Last Updated: June 24, 2024
Covered Entity: Merkaba Solutions Ltd (128 City Road, London EC1V 2NX, UK)
Contact: privacy@mkbdrive.com | Toll-Free (US): +1-XXX-XXX-XXXX
1. Scope
This notice supplements our Privacy Policy and applies solely to California consumers under the:
- CPRA (amending CCPA)
- California Civil Code § 1798.100 et seq.
2. Personal Information We Collect
| Category | Examples | Business Purpose | Sold/Shared? | Retention Period |
|---|---|---|---|---|
| Identifiers | Name, email, IP address | Account creation, security | No | 3 years post-account closure |
| Commercial Data | Payment history, subscriptions | Transaction processing | No | 7 years (tax compliance) |
| Internet Activity | Cookies, usage analytics | Service improvement | No* | 24 months |
| Geolocation Data | Approximate location (IP-based) | Fraud prevention | No | 30 days |
| Sensitive Personal Info** | Account credentials (hashed) | Authentication | Never | Until deletion |
*We allow third-party analytics (Google) but do not “sell” data as defined by CPRA.
**As defined under CPRA § 1798.140(ae).
3. Your CPRA Rights
California residents may:
| Right | How to Exercise | Our Response Time |
|---|---|---|
| Know/access | Submit a verifiable request via webform or email (Subject: “CA Access Request”) | 45 days (extendable) |
| Delete | Request deletion via account settings or email | 45 days |
| Correct | Update in account or email privacy@mkbdrive.com | 30 days |
| Opt-out of selling/sharing | Toggle off in “Privacy Dashboard” or email request | 15 business days |
| Limit sensitive data use | Email request (for non-essential processing) | 30 days |
| Non-discrimination | We will not deny service for exercising rights | N/A |
Verification Required: We may ask for:
- Account authentication
- Government ID (for sensitive requests)
4. “Sharing” Disclosures
We disclose data to these third parties for business purposes:
| Recipient | Data Shared | Purpose | CPRA Category |
|---|---|---|---|
| Stripe | Payment details | Transaction processing | Commercial Data |
| AWS (US-West) | Encrypted file storage | Cloud hosting | All categories |
| Zendesk | Support tickets | Customer service | Identifiers |
No “Sale” of Data: We do not exchange personal information for monetary value.
5. Sensitive Personal Information Handling
Per CPRA § 1798.121, we:
- Do not use sensitive data (e.g., passwords, biometrics) beyond what’s necessary for:
- Security/fraud prevention
- Service delivery
- Allow opt-out via email (privacy@mkbdrive.com)
6. Authorized Agent Requests
To designate an agent, submit:
- Signed written permission
- Your verified identity proof
- Agent’s contact details
Email to: privacy@mkbdrive.com (Subject: “CPRA Agent Authorization”)
7. Metrics (CPRA § 999.317(g))
2023 Data Requests:
- Access Requests: 12 (100% fulfilled within 30 days)
- Deletion Requests: 8 (87.5% completed)
- Opt-out Requests: 3 (100% processed)
8. Updates
Material changes will:
- Be posted here with a new “Last Updated” date
- Notify CA users via email (if registered)
Effective Date: June 24, 2024