Carma Project Privacy Policy

Last Updated: 5/__/2022

Carma Project, Inc. (“Carma Project,” “we,” “us,” or “our”), provide our Services to allow our customers to locate vehicles for purposes of protecting individuals, communities, and companies. This Privacy Policy is designed to help you understand how we collect, use, process, and share your personal information, and to help you understand and exercise your privacy rights.

SCOPE AND UPDATES TO THIS PRIVACY POLICY
PERSONAL INFORMATION WE COLLECT
HOW WE USE YOUR PERSONAL INFORMATION
HOW WE DISCLOSE YOUR PERSONAL INFORMATION
YOUR PRIVACY CHOICES AND RIGHTS
SECURITY OF YOUR INFORMATION
RETENTION OF PERSONAL INFORMATION
SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
CALIFORNIA AUTOMATED LICENSE PLATE RECOGNITION (“ALPR”) USAGE AND PRIVACY POLICY
CHILDREN’S INFORMATION
OTHER PROVISIONS
CONTACT US

1. SCOPE AND UPDATES TO THIS PRIVACY POLICY

This Privacy Policy applies to personal information processed by us, on our websites, mobile applications, and other online or offline offerings, including related to automotive recalls, repossession, insurance, or other services that we may provide from time to time. To make this Privacy Policy easier to read, our websites, mobile applications, and other such offerings are collectively called the “Services.” This Policy applies to the following categories of individuals:

This Policy applies to the following categories of individuals:

“Consumers”: This includes the individual automobile owners from which license plate data is collected and individuals engaging with us through our Services to the extent not covered by Customer Data (defined below).
“Fleet Drivers”: This includes the individuals acting on our or our Customer’s behalf, using our Services to collect information from Consumers. This may include Carma Project employees and representatives, as well as independent contractors and third-party operators.
“Customers”: This includes the individuals who are business-to-business prospects and customers of our Services (and their representatives, employees, or other workers).

This Privacy Policy does not apply to any of the personal information that we process on behalf of our Customers through their use of our Services (“Customer Data”). Our Customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our Customers, not this Privacy Policy. Any questions or requests relating to Customer Data should be directed to our Customers.

Changes to our Privacy Policy. We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy takes effect.

2. PERSONAL INFORMATION WE COLLECT
‍
The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.

A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

Account Creation. We may collect personal information from users, such as Fleet Drivers when they create an account to use our Services, this includes their name, email address, username, and password.
Geolocation Data. We may collect precise geolocation metadata of Fleet Drivers and of Consumer vehicles related to license plate images captured and submitted by Fleet Drivers.
Your Communications with Us. We may collect personal information, such as email address, phone number, or mailing address when Consumers request information about our Services, register for communication services such as a newsletter, request customer or technical support, or otherwise communicate with us.
Interactive Features. We and others who use our website, app, and other Services may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, forums, blogs, and social media pages).
Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications. We may post job openings and opportunities on our Services. If you respond to one of these postings, we may collect your personal information, such as your application, CV, cover letter, and/or any other information you provide to us.

B. Personal Information Collected Automatically
‍
We may collect personal information automatically when you use our Services.

Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
Location Information. As noted in this policy, we may collect precise location information, such as the location of Fleet Drivers and Consumer vehicles, or otherwise in connection with the use of our Services.
Cookie Policy (and Other Technologies). We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of our Services.

Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

Our uses of these Technologies fall into the following general categories:

Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of our functionality;
Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below);
Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party digital properties.

Some of the advertising Technologies we use include:

Facebook Connect. For more information about Facebook’s use of your personal information, please visit Facebook’s Data Policy. To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.
Google Ad Manager. For more information about Google's use of data, consult Google's Google Analytics’ Privacy Policy. Users may decide to disable all the DoubleClick Cookies by going to: Google Ad Settings.

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. These Technologies allow us to better understand how our digital Services are used and to continually improve and personalize our Services. Our analytics partners include:

Google Analytics. For more information about how Google uses your personal information (including for its own purposes, e.g., for profiling or linking it to other data), please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
FullStory (Session Replay Analytics). We use FullStory’s session replay analytics services. This allows us to record and replay an individual’s interaction with the Services. For more information about how FullStory uses your personal information, please visit FullStory’s Privacy Policy. To learn more about how to opt out of FullStory’s use of your information, please click here.

C. Personal Information Collected from Other Sources

Third-Party Services and Sources. We may obtain personal information about you from other sources, including through third-party services and organizations. For example, on our Customer’s behalf, we may collect vehicle identification number (VIN) or other information associated with license plate data from vehicle identification services or other third parties. For example, with respect to job applicants, we also may obtain information you provide our human resources service providers for purposes of applying for an open position. Furthermore, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect personal information about you from that third-party application that you have made available via your privacy settings.

3. HOW WE USE YOUR PERSONAL INFORMATION
‍
We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.

A. Provide Our Services

We use your information to fulfill our contracts with our Customers based on their permissions and rights with their customers or otherwise to provide you with our Services, such as:

Process and fulfill Customer requests, which may include but is not limited to, checking vehicle information/location for safety recalls, auto repossession, identifying auto insurance garaging fraud, stolen vehicle recovery, marketing or other Services;
Send you information, service updates, notifications, and respond to comments or inquiries;
Provide you with information and content to share with third-parties;
Identify and validate who you are for fraud prevention and security purposes;
Providing access to certain areas, functionalities, and features of our Services;
Answering requests for customer or technical support;
Communicating with you about your account, activities on our Services, and policy changes;
Processing your financial information and other payment methods for products or Services purchased;
Processing applications if you apply for a job we post on our Services; and
Allowing you to register for events.
Measure performance and efficacy of services.

B. Administrative Purposes
‍
We use your information for various administrative purposes, such as:

Prevent and detect fraud and harmful or suspicious activity.
Maintain the security and integrity of our Services.
Ensure the safety and security of your and our information.
Conduct security and privacy investigations and assessments.
Fulfill our legal obligations and comply with our Terms of Use and applicable policies.
Provide technical support.

C. Marketing and Advertising our Products and Services

Improve your experience by providing content and features based on your information.
Administer promotions, sweepstakes, contests, and other promotional activities presented by us or our partners.
Deliver targeted marketing for our services on and off our website and applications, and measure the success of those campaigns.
Place advertisements that are based on your interests, experiences, and behavior so that they are more relevant to you.

Some of the ways we market to you may include email campaigns, custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking.

If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth in “Contact Us” below.

D. With Your Consent

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

E. Other Purposes

We also use your personal information for other purposes as requested by you or as permitted by applicable law.

De-identified and Aggregated Information. We may use personal information to create de-identified and/or aggregated information, such as demographic information, information about the device from which you access our Services, or other analyses we create.

4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
‍
We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide our Services

The categories of third parties with whom we may share your personal information are described below.

Customers. We may share your personal information with our third-party Customers to facilitate their use of the Services.
Service Providers. We may share your personal information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, payment processing, customer service, and related services.
Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.
Affiliates. We may share your personal information with our company affiliates for example: for our administrative purposes, IT management, or for them to provide services to you or support and supplement the Services we provide.
Other Users or Third Parties You Share or Interact With. As described above in “Personal Information We Collect,” our Services may allow us to share personal and other information with our Customers and other third parties with whom you have a relationship (including individuals and third parties who do not use our Services).
Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”
APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below.

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

5. YOUR PRIVACY CHOICES AND RIGHTS
‍
Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.

Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy).
Mobile Devices. We may send Fleet Drivers push notifications through our Fleet Driver mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device.
Phone calls. If you receive an unwanted phone call from us, you may opt out of receiving future phone calls from us by following the instructions which may be available on the call or by otherwise contacting us as set forth in “Contact Us” below.
“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Cookies and Personalized Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Please note you must separately opt out in each browser and on each device.

Your Privacy Rights. In accordance with applicable law, you may have the right to:

Access to and Portability of Your Personal Information, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the “right of data portability”);
Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
Request Deletion of your personal information;
Request Restriction of or Object to our processing of your personal information where under applicable laws the processing of your personal information involves a “sale” of data, sensitive information, or sharing for purposes of cross-contextual advertising, or based on our legitimate interest or for direct marketing purposes; and
Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

6. SECURITY OF YOUR INFORMATION
‍
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.

By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail, or by sending an email to you.

7. INTERNATIONAL DATA TRANSFERS

All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

8. RETENTION OF PERSONAL INFORMATION
‍
We store the personal information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

9. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
‍
This Supplemental Notice for California Residents only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Carma Project has collected about them, and whether Carma Project disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding twelve months. California residents can find this information below:

Category of Personal Information Collected by Carma Project	Category of Third Parties Personal Information is Disclosed to for a Business Purpose
Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers.	Service providers Business partners Affiliates Advertising networks Data analytics providers Government entities Operating systems and platforms Social networks
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Note: Some personal information included in this category may overlap with other categories.	Service providers Business partners Affiliates Advertising networks Data analytics providers Government entities Operating systems and platforms Social networks
Professional or employment-related information Current or past job history or performance evaluations.	Service providers

The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in “Personal Information We Collect” and “How We Use Your Personal Information” above, respectively.

“Sales” of Personal Information under the CCPA
California residents have the right to opt out of the “sale” of their personal information. Under the CCPA, “sale” is defined broadly and includes the transfer of personal information by a business to a third party for valuable consideration (even if there is no exchange of money). Carma Project does not “sell” consumer’s personal information. Information related to vehicles is provided to our Customers, but this information alone is not identifiable on a personal basis.

Carma Project’s business and commercial purposes for “selling” personal information can be found in “How We Use Your Information” above. Carma Project does not have actual knowledge of any “sale” of personal information of minors under 16 years of age.

Additional Privacy Rights for California Residents

Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.

Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent and contact us as set forth in “Contact Us” below for additional instructions.

Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our Services.

If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws, and will not discriminate against consumers for exercising such rights.

De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.

10. CALIFORNIA AUTOMATED LICENSE PLATE RECOGNITION (“ALPR”) USAGE AND PRIVACY POLICY
‍
This information is provided in accordance with California Law (California Civil Code 1798.90.5 et seq.), and is intended to ensure that the collection, use, storage, and sharing of ALPR data is not only consistent with respect for individual rights to privacy and civil liberty, but also to clearly detail Carma Project’s own high-standards for data protection and consumer rights. The primary purposes of data collected by Carma Project via ALPR technology include notifying affected individuals about an active recall status on their vehicle, identifying vehicles subject to repossession, assisting insurance companies in their efforts to identify instances of garaging fraud and other uses we may undertake from time to time on behalf of our Customers in reliance on the Consumer permissions they have obtained from their customers and/or legal rights our Customers may have. We will not sell your data.

How ALPR Works
Through the use of Carma Project’s ALPR application, Carma Project is able to quickly identify vehicles by scanning an image of a license plate, converting it to text, and then converting that information to a Vehicle Identification Number (VIN). The vehicle’s VIN is important because it helps determine, for example, if a vehicle is subject to recalls such as the Takata airbag recall. If the ALPR application determines that a vehicle is subject to an active recall, the Carma Project employee may then provide educational materials (e.g., postcard, note, letter, magnet, etc.) about the recall on the vehicle. It is then up to the driver of the vehicle to decide whether or not to take action to get the recalled vehicle remedied. Carma Project will not attempt to contact a vehicle owner, unless the vehicle owner provides their information and requests to be contacted by Carma Project.

Carma Project representatives undergo extensive training and education regarding the Takata recall and other recalls and how to best share information with members of the community about these recalls. Applicable Carma Project representatives are also required to read, acknowledge and follow our Agreement to be able to participate in this life-saving program.

Understanding ALPR Technology
ALPR technology involves obtaining and storing images of license plates that are then converted into computer-readable characters that are saved in a database. License plate images are obtained using cameras that may be stationary (e.g., mounted on a pole) or mobile (e.g., mounted on a car). In addition to capturing the license plate image, ALPR technology also captures and stores the location at which the license plate was photographed, as well as the time and date. This information is only collected from areas that are visible to the general public.

Once license plate information is obtained and converted to computer readable characters, that data may then be searched and sorted.

Why We Collect ALPR Information
ALPR information is collected for use by Carma Project to do the following:

Collect ALPR information through the use of mobile cameras;
Identify vehicles that may be subject to the Takata or other safety recalls;
Allow representatives of Carma Project to identify vehicles subject to the Takata or other safety recalls;
Allow representatives of Carma Project to distribute recall-related information to owners, lessees, renters or users of vehicles that are subject to the Takata or other safety recalls.
Allow Fleet Drivers to locate vehicles: (i) subject to a valid repossession claim, (ii) that have been reported stolen, or (iii) that may be engaged in “garaging” insurance fraud.

Authorized Users and Training
All representatives of Carma Project that fulfill the requirements outlined below are authorized to use the ALPR system to support the purpose set forth and authorized by this policy.

Before receiving authorization to use the ALPR technology, Carma Project representatives are required to do the following:

Review and acknowledge receipt of this policy.
For those who collect information, read and understand any manuals or guides on the safe and successful operation of cameras used to obtain information;
For those who may access the ALPR information:

Undergo in person or online training and education about the Takata and other safety recalls generally to the extent deemed relevant by Carma Project;
Undergo training and education on the instances in which ALPR information may be collected and utilized for purposes of identifying vehicles subject to repossession, as well as vehicles that may be stolen or engaged in garaging fraud;
Undergo training and review and sign employment-related documents, including acknowledging that ALPR information is private and is the property of the company, and should not be shared with unauthorized persons; and
Undergo training and education regarding how to share information with members of the community about the Takata and other safety recalls, as well as to review and sign any applicable Agreements.

How We Monitor ALPR Information and the ALPR System
Carma Project uses a combination of digital permission controls, physical controls and other technologies and procedures to protect ALPR information from unauthorized access, use, modification, disclosure and destruction. Carma Project intends to conduct periodic system reviews to ensure the accuracy of the systems it uses.

In addition, Carma Project intends to maintain and store usage logs that will identify (i) when the ALPR data was accessed, (ii) any username associated with that access, (iii) from where that data was accessed, and (iv) what data that was accessed.

ALPR Information is Shared
ALPR data will be made available to Carma Project representatives solely through the ALPR system to help identify vehicles subject to recalls, repossession, stolen vehicles, and vehicles engaged in garaging fraud. If we find a vehicle affected by a recall or any of the other aforementioned claims, we will share this data with vehicle manufacturers, dealers, insurers, and repossession companies in our program for the sole purpose of facilitating their services. Carma Project will not sell or license the data it collects to other unaffiliated third parties for their own commercial purposes.

In light of our mission to promote safety, Carma Project will share information with law enforcement if requested, though it will only do so upon receipt of assurances that the information will not be used for purposes of determining immigrant status or in furtherance of immigration-related purposes unless compelled to do so by legal process (e.g., subpoena or court order).

Custodian Information
Carma Project, Inc is the custodian and owner of the ALPR information and the ALPR system, and is responsible for implementation of this policy. Carma Project may be contacted at the following address:

Carma Project, Inc
2900 Bristol Street, D201
Costa Mesa, CA 92626
Attn: Fabio Gratton, Chief Executive Officer

ALPR Data Retention
Carma Project retains the ALPR information for as long as it deems that information to be relevant to its mission. While Carma Project intends to periodically review its use of the ALPR information and whether such information should be retained or deleted, there is no set period of time for which the data will be retained or after which it will be deleted.

Changes to Our ALPR Policy
Carma Project may, from time to time, revise this policy. Upon revision, the updated policy will be made available on our website and will apply to all ALPR information, regardless of when it was originally collected.

11. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
‍
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at hello@carmaproject.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in Contact Us below.

12. CHILDREN’S INFORMATION
‍
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it.

13. OTHER PROVISIONS
‍
Third-Party Websites/Applications. The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

Supervisory Authority. If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, or Virginia, you may have the right to lodge a complaint with the competent supervisory authority or attorney general if you believe our processing of your personal information violates applicable law.

13. CONTACT US
‍
Carma Project is the controller of the personal information we process under this Privacy Policy.

If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us at:

Carma Project, Inc.
2900 Bristol Street, Suite D-201, Costa Mesa, CA 92626 (USA)
1-855-288-2873
hello@carmaproject.com