MESSARI PRIVACY POLICY

Last Modified: March 7, 2023

You can find the previous version of our Privacy Policy here.

Welcome to Messari. This privacy policy (“Privacy Policy” or “Policy”) sets out how Messari, Inc. and its affiliates (collectively, “Messari,”  we,” “us,” or “our”) collects, uses, and protects any personally identifiable information (“Personal Information”) that you provide to us, or that we otherwise collect or are provided, when you use any of our websites, mobile applications (“apps”), social media pages, or any other products or services offered by us (collectively, “Services”). We are committed to ensuring that your privacy is protected. When using Messari.io or any of its subdomains (the “Site”) or any other Services, you may be asked to provide certain Personal Information, which will be used only in accordance with this Policy, as updated from time to time.

BY USING OR ACCESSING THE SITE OR ANY OF THE OTHER SERVICES IN ANY MANNER, YOU ACKNOWLEDGE THAT YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY, AND YOU HEREBY CONSENT THAT WE MAY COLLECT, USE, AND SHARE YOUR PERSONAL INFORMATION IN THE WAYS DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH OR YOU ARE NOT COMFORTABLE WITH ANY ASPECT OF THIS PRIVACY POLICY, YOU SHOULD IMMEDIATELY DISCONTINUE ACCESS OR USE OF OUR SITE AND ALL OTHER SERVICES.

AT ALL TIMES, YOUR USE OF THE SITE AND ALL OTHER SERVICES IS SUBJECT TO THE TERMS OF USE, WHICH INCORPORATES THIS PRIVACY POLICY. Any terms we use in this Policy without defining them have definitions given to them in the Terms of Use.

1.  OVERVIEW

1.1.        What This Policy Covers.  This Privacy Policy covers our treatment of Personal Information that we gather when you are accessing or using our Site or other Services. We gather, are provided by you or third-parties, or otherwise collect, various types of Personal Information from our users, and we use this Personal Information internally in connection with our Services, including to personalize, provide, and improve our Services; to allow you to set up a user account and profile; to contact you and allow other users to contact you; to fulfill your requests for certain products and services; and to analyze how you use the Services. In certain cases, we may also share some Personal Information with third-parties, but only as described in this Policy.

1.2.       Links to Other Websites, Apps, and Services.  The Site and other Services may contain links to third-party websites, apps, and services of interest (collectively, “Third Party Services”). Please note that we have no control over such Third Party Services. Therefore, once you use any of these links to leave our Site or other Services, we cannot be and are not responsible for the protection and privacy of any information that you provide      while visiting or using Third Party Services, and those Third Party Services are not governed by this Policy. You should exercise caution and review the privacy statement(s) applicable to the Third Party Services in question, which you use at your own discretion.

2.  COLLECTION OF YOUR INFORMATION

2.1.       General Information.  We collect or receive information about your interactions with us through information you provide directly to us, information collected automatically, and information collected from other websites (such as additional information from other companies, publicly available information, information about households, or other information that we may append, combine, or match to your information collected or received by us). Depending on how you use our Services, your information may include:

(a)   Registration-related information (e.g., name, addresses, email addresses, telephone numbers, occupation, and information imported from social login permissions granted to us);

(b)   Usage-related information (“Usage Data”), which may be collected automatically by us, or through our Services or third-party services within our Services (e.g., what Services you use, how often you use them, anything you may publicly share or post using tools made available by our Services, your responses to the offerings and advertisements presented or made available by us);

(c)   Technical information, including:

2.1.c.1.   your browser and operating system;      

2.1.c.2.  your manner of connecting to the Internet and the name of your Internet service provider or wireless carrier;      

2.1.c.3.  your Internet Protocol (IP) address;      

2.1.c.4. referring websites or services (i.e., websites or services you used immediately or shortly prior to using the Site or other Services);      

2.1.c.5.  exiting websites or services (i.e., websites or services you used immediately or shortly after using our Site or Services);      

2.1.c.6.  data relating to malfunctions or problems occurring when you use our Services; and

2.1.c.7.  information about other software on your device (for the limited purpose of protecting your security or improving your online experience);

(d)   Search-related information (e.g., searches you perform on our Site or through our other Services and how you use the results of those searches);

(e)   Transaction-related information (e.g., credit card or other preferred means of payment, billing information, credit card number, billing address, and/or a history of purchases through our Services);

(f)    Access-related information (e.g., device, connections, and methods used to access and interact with our Services);

(g)   Communication-related information (e.g., text messages, emails, faxes, telephone calls, and postal mail from or with Service end-users, as well as from third-party      sources including database vendors); and

(h)   Customer service information about you as a user of our Services.

2.2.      Information Collected Automatically.  Whenever you interact with our Services, we may automatically receive and record information from your browser or device.  Usage Data may sometimes be essentially anonymous or aggregated when collected, but could be used indirectly to identify a person. Such Usage Data may include:

(a)   the IP addresses or domain names of the computers utilized by Service end-users;

(b)   URI (Uniform Resource Identifier) addresses;

(c)   the time of the request;

(d)   the method utilized to submit the request to the server;

(e)   the size of the file received in response;

(f)    the numerical code indicating the status of the server’s answer (such as successful outcome and error);

(g)   the country of origin;

(h)   the features of the browser and the operating system used by you;

(i)     the various time details per visit (such as the time spent on each page within the Services) and the details about the path followed within the Services with special reference to the sequence of pages visited;

(j)     other parameters about the device operating system and/or your IT environment; and

(k)   data, conversion rates, marketing and conversion data and statistics, reports, analytics data, reviews, and surveys.

2.3.      Tracking Options; Do Not Track Disclosures.  Some web browsers incorporate a "Do Not Track" feature that signals to websites and Services that you visit that you do not want to have your online activity tracked. Each browser communicates "Do Not Track" signals to websites differently, making it unworkable to honor each and every request correctly. In order to alleviate any communication error between browsers and our Services, our Services do not support "Do Not Track" signals or requests at this time. As the technology and communication between browser and website improves, we may elect in our discretion to reevaluate the ability to honor "Do Not Track" signals and may make changes to our policy. You may adjust your browser or operating system settings to limit this tracking or to decline cookies, but by doing so, you may not be able to use certain features on the Services or take full advantage of all of our offerings. Check the “Help” menu of your browser or operating system to learn how to adjust your tracking settings or cookie preferences. To learn more about the use of cookies or other technologies to deliver more relevant advertising and your choices about not having this information used by certain Service Providers (defined below), please click here. Note that our systems may not recognize Do Not Track headers or requests from some or all browsers.

2.4.     Personal Data.  In some countries or jurisdictions, including in the European Economic Area (EEA) or the State of California, some Personal Information (as defined above)      may be considered “personal data” under applicable data protection laws. Please consult Sections 6 and 7 for more details.

3.  USE OF YOUR INFORMATION

3.1.       How Your Information May Be Used.  Your Personal Information may be used for purposes that include:

(a)   Operating and improving our Services, including to fulfill your requests for customer service, tools, software, functionality, features, and other products and services;

(b)   Analyzing Usage Data and conducting research about your use of our Services (e.g., we may use Usage Data to provide better service to visitors or end-users, customize the Services based on your preferences, and compile and analyze statistics and trends about the use of our Services);

(c)   Curating content in response to your usage of Services (e.g., to help offer you other products, features, or services that may be of interest, to personalize the content and advertisements provided to you, and to present offers to you on behalf of business partners and associates);

(d)   Maintaining legal and regulatory compliance (e.g., to ensure that we are complying with all laws applicable to Messari regarding the processing of Personal Information);

(e)   Ensuring network and information security (e.g., to prevent malicious attacks on our networks);

(f)    Facilitating corporate acquisitions, mergers or other transactions;

(g)   Enforcing our Terms of Use or other agreements;

(h)   Detecting and preventing fraud (e.g., sharing data with third-party service providers specializing in fraud detection);

(i)     For other marketing purposes (e.g., to communicate with you and to respond to your inquiries/feedback); and

(j)     For any purpose for which you otherwise provide your consent.

3.2.      Cookies.  We may use cookies, flash cookies, local shared objects, web beacons, pixels, single pixel GIFs, clear GIFs, and other technologies, along with your Personal Information, to enhance and personalize your experience and gather information that helps us optimize our Services. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. This Policy does not cover the use of cookies by any third-parties, and we are not responsible for their respective privacy statements or practices. We use the following types of cookies on the Site and Services:

(a)   Session cookies, which exist only during an online session. They may disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site or otherwise utilizing the Services. This allows us to process your online transactions and requests and to verify your identity, as you move through our Services     .

(b)   Persistent cookies, which may remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track and aggregate statistical information about user activity, and to display advertising on third-party sites.

(c)   Advertising cookies, which are used to serve you personalized online ads. Your browser is assigned a pseudonymous ID, used to track the ads that have been served to your browser, and to identify those on which you’ve clicked. These providers may use cookies to select and serve you ads when you click on ads that appear on the Site or other Services, and based on your browsing behavior. You can opt-out of advertising cookies as described in Section 4.4.

(d)   Analytics cookies, which are used to compile aggregate and statistical data about site traffic and site interaction so that we can offer a better website experience and tools in the future. Typically, these “analytics” cookies do not need access to Personal Information for their operations. We may contract with third-party service providers to provide these analytics services. They are contractually prohibited from using Personal Information collected on our behalf except to help us conduct and improve our business. We use Google Analytics to provide these analytics services. You can opt out of Google Analytics accessing your information at https://tools.google.com/dlpage/gaoptout.

4.  SHARING OF YOUR INFORMATION

4.1.       General Disclosure Policy.  We may share your Personal Information with certain third-parties to provide products and services that you have requested, when we have your consent, or as otherwise described in this Policy. Notwithstanding the foregoing, we reserve the right to disclose Usage Data without restriction. We reserve the right to disclose or use Personal Information as described below.

4.2.     De-Identified Information.  We may de-identify your Personal Information so that you are not identified as an individual, and we may share such aggregated, non-personally identifiable information, publicly or with our partners like publishers, advertisers, or connected websites (e.g., sharing information publicly to show trends about the general use of our Site or other Services).

4.3.      User Profiles and Submissions.  Certain user profile information (e.g., your name, location, and any text, image, or video content that you have uploaded to the Services) may be displayed to other users to facilitate user interaction or to address your request for our Services. Your account privacy settings may allow you to limit the other users who can see Personal Information in your user profile and/or what information in your user profile is visible to others. Please remember that any content you upload to your public user profile, along with any other Personal Information or content that you voluntarily disclose online in a manner in which other users can view (e.g., on discussion boards, in messages or chat areas) becomes publicly available, and it may be indexable by search engines, or copied, forwarded, saved, or archived by anyone. Your username may also be displayed to other users if you send messages or comments, upload text or images, or share features publicly (e.g., a public watchlist) through the Services, and other users may be able to contact you through messages or comments.

4.4.     Advertisers.

(a)   Your Personal Information may be used for the presentation of advertisements. We may use ad networks to customize and display advertising on our Services. We may share certain information about you as a user (e.g., age, zip code, or other information we have collected or received) with certain ad networks and service providers to help them deliver more relevant content and advertisements through their networks. We may work with other companies for certain services, such as analytics or advertising, and you may be subject to their privacy policies as well, though you may be able to opt-out through them directly.

(b)   To learn more about targeted advertising and advertising networks, or about your ability to opt-out of collection of information by certain third-parties, please visit the opt-out pages of the Network Advertising Initiative or the Digital Advertising Alliance. Please note that opting-out of advertising cookies does not mean that you will not be served ads; you will continue to receive non-personalized ads.

(c)   We may deliver a files to you, through the Services from an ad network, called web beacons. Web beacons allow ad networks to provide anonymized, aggregated auditing, research, and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Because your web browser must request these advertisements and web beacons from the ad network’s servers, these companies can view, edit, or set their own cookies, just as if you had requested a web page from their site. You may be able to opt-out of web beacon tracking conducted by third-parties through our Services by adjusting the Do Not Track settings on your browser; please note that we don’t control whether or how these third-parties comply with Do Not Track requests.

(d)   Our offerings may include features or functionalities provided by third-parties, or may integrate or interact with third-party products and services (including via APIs, plug-ins, links, frames, embedding, or other interactions). In the process of providing such functionalities within our Services, your browser or other tools or technology may send certain information to those third-party providers. The use of these third-party-provided features or functionalities may be subject to those third parties’ own privacy policies. For example, we may use a third-party for ad serving, retargeting, remarketing, and/or for analytics, in which case such third-party may have access to your data, subject to its policies. These third-party vendors may use their own cookies and/or other third-party cookies together to (i) inform, optimize, and serve ads across the web based on your past visits to our Services and others; and (ii) report to us how your ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our site. If and to the extent from time to time we use Double Click or another Google brand for ad serving, analytics, remarketing, retargeting, etc., you can set certain preferences and opt-outs using Google Ads Settings, and Google Analytics’ currently available opt-outs, found at https://www.google.com/ads/preferences and https://adssettings.google.com.

4.5.      Affiliated Entities.  We reserve the right to provide your Personal Information and Usage Data to any affiliated entities we may have, including our subsidiaries. Affiliated entities are entities that we control, that control us, or with which we are subject to common control by another entity.

4.6.     Business Partners.  Business partners or other third-parties may receive data about groups of our users, but, except as otherwise permitted herein, do not receive Personal Information of individual users. In certain situations, businesses or third-party websites we are affiliated with may offer or provide products or services to you, through or in connection with, the Services (either alone or jointly with us). We may share your Personal Information with these affiliated businesses only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third-party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such related policies.

4.7.     Service Providers.  We reserve the right to provide access to your Personal Information and Usage Data to our trusted service providers that assist us with the operation and maintenance of our Site and other Services. We may contract with third-parties to process payments, host our servers, or to provide security, production, fulfillment, optimization, analytics, reporting, legal, accounting, Internet, and other services. We will use commercially reasonable efforts to ensure that our service providers will be given access to your Personal Information only as is reasonably necessary to provide the services for which they are contracted. Some examples of such service providers are the following:

(a)   Messari’s Slack integration makes it seamless to receive real-time updates on crypto assets directly into a user’s Slack workspace. In order to provide these updates, Messari may request certain permissions from Slack, including information about (i) the channels available within the workspace, (ii) access tokens, and (iii) application settings, including which channels have been white-listed and configured as the target for an alert policy. Each member’s Slack integration is managed by the associated Messari Enterprise account and may be uninstalled at any time at the respective administrator’s discretion. Messari does not have access to member names, messages, or Personal Information related to member(s), including individual user names or associated email addresses. Copies of data may be retained for backup purposes for a maximum of 30 days after account deletion or when integration is removed. Data may be deleted sooner upon user request. You may also be subject to Slack’s privacy policy, available here.

(b)   Messari may use HubSpot trackers or Salesforce trackers to collect Personal Information and Usage Data using cookies. Please refer to Section 3.2 to read more about cookies.

(c)   Messari may use Plaid, Inc. ("Plaid") to connect your Messari account with your bank account, verify your bank account, and confirm your bank account balance prior to approving a transaction. Information shared with Plaid is treated by Plaid in accordance with its Privacy Policy, available at https://plaid.com/legal/#end-user-privacy-policy.

4.8.     Co-Marketers; Cross-Promotion; Sponsorships.  We may participate with another company or individual, for the purposes of jointly promoting our Services, promotions, or contests, or their products, services, promotions, or contests. We reserve the right to disclose Personal Information to them for the purposes of (i) compensation, transaction-processing, fulfillment, and support; and (ii) offering you other products, services, promotions, or contests. These marketing partners may also contact you about other or related products, services, promotions, or contests.

4.9.     Business Transfers; Successors.  We may choose to buy or sell assets or other interests in third-parties and may share or transfer Personal Information in connection with the evaluation of, and entry into, such transactions. Also, if we (or all or some of our assets or other interests) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third-party. If such an action results in a material change in the use of your Personal Information, you will be provided notice (which may be via updates to this page) about your potential ability to decline to permit such a transfer.

4.10.   Legal Process, Enforcement, and Security Notice.  Notwithstanding anything in this Policy to the contrary, we reserve the right to access, read, preserve, and disclose any Personal Information under the following circumstances:

(a)   To satisfy any applicable law, regulation, legal process, or governmental request (e.g., to comply with a subpoena or court order);

(b)   To detect, prevent, and address fraud or other illegal activity; and

(c)   To investigate, respond to, or enforce violations of our rights, or the security of our Site or other Services (including policies within our Terms of Use and other agreements), or that of Messari, our employees, or our users.

5.  ACCESS TO AND CHOICES ABOUT YOUR INFORMATION

5.1.       Accessing Your Information.  The information you may view, update, and delete may change as the Services change. Through your account settings, you may access, and, in some cases, edit or delete the following information that you have provided to us:

(a)   Account email address and password;

(b)   Identifying name or username, or legal name;

(c)   Location; and

(d)   User profile information (including text, images, and other content you may have uploaded to the Site or other Services).

5.2.      Choices Regarding Your Information.  You may have the right to restrict the collection or use of your Personal Information in the following ways, and with the corresponding caveats. Further rights regarding your Personal Information can be found in Sections 6, 7, and 8.

(a)   Whenever you are asked to fill in a form on our Site or our other Services, consider what information to include and exclude. For instance, sometimes, there may be a box that you can check or uncheck to indicate that you do not want the information to be used for direct marketing purposes.

(b)   We may provide you with access to your registration and the ability to edit this information in your account settings dashboard and profile pages.

(c)   If you have previously agreed to our using your Personal Information for direct marketing purposes, you may change your mind at any time by writing to us using the contact information below. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.

(d)   Some of our Services may provide you with additional information and choices about your privacy, which you should review.

5.3.   Notes Regarding Information Requests.

(a)   Please bear in mind that if you exercise any rights regarding your Personal Information (including those listed in Section 5, 6, 7, and 8), this may affect our ability to provide our Services. While Messari will make commercially reasonable efforts to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such requests, if allowed or required by applicable laws.

(b)   In the event that we cannot take action with respect to a request relating to your Personal Information, in certain jurisdictions, you may have the right to appeal that decision. If you choose to exercise your rights, we may ask that you provide sufficient information, including the Services you have used in the past, your state and country of residence, identification, and contact information, in order for us to verify your identity and process your request. Depending on the types of requests, we may ask for additional information.

(c)   You may use an authorized agent to submit a request on your behalf related to your Personal Information. If you choose to use an authorized agent, you should supply your agent with written permission to act on your behalf in relation to your request, and your agent must provide us with proof of such authorization before we process your request.

(d)   Please be aware that even after you delete or update information within our Services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems. Similarly, if and to the extent any information is indexable by search engines (including public profile information), it may not be updated by such search engines when we update it, and old versions may be archived by them or by other third-parties.

5.4.   Legal Basis.  In addition to and without limiting any other legal basis described in this Policy, our legal basis for collecting and using your Personal Information is to do so with your consent, which you may withdraw at any time; where we need the Personal Information for performance of a contract or requested service; or where the collection and use is in our or another’s legitimate interest(s) and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect and use the Personal Information in question. You understand and agree that we may collect, use, disclose, and otherwise process any information that you provide, even if you are located outside of the United States.

6.  FOR EUROPEAN ECONOMIC AREA (EEA) AND UNITED KINGDOM (UK) USERS

6.1.       Legal Basis.  If you are a European resident, our legal basis for collecting and using your Personal Information is to do so with your consent; where we need the Personal Information for performance of a contract; or where the collection and use is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the Personal Information in question. If we collected your Personal Information with your consent, you may withdraw your consent at any time. Our retention of your Personal Information and any subsequent communications are based on our legitimate interest in providing you with new and potentially relevant materials based on your geography, role, or company. As always, you can elect to opt-out from receiving such future communications. To the extent that we transfer Personal Information from the EEA or the UK to a jurisdiction outside the EEA or the UK that has not been determined by the European Commission as providing adequate data protections (such as the United States), we will ensure that such Personal Information is safeguarded through appropriate contractual terms or other approved mechanisms.

6.2.      Additional Rights.  If you are a resident of the EEA or the UK, you have the right to:

(a)   Find out if we use your Personal Information, access your Personal Information, or receive copies of your Personal Information;

(b)   Update your Personal Information, or request to have it corrected or amended if it is inaccurate or incomplete;

(c)   Withdraw any express consent that you have provided to the processing of your Personal Information at any time without penalty, including the deletion or the request of deletion of your Personal Information, as long as we have no other legal basis to use as such;

(d)   Restrict the processing of your Personal Information if you believe your Personal Information is inaccurate, no longer necessary for our business purposes, or simply object to our processing of your Personal Information (pending our investigation and/or verification of your claim);

(e)   Request portability of your Personal Information for transfer to another provider;

(f)    Object to automated decision-making; and

(g)   Complain to your local data protection authority at any time.

6.3.      Disclosures.  To withdraw consent or exercise the aforementioned rights, please contact us as described in Section 11.1. Please note that withdrawing your consent will not affect the lawfulness of any processing that we may have conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If we ask you to provide Personal Information to us to comply with a legal requirement or enter into a contract, we will inform you of this and let you know whether providing us with your Personal Information is required, and, if not, the consequences of not sharing your Personal Information with us. Similarly, if we collect and use your Personal Information in reliance on our or a third-party's legitimate interests and those interests are not already listed above in Section 3, we will inform you of those legitimate interest(s).

6.4.     Filing Complaints.  If you are not satisfied with our response, or believe we are processing your Personal Information in violation of the law, you have the right to lodge a complaint with the Supervisory Authority (also known as Data Protection Authority) in your EEA country or in the UK. For our operations within the EEA or UK, our Lead Supervisory Authority is the UK Information Commissioner’s Office. You may find the contact details for your appropriate data protection authority on the following website.

7.  FOR CALIFORNIA USERS

7.1.    General. We may share your Personal Information with third-parties and affiliated third-parties (such as local, state, and regional affiliates, and affiliate alliances) for their direct marketing purposes. As these third-parties and this category of affiliated third-parties are considered an “unaffiliated party” under California law, California residents may opt out of our disclosure of Personal Information to third-parties for their direct marketing purposes, OR ask us for a notice identifying the categories of Personal Information shared with affiliates or third-parties for marketing purposes, and contact information for such affiliates or third-parties (pursuant to the state’s “Shine the Light” law (California Statute § 1798.83)). To receive a copy of this notice or otherwise exercise your rights under the California Consumer Privacy Act (CCPA), please contact us using the contact information in Section 11.1.

7.2.   Additional Rights. In addition to the rights discussed in Section 5, If you are a California resident, you have the following rights, subject to certain exceptions as set forth in the CCPA:

(a)   Right to access Personal Information. You have the right to receive the specific pieces of your Personal Information we have collected about you in the 12 months preceding your request.

(b)   Right to data portability. You have the right to receive a copy of your electronic Personal Information in a readily-usable format.

(c)   Right to Know. You have the right to receive information from us regarding the categories of Personal Information we collected, the sources from which we collect Personal Information, the purposes for which we collected and shared Personal Information, the categories of any Personal Information we sold as well as the categories of third-parties to whom such Personal Information was sold, and the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding your "right to know" request.

(d)   Right to Request Deletion. You have the right to request the deletion of the Personal Information that you provided to us. Please note that in certain instances we may not be able to process your request, such as (i) due to the existence of a legal obligation, (ii) to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, or (iii) in order to complete a transaction for which your Personal Information was collected.

(e)   Right to Non-Discrimination. You have the right to be free from discrimination by us as a result of you exercising your rights under the CCPA.

7.3.   Categories of Information Collected, How That Information Is Used, and How to Opt Out.

(a)   Please refer to Section 2 for a list of categories of Personal Information that we may have used or disclosed for business purposes in the last 12 months.

(b)   Please refer to Sections 3 and 4 for descriptions on how your data may be used.

(c)   To opt out, please submit a request through our Right to Opt-Out Form.

8.  ADDITIONAL PROTECTIONS

8.1.       For Children.  Our Services are not intended for children under 16 years of age. No one under age 16 may provide any Personal Information to or on the Site or other Services. We do not knowingly collect Personal Information from children under 16. If you are under 16, do not use or provide any information on this Site or through any other Services. If we learn we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us as indicated in Section 11.1.

(a)   California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see Section 7 for more information.

8.2.      Other Jurisdictions. If you are a resident of a jurisdiction not specifically mentioned in this Policy, you may have additional rights not listed here. If you believe that you have an exercisable right relating to this Policy not otherwise listed, please contact us as indicated in Section 11.1.

9.  INFORMATION SECURITY

9.1.       Our Commitment to Security.  We have established commercially reasonable safeguards to protect the Personal Information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, but we cannot guarantee that your Personal Information will never be disclosed in a manner inconsistent with this Policy (e.g., as a result of unauthorized acts by third-parties that violate applicable law, or our or our affiliated providers’ policies). Please be aware that despite our efforts, no data security measures can guarantee 100% security.

9.2.      Your Obligations.  Your account is protected by a password for your privacy and security. (We may use passwords and other technologies to register or authenticate you and to enable you to take advantage of our Services.) You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and by limiting access to your computer or device and browser by signing-off after you have finished accessing your account. We are not responsible for any lost, stolen, or compromised passwords, or for any activity on your account via unauthorized password activity.

10.DATA STORAGE AND RETENTION

10.1.     General Information.  Your Personal Information is stored and processed in our servers located in the United States and may also be stored or processed in other countries by our service providers, if and to the extent compliant with law. You understand and agree that Messari may collect, use, disclose, and otherwise utilize the information you provide as described in this Policy, even if you are from an area outside the United States. Your Personal Information may be disclosed in response to inquiries or requests from governmental authorities or to respond to judicial process in the United States or other jurisdictions. We will retain your Personal Information for as long as it is needed to provide you with the Services, or to fulfill any legal or contractual obligations we may have.

10.2.    Notice for EEA Users.  Your Personal Information may be transferred to and processed in the United States, which has data protection laws that are different from those in your country and may not be as protective.

11. GENERAL

11.1.      Contact Us. 

(a)   If you would like to make a request to download, transfer, delete or update your Personal Information, please submit a request through our Privacy Request Form.

(b)   To “opt-out” under the CCPA, please submit a request through our Right to Opt-Out Form.

(c)   If you have any questions or concerns about this Privacy Policy or its implementation, you may contact privacy@messari.io or toll-free at +1 855-965-4516.

(d)   Note that we may reject requests that are unreasonably repetitive, risk the privacy of others, require disproportionate technical effort (e.g., developing a new system or fundamentally changing an existing practice), or would otherwise be extremely impractical (e.g., requests for information residing in backup storage that is not easily accessible).

11.2.     Changes to this Policy.  We may update our Privacy Policy from time, and so you should review this Policy periodically. We may reach out to you on the Services, by email notification, or by some other means to inform you of any changes to the Policy. If you have opted not to receive legal notice emails from us, or you haven’t provided your email address, those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding the Policy. Your continued use of the Services constitutes your acceptance of any such changes.