LANALEX LLC doing business as OnlyToes is an electronic social networking platform (the “OnlyToes”) which enables users to share and enjoy their interest in the content. Provided below is a detailed explanation of our practices of concerning users’ personal data collected by OnlyToes through various means, various services offered by OnlyToes(collectively, the “Services”).
Please carefully review this Privacy Notice. By subscribing to OnlyToes and/or using any of our Services, you acknowledge that you have read, understand, and consent to the practices described in this Privacy Notice. OnlyToes may revise this Privacy Notice from time to time, so please re-visit this Privacy Notice periodically to remain fully informed.
2. PERSONAL DATA COLLECTION
Information collected by OnlyToes identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). In addition, data collected by OnlyToes may not be identifiable to a particular person or otherwise associated with a particular person, such as aggregated data, and is not personal data. Nonetheless, should the aggregate data be stored or associated with personal data, it will be deemed and treated as personal data; otherwise, the aggregate data is not subject to this Privacy Notice.
a. Categories of Collectable Personal Data
OnlyToes collects or reserves the right to collect the following categories of personal data from its users: (i) Identifiers such as a real name, alias, postal address, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers; (b) Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)); (c) Characteristics of protected classifications under California or federal law; (d) Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; (e) Biometric information. Note: While we do not collect biometric information, if you choose to authenticate yourself through certain service providers we use, they may collect biometric information subject to their privacy policies, but we are never provided with access to that information; (f) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement; (g) Audio, electronic, visual, thermal, olfactory, or similar information; and (h) Professional or employment-related information.
No other categories of personal data are collected by OnlyToes. Users of OnlyToes will be informed in advance if additional categories of users’ personal data will be collected by OnlyToes.
b. Manner of Use of Collected Personal Data
OnlyToes collects and processes users’ personal data for the following business and commercial purposes: (i) Developing, improving, operating, providing, predicting, or performing, including maintaining or servicing accounts, enhancing the Services and your experience with them, providing customer service, processing or fulfilling transactions, verifying your identity, and processing payments; (b) Communicating with you by email and text about the Services, verifying your identity, responding to support inquiries or, sharing information about the Services; (c) Auditing related to a current interaction with the user and concurrent transactions; (d) Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; (e) Debugging to identify and repair errors that impair existing intended functionality; (f) Undertaking internal research for technological development and demonstration; (g) Undertaking activities to verify or maintain the quality or safety of the Services owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the Services owned, manufactured, manufactured for, or controlled by us; (h) Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law; (i) Enforcing OnlyToes Terms and Conditions and its other usage policies; (j) As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.
OnlyToes will not use the collected users’ personal data for materially different, unrelated, or incompatible purposes without obtaining users’ advance consent.
c. Manner of Obtaining Users’ Personal Data
OnlyToes collects its users’ personal data from the following sources: (i) Directly from users when users provide it to OnlyToes while opening a user account and use the Services, or when users update their account information; (ii) Automatically or indirectly from users when users use or access the Services. OnlyToes also collects IP address info and browser type info from the devices used by users to use or access the Services; and (iii) From OnlyToes service providers.
d. Legal Basis for Data Processing
OnlyToes may process personal data for, or based on, one or more of the following legal basis: (i) Performance of a Contract. By using the Services, you have contracted with us through the Terms of Service
, and we will process certain personal data to perform under that contract; (ii) Legitimate Interests. We may process personal data for our legitimate interests, including complying with any applicable law, rule or regulation, investigation or remedy; enforcing our Terms of Service
; protecting our, our users' or others' rights, property and safety; and detecting and resolving any fraud or security concerns; (iii) Compliance with Legal Obligations and Protection of Individuals. We may process personal data to comply with our legal obligations, including as required by valid legal process, governmental request, and to protect those individuals who use our Services and others.
e. With Whom We Share Users’ Personal Data
OnlyToes shares users’ personal data with the following third parties:
(i) OnlyToes service providers; (ii) Entities affiliated with OnlyToes; and (iii) Government agencies or regulators, when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or OnlyToes interests, rights, property, or safety, and/or that of its users and others.
f. Personal Data Shared by OnlyToes
OnlyToes shares certain collected and/or processed users’ personal data for business purposes with its Service providers: (i) Personal identifiers, e.g. name, address, email address, government ID, IP address; (ii) Personal information categories listed in the California Customer Records statute, e.g., government ID, bank account numbers; and (iii) Audio, electronic, visual, thermal, olfactory, or similar information.
3. YOUR RIGHTS REGARDING PERSONAL DATA
Users may exercise certain rights regarding the collection and processing of personal data by OnlyToes You, to the extent such rights are applicable to such users, by contacting OnlyToes.
Users’ rights may vary depending on the laws of the jurisdiction in which said user is located, but may include: (i) The right to know whether, and for what purposes, OnlyToes processes user’s personal data; (ii) The right to be informed about the personal data OnlyToes collects and/or process about users; (iii) The right to learn the source of user’s personal data processed by OnlyToes; (iv) The right to access, modify, and correct users’ personal data; (v) The right to know with whom OnlyToes has shared user’s personal data, for what purposes, and what personal data has been shared; (vi) The right to withdraw user’s consent, where processing of personal data is based on users’ consent; and (vii) The right to file a complaint with a supervisory authority located in the jurisdiction of user’s habitual residence, place of work, or where an alleged violation of law occurred.
a. Access, Modification, and Correction of Collected Personal Data
In the effort to maintain the accuracy of any personal data collected from you, customer support of OnlyToes will endeavor to promptly respond to any and all reports of incomplete or inaccurate information in our records. However, please note that the information provided to us is relied upon as complete, accurate, and up-to-date. It is also expected that users inform OnlyToes of any changes to the provided data. All information to be submitted to OnlyToes must be carefully reviewed before its submission to OnlyToes. Any updates or corrections to the user information may be made through user account settings.
Subject to the laws of the jurisdiction in which user is located, said user may request and obtain from OnlyToes certain personal data kept in OnlyToes records. All user requests to access, review, or make any changes to user’s personal data provided to OnlyToes through the Services, must be directed to [email address or mailing address here]. OnlyToes reserves the right to deny user’s request for access to the stored personal data as permitted or required by applicable data privacy law.
b. California Privacy Rights
California’s “Shine the Light” law permits OnlyToes users physically located in California residents to request and obtain from OnlyToes a list of personal data (if any) disclosed by OnlyToes to third parties for these parties’ own direct marketing purposes in the previous calendar year and the contact information of said third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. OnlyToes does not disclose personal data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.
The California Consumer Privacy Act (“CCPA”) provides California residents with the following additional rights:
- Right to Know: The right to request disclosure of certain information to the requestor about requestor’s personal data collected, used, disclosed, and sold within 12 months of the request. The Right To Know requests may include a request for any or all of the following: (i)
The categories of collected personal data; (ii) The categories of sources from which personal data was collected; (iii) The categories of personal data that was sold or disclosed to third parties for a business purpose; (iv) The categories of third parties to whom the collected personal data was sold or disclosed for a business purpose; (v) Business or commercial purpose for collecting or selling the collected personal data; and (vi) The specific parts of personal data collected.
- Data Portability: The right to request a copy of personal data collected and maintained within 12 months from the date of the request.
- Right to Deletion: The right to request that the collected personal data is deleted, subject to certain exceptions. Please note the requests to delete personal data may be denied or certain elements of the collected personal data may be retained if it is necessary to: (a)
Complete the transaction for which the personal data was collected, provide a requested good or service, or reasonably anticipated within the context of an ongoing business relationship with a requester, or otherwise perform a contract with the requester; (b) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; (c) Debug to identify and repair errors that impair existing intended functionality; (d) Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; (e) Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code; (f) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if an informed consent was provided; (g) To enable solely internal uses that are reasonably aligned with requester’s expectations based on requester’s relationship with OnlyToes; (h) Comply with a legal obligation; or (i) Otherwise use the personal data, internally, in a lawful manner that is compatible with the context in which the information was provided.
- Right to Opt-Out/In: The right to opt-in or opt-out of the sale of personal data.
- Right to Non-Discrimination: The right not to receive discriminatory treatment for the exercise of CCPA privacy rights. Unless permitted by the CCPA, OnlyToes will not: (a)
Deny a user goods or services; (b) Charge a user different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties: (c) Provide a user a different level or quality of goods or services; or (d) Suggest that user may receive a different price or rate for goods or services or a different level or quality of goods or services.
To exercise California privacy rights described above, a requester must submit a verifiable request to OnlyToes by emailing us at email@example.com.
Users having an account with OnlyToes, can exercise any of the above rights from their user profile. If a requester doesn’t have a profile or is unable to access, control, or delete information, a requester can contact us at firstname.lastname@example.org.
Only a person authorized to may make a verifiable consumer request related to personal data may make a request.
A verifiable consumer request for Right to Know or Data Portability may be made twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information enabling reasonable verification that a requesting party is the person about whom personal data was collected personal data or an authorized representative of such person. Depending on the nature of the request, a further verification of requester’s identity may be necessary through an additional Ondato verification cycle, which requires a government issued ID and a photo requiring presence through the any permitted means.
- Describe a request with sufficient detail that allows adequate understanding, evaluation, and response.
A request will be denied if verification of a requestor’s identity was impossible or if there is a reason to believe that the request is fraudulent.
Consumer Request by an Authorized AgentIf any authorized agent submits a consumer request on behalf or a requester, in order to confirm that person or entity’s authority to act on behalf of the requestor, and verify the authorized agent’s identity, an email must be sent to email@example.com, along with all of the below items: (i) Proof that the authorized agent has been provided with a signed permission to submit the request; (ii) Sufficient information to verify the authorized agent’s identity, depending on the nature of the request; and (iii) To verify the requestor’s identity, depending on the nature of the request, a valid Government Issued ID (not expired), email address, and the last 4 digits of the social security number may be required.
Inability to verify identity or authority to make a request and confirm relationship to the personal data will result in a denial of the request. No account or purchases are required to be allowed to make a verifiable consumer request.
Receipt of the request will be acknowledged within ten (10) business days of its receipt. A response to a verifiable consumer request will be issued within forty-five (45) days of its receipt. A requestor will be informed in writing if an additional time is required to provide a response and the reason for a request for additional time. Users will receive a written response through the account. Otherwise, a written response will be transmitted via electronic mail. Any disclosures will contain the 12-month period preceding the receipt of the verifiable consumer request. The provided response will also explain the reasons for inability to comply with a request, if applicable. For Data Portability requests, the responsive information will be provided in a portable and, to the extent technically feasible, in a readily useable format that allows further transmittal of the information to another entity without hindrance.
Processing and response to a verifiable consumer request will not incur a service fee in the amount of unless it is excessive, repetitive, or manifestly unfounded. If it is determined that the request warrants a fee, a requesting party will be informed about the reasons for the necessity to charge a fee and a cost estimate will be provided before request is fulfilled.
c. Nevada Privacy Rights
Nevada law permits OnlyToes users residing in the State of Nevada to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to firstname.lastname@example.org, and are free of charge.
d. European Union and UK Privacy Rights
European Union and UK privacy law provides their respective residents with enhanced rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data:
The right to object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on a user;
The right to request restriction of processing of personal data or object to processing of personal data carried out pursuant to (i) a legitimate interest (including, but not limited to, processing for direct marketing purposes) or (ii) performance of a task in the public interest;
In certain circumstances, the right to data portability, i.e., the right to request that certain collected personal data be provided in a machine-readable format; and
In certain circumstances, the right to erasure and/or the right to be forgotten, i.e., the right to request deletion or removal of certain processed and/or collected personal data.
In some instances, an additional information may be required from the requestor to validate the request. To exercise any of the rights above, please email us at email@example.com.
The manner in which certain information is collected, the manner in which Only Toes communicate with users, and the manner in which certain personal data is processed may be chosen by a user. Users may decline to provide information when asked to do so; but refusal to provide information that is necessary to provide certain Services may result in inability to use those Services. In addition, users may change their browser settings to block the automatic collection of certain information.
a. Communications Opt-Out.
There is an option to opt out of receiving email communications from OnlyToes at any time by following the opt-out link or other unsubscribe instructions provided in any email message received, by contacting OnlyToes via provided email address, or by changing user notification preferences in user account setting. In a request to opt out the term “Opt-Out” must be included in the email’s subject line along with the name and the email address used to sign up for communications in the body of the email. Please note, that in case of business cooperation with OnlyToes, the option to opt-out may not, subject to applicable law, be available for certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g., e-commerce).
b. Location Information.
To limit or prevent sharing of location information, users are able to deny or remove the permission for certain Services to access location information or deactivate location services on users’ electronic device. Users are referred to their electronic device manufacturers’ operating system instructions for instructions on how to deactivate location services.
c. Cookies and Web Tracking.
Consult the Cookie Notice
for more information about manner in which certain web tracking technologies may be controlled.
5. PERSONAL DATA PROTECTION
Reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems are used to protect the confidentiality, integrity, availability, and resilience of personal data. Those safeguards include: (i) the encryption of personal data where deemed appropriate; (ii) taking steps to ensure personal data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of implemented safeguards.
While measures designed to protect personal data are diligently used, there is no guarantee that the implemented safeguards are completely effective or sufficient as there are no methods of safeguarding information that are completely secure. Additionally, Internet data transmission means are not always secure, therefore it is impossible to warrant that the transmitted information to utilize the Services is or will be secure.
6. RETENTION OF PERSONAL DATA.
The collected personal data is retained throughout the subscription period and for a period of six (6) months after a user closes their account, and certain personal data for longer periods to the extent deemed necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent reasonably deemed necessary to protect OnlyToes and its partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties. Under applicable law, certain financial information is required to be retained for seven (7) years.
7. ADDITIONAL IMPORTANT INFORMATION ABOUT PERSONAL DATA AND THE SERVICES
a. Identity Verification
. Additional identity verification is conducted for users who post the Content to ensure that the Services are not knowingly offered to or collected personal data from anyone under 18 or anyone using a false identity. Additional identity verification involves providing certain information to one or more of service providers, currently OnlyToes verifies identity.
b. Payment Information.
c. Collection of Personal Data from Children.
The Services are not intended for anyone under 18. Anyone under 18 years of age is not permitted to use the Services, and OnlyToes does not knowingly collect information from children under the age of 18. By using the Services, user represents that the user is 18 years of age or older.
d. Third-Party Websites and Services.
As a convenience, reference or links to third- party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which OnlyToes do business, may be provided. When users access these third-party services, users leave the Services, and OnlyToes is not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. Access these third-party services is at users’ own risk. This Privacy Notice does not apply to any third-party services; please refer to the Privacy Notices or policies for such third-party services for information about how they collect, use, and process personal data.
e. Business Transfer.
A future sale or otherwise transfer of some or all of business, operations or assets of OnlyToes to a third party, whether by merger, acquisition or otherwise, is possible. Personal data obtained from or about users via the Services may be disclosed to any potential or actual third- party acquirers and may be among those assets transferred.
f. Do Not Track.
OnlyToes currently do not use any cross-site tracking technologies and do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms. Information about how to block or reject certain tracking technologies may be located in the Cookie Notice
g. International Use
. Personal data collected by OnlyToes will be stored and/or processed in the United States, as well as overseas. By user’s use of the Services, user acknowledges and consents that the collected and processed personal data may be transferred and stored outside of the United States in the countries in which data protection rules may differ, and personal data may become accessible as permitted by law in the above countries, including to law enforcement and/or national security authorities in the those countries. Transfers of collected personal data into and out of the European Economic Area are governed by Article 46 of the General Data Protection Regulation and are subject to EU-approved standard contractual clauses.
8. MODIFICATIONS AND UPDATES TO PRIVACY NOTICE
This Privacy Notice replaces all previous disclosures that may have been provided about OnlyToes information practices with respect to the Services. This Privacy Notice may be updated at any time, and any such modifications, alterations, or updates will be effective upon posting of the revised Privacy Notice. Reasonable efforts will be employed to notify you in the event material changes are made to the processing activities and/or this Privacy Notice, such as by posting a notice on the Services or sending an email. User’s continued use of the Services following the posting of any revised Privacy Notice will constitute user’s acknowledgement of the amended Privacy Notice.
9. APPLICABILITY OF PRIVACY NOTICE
This Privacy Notice is subject to the Terms and Conditions that govern use of the Services. This Privacy Notice applies regardless of the means used to access or provide information through the Services.
This Privacy Notice does not apply to information collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of users’ personal information by such third parties is subject to their own privacy policies, statements, and practices, so any responsibility and liability for any third party’s compliance therewith is expressly disclaimed.
10. ADDITIONAL INFORMATION AND ASSISTANCE
LLANALEX LCC doing business as OnlyToes and its subsidiaries (collectively, “OnlyToes,” “we,” “us,” “our”) respect its clients’ privacy and are committed to protecting the personal data that we collect. If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, OnlyToes please contact us at firstname.lastname@example.org.