Last Updated: 11/23/22
Asteroidea Ventures, LLC dba Formative and its associated products including, but not limited to ‘Haystack’ develop and operate websites, provide products and services through mobile and other applications. We refer to these as "site(s)," "service(s)," or "our sites and services."
For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”), the Data Controller is:
Attn: Data Controller
Address: 821 Second Avenue, Suite 600, Seattle, WA 98104
Personal information is information that can be used to identify, locate, or contact an individual, and includes other information that may be associated with personal information. When you interact with our sites and services, depending on the site or service, we may collect the following personal information directly from you:
a. Account or Registration Information where needed to use our sites and services, and may include your name, address, email address, telephone number, birthday, user account name, and password;
b. Contact Information, which generally includes your name, addresses, email addresses, social media website user account names, and/or telephone numbers;
c. Payment Information where needed to process payments and generally includes your credit or debit card number, expiration date, and card verification number;
d. Transaction Information, which may include information about how you interact with and use our sites and services, email, other communications, and applications, and how you interact with merchants, business partners, and service providers;
e. Geographic Location Information but only if your device transmits location data and/or your IP address and you have activated a location-enabled site or service;
f. Job-Search-Related Information where needed for recruitment purposes and may include educational and employment background;
g. Survey Data where needed for the functionality of certain services and generally includes survey questions and responses, and may allow you to import email addresses and names in order to send surveys or to allow us to send surveys on your behalf;
h. Appointment Information, where needed to schedule an appointment or consultation through our online appointment or consultation services and may include the requested appointment information; and
i. Your Submissions, which generally includes information you voluntarily provide through free form text boxes, forums, document upload, or data retrieval or import.
In each of the above instances, you will know what personal information we collect through our sites and services because you voluntarily and directly provide it to us.
We may collect and store certain technical information when you use our sites and services. For example, our servers receive and automatically collect information about your computer and browser, including, for instance, your IP address, browser type, domain name from which you accessed the site or service, device size and other software or hardware information.
In addition, we may collect information about how you use of our sites, including but not limited to, the date and time you visit the sites, the areas or pages of the sites that you visit, the amount of time you spend viewing the sites, the number of times you return to the sites, visits to sites outside our network, and other click-stream data.
We will only collect and process personal information, including sharing it with third parties, where we have a legal basis for such collection and processing. We rely on a number of legal bases, including:
a. our legitimate interests in providing and improving our sites and services;
b. our legitimate interests in keeping our sites and services safe and secure;
c. our third-party service providers’ legitimate interests as described in “Other Information We Automatically Collect Through Cookies” above;
d. your consent to the processing of your personal information, which you can revoke at any time;
f. where the processing of your personal information is required to protect your vital interests or those of another person, such as other users of our sites and services;
g. where the processing of personal information is necessary to comply with a legal obligation such as a law, regulation, search warrant, subpoena, or court order.
We may use the personal information that you provide in one or more of the following ways:
a. to carry out our obligations arising from your purchase of, or subscription to, our services or any other contract entered into between you and us;
b. to enable site features such as geographically specific pricing or logging, and retrieving and providing analysis of data;
c. to send you important notices, such as communications about changes to your account, and our sites' and services' terms, conditions, or policies;
d. to process payments and to send you emails, invoices, receipts, notices of delinquency, alerting you if we need different or updated payment card information or other communications in connection with processing and collecting payments;
e. to verify the information you provide through our sites and services, including income and employment information, in connection with a loan request sent through our sites and services;
f. to solicit input and feedback to improve our sites and services and customize your user experience;
g. to contact you via email, telephone, text or chat in a manner required by law;
h. to meet contractual obligations;
i. to send you reminders, technical notices, updates, security alerts, support and administrative messages, and service bulletins;
j. to manage our sites' and services' administration, forum management, or fulfillment;
k. to provide customer service and technical support;
l. to prevent fraud or potentially illegal activities, or to comply with applicable law;
m. for internal purposes such as auditing, data analysis, and research to improve our products, services, and communications;
n. to allow you to apply for a job or sign-up for special offers from third parties through our sites and services.
In addition to the uses described above, we may use personal information that we collect for other purposes that are disclosed to you at the time we collect the information, or with your consent.
We may use information collected from you through cookies and other tracking technologies in one or more of the following ways:
a. to remember you when you return to our sites;
b. to understand and analyze trends, to monitor usage, and learn about user behavior;
c. to gather demographic information about our user base as a whole;
d. to customize ads, content, or offers on our sites and services; and
e. to conduct market research and measurement in order to improve our sites, content, and services and to make our sites, content, and services more useful for users.
We may share your personal information with third parties in the following circumstances:
a. when we engage third parties to perform services on our behalf, such services include maintenance, hosting, data storage, security, analytics and data analysis, payment processing, marketing, email and text message distribution, customer service, and surveys;
b. where necessary to operate our sites and services, your personal information and the contents of all of your online communications on or through our sites and services may be accessed and monitored:
i. to satisfy any applicable laws or regulations;
ii. to defend ourselves in litigation or a regulatory action;
iii. in order to protect the rights or property of Formative;
iv. when we have a good faith belief that we are required to disclose the information in response to legal process (for example, a subpoena, court order, or search warrant);
v. where we believe our sites and services are being used in the commission of a crime, including to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and risk management; and
vi. when we have a good faith belief that there is an emergency that poses a threat to the health and/or safety of you, another person, or the public generally.
c. in the event of a merger, acquisition, debt financing, restructure, sale of Formative assets by or with another company, or a similar corporate transaction, we may need to disclose and transfer all information about you, including personal information, to the successor company.
We may share personal information about you for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
You may always direct us not to share your Personal Information with third parties, not to use your Personal Information to provide you with information or offers, or not to send you newsletters, e-mails or other communications by: sending us an e-mail at firstname.lastname@example.org Your opt-out request will be processed within 30 days of the date on which we receive it.
If you wish to verify, correct, or update any of your Personal Information collected through the Site, you may contact us at the above address or e-mail. In accordance with our routine record keeping, we may delete certain records that contain Personal Information you have submitted through the Site. We are under no obligation to store such Personal Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Information. In addition, you should be aware that it is not always possible to completely remove or delete all of your information from our databases without some residual data because of backups and other reasons.
Please be aware that certain records and information will be retained for specific purposes such as legal, payment, accounting, technical, dispute resolution, or customer service. We may reject requests that are unreasonably repetitive or impractical, require disproportionate technical effort, or risk the privacy of others.
We retain your personal information while your account is active or as needed to provide you services. Additionally, we may retain personal information even after your account has been closed if retention is reasonably necessary to comply with our legal or regulatory obligations, resolve disputes, prevent fraud and abuse, enforce any contract entered into between you and us, or if it is not technically feasible to delete your personal information.
To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical, and administrative safeguards, including: Transport Layer Security (TLS), firewalls, system alerts, and other information system security technologies; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage, and processing practices. We use reasonable and appropriate administrative, physical, technical, and data security procedures and controls to safeguard your personal information against unauthorized access, disclosure, loss, misuse, and alteration.
We use third-party service providers to manage credit card and payment processing. These service providers are not permitted to store, retain, or use billing Information except for the sole purpose of credit card and payment processing on our behalf. When you enter payment information to be processed by our third-party service providers, we encrypt the transmission of that information using transport layer security (TLS) technology and do not store it on our systems.
Children under the age of 13 are not permitted to use our sites and services. We do not knowingly collect personal information from children under the age of 13 or utilize plug-ins or ad networks that collect personal information through child-directed third-party websites or online services. If we learn that we have collected personal information from a child under 13, we will take steps to promptly delete such information.
We are headquartered in the United States. Our sites and services are intended for users in the United States and hosted and administrated in the United States or hosted with cloud service providers who are headquartered in the United States and in other countries. If you are located outside the United States, be aware that information you provide to us or that we obtain as a result of your use of our sites and services may be processed in, transferred to, and stored in the United States and in any other countries from where our cloud service providers operate. Please be aware that the privacy laws and standards in certain countries may differ from those that apply in the country in which you reside. By using our sites and services or providing us with your information, you consent to the transfer of your information for processing and storage to the United States and any other country from where our cloud service providers operate.
This section is provided pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”) and other applicable California privacy laws. This section applies solely to our users who are California residents as defined under applicable California privacy laws.
Within the last twelve (12) months, we have or may have collected the following categories of information from our users and/or consumers:
a. identifiers, such as a name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers;
b. personal information listed under Cal. Civ. Code § 1798.80(e);
c. internet or other similar network activity, such as browsing history, search history, information regarding your interaction with a website, application, or advertisement;
d. geolocation data; and
e. professional or employment-related information.
We obtain the categories of personal information listed above from the following categories of sources:
a. directly from users, such as you, as described above under “Personal Information that You Provide to Us”;
b. indirectly from other users of our sites and services;
c. indirectly from third-parties that interact with us in connection with the services that we perform; and
d. directly and indirectly through cookies and other technologies, as described above under “Other Information We Automatically Collect through Cookies.”
The personal information described in the categories above may be used for the business purposes listed above under “How We Use Personal Information.”
We do not sell the personal information of consumers that we know are minors under 16 years of age without affirmative authorization as required under the CCPA.
As of January 1, 2020, California residents, as defined under applicable California privacy laws, may take advantage of the following rights:
a. You may request, up to two (2) times each year, that we disclose to you, once we receive and confirm your verifiable consumer request, the: (i) categories and specific pieces of personal information that we have collected about you; (ii) categories of sources from which your personal information is collected; (iii) business or commercial purpose for collecting your personal information; (iv) categories of personal information that we disclosed for a business purpose; (v) categories of personal information that we sold about you; (vi) categories of third-party information; and (vii) business or commercial purpose for selling your personal information.
b. Subject to certain exceptions and up to two (2) times each year, you may request that we delete any of your personal information that we collected from you. Once we receive and confirmed your verifiable consumer request for deletion, we will delete (and direct our service providers to delete) such personal information from our records, unless an exception applies.
To exercise the access and deletion rights described above, please submit a request to us by sending an email to: email@example.com
Your request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or that you have authority to make the request; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide proof of written authorization to do so, and you must verify your identity directly with us, unless such authorized agent provides proof of a power of attorney pursuant to Probate Code sections 4000 to 4465.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
We will not discriminate against you for exercising any of your rights under the CCPA. Accordingly, and unless permitted by the CCPA, we will not:
a. deny you goods or services;
b. charge you different prices or rates for goods or services, including through the use of discounts or by imposing penalties;
c. provide you a different level or quality of goods or services; or
d. suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
We may charge a different price or rate or provide a different level of service if the difference is reasonably related to the value provided by your personal information.
FOR RESIDENTS OF THE EUROPEAN UNION ONLY. Under European data protection law, in certain circumstances, you have the right to:
a. request access to your personal information;
b. request correction of your personal information;
c. request erasure of your personal information;
d. object to processing of your personal information;
e. request restriction of processing your personal information;
f. request transfer of your personal information; and
g. withdraw your consent.
In addition, you have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your personal information) if we intend to use your personal information for such purposes or if we intend to disclose your information to any third party for such purposes.
You can exercise any of these rights by sending an email to firstname.lastname@example.org with "EU Privacy Rights" in the subject line. If you believe that we have not complied with its obligations under this