This Privacy Policy (“Privacy Policy”), describes how Ascarit Ltd. (“Ascarit”, “we” or “our”) collects, uses, and discloses certain information, including Personal Data (as defined below), in connection with the following:

  1. our international website’s visitors and users at: https://ascarit.com/, and any content, features or services included therein (“website” and “Visitors”, respectively); and 
  2. individuals who have made an online purchase of our natural supplement products (“Customers” and “Product(s)” respectively) through our website. 

Visitors and Customers shall be further referred to herein as “you” or “your”. The website and any services provided therein including the purchase of a Product shall be further referred to herein as “Services”.

This Privacy Policy constitutes an integral part of our website’s Terms and Conditions (collectively the “Terms”) and provides you with information regarding what Personal Data we collect and for what purposes, our data processing operations, the lawful basis according to which we process your Personal Data, third parties to whom Personal Data will be transferred, data retention periods, etc. 

This Privacy Policy also describes how you may exercise your rights, where and to the extent applicable under relevant privacy legislation, including the EU and the UK General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 effective January 1, 2023 (“CPRA”) ”) (collectively the “CCPA”), the Virginia Consumer Data Protection Act of 2021 (“VCDPA”), the Colorado Consumer Protection Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA“) and other federal, state laws, etc. (all collectively shall be defined as “Data Protection Laws”).

You are not required by law to provide us with any Personal Data. Sharing your Personal Data with us is entirely voluntary. However, without your data, we would not always be able to provide you with all or some of our Services.

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the Website and the update date will be reflected in the “Last Updated” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify you otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

 

Ascarit Ltd., incorporated under the laws of the state of Israel, is the “Data Controller” or ”Business” (as such terms are defined Data Protection Laws) of the Personal Data detailed under this Privacy Policy.

For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact our privacy team follows: 

By E-Mail: [email protected] 

By Mail:

Ascarit Ltd.;

Mevo’ot 9, Savyon, Israel. 

 

We collect two types of information, depending on your interaction with us. 

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual or other identifiers of the individual from which the Non-Personal Data is collected. Non-Personal Data which is being gathered via access or interaction with the website, consist of aggregated usage information, as well as technical information transmitted by your device, such as the type of operating system, browser, internet service provider (ISP), or device settings (e.g. default language), etc. 

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data” or “Personal Information”). Furthermore, we may process “Special Categories of Personal Data“, as such term is defined under applicable Data Protection Laws, where provided by the Customer, and as detailed below.

Personal Health Information” or “PHI”: means any information that relates to food supplements, blood glucose level, or current treatment, is identified with an individual who is the subject of such blood glucose treatment or health condition, and considered under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as Personal Health Information (“PHI”). The Services are in essence, a consumer e-commerce platform, which is not subject to HIPAA, however, we take the confidentiality of your PHI very seriously and maintain the PHI under strict security measures. 

 

The table below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations: 

TYPE OF DATA PURPOSES OF PROCESSING LAWFUL BASIS UNDER THE GDPR
WEBSITE VISITORS
Online Identifiers and Usage Data

When you access our website or otherwise interact with its content and features (including if you are our Customer) we collect certain online identifiers, such as internet protocol address (IP), Cookie ID and other unique identifiers (“Online Identifiers”).

Further, we will collect information related to your use and interaction with our website. This information may include, for example, the referring URL (that is, the webpage directing you to our website, and other websites you visited in the session), how you interact with our webpages and content, access time and date, duration of use, pages you have viewed on our website, clickstream, etc. (“Usage Data”).

In addition, as our website and provide information on our Product, which is a food supplements for diabetes, by processing Usage Data, we may be provided with insights regarding visitors’ potential medical situation (“Health-Related Data“). 

We process Online Identifiers and Usage Data through our or third-party cookies and tracking technologies for analytic, marketing and advertising purposes. 

For example, we process this data to understand how Visitors use our website and to measure effectiveness of our content and to improve our marketing.  

In addition, Usage Data related to our website help us to better understand our business, analyze our operations, maintain, improve, design, and develop our Services, conduct statistical analysis, etc.

Further, we process such data for our website operation and functionality, security and fraud prevention purposes, debugging purposes and to resolve technical problems.

Note that, we do not attempt to analyze or determine your identity based on such information or otherwise combine it with any information such as your name or email address.

We will use the Health-Related Data solely to manage our business transactions with Partners and track conversion.   

Where we process Online Identifiers or Usage Data for operation and security purposes, we process your data based on our legitimate interest. 

Where we process Online Identifies or Usage Data for analytic and advertising purposes, we process such data based on your consent which we will obtain through our cookie notice and consent management tool (“CMP“).

You may withdraw consent at any time by using the cookie settings tool made available on our website or by managing opt-out through your browser or device settings.

You may also contact us at: [email protected]

Contact Us

Where you contact us with any inquiries, either through any means of communications we make available (e.g., the online webpage available HERE, for partnership HERE, or by email), you will be requested to provide us with your contact information such as your name, email address phone number, and any other information you choose to share with us through your correspondence or other communications with us (“Contact Data”).

We process your Contact Data for the purpose of responding to your inquiries and provide you with the support or information you have requested. 

Our correspondence with you, and its content, may be further processed and stored by us in order to improve our customer services, and in the event we reasonably determine it is needed in order to comply with any regulatory requirement, or for handling and defending against any future claims or dispute you might have with us. 

We process your Contact Data subject to our legitimate interest.

After addressing your inquiry, we may retain your data in our systems as part of our business records keeping under our legitimate interest. 

If we deem necessary, following a legal obligation or to defend our claims, we may store such correspondence for a longer period.

CUSTOMERS
Order Placement

If you place an order, as part of the checkout process, you will be requested to provide us with certain information such as your full name, email address, phone number, and billing and shipping address (“Order Placement Data”).

Note, that you will further be required to provide your payment method details; however, as your payment is being processed by our third-party payment processor PayPal, Frontask, we will not store nor have access to your full payment information. 

However, where applicable we may solely have access to the 4 last digits of your payment method and expiry date which we must obtain for record-keeping purposes. 

Consequently, payment data shall be governed by the third-party payment processors’ privacy practices as detailed – PayPal, Frontask. 

We collect and use your Order Placement Data to process and deliver your order, including to provide you services related notice (such as send you order confirmation, invoices, shipment status, etc.).

We will further store your Order Placement Data to maintain bookkeeping records and to comply with any regulatory requirements (e.g., tax related). 

In addition, we process such data for direct marketing purposes, meaning, as our Customer we may send you marketing related communications, materials and content regarding our Products or any other products we may offer in the future, to keep you up to date (“Direct Marketing”). 

We process your Order Placement Data for the purpose of performing our contract with you.

Following the completion order delivery, we nay further retain and store the data as part of our internal record keeping, including for legal defense from any possible future claims or disputes subject to applicable law requirements, as well as subject to our legitimate interests. 

In addition, we process your Order Placement Data for direct marketing purposes subject to our legitimate interest. 

You can opt-out at any time using the “unsubscribe” link within the emails you will receive from us. 

Please note that if you choose to unsubscribe from our direct marketing, we will still send you service-related emails, such as invoices.

Shopping History

We will retain records of the Product orders you have made from us (“Shopping History”).

We retain and use your Shopping History to process cancel and refunds, handle any inquiry you may have, as well as to maintain bookkeeping records.

In addition, we may use such data in order to analyze Customers’ preferences, enhance and personalize your shopping experience (including, for example, to offer additional products), and improve our Services, and marketing efforts.

Where we use your Shopping History to comply with your order-related inquiries, we process it in order to perform our contract with you. 

Where we process your Shopping History for other purposes, we process it based on our legitimate interest.

Customers Support:

Where you contact our customer support team regarding your order or the placement of an order (i.e., refunds, order tracking, etc.), you will be requested to provide us with your email address and any additional information required to allow us to handle your inquiry (“Customer Support Communications”).

Customer Support Communications will be used for the purpose of responding and handling your inquiries. 

In addition, our correspondence with you, and its content, may be processed and stored by us to improve our customer services and to comply with any regulatory request or for the defense of any future claim.

We process Customer Support Communications based on our legitimate interest. 
Feedback Survey

If you voluntarily choose to provide us your feedback regarding the service or participate in our surveys, you will be request to fill out our forms and provide us with your name, email, and additional information as requested during such participation, and may include details regarding your age group, your experience about the product, etc.

We use this information to evaluate your applicability to our survey, improve, revise and enhance our Service, as well as optimize and customize the Services. We process the information you will provide while participating and filling out our forms, based on your consent. You may withdraw your consent at any time by contacting us, as detailed under this Privacy Policy.

 

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the Cross Border Data Transfer section below, is based on the same lawful basis as stipulated in the table above. 

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of our Services and to enforce our terms of use and other policies, as well as to protect the security or integrity of our databases and the website, and to take precautions against legal liability. Such processing is based on our legitimate interests. 

 

Depending on the nature of your interaction with us, our website and our Services, we may collect Personal Data as follows:

Automatically – we may use cookies (as elaborated below) or similar tracking technologies to gather some information automatically when you interact with our website or Services.

Provided by you voluntarily – we will collect Personal Data if and when you choose to provide us with the information, such as where you place an order, contact us, apply to event, etc.

 

COOKIES AND TRACKING TECHNOLOGIES

We use “cookies” (or similar tracking technologies) when you access to, interact with, or use our website and Services. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, enabling automatic activation of certain features (e.g., shopping cart), for statistical purposes, as well as for advertising purposes. You can find more information about cookies here: www.allaboutcookies.org

 

We share your Personal Data with third parties, including our partners or service providers that help us provide operate and manage our website, business operation, marketing operations and our Services. You can find in the table below information about the categories of such third-party recipients. 

CATEGORY OF RECIPIENT TYPE OF PERSONAL DATA SHARED PURPOSE OF SHARING
The Ascarit company group  All types of Personal Data We may share Personal Data with other affiliates or subsidiaries within the Ascarit group, where applicable and where we believe, for example, when your inquiry applies to a specific subsidiary of Ascarit or where required to meet our legal and regulatory obligations. 
Service providers  All types of Personal Data  We employ other companies and individuals to perform functions on our behalf. This might include sending communications, processing payments, analyzing data, providing marketing and sales assistance (including advertising and event management), identifying errors and crashes, conducting customer relationship management, delivery, shipments, etc. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purposes other than providing us with requested services.
Any acquirer of our business All types of Personal Data We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy. 
Enforcement of our rights and security detections.   All types of Personal Data We may disclose Personal Data and when applicable PHI, to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.
Legal and law enforcement   Subject to law enforcement authority request. We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

Please note, where we share information with services providers, agents, and partners, we ensure they only have access to such information that is strictly necessary to enable us to operate and provide the website and the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations (such service providers may use other Non-Personal Data for their own benefit).

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your Personal Data. Depending on your relationship with us, your jurisdiction and the applicable data protection and privacy laws that apply to you, you have the control and request certain limitations or rights to be executed.

For detailed information on your rights and how to exercise your rights, please see the Data Subject Request Form (“DSR”) available HERE and send it to our privacy team at [email protected].

Certain rights can be easily executed independently by you without the need to fill out the DSR Form:

Please note, in the event you are a Customer – note that termination of the engagement such as completion of the order does not automatically resolve in deletion of data. If you wish to delete the data, please ensure to contact us with such a request. 

You may opt-out directly from third party retargeting cookies or other ad-technology trackers through self-regulatory services. For more information, please visit:

Use the Global Privacy Control (“GPC”) signals.

You can also opt out of interest-based advertising with some of the service providers we use, such as Google HERE, Google Analytics HERE, Google Ads HERE.

 

We retain Personal Data we collect for as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out, where applicable. 

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so. 

Securing your Personal Data (including your PHI) is of high priority. We design our systems with your security and privacy in mind. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards, such as encryption (i.e., using SSL), access restrictions, and permissions Ascarit’s employees, contractors, agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us at: [email protected], if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

 

Due to our global business operation, we may store or process your Personal Data in several territories, including, for example, Israel, the UK, the EU, the US, or other countries. Our data servers in which we host and store the information are located in the U.S. Ascarit’s HQ is based in Israel in which we may access the information stored on such servers or other systems such as Ascarit’s ERP, CRM, and other systems. Thus, any Personal Data you provide us may be transferred to and processed in countries other than the country from which you accessed our website or otherwise the country of your jurisdiction. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer. Where Personal Data collected within the European Economic Area (“EEA“) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments and or assurances from the data importer to protect your Personal Data, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well recognized certification schemes.

 

Our website and Services are not intended for use by users under the age of 18, and we do not knowingly process children’s information. We will discard any information that we receive from a user that is considered a “child” immediately upon our discovery that such a user shared information with us. Please contact us at: [email protected] if you have reason to believe that a child has shared any information with us.

 

Below we will provide jurisdiction specifications on how and if the rights below apply to you, depending on your residency and how to exercise your rights. 

Additional Information for California Residents

This section applies only to California residents pursuant to the CCPA. Please see the CCPA Privacy Notice, which discloses the categories of Personal Information collected, purpose of processing, source, categories of recipients with whom we share the Personal Information for a business purpose, whether the Personal Information is sole or shared, the retention period, and how to exercise your rights as a California resident.

Additional Information for Colorado Residents

This section applies to Colorado residents acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context). Pursuant to the Colorado Privacy Act (“CPA”) please see below the disclosure of the categories of Personal Data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third-parties the controller shares or sells the Personal Data, or sells the Personal Data for advertising and how to opt-out.

Personal Data as defined in the CPA means information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

“Sensitive Data” include (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. 

Under CPA, Ascarit needs to provide a privacy notice that identifies the categories of Personal Data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third-parties the controller shares or sells the personal data, or sells the Personal Data for advertising and how to opt-out.

YOUR RIGHTS UNDER CPA:

Herein below, we will detail how consumers can exercise their rights, and appeal such decision, or if Ascarit sells the personal data, or sells the personal data for advertising and how to opt-out.

Right to Access/ Right to Know You have the right to confirm whether and know the Personal Data we collected on you  You can exercise your right by reviewing this Privacy Policy, in case you would like to receive the Personal Data please fill in this form to receive a copy of your data
Right to Correction  You have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data. You can exercise this right directly by filling in this form
Right to Deletion You have the right to delete the Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3)  Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5)  Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.

If you would like to delete your Personal Data please fill in this form.
Right to Portability  You have the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. If you would like to receive the Personal Data please fill in this form to receive a copy of your data we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
Right to Appeal  If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal.

If we deny the appeal, you may contact the Colorado Attorney General using this link: https://coag.gov/office-sections/consumer-protection/  or (720) 508-6000.

Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions. 
Duty not to violet the existing laws against discrimination or non-discrimination  Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our users. 

Response Timeline

We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: [email protected] and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at: https://coag.gov/file-complaint/.

We will deliver our written response by mail or electronically, at your option. 

Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. 

ADDITIONAL INFORMATION FOR CONNECTICUT RESIDENTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (“CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

“Personal Data means any information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act. 

Sensitive Data means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal data collected from a known child; Precise geolocation data. In certain cases, we will process precise geolocations data if you explicitly enable the GPS permission within our properties. 

Under CDPA, Ascarit is required to provide you with a clear and accessible privacy notice that includes categories of Personal Data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.

Please read the “Your Rights Under CPA” paragraphs under the CPA Additional Information.

Response Timeline

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45-day response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

ADDITIONAL INFORMATION FOR VIRGINIA RESIDENTS

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable natural person, and does not include publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; Information excluded from the VCDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act. 

The VCDPA requires Ascarit to disclose the categories of Personal Data processed, purpose of processing, how you can exercise your rights, including how you may appeal our decision with regard to the consumer request, the categories of Personal Data shared with third parties and with whom, and if the Ascarit sells Personal Data to third parties or processes Personal Data for targeted advertising. 

Please read the “Your Rights Under CPA” paragraphs under the CPA Additional Information.

Response Timeline

We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period of time by contacting us at: [email protected] and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at: https://www.oag.state.va.us/consumercomplaintform.

We will deliver our written response by mail or electronically, at your option. 

Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. 

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

ADDITIONAL INFORMATION FOR NEVADA RESIDENTS

Nevada law allows Nevada residents to opt out of the sale of certain types of Personal Information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of Personal Information for monetary consideration to another person. We currently do not sell Personal Information as defined in Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales, and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to [email protected]

ADDITIONAL INFORMATION FOR UTAH RESIDENTS 

Under the Utah Consumer Privacy Act (“UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights concerning your Personal Data are described below. Personal Data means data that is linked or reasonably linkable to an identifiable individual and does not include de-identified data and publicly available data or data that is processed not within the scope of UCPA. 

Please read the “Your Rights Under CPA” paragraphs under the CPA Additional Information.

NOTICE TO NEVADA RESIDENTS

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to [email protected].