Effective Date: October 15, 2020
We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other applicable U.S. privacy laws. Any terms defined in the CCPA have the same meaning when used in this Notice. We have also included specific information for other applicable privacy laws so the users of our Sites who may be subject to those laws can be informed of their rights and the options Arora provides to enable the exercise of those rights.
For information about specific rights under applicable privacy laws that may be different from the general information applicable to all users of our Sites, please see the sections labelled “Rights and Choices for California Consumers,” and/or “Rights and Choices for Nevada Consumers.”
The Types of Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal Information does not include:
- Publicly available information from government records;
- Deidentified or aggregated consumer information; or,
- Information excluded from the scope of applicable privacy laws (including the CCPA), like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
In particular, we have collected the following categories of Personal Information:
|A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, employee ID numbers, or other similar identifiers.
|B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some Personal Information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.
|Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial information.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity.
|Browsing history, search history, browser type, operating system information, device information and identifiers (e.g., MAC address), IP address, and information on a consumer’s interaction with a website, application, or advertisement.
|G. Geolocation data.
|Physical location or movements.
|H. Sensory data.
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
|Current or past job history, credentials, background-check results, drug-screening results, sanctions history, work authorizations or work visa information, work restrictions or accommodations, performance evaluations, and emergency or beneficiary contact information and other information related to these individuals that might be categorized under Categories A or B above.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other Personal Information.
|Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from you. For example, when you create an account, from forms you complete, or from products or services you request.
- Indirectly from you. For example, from observing your actions on our Sites including by technological means. For more information about how we may collect your Personal Information by technological means, please see the section labelled “Personal Information Collected Via Technology.”
- From Service Providers. For example, from vendors that provide services to us, which enable us to provide services to you. This may include demographic and site usage information from analytics firms.
- From third parties. We collect contact and employment information from third parties, including clients and from technology, staffing, and social media partners.
- From publicly available sources, such as social media sites, when permitted by the terms of service for those sources. For example, if you communicate with us over Twitter or Instagram, we may receive additional information about you from your profile.
Personal Information Collected via Technology
An “IP Address” is a number that is automatically assigned to your computer when you use the Internet. In some cases your IP address stays the same from browser session to browser session. However, if you use a consumer internet service provider, your IP address may vary from session to session. We track IP addresses solely in conjunction with session cookies to analyze our web page flow.
“Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. Arora uses both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until they expire or until you delete them) to provide you with a more personal and interactive experience on the Sites. Persistent cookies can be removed by following the help directions for your internet browser. If you choose to disable all or most cookies, some areas of the Site may not work properly.
In addition to cookies, Arora uses “pixels” to enable certain cookies or advertisements on the Sites and to track the number of times a link or advertisement is served on a webpage. A pixel is a tiny, 1×1 image that is loaded when you visit our Sites, but instead of calling up an image, it causes a cookie or application to be downloaded. Pixels can be used to track user activities, track the number of times a user has viewed a particular link or advertisement, track and optimize website traffic, display advertisements, keep track of advertising commissions, and otherwise collect data for online marketing and website analysis. As with cookies, our Sites utilize both session pixels and persistent pixels.
The cookies that we use for functionality and security purposes are considered necessary cookies, without which the Site would not function properly. These cookies allow some of the basic functions of our Sites to work properly, such as remembering your preferences as you navigate the Sites. In addition, these cookies help us secure the Sites by preventing cross-site request forgery attacks and by throttling excessive request rates.
You have the option to manage the cookies we use in connection with the Sites through the cookie consent settings and preferences centers made available to you on the Sites. Most web browsers (such as Microsoft Edge, Google Chrome, Mozilla Firefox, and Apple Safari) have features that can notify you when you receive a cookie or to prevent cookies from being sent and downloaded to your device. If you delete or disable cookies or other device tracking features, however, you may not be able to use all the features on our Sites, you may not be able to store your preferences, and some of our pages may not display properly. For more information on how to manage cookies through your web browser, please refer to the Help pages for the browser that you use. There are also general resources for opting out of interest-based advertising available on the websites of the Network Advertising Initiative and the Digital Advertising Alliance. Please also note that your management of cookies through a web browser may be browser and device specific, so you may need to repeat that task for each of the browsers and devices you use to access the Sites.
How We Use Your Personal Information
We may use or disclose the Personal Information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, we may use the Personal Information you provide to send you job listings or to contact you about a placement opportunity, or to identify new candidates or clients.
- For employment-related purposes. We may also use your Personal Information for recruitment and hiring, to staff open positions at Arora or with clients, and to provide payroll and administer benefits, for travel arrangements and performance management, for record-keeping, for safety purposes, to meet legal and compliance obligations, or for other permissible internal purposes.
- To provide, support, personalize, and develop our Sites, products, and services.
- To process your requests, transactions, and payments and to prevent transactional fraud.
- To personalize your experience on the Sites and to deliver content and product and service offerings relevant to your interests and Arora and its affiliates and subsidiaries, including targeted offers and ads through our Sites, third-party sites, and via email or text message (with your consent, where required by law).
- To help identify fraud and maintain the safety, security, and integrity of our Sites, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Sites, products, and services.
- To prosecute or defend legal claims and to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your Personal Information or as otherwise set forth in applicable privacy laws, including the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred.
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may create Deidentified Information records from Personal Information by excluding information (such as your name and/or IP address) that would allow someone to identify a specific individual. “Deidentified Information” means information that is not associated with or linked to your Personal Information, including any feedback you may provide, which cannot be reidentified with your Personal Information. Deidentified Information does not permit the identification of individual persons. We may use this Deidentified Information to analyze request patterns and usage patterns so that we may enhance our products and services. Arora reserves the right to use and disclose Deidentified Information to third parties in its discretion.
In addition to the above, various privacy laws specify numerous legitimate and lawful ways that we may use the Personal Information we collect without your consent. For more information, please see the section labelled “Notice Regarding Required Consents.”
How We Share Your Personal Information
We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
We share your Personal Information with the following categories of third parties:
- Clients and business partners;
- Government entities, including judicial and law enforcement authorities pursuant to lawful requests.
- Service providers;
- Affiliates of Arora;
- Social media websites;
- Internet cookie data recipients, such as Google Analytics; and,
- Successors (or potential successors) to all or part of our business.
While we may request your consent to use or share your Personal Information to fulfill or perform services regarding your requests through the Sites, including in connection with any applications you submit, we may also use or share your Personal Information without your consent for any legitimate purpose as allowed under the applicable laws and regulations (see the section labelled “Notice Regarding Requested Consents,” below), including fulfilling our contractual obligations to you. Arora has taken certain organizational and technological security measures to protect your Personal Information, described in the “How We Protect Your Information” section, and requires at least the same degree of organizational and technological security measures to be used by all third parties with whom we may share your Personal Information.
In certain circumstances, we may be required to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Disclosures of Your Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of Personal Information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records Personal Information categories.
Category C: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category I: Professional or employment-related information.
Category J: Non-public education information.
Category K: Inferences drawn from other Personal Information.
We may disclose your Personal Information for a business purpose to the following categories of third parties:
- Clients and business partners;
- Government entities;
- Service providers;
- Affiliates of Arora;
- Social media websites;
- Internet cookie data recipients, such as Google Analytics; and,
- Successors (or potential successors) to all or part of our business.
We do not collect Personal Information related to Categories D (“Commercial information”) or H (“Sensory information”), so have not disclosed such information to third parties.
Sales of Your Personal Information
It is our policy not to sell Personal Information. As such, in the preceding twelve (12) months, we have not sold Personal Information.
How We Protect Your Personal Information
We have also put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The safety and security of your information also depends on you. If you choose, or are provided with, a user name, password, or any other piece of information when you create an account as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to that account, or any portion thereof, using your user name, password, or other security information. You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer or device so that others are not able to view or record your password or other personal information. You are entirely responsible for maintaining the confidentiality of the information you hold for your user name, password, or other information related to your account. You may be held liable for losses incurred by us as a result of your failing to keep your login information secure and confidential.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information when it is received by us, we cannot guarantee the security of your Personal Information transmitted to our Sites and cannot completely eliminate security risks associated with Personal Information. Any transmission of Personal Information is at your own risk. We are not responsible for any circumvention of any privacy settings or security measured related to the Sites.
Notice Regarding Requested Consents
When we are using your Personal Information on the basis of your consent, you are entitled to withdraw that consent at any time. If you revoke your consent, you will not be penalized or prejudiced for revoking your consent.
These uses, among others, may include:
- Complying with legal obligations, for example, tax, employment, and other laws or regulations;
- Fulfilling our contractual obligations to you;
- Fulfilling our legitimate business interests and purposes, whether performed by ourselves or a third party, so long as that purpose does not override your fundamental rights and freedoms;
- Preventing fraud;
- For internal administrative purposes, whether your information is maintained internally or shared with our subsidiaries and affiliates, franchisees, or third-party contractors for this purpose;
- Ensuring network and information security;
- Establishing, exercising, or defending against any legal claims; or,
- Using your Personal Information in accordance with any valid consents you have given.
When we collect, retain, or use your Personal Information based on a legitimate interest or the public interest, as described above, you may have the right to object at any time to that use of your Personal Information if your local law gives you that right.
Notice Regarding Children
We do not target our Sites or Services toward or intentionally gather Personal Information about visitors who are under the age of 13. If a child under 13 submits Personal Information to us and we learn that the Personal Information is the information of a child under 13, we will attempt to delete that Personal Information as soon as possible. If you believe that we might have any Personal Information from a child under 13, please contact us using the information in the below “Contact Us” section.
By using this Site, you represent that you are at least the age of majority in your state, province, or country of residence, or that you are the age of majority in your state, province, or country of residence and you have given us your consent to allow any of your minor dependents to use this Site.
Links to Other Sites
How to Contact Us
Phone: (301) 947-1400
The Arora Group, Inc.
ATTN: Legal Department
903 Russell Avenue, Floor 4
Gaithersburg, MD 20879
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Your Personal Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see the section labelled “Exercising Your Access, Data Portability, and Deletion Rights”), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and,
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see the section labelled “Exercising Your Access, Data Portability, and Deletion Rights”), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies that allows or requires us to retain your Personal Information.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or,
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Your Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either calling us at (833) 284-9163 or submitting a request through our website by clicking on this hyperlink and completing the form. Please complete the form in its entirety so that we may verify your identity. If we do not receive enough information to verify your identity and the validity of your request, we may need to contact you to collect any additional information needed to respond to your request. As a reminder, any additional information collected in connection with your rights request will only be used for the purpose of responding to your request
Please note that our Sites are not configured to accept and respond to web browser Do Not Track (DNT) signals. As such, if you would like to exercise your privacy rights, we encourage you to do so by submitting a request using one of the methods described above.
You do not need to create an account with us to exercise the rights made available to you under the CCPA. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request and in order to respond to your request. We will maintain a record of your request for the purposes of complying with California law, but will delete any information that you provide in connection with your request and that we are not required to retain within thirty (30) days from the date your request has been closed.
Please also note that you are currently only permitted to submit one type of request at a time. If you would like to submit multiple request types, please submit a separate form for each and we will work with you to process the requests in an appropriate order. As a reminder, some requests may be inconsistent with others, so we encourage you to plan accordingly. For example, if you submit a deletion request and later submit a data portability request, we may have already deleted your Personal Information from our systems and will be unable to fulfill your data portability request.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, you must authorize that agent to act on your behalf and the agent must have registered with the California Secretary of State. Before processing any request received from an authorized agent, we will take reasonable efforts to confirm their identity and their authority to act on your behalf.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
For instructions on exercising sale opt-out rights, see the section labeled “Personal Information Sales Opt-Out and Opt-In Rights.”
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days for a total period of time not to exceed ninety (90) days from when your request was submitted), we will inform you of the reason and necessary extension period in writing no later than forty-five (45) days after we receive your request.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically a comma separated value (.csv) file.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information at any time (the “right to opt-out”). It is our policy not to sell Personal Information. We also do not sell the Personal Information of consumers we actually know are less than 16 years of age. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing firstname.lastname@example.org.
DO NOT SELL MY PERSONAL INFORMATION
You may also choose to submit a request to opt-out of the sale of your Personal Information by using the general CCPA Rights Request process as described in the section labelled “Exercising Your Access, Data Portability, and Deletion Rights.”
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may change your mind and opt back into Personal Information sales at any time by using the general CCPA Rights Request process as described in the section labelled “Exercising Your Access, Data Portability, and Deletion Rights.”
As with the other rights made available to you under the CCPA, you do not need to create an account with us to exercise your opt-out rights. We will only use Personal Information provided in an opt-out request to review and respond to the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or,
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Sites that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please click on this hyperlink and complete the form.
Rights and Choices for Nevada Residents
If you are a resident of the State of Nevada, you have the right to request that Arora not sell the Personal Information we currently have about you or that we might collect about you in the future. Although it is currently our policy not to sell Personal Information, if you would like to register an email address with Arora to request that we not sell your Personal Information now or in the future, please click on this hyperlink and complete the form.
Following our receipt of your request, we will make reasonable efforts to verify your identity and that the request is authentic. When we have verified your request, we will confirm that your Personal Information will not be sold by Arora. If you change your email address in the future, please note that you will need to re-register the new email address with us so we can continue to ensure that we do not sell your Personal Information.
Arora will only use the information you provide in connection with your request to process that request. Because of the on-going nature of your right not to have your Personal Information sold under Nevada law, we will retain the information provided in this request until you withdraw the request.