Privacy Policy

Vertali Group ("Vertali," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website home.vertali.net (the "Site"), use our services, apply to join our creator network, or reside in our streamer houses.

We respect your privacy and are dedicated to handling your personal data responsibly and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Children's Online Privacy Protection Act (COPPA).

By accessing or using our Site and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Site or services.

We collect various types of information from and about users of our Site and services. The information we collect depends on how you interact with us and the choices you make.

2.1 Personal Information

We may collect the following categories of personal information that can be used to identify you:

• Identity Information: Full legal name, date of birth, gender, government-issued identification numbers (where legally required)
• Contact Information: Email address, phone number, residential address, mailing address, emergency contact details
• Account Information: Username, password, account preferences, profile photographs
• Demographic Information: Age, nationality, language preferences
• Professional Information: Occupation, employer, work history, educational background, professional certifications
• Biographical Information: Personal biography, interests, hobbies, and preferences

2.2 Creator and Streamer Information

For content creators, streamers, and talent applying to or participating in our programs, we collect:

• Platform Information: Streaming platform usernames, channel URLs, platform-specific IDs
• Audience Metrics: Follower counts, subscriber numbers, viewership statistics, engagement rates, audience demographics (as publicly available or voluntarily provided)
• Content Information: Links to streaming channels, sample content URLs, content category preferences
• Performance Data: Streaming schedules, historical performance metrics, growth trends
• Monetization Data: Revenue share information, payment history, sponsorship details
• Social Media Presence: Links to social media profiles across all platforms

2.3 Automatically Collected Information

When you visit our Site or use our services, we automatically collect certain information about your device and usage patterns:

• Device Information: IP address, browser type and version, operating system, device type, device identifiers, mobile network information
• Usage Information: Pages visited, time spent on pages, links clicked, features used, search queries, referral sources
• Location Information: General geographic location based on IP address, GPS location (with your consent)
• Log Data: Access times, dates, error logs, crash reports
• Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 9 for details)

2.4 Financial Information

For payment processing, payroll, and financial transactions, we collect:

• Payment Information: Bank account details, routing numbers, payment card information (processed securely through PCI-DSS compliant payment processors)
• Tax Information: Social Security Number, Tax Identification Number, W-9 or W-8 forms, tax residency information
• Transaction History: Payment records, invoice details, commission calculations

Note: We do not store complete payment card numbers on our servers. All payment processing is handled by third-party PCI-DSS compliant payment processors.

2.5 House Application and Residency Information

For applicants to and residents of our streamer houses, we collect:

• Application Information: Application forms, essays, portfolio materials, references
• Background Information: Background check results (where legally permitted and with appropriate consent)
• Residency Details: Move-in/move-out dates, room assignments, lease agreements
• House Rules Compliance: Incident reports, disciplinary records, compliance documentation
• Preferences: Roommate preferences, dietary restrictions, accessibility needs

2.6 Communications and Correspondence

We collect and store:

• Email correspondence and message history
• Chat logs and support ticket communications
• Phone call recordings (where legally permitted and with notice)
• Video conference recordings (with prior consent)
• Feedback, surveys, and testimonials

2.7 Third-Party Service Data

We may receive information about you from third-party sources, including:

• Social media platforms (when you connect your accounts)
• Analytics providers
• Advertising networks
• Background check services (with consent)
• Publicly available sources and databases

3.1 Direct Submissions

We collect information that you provide directly to us, including when you:

• Create an account or profile on our Site
• Fill out application forms (creator applications, house applications, employment applications)
• Complete contact forms or request information
• Sign up for newsletters, updates, or marketing communications
• Participate in surveys, contests, or promotions
• Communicate with us via email, phone, chat, or video conference
• Upload content, documents, or media
• Execute contracts or agreements
• Submit payment or billing information
• Post comments or participate in community features

3.2 Automatic Collection Technologies

We and our service providers use various technologies to automatically collect information:

• Cookies: Small data files stored on your device that help us recognize you and remember your preferences
• Web Beacons/Pixels: Electronic images that help us count users who have visited certain pages or opened emails
• Log Files: Server logs that track actions occurring on the Site
• Analytics Tools: Third-party analytics services that help us understand Site usage
• SDKs: Software development kits integrated into our mobile applications (if applicable)

3.3 Third-Party Sources

We may obtain information about you from third parties, including:

• Social Media Platforms: When you choose to connect your social media accounts or share content through social media features, we may receive information from those platforms in accordance with their privacy policies
• Streaming Platforms: Public metrics and data from Twitch, YouTube, Kick, TikTok, and other platforms (with your authorization)
• Service Providers: Payment processors, analytics providers, email service providers, and customer relationship management platforms
• Business Partners: Brand partners, sponsors, and collaborators
• Public Sources: Publicly available databases, social media profiles, and other public sources

3.4 API Integrations

For creators and streamers, we may collect information through API integrations with streaming platforms and social media services, subject to your authorization and the terms of service of those platforms.

We use the information we collect for various business and operational purposes, including:

4.1 Service Provision

• Providing, operating, and maintaining our Site and services
• Processing and evaluating creator and house applications
• Managing creator contracts, agreements, and relationships
• Coordinating travel, lodging, and logistics for talent
• Facilitating communication between creators, brands, and our team
• Processing payments, commissions, and financial transactions
• Managing house residencies and accommodations

4.2 Communication

• Responding to your inquiries, requests, and support needs
• Sending administrative information, such as changes to our terms, conditions, and policies
• Providing updates about your application status, account, or services
• Sending transactional emails and notifications
• Facilitating internal communications within our creator network

4.3 Marketing and Promotional Activities

• Sending newsletters, marketing communications, and promotional materials (with your consent where required)
• Promoting our creators, events, and partnerships
• Developing and displaying targeted advertising
• Conducting market research and analyzing user preferences
• Personalizing your experience and content recommendations

4.4 Analytics and Improvement

• Analyzing usage patterns and trends to improve our Site and services
• Monitoring and analyzing the effectiveness of our marketing campaigns
• Developing new products, services, features, and functionality
• Conducting research and statistical analysis
• Testing, troubleshooting, and optimizing Site performance

4.5 Legal Compliance and Protection

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from public authorities
• Enforcing our terms, conditions, and policies
• Protecting our rights, privacy, safety, or property
• Protecting the rights, privacy, safety, or property of our users or others
• Preventing, detecting, and investigating fraud, security breaches, or other prohibited activities
• Establishing, exercising, or defending legal claims

4.6 Business Operations

• Managing our business operations and internal administration
• Conducting audits and maintaining financial records
• Evaluating and managing business risks
• Planning and executing business transactions, including mergers, acquisitions, or sales

4.7 Consent-Based Uses

We may also use your information for any other purpose for which you provide consent.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds under the General Data Protection Regulation (GDPR):

5.1 Consent

We process your personal information based on your explicit consent, which you may withdraw at any time. This includes:

• Sending marketing communications
• Using cookies and similar tracking technologies (where consent is required)
• Processing sensitive personal data (where applicable)
• Sharing your information with third parties for their marketing purposes

5.2 Contractual Necessity

We process personal information necessary to perform our contract with you or to take steps at your request before entering into a contract, including:

• Processing creator and house applications
• Managing creator contracts and agreements
• Providing requested services and support
• Processing payments and commissions
• Managing your account and profile

5.3 Legal Obligation

We process personal information to comply with our legal obligations, such as:

• Tax reporting and compliance
• Maintaining employment and immigration records
• Responding to legal requests and court orders
• Fulfilling regulatory requirements

5.4 Legitimate Interests

We process personal information based on our legitimate interests, provided these interests are not overridden by your rights and interests. Our legitimate interests include:

• Operating, improving, and securing our Site and services
• Analyzing usage patterns and trends
• Preventing fraud and ensuring security
• Defending our legal rights
• Marketing our services to existing customers (where permitted by law)
• Conducting business analytics and strategic planning

5.5 Vital Interests

In rare circumstances, we may process personal information to protect your vital interests or the vital interests of another person, such as in emergency situations involving health or safety.

We may share your personal information in the following circumstances:

6.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including:

• Technology Providers: Hosting providers, cloud storage services, content delivery networks
• Payment Processors: Companies that process payments and financial transactions
• Communication Services: Email service providers, SMS providers, customer support platforms
• Analytics Providers: Companies that help us analyze Site usage and user behavior
• Marketing Services: Advertising networks, marketing automation platforms, CRM systems
• Professional Services: Legal advisors, accountants, auditors, insurance providers
• Background Check Providers: Companies that conduct background checks (with appropriate consent)

All service providers are contractually obligated to protect your information and use it only for the purposes for which we disclose it to them.

6.2 Business Partners

We may share information with business partners, including:

• Brand Partners and Sponsors: Information necessary to facilitate sponsorships, brand deals, and collaborations (with your consent)
• Streaming Platforms: Information required for API integrations and platform partnerships
• Event Organizers: Information necessary for event participation and logistics
• Other Creator Houses and Organizations: For collaborative opportunities (with your consent)

6.3 Affiliated Entities

We may share information with our subsidiaries, affiliates, and related entities for operational, administrative, and business purposes.

6.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

• Compliance with legal obligations, court orders, or subpoenas
• Cooperation with law enforcement agencies
• Protection of national security
• Enforcement of our rights or defense against legal claims

6.5 Business Transfers

In connection with any merger, acquisition, reorganization, sale of assets, or other business transaction, your personal information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

6.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6.7 Aggregated and Anonymized Data

We may share aggregated or anonymized information that does not identify you personally for research, marketing, analytics, and other purposes.

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

7.1 Retention Periods

Our retention periods vary depending on the type of information and the purpose for which we process it:

• Account Information: Retained for the duration of your relationship with us plus 3 years after account closure, unless longer retention is required by law
• Contract and Transaction Records: Retained for 7 years to comply with tax and accounting obligations
• Marketing Data: Retained until you withdraw consent or opt out of marketing communications
• Application Data: Retained for 2 years from the date of application (for unsuccessful applicants)
• Communications: Retained for 3 years from the date of communication
• Log Files and Analytics: Retained for 13 months
• Legal Records: Retained as required by applicable statutes of limitations

7.2 Deletion and Anonymization

When your personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention policies. In some cases, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice.

7.3 Archive Policies

Certain information may be transferred to secure archives for compliance, legal, or business purposes. Archived data is subject to strict access controls and is only accessed when necessary for legitimate business or legal purposes.

7.4 Exceptions to Deletion

We may retain certain information even after a deletion request if:

• Retention is required by law or legal process
• Retention is necessary to resolve disputes or enforce our agreements
• The information is necessary for security, fraud prevention, or safety purposes
• The information cannot be removed from backups or archives due to technical limitations

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal information.

8.1 Right to Access

You have the right to request access to the personal information we hold about you. Upon request, we will provide you with a copy of your personal information in a structured, commonly used, and machine-readable format.

8.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You may also update certain information directly through your account settings.

8.3 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal information in certain circumstances, including when:

• The information is no longer necessary for the purposes for which it was collected
• You withdraw your consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The information has been unlawfully processed
• The information must be deleted to comply with a legal obligation

8.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, including when:

• You contest the accuracy of the information (for a period enabling us to verify its accuracy)
• The processing is unlawful, but you oppose deletion and request restriction instead
• We no longer need the information, but you require it for legal claims
• You have objected to processing pending verification of whether our legitimate grounds override yours

8.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller without hindrance, where the processing is based on consent or contract and is carried out by automated means.

8.6 Right to Object

You have the right to object to the processing of your personal information:

• Based on legitimate interests, unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms
• For direct marketing purposes, including profiling related to such marketing

8.7 Rights Regarding Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such processing:

• Is necessary for entering into or performing a contract
• Is authorized by law
• Is based on your explicit consent

8.8 Right to Withdraw Consent

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8.9 How to Exercise Your Rights

To exercise any of these rights, please contact us using the contact information provided in Section 16. We will respond to your request within the timeframes required by applicable law (typically within 30 days for GDPR requests and 45 days for CCPA requests).

8.10 Verification

We may need to verify your identity before fulfilling your request to ensure the security of your personal information. We may ask you to provide additional information to confirm your identity.

8.11 Right to Lodge a Complaint

If you believe our processing of your personal information violates applicable data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement.

9.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

9.2 Types of Cookies We Use

9.3 Specific Cookies We Use

• Session Cookies: Temporary cookies that expire when you close your browser
• Persistent Cookies: Remain on your device for a set period or until you delete them
• First-Party Cookies: Set by our Site
• Third-Party Cookies: Set by our partners and service providers

9.4 Third-Party Cookies

We may allow third parties to place cookies on your device for the following purposes:

• Google Analytics: For website analytics and usage tracking
• Social Media Platforms: Facebook, Twitter, Instagram, TikTok for social sharing and advertising
• Advertising Networks: For targeted advertising and campaign measurement
• Payment Processors: For secure payment processing

9.5 Cookie Consent

When you first visit our Site, you will be presented with a cookie banner requesting your consent to the use of non-essential cookies. You can:

• Accept all cookies
• Reject non-essential cookies
• Customize your cookie preferences

You can change your cookie preferences at any time by clicking on the "Cookie Settings" link in the footer of our Site.

9.6 How to Manage Cookies

Most web browsers allow you to control cookies through their settings. You can typically:

• View cookies stored on your device
• Delete individual cookies or all cookies
• Block cookies from particular sites
• Block all cookies
• Block third-party cookies while accepting first-party cookies

Please note that disabling cookies may affect the functionality of our Site and prevent you from accessing certain features.

9.7 Do Not Track Signals

Some browsers have "Do Not Track" features that allow you to tell websites not to track you. We currently do not respond to Do Not Track signals due to lack of standardized industry practices. However, you can opt out of targeted advertising through the mechanisms described above.

9.8 Other Tracking Technologies

In addition to cookies, we may use:

• Web Beacons: Small graphic images that help us monitor Site usage
• Pixels: Code snippets that allow us to track conversions and retarget visitors
• Local Storage: Browser-based storage for caching data and preferences
• Device Fingerprinting: Techniques to identify devices based on configuration settings

Vertali Group is based in the United States. If you are accessing our Site or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers are located.

10.1 Transfer Mechanisms

When we transfer personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries, we implement appropriate safeguards to ensure your data receives an adequate level of protection:

10.2 Standard Contractual Clauses

We use Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal information to countries that have not been deemed to provide an adequate level of data protection. These contractual commitments ensure that the recipient of your personal information provides protections equivalent to those required under GDPR.

10.3 Adequacy Decisions

Where applicable, we may transfer personal information to countries that have been recognized by the European Commission as providing an adequate level of data protection.

10.4 Other Transfer Mechanisms

We may also rely on other legally recognized transfer mechanisms, including:

• Your explicit consent to the transfer
• The necessity of the transfer for the performance of a contract with you
• The necessity of the transfer for the establishment, exercise, or defense of legal claims
• Binding Corporate Rules (if applicable)

10.5 Data Localization

In certain jurisdictions, we may store and process data locally to comply with data localization requirements. Please contact us for specific information about data storage locations.

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction.

11.1 Security Measures

Our security measures include:

• Encryption: We use industry-standard encryption protocols (TLS 1.3 or higher) to protect data in transit. Sensitive data at rest is encrypted using AES-256 encryption
• Access Controls: Strict access controls limit who can access personal information based on job function and need-to-know principles
• Authentication: Multi-factor authentication (MFA) is required for administrative access to systems containing personal information
• Network Security: Firewalls, intrusion detection systems, and network segmentation protect against unauthorized access
• Regular Security Assessments: We conduct vulnerability scans, penetration testing, and security audits
• Employee Training: Regular security awareness training for all employees handling personal information
• Secure Development: Security-by-design principles in our software development lifecycle
• Physical Security: Physical access controls for facilities housing servers and data

11.2 Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected individuals without undue delay and, where feasible, within 72 hours of becoming aware of the breach (for GDPR-covered data)
• Notify relevant supervisory authorities as required by law
• Provide clear and meaningful information about the breach, including the nature of the incident, the categories of data affected, and the likely consequences
• Describe the measures we have taken or propose to take to address the breach
• Provide contact information for further inquiries

11.3 Data Minimization

We collect and retain only the personal information that is necessary for the purposes outlined in this Privacy Policy. We regularly review our data holdings and delete or anonymize information that is no longer needed.

11.4 Third-Party Security

We require all service providers who process personal information on our behalf to implement appropriate security measures and to comply with contractual obligations regarding data protection.

11.5 Your Security Responsibilities

We encourage you to take steps to protect your personal information, including:

• Using strong, unique passwords for your accounts
• Enabling two-factor authentication where available
• Keeping your login credentials confidential
• Being cautious of phishing attempts and suspicious communications
• Logging out of your account when using shared devices
• Keeping your devices and software up to date

Vertali Group is committed to protecting the privacy of children. Our Site and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13.

12.1 Age Restrictions

• You must be at least 18 years old to create an account, apply for residency in our streamer houses, or enter into contracts with us
• Individuals between the ages of 13 and 18 may only use our Site and services with the involvement and consent of a parent or legal guardian
• Our services are not designed for, marketed to, or intended for children under 13

12.2 Parental Consent

For certain features that may be accessible to minors 13-17 years of age, we require verifiable parental consent before collecting personal information. Parents or legal guardians have the right to:

• Review the personal information we have collected from their child
• Request deletion of their child's personal information
• Refuse further collection or use of their child's personal information
• Provide consent to the collection and use of their child's personal information

12.3 Discovery of Underage Users

If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to:

• Delete that information as quickly as possible
• Terminate the child's account (if applicable)
• Notify the parent or guardian (if contact information is available)

12.4 Reporting Underage Use

If you believe we might have any information from or about a child under 13, please contact us immediately at privacy@vertali.net or using the contact information in Section 16.

12.5 Teen Safety

For users between 13 and 17 years of age, we implement additional safeguards:

• Restricted data collection and use
• Enhanced privacy settings by default
• No targeted advertising based on personal information
• Prohibition on sharing information with third parties for marketing purposes

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section supplements the information provided elsewhere in this Privacy Policy.

13.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information from California residents:

13.2 Categories of Sources

We collect personal information from the following categories of sources:

• Directly from you (forms, applications, communications)
• Automatically through your use of our Site (cookies, analytics)
• Third-party sources (social media platforms, streaming platforms, business partners)
• Publicly available sources

13.3 Business or Commercial Purposes

We use personal information for the business and commercial purposes described in Section 4 of this Privacy Policy.

13.4 Categories of Third Parties Shared With

We may share your personal information with the categories of third parties described in Section 6 of this Privacy Policy.

13.5 California Consumer Rights

As a California resident, you have the following rights:

Right to Know

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including:

• The categories of personal information we collected about you
• The categories of sources for the personal information
• Our business or commercial purpose for collecting that personal information
• The categories of third parties with whom we share that personal information
• The specific pieces of personal information we collected about you

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you.

Right to Opt-Out of Sale or Sharing

We do not "sell" personal information as that term is traditionally understood. However, we may "share" personal information with third parties for cross-context behavioral advertising purposes. You have the right to opt out of such sharing.

Right to Limit Use of Sensitive Personal Information

You have the right to request that we limit our use and disclosure of sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. This means we will not:

• Deny you goods or services
• Charge you different prices or rates for goods or services
• Provide you a different level or quality of goods or services
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

13.6 Exercising Your California Rights

To exercise your rights under the CCPA/CPRA, please submit a verifiable consumer request to us by:

• Emailing us at privacy@vertali.net
• Calling us at (850) 555-0199
• Completing the web form available on our Site

13.7 Verifiable Consumer Requests

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To verify your identity, we may ask you to provide information that matches our records. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

13.8 Response Timing and Format

We endeavor to respond to verifiable consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our response by mail or electronically, at your option.

13.9 Do Not Sell or Share My Personal Information

California residents have the right to opt out of the "sale" or "sharing" of their personal information. To exercise this right, please:

• Click the "Do Not Sell or Share My Personal Information" link in the footer of our Site
• Email us at privacy@vertali.net with the subject line "Opt-Out Request"
• Use the Global Privacy Control (GPC) signal in your browser (if supported)

13.10 Shine the Light Law

Under California's "Shine the Light" law (Civil Code Section 1798.83), California residents who have an established business relationship with us may request information about our disclosure of personal information to third parties for direct marketing purposes during the preceding calendar year.

To make such a request, please send an email to privacy@vertali.net with "Shine the Light Request" in the subject line.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR) or equivalent local data protection laws.

14.1 Data Controller Information

14.2 Data Protection Officer

While we are not currently required to appoint a Data Protection Officer under GDPR, we have designated a privacy team responsible for overseeing compliance with data protection laws. You can contact our privacy team at:

Email: privacy@vertali.net
Postal Address: Vertali Group, Attn: Privacy Team, 101 N Monroe St Suite 800, Tallahassee, FL 32301, USA

14.3 Your GDPR Rights

Your rights under GDPR are outlined in Section 8 of this Privacy Policy. To exercise these rights:

• Submit a request via email to privacy@vertali.net
• Contact us using the information provided in Section 16
• Use any self-service tools available in your account settings

14.4 Right to Lodge a Complaint

If you are located in the EEA and believe that our processing of your personal information violates GDPR, you have the right to lodge a complaint with your local supervisory authority. A list of supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

14.5 Legal Basis for Processing (Recap)

The legal bases for our processing activities are detailed in Section 5 of this Privacy Policy. If you have questions about the specific legal basis applicable to our processing of your personal information, please contact us.

14.6 Representative in the EU

If required under GDPR Article 27, we have appointed a representative in the European Union. Contact details are available upon request by emailing privacy@vertali.net.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.

15.1 Notification of Changes

When we make material changes to this Privacy Policy, we will:

• Post the updated Privacy Policy on this page with a revised "Last Updated" date
• Update the effective date at the top of this Privacy Policy
• Notify you via email or through a prominent notice on our Site before the changes become effective (for material changes)
• Obtain renewed consent where required by applicable law

15.2 Continued Use

Your continued use of our Site and services after we post any modifications to the Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

15.3 Previous Versions

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you would like to review previous versions of this Privacy Policy, please contact us at privacy@vertali.net.

15.4 Material Changes

Material changes that may require specific notification include:

• Changes to the categories of personal information we collect
• Changes to how we use or share personal information
• Changes to your rights under the Privacy Policy
• Changes regarding international data transfers

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us using the information below.

16.1 Privacy Team Contact

16.2 Mailing Address

16.3 Response Timeframes

We are committed to responding to your privacy-related inquiries in a timely manner:

• General Inquiries: Within 5 business days
• Data Subject Access Requests (GDPR): Within 30 days (may be extended by 2 months for complex requests)
• California Consumer Privacy Requests (CCPA): Within 45 days (may be extended by 45 days with notification)
• Data Breach Notifications: Within 72 hours of discovery where required by law

16.4 Accessibility

If you need this Privacy Policy in an alternative format due to a disability, please contact us at privacy@vertali.net or call (850) 555-0199, and we will provide the information in a suitable format.

16.5 Verification of Identity

To protect your privacy and security, we may need to verify your identity before responding to certain requests. We will only use information provided for verification purposes.

16.6 Appeals

If we decline to take action on your request, you have the right to appeal our decision. To appeal, please send an email to privacy@vertali.net with "Appeal Request" in the subject line, and include a description of your original request and the reason for your appeal.