Privacy Policy: CCPA Data Processing Addendum Last updated: Dec 28, 2019

This CCPA Data Processing Addendum amends the terms outlined in our Privacy Policy to comply with the California Consumer Privacy Act (CCPA), which is effective January 1, 2020.

The CCPA grants California residents new rights regarding the collection of their personal information and requires companies to comply with certain obligations.

How the CCPA Applies to ShipLeaf

ShipLeaf Users are considered “Businesses” under the terms of the CCPA. In those terms, Businesses are primarily responsible for ensuring their processing of personal data is compliant with all relevant data protection laws, including the CCPA.

ShipLeaf acts as a “Service Provider” and shall collect, access, maintain, use, process and transfer the personal information of Businesses and their end customers solely for the purpose of performing our obligations to our Users, and for no other commercial purpose other than the performance of such obligations and improvement of the Services we provide.

Data Processing, Transfers and Sales

ShipLeaf will only process User Personal Data on the instructions of the User unless required by law to act without such instructions.

By using the ShipLeaf Service, the User agrees to the ShipLeaf Terms, including this addendum, and instructs ShipLeaf to process User Personal Data as follows:

The User can submit User Personal Data to ShipLeaf to an extent determined and controlled by the User in its sole discretion, and which may include (but not necessarily limited to) personal data on the following categories of data subjects:

ShipLeaf does not “sell” User Personal Data as defined under the CCPA, which means that ShipLeaf also does not rent, disclose, transfer, make available or otherwise communicate that data to any third party for monetary or other valuable consideration. ShipLeaf may share aggregated and/or anonymized information regarding Users’ use of the Service with third parties to assist with developing and improving the Service as detailed in our Terms.

Data Retention and Deletion

The User may delete User Personal Data in a manner consistent with the functionality of the Service during the term of service. If the User uses a Service function to delete any User Personal Data in such a way that it can not be recovered by the User, this will constitute an instruction to ShipLeaf to delete the relevant data from its systems in accordance with applicable law.

If the User wishes to delete User Personal Data that can not be deleted via functionality provided by the Service, the User should send a deletion request to [email protected]. ShipLeaf will strive to respond to all such requests as soon as reasonably practical.

If the User ceases to subscribe and use the Service, or ShipLeaf permanently discontinues access to the User’s account, all User Personal Data will be deleted or anonymized unless ShipLeaf is required by applicable law to retain the data.

Data Security Measures

ShipLeaf follows industry standards on information security management to safeguard sensitive information, such as User Personal Data. Our information security systems apply to people, processes and information technology systems on a risk management basis.

Because no method of transmission over the Internet, or method of electronic storage, is 100% secure, ShipLeaf cannot guarantee that unauthorised parties will not gain access to User Personal Data. To the extent permitted by applicable law, ShipLeaf expressly excludes any liability arising from any unauthorised access to User Personal Data.

Sub-Service Providers

ShipLeaf uses the following subprocessors for User data:

Limitation of Liability

ShipLeaf and all of its entities' aggregate liability to the User, arising from or related to this addendum, are subject to the "Limitation of Liability" section of the Terms.