California Consumer Privacy Act (CCPA)

Notice for California Residents

Last Updated 30 January, 2022

We at Cosmia LLC (“Cosmia,” “we,” “us,” or “our”) have created this Notice for California Residents (the “CCPA Notice”) to supplement the Privacy Policy https://cosmia.love/privacy-policy/. This CCPA Notice applies solely to all natural persons who reside in the State of California (“consumers” or “you”), and who visit or use our Websites, purchase products or services from us, or otherwise engage or interact with us in person or electronically. We adopted this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms not otherwise defined in this CCPA Notice shall have the meaning assigned in the CCPA. 

To the extent there is any conflict between this CCPA Notice and the provisions of the Privacy Policy, this CCPA Notice shall control only with respect to consumers and their Personal Information. If you are located outside of the State of California this CCPA Notice does not apply to you and you should refer to our Privacy Policy.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). In particular, we have collected the following categories of Personal Information from or about consumers within the last twelve (12) months preceding the date of the last update of this CCPA Notice (the “Last Update”).

 

Table I   — Categories of Personal Information (w/examples)
Identifiers
A real name, alias, postal address, unique personal identifier, online identifier, IP address,  email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Categories of Personal Information Listed in Cal. Civ. Code § 1798.80(e))
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.
Commercial information
Records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies.
Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.       
Inferences drawn from other Personal Information
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

Personal Information does not include:

  • Publicly available information from government records
  • De-identified or Aggregated Personal Information 
  • Information excluded from the CCPA including:  
    • Personal Information (health or medical information) covered by the Health Insurance Portability and Accountability Act of 1996, the California Confidentiality of Medical Information Act, or clinical trial data;
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, or the Driver’s Privacy Protection Act of 1994.

We obtain the Categories of Personal Information in Table I from the following Categories of Sources:

  • Directly from Consumers. For example, from forms, surveys, responses, or other direct interactions from or with you, which you voluntarily provide to us.
  • Indirectly from Consumers. For example, from observing your actions on our Websites and other websites, and through our use of cookies, described in our Cookie Policy at https://cosmia.love/cookie-policy/.
Table II
Categories of
Personal Information
Categories of Sources
Identifiers Directly from Consumer; Indirectly from Consumer
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Directly from Consumer
Commercial information. Directly from Consumer, Indirectly from Consumer
Internet or other similar network activity Indirectly from Consumer
Inferences drawn from other personal information. Indirectly from Consumer

Use of Personal Information

We may use or disclose the Personal Information we collect for one or more of the following commercial or business purposes (each a “Business Purpose”):

Table III -Category of Personal Information Business Purposes
Identifiers.
  • To develop, implement, market, promote, and sell products, services, and special offers
  • To manage and promote the business activities of Cosmia, including the development and evaluation of business plans
  • To establish customer and vendor relationships and to communicate with customers and vendors
  • To create, maintain, customize, and secure your account with us
  • To conduct live chats with customers
  • To provide information about existing and new products and services of Cosmia
  • To enable customers to submit customer success stories and questions to be answered on https://cosmia.love
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses
Personal information categories  listedin the California Customer Recordsstatute (Cal. Civ. Code § 1798.80(e)).
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud
Commercial information.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud
  • To administer or enforce our rights under an agreement or otherwise protect Cosmia and its rights
Internet or other similar network activity.
  • To provide, develop, implement, market, support, personalize, and develop our Websites, products, and services
  • To enable visitors of our Websites to use the sites
  • To maintain security audit logs to remove or defend against malicious visitors or attackers
  • To create, maintain, customize, and secure your account with us
  • To conduct live chats with customers
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law)
  • To research, develop and improve existing and new products, technologies, and services
Inferences drawn from other personal information.
  • To provide, develop, implement, market, support, personalize, and develop our Websites, products, and services
  • To review and assess market trends and activities impacting the business of Cosmia
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law)

We may also use or disclose any of the Categories of Personal Information set forth above for one or more of the following Business Purposes:

  • to meet requirements imposed by law, including court orders, subpoenas, or compliance with the legal process;
  • to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
  • as described to you when collecting your Personal Information or as otherwise permissible under the CCPA; and
  • to evaluate or consummate a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about users of our Websites is among the assets transferred.

We will not collect additional categories of Personal Information  or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your explicit consent.

Sharing Personal Information

We may share your Personal Information with the following categories of recipients and third parties for business purposes:

  • Service Providers
  • Affiliate Partners
  • Third Parties
Table IV –Categories of
Personal Information
Categories of Recipients and Third Parties
Identifiers. Service Providers; Affiliate Partners; Third Parties
Personal information categories  listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Service Providers
Commercial information. Service Providers; Affiliate Partners
Internet or other similar network activity. Service Providers
Inferences drawn from other personal information. Service Providers

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, we have disclosed the following Categories of Personal Information for a Business Purpose:

  • Identifiers
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
  • Commercial activity.
  • Internet or other similar network activity.
  • Inferences drawn from other personal information.

Sales of Personal Information

We do not “sell” personal information as most people would typically understand that term. However, we do allow certain third-party partners and providers to collect information about consumers directly through our services for purposes of analysing and optimizing our services, providing content and advertising (ads) that may appear on third-party websites through the use of retargeting, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. To the extent this practice is interpreted to constitute a “sale” under the CCPA, please see our Cookie Policy for more information including how to exercise your rights to opt-out of cookies, analytics and personalized advertising.

Your Rights and Choices

The CCPA provides consumers with specific rights regarding their Personal Information. This section describes such rights and explains how to exercise them.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection, disclosure, sale and use of your Personal Information. Once we receive and verify your request, we will disclose to you:

  • The Categories of Personal Information we collected about you
  • The Categories of Sources for the Personal Information that we collected about you
  • Our Business Purpose for collecting or selling that Personal Information
  • The categories of third parties with whom we share that Personal Information
  • The specific pieces of Personal Information we collected about you (also called a data portability request)
  • If we sold or disclosed your Personal Information for a Business Purpose, two separate lists disclosing:
    • Categories of Personal Information that we sold about you and the categories of third parties to whom the Personal Information  was sold; and
    • Categories of Personal Information that we disclosed about you for a Business Purpose.

Deletion Request Rights

You have the right to request that we delete any of Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the Personal Information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context or our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or persecute those responsible for such activities
  • Debug products that to identify and repair errors that impair existing intended functionality
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by writing to us at:

Cosmia LLC
954 Ave Ponce de Leon, Ste 205-10379
San Juan, Puerto Rico 00907

You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information related to you.

Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Verification Process

To submit a verifiable consumer request, the consumer may be required to provide additional information, which may include additional Personal Information, to enable us to verify the consumer’s identity with the degree of certainty required by the CCPA.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We or a third party on our behalf may follow up with you to determine whether a request is a verifiable consumer request under applicable law.

If we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you, we will deny the consumer request in whole or in part and will not to disclose the information requested or, as applicable, will not delete the information requested. We will respond to any such consumer request with a denial, and will also explain why it has no reasonable method by which it can verify the identity of the requestor.

However, if a consumer request that seeks disclosure of specific pieces of Personal Information is denied because we cannot verify the identity of the person making the request under the applicable verification rules under the CCPA, then we shall treat the request as one that seeks the disclosure of the categories of Personal Information and apply the verification rules in the CCPA applicable to requests for disclosure of categories of Personal Information.

If a consumer request that seeks disclosure of categories of Personal Information is denied because we cannot verify the identity of the person making the request under the applicable verification rules in the CCPA regulation, then we shall provide or direct the requestor to our general business practices regarding the collection, maintenance and sale of Personal Information as set forth in this Privacy Policy.

Response Timing and Format

We will confirm receipt of a verifiable consumer request within then (10) days of its receipt.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) days of receipt of the request.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. If you do not have an account with us, and you do not indicate a preference for delivery, we will use its discretion in choosing the method of delivery of the information.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We may charge a reasonable fee to process or respond to your verifiable consumer requests if they are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for this decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including, but not limited to:

  • Denying you products or services
  • Charging you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of products or services
  • Suggesting that you may receive a different price or rate for products or services or a different level or quality of products or services

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels, provided that: (i) the financial incentive is reasonably related to the value of your Personal Information  and (ii) we provide you written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. See Notice on Financial Incentive section below.

Right to Designate an Authorized Agent

If you submit a request for access and portability or deletion through the use of an authorized agent, we may require that you (i) provide the authorized agent written permission to act on your behalf, and (ii) verify their identity directly with us. We may deny a request from an authorized agent that does not submit proof of authorization.

Other California Privacy Rights

Pursuant to California’s “Shine the Light” law (Civil Code Section § 1798.83), California residents have the right to request certain information regarding our disclosure of Personal Information  to third parties for their direct marketing purposes, including the names and addresses of those third parties, and examples of the types of Research Activities or products marketed by those third parties.

To make such a request, please send a written request to:

Cosmia LLC
954 Ave Ponce de Leon, Ste 205-10379
San Juan, Puerto Rico 00907

 

Changes to Our CCPA Notice

This CCPA Notice is effective as of the ‘Effective Date’ date stated at the top of this CCPA Notice.  We may change this CCPA Notice from time to time with or without notice to you. By visiting the Websites or accessing or using the Research Activities after we make any such changes to this CCPA Notice, you are deemed to have accepted such changes.  Please be aware that, to the extent permitted by applicable law, and without prejudice to the foregoing, our use of your Personal Information is governed by the CCPA Notice in current effect. Please refer back to this CCPA Notice on a regular basis.

Contact Information

If you have any questions or comments about this notice, the ways in which we collect and use your information described below and in the CCPA Notice, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to write to us at:

Cosmia LLC
954 Ave Ponce de Leon, Ste 205-10379
San Juan, Puerto Rico 00907