PRIVACY POLICY
Last Updated: October 3, 2024
This website is operated by Waave Mobility, Inc., (hereinafter, “Waave”, “We”, or “Us”). This Privacy Policy (the “Privacy Policy”) governs your access to the Waave website (https://waave.us/), the Waave mobile application, and any other services owned, controlled, or offered by Waave, now or in the future (all collectively referred to as, the "Services"). The term “You” or “User” shall refer to any individual that views, uses, accesses, browses or submits any content or material to the Services.
Since we may gather certain types of information about our users, we feel you should fully understand our policy and the terms and conditions surrounding the capture and use of that information. This Privacy Policy discloses what information we gather and how we use it. The private information you provide on the Services will be used only for its intended purpose.
BY VISITING, SIGNING UP, USING, BROWSING, OR ACCESSING THE SERVICES, YOU CONSENT TO THE DATA PRACTICES DESCRIBED IN THIS STATEMENT. IF YOU DO NOT AGREE WITH OUR PRIVACY PRACTICES, DO NOT USE THE SERVICES.
1. INFORMATION WE COLLECT
(a) Personal Information:
Through the Services, we may collect Personal Information. “Personal Information” means information about you that specifically identifies you or, when combined with other information we have, can be used to identify you. Generally, we do not collect Personal Information about you when you visit and/or use the Services, unless you choose to provide such information to us. Submitting Personal Information through the Services is voluntary. By doing so, you are giving us your permission to use the information for the stated purpose.
(b) Legal Basis for collecting your Personal Information
We collect, process, and use your information for the purposes described in this Privacy Policy, based at least on one of the following legal grounds:
· With your consent: We ask for your agreement to process your information for specific purposes, and you have the right to withdraw your consent at any time.
· When Performing this Agreement: We collect and process your Personal Information to provide you with the Services, following your acceptance of this Privacy Policy; to maintain and improve the Services; to develop new services and features; and to personalize the Services in order for you to get a better user experience.
· Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with protecting against harm to the rights, property or safety of our properties, or our users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; in order to comply and/or fulfill our obligation under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request, as well as our Terms and Conditions.
• Performance of a Contract: We process your data to fulfill our contractual obligations to provide you with the Services you have requested.
• Compliance with Legal Obligations: We may process your data as necessary to comply
with legal obligations, including those required by regulators and law enforcement authorities.
• Protecting Vital Interests: We may process your data where it is necessary to protect your
Vital interests or the vital interests of another person.
We collect only the data that is necessary for the purposes outlined in this Privacy Policy. We strive to minimize the data we collect and ensure it is used appropriately.
(c) INFORMATION WE COLLECT AND HOW WE COLLECT INFORMATION
Through the Services, we may collect information that can identify you or your company when you voluntarily submit it to us. If requested, your Personal Information may include:
· Full name
· Mailing address
· Email address
· Demographic Data (such as age, gender, zip code)
· Other similar information
Personal Information may also include certain data we may collect as part of our Services, which incorporates any information in combination with any one or more of the
following data elements, when either the data element or the combination of personal information plus the data element is not encrypted, or is encrypted with an encryption key that has also been accessed or acquired (collectively, “Private Information”):
· Social security number;
· Driver's license number or non-driver identification card number;
· Account number, credit or debit card number, in combination with any required security code, access code, password or other information that would permit access to an individual's financial account;
· Account number, credit or debit card number, if circumstances exist wherein such number could be used to access an individual's financial account without additional identifying information, security code, access code, or password; or
· Data generated by electronic measurements of an individual's unique physical characteristics, such as a fingerprint, voice print, retina or iris image, or other unique physical representation or digital representation of biometric data
which are used to authenticate or ascertain the individual's identity (“Biometric Information”) ; or
· A username or e-mail address in combination with a password or security question and answer that would permit access to an online account.
(d) STORAGE OF PERSONAL INFORMATION
We will take reasonable precautions, as well as physical, technical, and organizational measures in accordance with industry standards, as described herein, to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Computer safeguards, such as firewalls and data encryption may be used to protect your information. We authorize access to your information only for those employees or agents who require it to fulfill their job responsibilities and these individuals are required to treat this information as confidential. Personal Information will only be collected and used with your affirmative express consent and that such Personal Information will not be used, shared, or disclosed, except for lawful purposes.
However, the security of information on or transmitted via the Internet cannot be guaranteed. Unauthorized entry of use, hardware or software failures, and other factors may compromise the security of your Personal Information. All information you send to us electronically or through email is not secure. Any transmission is at your own risk as the transmission of information via the Internet is not completely secure.
If your information is transferred outside of your country, we ensure that adequate safeguards are in place. For European Union residents, we comply with GDPR requirements by using Standard Contractual Clauses or other approved transfer mechanisms to protect your data.
2. NON-PERSONAL INFORMATION
We collect and temporarily store certain information about your usage of the Services. Non-Personal Information means information that alone cannot identify you, including data such as cookies, pixel tags, web beacons and device information. The information includes, without limitation:
(a) Device Data: We may collect information such as: the type of computer and/or mobile device you use; the unique device ID of your computer and/or mobile device; the IP address of your computer and/or mobile device; the operating system of your computer and/or mobile device; and the type of mobile internet browsers of your computer and/or mobile device.
(b) Usage details: when you access and use the Services, we may automatically collect certain details of your access to and use of the Services, including traffic data, location data, logs and other communication data and the resources that you access and use on or through the Services.
(c) Location information: When you first visit or use the Services, we may request permission to collect and use your device’s precise geolocation. You can opt not to permit the collection of this information, but you may not be able to use the Services provided by Waave without access to your location. We may need your location information in order to provide the Services. You can control how and whether we collect your precise geolocation information through your device’s settings.
If you do not want us to collect this information, you may either change your device’s privacy settings or do not access or use the Services.
3. INFORMATION COLLECTION TECHNOLOGIES
The technologies we use for automatic information collection may include:
(a) Cookies (or mobile cookies): We may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. The purpose of a cookie is to tell the web server that you have returned to a specific page. You can accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Services or the Services overall.
(b) Retargeting/Advertising Cookies: Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.
(c) Web Beacons: The Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Services statistics.
(d) Social Ad Services: We may also use re-marketing through social media tracking cookies and pixel-based retargeting services. This means that if you provided your consent to any social media Services (the “Social Ad Services”) to be provided with personalized commercial offers, you may be served with ads (including advertisements of third parties) based on your access to the Services, outside of the Services and across the internet. In such event, the Social Ad Services, will place cookies on your web browser and use such cookies to serve you ads based on past visits to our Services.
Please visit the Social Ad Platforms Privacy policy to find out how they use such information:
o Google: https://policies.google.com/technologies/ads
o TikTok: https://www.tiktok.com/legal/page/us/privacy-policy/en
o Facebook: https://www.facebook.com/about/privacy/
o Instagram: https://help.instagram.com/478880589321969/
(e) Mobile Device Identifiers. Mobile device identifiers help Waave learn more about our users’ demographics and internet behaviors. Mobile device identifiers are data stored on mobile devices that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address, and location, and tracking data, including without limitation IP address, domain server, type of device(s) used to access the Services, web browser(s) used to access the Services, referring webpage or other source through which you accessed the Services, other statistics and information associated with the interaction between your browser or device and the Services).
(f) Cross Device Matching. To determine if users have interacted with content across multiple devices and to match such devices, we may work with partners who analyze device activity data and/or rely on your information (including demographic, geographic and interest-based data). To supplement this analysis, we may also provide de-identified data to these partners. Based on this data, we may then display targeted advertisements across devices that we believe are associated or use this data to further analyze usage of Services across devices.
4. CHANGING YOUR DATA COLLECTION SETTINGS
We strive to provide you with choices regarding the Personal Information you provide to us. You may need to adjust the settings on your computer and/or device to restrict the collection of information by the Services, but this may prevent you from accessing all the features of the Services.
(a) Tracking Technologies: You may be able to set your browser or device to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies or block the use of other tracking technologies, some parts of the Services may then be inaccessible or not function properly.
(b) Location Information: You can choose whether to allow the Services to collect and use real-time information about your device’s location through the device’s privacy settings. If you block the use of location information, some parts or all of the Services may be inaccessible or not function properly. Note that if you grant us access to your location information, Waave will not use, monitor, or disclose any trip information, including the date, time, pick-up location, drop-off location, real-time vehicle location, and any retained vehicle location records without a User’s affirmative express consent, except where required by law or regulation. In such cases, Waave may share aggregated trip data, which does not include personally identifiable information, with city authorities for regulatory purposes.
(c) Social Ad Platforms: If you wish to opt-out of re-targeting and tracking functionality of the Social Ad Platforms, you may do so through each platform directly. PLEASE NOTE that these tracking and targeting by Social Ad Platforms, is provided pursuant to your engagement with the Social Ad Platforms and the actual nature and scope of Personal Information collection and processing performed by such Social Ad Platforms may not be fully known to us. If you would like to learn more or make further inquiries with respect to such nature or scope, please refer to each Social Ad Platforms directly.
You can decide whether to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. You can also delete all Cookies that are already on your computer. Although you are not required to accept Cookies, if you block, reject, or delete them, you may have to manually adjust some preferences every time you visit a site and some of the Services and functionalities may not work.
To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, visit: http://www.allaboutcookies.org/.
5. THIRD-PARTY AUTOMATIC INFORMATION COLLECTION
When you use the Services or its contents, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:
· Advertisers, ad networks and ad servers;
· Analytics companies;
· Your mobile device manufacturer;
· Your mobile service provider; and/or
· Your Internet provider.
These third parties may use tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your Personal Information or they may collect information about your online activities over time and across different platforms, mobile applications, and other online sites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
6. HOW WE USE YOUR INFORMATION
We use information collected as described in this Privacy Policy for the following:
(a) Operation
· Operate, maintain and improve the Services;
· Provide you with the Services and its contents, and any other information, products or services that you request from us;
· Send you reminders, technical notices, updates, security alerts, support and administrative messages and marketing messages;
· Answer your questions and respond to your requests;
· Ensure that content from the Services is presented in the most effective manner for you and for your computer or device for accessing the Services;
· Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including the Terms and Conditions;
· Notify you when there are changes to any products or services we offer or provide though the Services; and
· To maintain the security of Services.
(b) Usage and Analytics
· Estimate our audience size and usage patterns;
· Perform analytics and conduct customer research;
· Analyze advertising effectiveness; and
· Communicate and provide additional information that may be of interest to you about us and any of our partners.
(c) Location: We will use location data for the following reasons:
· To provide the Services targeted to the city in which you are located;
· To display information that is relevant to your particular location.
· To maintain the security of Services.
7. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
The Personal Information you provide to us whether voluntarily or automatically, may be used and disclosed without limitations, in the following instances:
(a) To other Users – Your Personal Information may be shared voluntarily if you message or otherwise communicate with other Users;
With vendors who provide services for us (who are required to protect the Personal Information) - We may share Personal Information for business purposes with service providers that provide us with services for the purpose of operating the Services, opening and operating your account, as well as providing ancillary services and solutions. These include, among others, hosting services, billing and payment processors and vendors, community management services, data and cybersecurity services, web analytics and performance tools, translation tools, IT and SaaS services, session recording, communication systems, mailing systems, data optimization and marketing services, data enrichment services, legal and financial advisors or technical consultants. We do not store or process your credit card information directly. All payment transactions are processed on our behalf of a third-party payment processor. The processor is compliant with the Payment Card Industry Data Security Standard (PCI-DSS) endorsed by major credit card companies. We only receive information regarding the payment status and not your credit card details.
(b) Consistent with applicable legal requirements, we take appropriate technical and organizational measures to require third parties to adequately safeguard your personal information and only process it in accordance with our instructions;
We may share your Personal Information with third-party service providers for the purposes outlined in this policy. These third-party processors include cloud storage providers, payment processors, IT service providers, and marketing partners. All third-party processors are contractually required to protect your information in a manner consistent with this Privacy Policy and applicable data protection regulations.
(c) To report or collect on debts owed to us;
(d) To comply with legal requirements - We may be required to disclose personal Information to a prospective buyer or buyer of Waave or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all our assets; as part of bankruptcy, liquidation or similar proceeding, for the enforcement of law, regulations, court orders, subpoena, a warrant during the course of a legal proceedings or otherwise; in order for us to protect and safeguard our copyright, trademarks, legal rights, intellectual property rights or safety; or in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States.
8. HOW WE DISCLOSE YOUR NON-PERSONAL INFORMATION
We may also disclose Non-Personal Information:
· For the same reasons, we might share Personal Information;
· With our advertisers for their own analysis and research;
· To facilitate targeted content and ads; or
· With Third-Party Ad Servers to place our ads on the Services and on third-party platforms or mobile applications.
9. HOW TO ACCESS, UPDATE, WITHDRAW CONSENT OR DELETE YOUR INFORMATION
If law applicable to you grants you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems or that we otherwise control. You may also ask for our confirmation as to whether or not we process your Personal Information or ask to withdraw any consent you have previously provided to Waave in connection with our use and processing of your Personal Information. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information the accuracy of which you contest while we verify the status of that data.
If you wish to exercise any of these rights or withdraw your consent, please contact us at info@waave.us. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates, or as we are otherwise permitted under such law applicable to you. While we strive to honor all reasonable requests, please be aware that we backup the data to prevent accidental or malicious destruction of your information. Information on backup servers may take some time to be completely deleted from the system. If you request that we remove you from our system and delete all your information, please note that you may still receive materials while your request is being processed.
If you request that your information be deleted, we may keep your information for a period of time. However, if you request to delete your information, your Personal Information will not be used by us or our third-party providers for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Privacy Policy.
Right to Object: You may object to the processing of your Personal Information if you believe it is being processed unlawfully.
Right to Restrict Processing: You have the right to request restriction of processing of your data if the accuracy of the data is contested or if the processing is unlawful.
Right to Data Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format.
10. SECURITY AND DATA RETENTION
The security of your Personal Information is important to us. We seek to protect your Personal Information from unauthorized access, use and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of Personal Information and how we are processing that data. We endeavor to follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and in storage. For example, the Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Information. We store and process your information on third-party servers located in the United States. We maintain what we consider industry standard backup and archival systems. Although we work to protect the security of the data that we hold in our records, for example, by making good faith efforts to store Personal Information in a secure operating environment that is not open to the public, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot and do not guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.
If at any time we believe that the security of your Personal Information may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavor to notify you as promptly as possible under the circumstances. If we have your email address, we may notify you by email to the most recent email address you have provided us. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your email account. You consent to our use of email as a means of such notification. If you prefer for us to use the U.S. Postal Service to notify you in this situation, please email us at info@waave.co. Please include your address when you submit your request. You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request. You may also use this email address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your Personal Information.
We may retain Personal Information about you consistent with all internal policies and procedures. We may retain Personal Information to comply with our legal obligations, resolve disputes or collect fees owed, or as is otherwise permitted or required by our data retention policies and procedures.
In the event of a data breach, we will notify affected individuals within 72 hours of becoming aware of the breach if it results in a high risk to their rights and freedoms. Notifications will include details about the breach, the potential consequences, and measures we are taking to mitigate any possible adverse effects.
11. COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS
We represent and warrant that we will comply with all applicable laws, rules, regulations, directives, and guidelines regarding the collection, use and disclosure of data collected from or about Users or specific devices which apply to the services utilized hereunder. The term “Rules” shall include, without limitation, (i)United States Federal Trade Commission Laws regarding the collection, use and disclosure of data from or about users and/or specific devices; (ii) the Children’s Privacy Protection Act of 1998 (“COPPA”); (iii) any state data privacy laws, and (iv) if applicable, the Rules of any other jurisdiction, including and European Union General Data Protection Regulation (“EU GDPR”), rules, regulations and/or directives promulgated by a pertinent Data Protection Act, and all amendments and updates to them or regulations as replaced or superseded from time to time.
(a) CALIFORNIA ‘DO NOT SELL MY INFO’ NOTICE (PRIVACY NOTICE FOR CALIFORNIA CONSUMERS)
We comply with data privacy regulations in all jurisdictions in which we operate. If you reside outside the United States, you may have rights in relation to your personal information that are additional to those outlined in this Privacy Policy.
We may work with Google, Facebook and other companies that use information collected from cookies and similar technologies to try to make the ads you see online more relevant to your interests. This is called interest-based advertising. Our use of these services may constitute a “sale” of Personal Information as defined under the California Consumer Protection Act (CCPA). You can opt-out of the use of your information for interest-based advertising by:
● Browser settings. Blocking third party cookies in your browser settings.
● Privacy browsers/plug-ins. Using privacy browsers or ad-blocking browser plug-ins that let you block advertising trackers.
● Platform settings. Using the opt-out settings offered by some of the advertising companies that we work with.
● Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:
o Network Advertising Initiative: https://optout.networkadvertising.org/?c=1
o Digital Advertising Alliance: optout.aboutads.info, which will allow you to opt-out of interest-based ads served by on websites by participating members.
o AppChoices mobile app: https://www.youradchoices.com/appchoices, which will allow you to opt-out of interest-based ads in mobile apps served by participating members.
Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes. You will need to apply these opt-out settings on each device from which you wish to opt-out. Not all companies that serve interest-based ads participate in these opt-out programs, so even after opting-out, you may still receive some cookies and interest-based ads from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online, but they may be less relevant to you.
If we share information with the data providers described above, it may also constitute “sales” as defined under the CCPA. Any information shared with third parties is controlled by each data provider and you may need to opt-out from each data provider individually.
The above describes our practices currently and during the 12-month period preceding the date on which this Privacy Policy was last updated.
Your CCPA rights. As a California resident, you have the following rights as of January 1, 2020:
● Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
o The categories of Personal Information that we have collected.
o The categories of sources from which we collected Personal Information.
o The business or commercial purpose for collecting and/or selling Personal Information.
o The categories of third parties with whom we share Personal Information.
o Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information disclosed to each category of third-party recipient.
o Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
● Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
● Deletion. You can ask us to delete the Personal Information that we have collected from you by emailing us at info@waave.co.
● Opt-out. You can opt-out of any “sale” of your Personal Information as defined in the CCPA.
● Non-discrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
You may submit a request to exercise your right to information, access, or deletion by emailing to info@waave.co with “Privacy” in the subject line. We reserve the right to confirm your California residency to process these requests and will need to confirm your identity. Government-issued identification may be required. We will only accept deletion requests through email designated in this subsection. You may designate an authorized agent to make a request on your behalf by providing a valid power of attorney or other proof of authority acceptable to us in our reasonable discretion, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification. You can submit a request to opt-out of sales of your Personal Information as described above. We cannot process your request if you do not provide us with sufficient information to allow us to understand and respond to it. In certain cases, we may decline your request as permitted by law.
(b) PRIVACY NOTICE FOR COLORADO RESIDENTS
As a Colorado resident you have the following rights regarding your personal data under the Colorado Privacy Act (the “CPA”) effective as of July 1, 2023:
The CPA grants consumers, or the parents or guardians of children under 13, the right to:
Opt out of processing Personal Data or authorize another person to opt-out on their behalf, for (a) targeted advertising; (b) personal data sales; or (c) profiling, which has legal or other significant effects on the consumer, as defined by the CPA.
Know whether a controller processes their personal data;
Access, correct, and delete their personal data; and
Obtain a copy of their personal data in a commonly used and machine-readable format, known in other jurisdictions as the right to data portability, up to two (2) times per year.
The CPA defines personal data as any "information that is linked or reasonably linkable to an identified or identifiable individual." Based on this definition, personal data may include information such as individual's name, email address, phone number, credit card details, IP address, identification number.
Additionally, “sensitive data”, refers to a distinct category of personal data that is considered confidential. We would need your explicit consent to collect any of the following:
Any data revealing racial or ethnic origin;
Sexual orientation;
Religious beliefs;
Physical or mental health diagnosis;
Citizenship standing;
Biometric or genetic data; or
Personal data obtained from a known child.
For Colorado residents who wish to exercise their rights under this section, you may contact us at info@waave.co.
(c) PRIVACY NOTICE FOR CONNECTICUT RESIDENTS
As a Connecticut resident you have the following rights regarding your personal data under the Connecticut Data Privacy Act (“CTDPA”) effective as of July 1, 2023. The CTDPA provides Connecticut residents with the following rights regarding the personal data:
Right to confirm and access. The CTDPA grants consumers the right to access data from data controllers.
Right to correct. CTDPA provides consumers with the right to correct any inaccuracies in their data.
Right to data portability. Connecticut consumers can ask for a copy of the user data their company has saved and move it to another company.
Right to delete. The CTDPA gives consumers the right to delete personal data that they have provided to companies.
Right to opt-out. The act provides consumers with the right to opt-out of having their data processed for profiling, sale of data, and targeted advertising.
Connecticut residents may exercise any of their rights under this section by sending an email to info@waave.co. We will promptly respond to a consumer's request within 45 days after receiving the request. If reasonably necessary to comply with your request, we may extend this deadline by an additional 45 days upon notice to you stating the reason we need such extension. Note that we may charge a reasonable fee if you make more than one request within a 12-month period or if the request is "manifestly unfounded, excessive, or repetitive."
(d) PRIVACY NOTICE FOR NEVADA RESIDENTS
This section outlines certain rights for Nevada residents. We comply with the requirements as defined under Nevada’s Privacy Law, which provides Nevada residents with choices regarding how we share and collect personal information from you in the course of providing requested services. If you are a Nevada resident, you have the right to submit a verified request to us, directing us not to make any sale of certain Personal Information that we have or will collect about you. The Services does not currently engage in the “sale” (as defined by Nevada law) of personal information.
“Nevada Personal Information” includes personally identifiable information about a Nevada consumer collected online, such as an identifier that allows the specific individual to be contacted. Nevada Personal Information also includes any other information about a Nevada consumer collected online that can be combined with an identifier to identify the specific individual. Unless otherwise stated, the Services does not sell any “Covered Information”, as defined under Chapter 603A of the Nevada Revised Statutes.
For Nevada residents who wish to exercise their rights under this section and/or for information regarding the categories of Nevada Personal Information that we collect, please contact info@waave.co. Please indicate that you are a Nevada resident making a “Nevada Opt-Out” request, and include your name, telephone number and the email address used to access our site. We will respond to requests within 60 days and no more than 90 days after a request is submitted.
(e) NOTIFICATION OF UNAUTHORIZED ACCESS TO PRIVATE INFORMATION TO RESIDENTS OF NEW YORK
In the event of a Security Breach (as defined below) which includes any Private Information, Waave shall immediately upon discovery of a Security Breach notify residents of New York state whose Private Information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, or any measures necessary to determine the scope of the breach. Additionally, notice shall be provided to the state New York attorney general, the Department of State. Law enforcement, and to any applicable to consumer reporting agencies. As used herein “Security Breach” means unauthorized access to or acquisition of, or access to or acquisition without valid authorization, of computerized data that compromises the security, confidentiality, or integrity of private information maintained by Waave. Notification to affected New York residents shall be provided as follows:
The notice shall be directly provided to affected persons by one of the following methods:
· written notice;
· electronic notice (provided you have consented to receiving said notice in electronic
form)
· by telephone,
· substitute notice, such as email notice, a conspicuous posting on Waave’s website, or notification to major statewide media.
Note that notification as required hereunder may be delayed if a law enforcement agency determines that such notification impedes a criminal investigation. The notification required by this section shall be made after such law enforcement agency determines that such notification does not compromise such investigation.
(f) PRIVACY NOTICE FOR UTAH RESIDENTS
This section applies solely to Utah residents. It applies to Personal Data we collect as a business; it does not apply to Personal Data we collect or otherwise process as a service provider.
If you are a Utah consumer, as that term is defined under the Utah Consumer Privacy Act (“UCPA”), you may have certain rights. Utah law may permit you to request that we:
· Confirm whether or not we are processing your Personal Data and provide you with access such Personal Data;
· Correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of the Personal Data;
· Delete your Personal Data;
· Provide you a copy of Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business, where our processing is carried out by automated means; and
· Opt out of the processing of the Personal Data for purposes of targeted advertising, the sale of Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Services to you. If you ask us to delete it, you may no longer be able to access or use the Services.
You may also exercise your Utah consumer rights by emailing us at info@waave.us. You will be required to verify your identity before we fulfill your request. To do so, you will need to demonstrate that you have access to the email address used to create your account or provide us with certain account information, such as the full name and email address you used to create your account. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization for the agent to act on your behalf, however, you will still need to verify your identity directly with us. We may use your Personal Data to send you targeted advertising. (as that term is defined in the UCPA). To opt out of targeted advertising, email us at info@waave.co.
(g) PRIVACY NOTICE FOR VIRGINIA RESIDENTS
As a Virginia resident you have the following rights regarding your personal data under the Virginia Consumer Data Protection Act (the “VCDPA”) effective as of January 1, 2023:
Right to Confirm if a controller is processing you Personal Data and to access Personal Data;
Right to correct inaccurate Personal Data;
Right to delete;
Right to obtain a copy of your Personal Data in portable Format; and
Right to Opt-Out of the processing of Personal Data for purposes of targeted advertising, sale, or profiling with legal or other significant effects.
We may collect, use, and disclose your personal data for business purposes. A summary of the categories of personal data collected and the purposes for which it is used can be found below. To exercise any of your rights under VCDPA, please submit an email to info@waave.us
The VCDPA applies to individuals who are Virginia residents, acting in an “individual or household” context, but does not apply to individuals acting in a commercial context (i.e., as a representative of a business) or employment context.
Depending on the specific service or product you use, the categories of Personal Data collected may include:
Personal identifiers such as your name, address, email, and payment information
Commercial information such as the records of the products and services you purchase and use, and
Internet or other electronic activity such as your interaction and usage with our websites, apps and advertisements and information about and on your device.
Additionally, "sensitive data”, a category of personal data, would include the following:
· Personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, citizenship, or immigrations status;
· The processing of genetic or biometric data for the purposes of uniquely identifying a natural person;
· The personal data collected from a known child; or
· Precise geolocation data.
Depending on the specific service or product you use, we may use your personal data for various business purposes, including (a) to provide, manage, support and improve our products and services, (b) to maintain and service your account, (c) to verify you, your account activity and your information, (d) to detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts, (e) to provide customer service, (f) to provide advertising and marketing to our customers, and (g) to measure our marketing campaigns and to audit consumer interactions.
12. CHILDREN’S PRIVACY
The Services are not directed to or intended for use by children under 13 years of age. If you are a child under the age of 13, please do not attempt to register for or otherwise use the Services or send us any Personal Information. By accessing, using and/or submitting information to or through the Services, you represent that you are not under the age of 13. As noted in the Terms and Conditions, we do not knowingly collect or solicit Personal Information from children under the age of 13. If we learn that we have received any Personal Information directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that Personal Information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child’s Personal Information. If you believe that a child under 13 may have provided us with Personal Information, please contact us at to info@waave.co.
13. UPDATES TO THIS POLICY
We reserve the right to change, modify, update, add, or remove portions of this Privacy Policy at any time. Any changes or updates will be effective immediately upon posting to this page. When we do update it, for your convenience, we will make the updated policy available on this page. If you opt out of receivingcommunications, you may not receive certain notifications, however, they will still govern your use of the Services, and you are responsible for proactively checking for any changes. We encourage you to check this Privacy Policy frequently to stay up to date on any changes. You can determine if changes have been made by checking the effective date on the Privacy Policy. Continued use of the Services after the effective date of any change in this Privacy Policy will constitute acceptance of such changes and it will signify that you agree to abide by and be bound by the modified Privacy Policy.
14. CONTACT US
If you have questions, comments, or concerns regarding this Privacy Policy, please contact us and we will respond to your request within a reasonable timeframe. Please include the following information in your request (a) Your name; (b) Your contact information, including phone number, mailing address, and email address; and (c) the precise nature of your request, inquiry, or complaint.
Waave Mobility, Inc.
By Mail:
223 Bedford Ave
Brooklyn, NY 11211
By Email: