisfying any legal, regulatory, accounting or reporting requirements, unless a longer retention period is otherwise required or permitted by law.
Your PI may be transferred, processed and/or stored in a country other than the one in which your PI is collected. When transferring your PI to the US or other countries, we have implemented procedures to ensure that appropriate safeguards are in place to protect the PI regardless of where it is being transferred to.
The European Union’s General Data Protection Regulation (“GDPR”) is a sweeping piece of legislation that grants EU residents increased control over their PI. The GDPR allows consumers to access their PI and find out details of how that data is processed, to rectify inaccurate PI, to have their data erased (when certain conditions are met), to restrict processing of their data, and more. It requires affected companies to create processes to comply with and facilitate consumer data requests, to update their privacy policies, and to ensure that PI is secured.
Specifically, the GDPR and other national privacy laws provide data subjects with certain rights regarding their PI. If you are an individual who resides in the EU and whose PI is collected and processed by First Reserve, you have the right to:
Please note that the below rights under the CCPA do not apply to (i) any PI we collect that is subject to the Gramm-Leach-Bliley Act (Public Law 106-102) or (ii) certain PI we collect that is subject to the Fair Credit Reporting Act (12 CFR 1022) under certain circumstances.
Only if you are a California resident (as determined in accordance with the CCPA) whose PI is collected or processed by First Reserve, you have the following rights with respect to such PI:
Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA, including by denying Services, suggesting that you will receive (or charging) different rates for Services or suggesting that you will receive (or providing to you) a different level or quality of Services.
If you choose to contact us with a request under the CCPA, we will contact you to confirm receipt of your request and to request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (e.g., the risk of responding to fraudulent or malicious requests), we may request further information or your investor portal access credentials, if applicable, to verify your request.
You have the right to appoint an authorized agent to make requests under the CCPA on your behalf if you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above.
California Civil Code Section 1798.83, known as the “Shine The Light” law, permits our website users who are California residents to request and obtain from us a list of their PI (if any) that we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. [We currently do not disclose any PI to third parties for their direct marketing purposes.]
For consumers with disabilities who need to access this policy in an alternative format, please contact: firstname.lastname@example.org.