Privacy Policy

Last Updated: 06/19/2024

INTRODUCTION

UCG Inc. dba Dabstract and its affiliated entities (hereafter “Dabstract,” “our,” “we,” or “us”) respect your privacy and are committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy is intended to inform our users (“user(s)”, “you”, or “your”) about how we may collect and use the personal information that you provide through your use of and access to our website, mobile applications, and other services, or when you otherwise interact with us (collectively, the “Services”), the manner in which we may use such information, how we protect it, and the choices available to you regarding our use of your personal information.

We may modify or supplement this Privacy Policy from time to time by posting those changes on this page. Any changes will become effective as of the date of posting. Please review this Privacy Policy often so you are always fully informed of any changes. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us or if you are aware that any personal data we hold is inaccurate.

This Privacy Policy is binding on all those who access, visit, and/or use the Services, whether acting as an individual or on behalf of an entity.  If you do not agree to be bound by this Privacy Policy, then do not access or use the Services. 

This Privacy Policy is part of our Terms of Use, which govern your use of the Services. By using the Services, contacting us to inquire about the Services, or otherwise providing us with information, you consent to our Privacy Policy and agree to our Terms of Use.

The Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, including our third-party payment processors, and are not responsible for their privacy statements. When you leave the Services, we encourage you to read the privacy policy of every website you visit.

Depending on your location, you may be subject to different protection standards and broader standards may therefore apply to some. In order to learn more about the protection criteria, please refer to the applicable section below.

If you have any questions about this Privacy Policy, please contact us as directed below.

Children’s Data Protection and Parental Responsibility

We recognize the importance of children’s safety and privacy. The Services are not designed to attract children and are not intended for use by any children or individuals under the age of 21. We do not request, or knowingly collect, any personally identifiable information from children under the age of 13. Minors under the age of 21 may not use the Services under any circumstances.  If you are the parent or guardian of a child under 13 who has provided her or his information to us, please contact us at info@dabstract.com to request the deletion of that information.

THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes (but is not limited to) first name, last name, username or similar identifier, title, and date of birth.

  • Contact Data includes (but is not limited to) billing address, residential address, email address and telephone numbers.

  • Transaction Data includes (but is not limited to) payments to and from you and other details of products and services you have purchased using the Services.

  • Technical Data includes (but is not limited to) internet protocol (IP) address, unique mobile device identification numbers, type of device, login data, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.

  • Location Date includes (but is not limited to) your general location data (e.g., IP address), and, with your permission, the precise location of your mobile device. Please note that for most mobile devices, you can manage or disable the use of precise location services for all applications in the settings menu of your mobile device.

  • Profile Data includes (but is not limited to) your login details, preferences, feedback, photos, and other input you choose to include.

  • Usage Data includes (but is not limited to) information about how you use the Services.

  • Marketing and Communications Data includes (but is not limited to) your preferences in receiving marketing from us and our third parties, news about our products and your communication preferences.

If you make any purchases using the Services, Financial Data, which includes your bank account and payment card details, will be collected and processed by us or our external payment service provider. 

We also collect, use and share Aggregated Data such as statistical data, demographic data and data relating generally to the Service for any purpose, which does not constitute personal data. Aggregated Data may be derived from your personal data but is anonymized and is not considered personal data by law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Services. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We use analytics software to allow us to better understand the functionality of our software on your device. This software may record information such as aggregated usage and performance data. We do not link the information we store within the analytics software to any personal information you submit within the Services.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to provide the Services or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us.

HOW YOUR DATA IS COLLECTED

We use different methods to collect data from and about you including, but not limited to:

  • Direct interactions. You may give us your Identity Data, Contact Data and Financial Data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:

    • make purchases using the Services;

    • create an account;

    • request marketing to be sent to you;

    • request support for the Services; or

    • give us feedback.

  • Automated technologies or interactions. As you interact with the Services, we may automatically collect Technical Data and Location Date about your equipment, browsing actions and patterns. We collect this personal data by using cookies, pixels, server logs and other similar technologies. We may also receive Technical Data and Location Date about you if you visit other websites employing our cookies. 

  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

    • Technical Data and Location Data from analytics providers, advertising networks and search engine providers.

    • Identity, Transaction, Financial and Contact Data shared with us by a business you interact with that uses the Services as part of their business.

    • Contact and Transaction Data from providers of technical, payment and delivery services.

    • Identity and Contact Data from data brokers or aggregators.

    • Identity and Contact Data from publicly availably sources.

HOW WE USE YOUR DATA

We will only process your personal data as allowed by law. Most commonly, we will use your personal data in the following circumstances:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.

  • To create, maintain, customize, and secure your account with us.

  • To process your requests, purchases, transactions, and payments.

  • To provide you with support, respond to your inquiries, and address your concerns and monitor and improve our responses.

  • To personalize your Website experience and to deliver content, product, and service offerings relevant to your interests, including targeted offers via email or text message (with your consent, where required by law).

  • To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets.

  • For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.

  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.

You have the right to withdraw consent to marketing at any time by contacting us at info@dabstract.com. The withdrawal of consent will not affect the lawfulness of any processing that took place before the withdrawal.

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out below, in a table format, a description of all the ways we may use your personal data, and which of the legal bases we rely on to do so. 

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose/Activity

Type of data

Basis for processing 

To register you as a new user

(a) Identity
(b) Contact
(c) Technical

(d) Location
(e) Profile
(f) Usage

Provision of the Services or performance of a contract with you

To process your purchases including:
(a) Manage payments, fees and charges
(b) Obtain consent for marketing activities performed by third parties

(c) Updating your transaction history

(a) Identity
(b) Contact
(c) Transaction
(d) Marketing and Communications

(a) Performance of a contract with you
(b) Explicit consent

(c) Necessary for our legitimate interests (to keep our records updated)

To manage our relationship with you which will include:
(a) Notifying you about changes to our Terms of Use or Privacy Policy
(b) Asking you to leave a review or take a survey

(c) Fulfilling our business relationship with you

(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how users use our products/services)

To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical

(d) Location
(e) Transaction
(f) Usage
(g) Profile Data

(a) Performance of contract
(b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
(c) Necessary to comply with a legal obligation
(d) Necessary for our legitimate interests to detect or prevent unlawful acts

To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve the Services, marketing, user relationships and experiences

(a) Technical
(b) Usage
(c) Marketing and Communications
(d) Profile

Necessary for our legitimate interests (to define types of users, to keep the Services updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

To process your job application to work with us

(a) Identity
(b) Contact

Performance of a contract with you

To facilitate a duty of care to you

(a) Identity
(b) Contact
(c) Transaction
(d) Profile
(e) Usage

Necessary for our legitimate interest (to help you manage aspects of your activities when interacting with our products/services)

We may disclose information where we are required to do so by law, for example, in response to a court order or a subpoena, or where we disclose information to data processors who act on our behalf (service providers or other group companies who provide support for the operations of the Services and who do not use or disclose the information for any other purpose). To the extent permitted by applicable law, we also may disclose personally identifiable information in response to a law enforcement agency’s request or other public agency’s (including schools or children services) request or if we feel that such disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using the Services, protect the security or integrity of the Services and networks, and/or enable us to take precautions against liability, misuse or unauthorized use.

Marketing

We provide you with choices regarding our use of your personal data for marketing and advertising purposes. You will receive marketing communications from us if you have subscribed for an account with us or purchased goods or services from us and you have not opted out of receiving that marketing. All of our marketing communications to you contain an opt out option and you can opt out at any time. Please note that the opt out will not affect the lawfulness of processing that has taken place before the opt out.

Opting Out

You can ask us to stop sending you marketing messages at any time by contacting us at info@dabstract.com at any time.

Opting Out of Geolocation

If you have previously allowed us to access your geolocation data, you can stop making geolocation available to us by visiting your mobile device’s settings for the Services or the “settings” page for the Services.

Opting Out of Other Communications

When you install the Services on your mobile device you can choose to receive push notifications, which are messages we send you on your mobile device even when the mobile app is not on. You can turn off notifications by visiting your mobile device’s “settings” page.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. 

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and obtain your consent to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

WHY WE MAY SHARE YOUR DATA

Where necessary, we transmit your personal data to processors and other recipients (including those listed below) for one or several of the purposes described above:

  • Other users of the Services;

  • Our affiliates and subsidiaries;

  • External service providers, including payment processors, authentication providers, and related entities;

  • Government agencies and public authorities; and

  • External operators of websites, applications, services and tools.

The Service offers social sharing features and other integrated tools (such as the Facebook “Like” button), which let you share actions you take on the Service with other media, and vice versa. The use of such features enables you to share your information with your friends or the public, depending on your selected settings on those platforms. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide those features.

DATA SECURITY

We incorporate commercially reasonable safeguards to help protect and secure your personal information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the Services, and you provide us with your information at your own risk.

If you have any questions about security on the Services or if you become aware of any unauthorized use of an account or suspect a security breach, notify us immediately via email at info@dabstract.com. If our security system is breached, we will notify you of the breach only if and to the extent required under applicable law.

DATA RETENTION

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Data Protection Rights Under the General Data Protection Regulation (GDPR)

If you are a resident of or located within the European Economic Area (EEA), you have certain additional data protection rights. These rights include:

  • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

  • The right to object. You have the right to object to our processing of your personal information.

  • The right of restriction. You have the right to request that we restrict the processing of your personal information.

  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.

  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Legal Basis for Processing Personal Information Under GDPR

Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal information we collect and the specific context in which we collect it.

We may process your personal information because:

  • We need to perform a contract with you;

  • You have given us permission to do so;

  • The processing is in our legitimate interests and it is not overridden by your rights; or

  • To comply with the law.

Retention of Information

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

We will also retain usage data for internal analysis purposes. Usage data is data collected automatically either generated by the use of the Services or from the Services’ infrastructure itself (for example, the duration of a page visit). Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Services or we are legally obligated to retain this data for longer periods.

Transfer of Information

Your information, including personal information, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We will take all the steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Personal Information

Disclosure for Law Enforcement - Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Legal Requirements

We may disclose your personal information in the good faith belief that such action is necessary to:

  • To comply with a legal obligation

  • To protect and defend our rights or property

  • To prevent or investigate possible wrongdoing in connection with the Services

  • To protect the personal safety of users of the Services or the public

  • To protect against legal liability

Security of Information

The security of your personal information is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Please note that we may ask you to verify your identity before responding to such requests.

Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your personal information first. 

For more information, please contact your local data protection authority in the EEA.

YOUR DATA PROTECTION RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you

  • The categories of sources for the personal information we collected about you

  • Our business or commercial purpose for collecting that personal information

  • The categories of third parties with whom we share that personal information

  • The specific pieces of personal information we collected about you (also called a data portability request)

  • If we disclosed your personal information for a business purpose, disclosures identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.

  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

  • Debug products to identify and repair errors that impair existing intended functionality.

  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

  • Comply with a legal obligation.

  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either: 

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, you must provide a valid power of attorney under California’s Probate Code or other verifiable written documentation granting the agent permission to make the request.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:

  • Using https://www.dabstract.com/contact-us. You must provide at least two data points that we can match with the personal information we have collected about you.

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: 

  • Deny you goods or services.

  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

  • Provide you a different level or quality of goods or services.

  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time. 

Other California Privacy Rights

Dabstract does not generally engage third parties for direct marketing purposes.  However, we provide notice here of California’s “Shine the Light” Law (Civil Code Section § 1798.83), which permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email with the subject “Shine the Light Law Request” to info@dabstract.com  or write us at UCG Inc., 1275 4th Street, #372, Santa Rosa, CA  95404, Attn: Compliance – Shine the Light Law Request. 

STATE PRIVACY RIGHTS

Under some U.S. state laws residents may have the rights listed below:

  • Right to Know: The right to request the personal data that we collect, uses or discloses and information about our data practices;

  • Right to Request Deletion: The right to request that we delete the personal data we have collected about a user; 

  • Right to Opt-Out of Data Sales: The right to restrict the sale to third parties of a user’s personal data that we have collected; 

  • Right to Non-Discrimination: The right to not be discriminated against for exercising any of these rights;

  • Right to Correct Information: The right to update or correct the personal data that we collect;

  • Right to Limit Use or Disclosure of Sensitive Personal Information: The right to limit the use and disclosure of Sensitive Personal Information (as defined under the CPRA);

  • Right to Access Information Related to Automated Decision Making: The right to inquire about our logic involved in automated decision-making applied to personal data we collect; and

Right to Opt-Out of Automated Decision-Making Technology: The right to request a user’s removal from having automated decision-making applied to a user’s personal data that we collect.

To request further information pursuant to a user’s “right to know” or to request deletion of personal data pursuant to the user’s “right to request deletion”, please contact us at info@dabstract.com.

Only a user or an authorized agent may make a request related to such user’s personal data. Note that to respond to a user’s requests to access or delete personal data as outlined in applicable state laws, we must verify the user’s identity. 

Changes in this Privacy Policy

We reserve the right to modify and update this Privacy Policy at any time by posting an amended version of the statement on the Services.  Please refer to this policy regularly. If at any time we decide to use personal information in a manner different from that stated at the time it was collected, we will notify you either on the Services or via email.

QUESTIONS AND COMMENTS

If you would like to provide feedback to us about this Privacy Policy, or if you have any questions, please contact us at info@dabstract.com.