Privacy Policy and Notice at Collection

Effective: December 23, 2022

Defiant, Inc. (“Defiant,” “the Company.” “we,” “us,” or “our”) is committed to privacy and data protection. This Privacy Policy applies to personal information Defiant collects from you, through our interactions with you, through www.defiant.com , www.wordfence.com, websites under the control of Defiant (collectively “Sites”), and the Wordfence services (such as the Wordfence Site Cleaning Service and the Wordfence Security Plugin), including all media, document, updates, and support services associated with the Site and the Wordfence services (collectively, the “Services”), as well as how we use and protect personal information.

This Privacy Policy does not apply to any third-party applications or software that integrate with our Sites and Services, or any other third-party products, services or businesses (collectively, “Third Party Services”). Third Party Services are governed by their own privacy policies. We recommend you review the privacy policy governing any Third Party Services before using them.

Defiant is the controller of the personal data collected through the Sites. Any questions or concerns regarding Defiant’s privacy and data protection practices can be directed to our Legal Department at privacy@defiant.com.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU SHOULD NOT ACCESS OR USE THE SITES OR SERVICE.

NOTICE AT COLLECTION PERSONAL INFORMATION COLLECTION AND USE

We collect information that identifies, describes, or is reasonably capable of being associated with you (“personal information”). The following discusses the categories of personal information we collect and have collected in the preceding 12 months, the sources we collect information from, and the business or commercial purposes use of personal information.

Providing Sites and Services. We use data to carry out your transactions with us and to provide Sites and Services to you such as those listed below. Often, this includes personal information including

Identifiers and Customer Records. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Internet or other similar network activity. Such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Examples of our Sites and Services include:

Improving Sites and Services. We use data to continually improve the Services, including adding new features or capabilities. Data is collected throughout your interactions with the Services that enable us to understand customer usage and tailor future capabilities.   Such data may include:

Internet or other similar network activity. Such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Geolocation data. Such as physical location.

Commercial information. Such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

We track general, non-personalized information (e.g., operating system, browser version and type of device being used) to know how many people visit specific pages of our Sites or utilize specific areas of the Services so that we may improve those Sites and Services. We may use your IP address to customize services to your location, such as the language displayed on our Sites.

Please note that we use IP addresses on a highly restrictive basis to analyze trends, to administer the site, and to collect general information for aggregate use.

Service Communications. We use data we collect to deliver and personalize our communications with you. For example, we may contact you by email or other means to notify you of changes in information and updates to the Services or to our Privacy Policy. Such data may include:

Identifiers. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Marketing and event communication: We use personal information to deliver marketing and event communications to you across various platforms, such as email, direct mail, social media, and online via our Sites. Third parties may also market to you on our behalf based on your use of their third-party services. Such data may include:

Identifiers. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Commercial information. Such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. We also maintain email preference centers for you to manage your information and marketing preferences. For information about managing email subscriptions and promotional communications, please visit the Your Rights Regarding Personal Data section of this privacy statement. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.

Processing Payments: If you make a payment to Defiant, we will ask for Payment Information and other information requested for processing your payment.

We use a third party payment processor, currently Authorize.Net, PayPal, and Braintree (“Payment Processors”) to assist in securely processing your payment information. If you pay with a credit card the payment information that you provide through the Services is encrypted and transmitted directly to the Payment Processor. We do not store your Payment Information and do not control and are not responsible for the Payment Processors or their collection or use of your information. You may find out more about how the Payment Processors store and use your Payment Information by accessing the Payment Processors privacy policy.

If you choose to use PayPal to make purchases through the Sites, you will be directed to the PayPal website and provide your payment information directly to PayPal. PayPal’s privacy policy applies to the information you provide on the PayPal website.

Employment: When you apply for employment with Defiant, we may process information about you to determine your eligibility. Such information may include:

Identifiers. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Professional or employment-related information. Such as current or past job history or performance evaluations.

Characteristics of a protected class, such as your gender or relationship status if you have this information on your public profile.

We will only use personal information when the law allows us to. Most commonly, we will use personal information for the following lawful purposes:

We will only use personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process personal information about you without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Defiant uses information that we collect from customers and visitors for the purposes of:

PERSONAL DATA RETENTION

We retain personal information in identifiable form only for as long as necessary to fulfill the purposes for which the personal information was provided to us or, if longer, to comply with legal obligations, to resolve disputes, to enforce agreements and similar essential purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information about you, the purposes for which we process personal information about you and whether we can achieve those purposes through other means, and the applicable legal requirements.

HOW WE SHARE PERSONAL DATA

It is the policy of Defiant and its subsidiaries to protect users’ information both online and off-line. Access to our users’ information is restricted to only those employees or agents, contractors or subcontractors of Defiant who have valid reasons to access this information to perform any service you have requested or authorized, or for any other purpose described in this Privacy Policy. The information you provide will not be sold, rented, or shared for cross-contextual behavioral advertising purposes to third parties.

We may provide personal information to:

Finally, we will access, disclose and preserve personal information when we have a good faith belief that doing so is necessary to:

In the preceding twelve (12) months, we have disclosed the following categories of personal information to service providers for a business purpose:

Please note that some of our Services may direct you to services of third parties whose privacy practices differ from Defiant’s. If you provide personal information to any of those services, your data is governed by their privacy statements or policies. Defiant. Inc. is not responsible for the privacy practices of these other Sites. Please review the privacy policies for these websites to understand how they process your information.

We require service providers to only use personal information for the specific purpose for which it was given to us and to protect the privacy of personal information. We will only disclose personal information about you to service providers who agree to keep your information confidential.

HANDLING OF PERSONAL DATA

Security of Personal Data

Defiant is committed to protecting the security of personal information. Depending on the circumstances, we may hold your information in hard copy and/or electronic form. For each medium, we use technologies and procedures to protect personal information. We review our strategies and update as necessary to meet our business needs, changes in technology, and regulatory requirements.

These measures include, but are not limited to, technical and organizational security policies and procedures, security controls and employee training.

You are responsible for maintaining the security of your account credentials for the Services. Defiant will treat access to the Sites and Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below.

If we become aware of a breach that affects the security of personal information, we will provide you with notice as required by applicable law. To the extent permitted by applicable law, Defiant will provide any such notice that Defiant must provide to you at your account’s email address. By using the Services, you agree to accept notice electronically.

Storage and Transfer of Personal Data

Personal data collected by Defiant may be stored and processed in your region, in the United States or in any other country where Defiant, its affiliates or contractors maintain facilities, including outside the European Union or United Kingdom. We take steps to ensure that the data we collect under this Privacy Policy is processed pursuant to the terms thereof and the requirements of applicable law wherever the data is located.

Defiant also collaborates with service providers such as cloud hosting services and suppliers located around the world to serve the needs of our business, workforce, and customers. In some cases, we may need to disclose or transfer personal information within Defiant or to service providers in areas outside of your home country. When we do so, we take steps to ensure that personal information is processed, secured, and transferred according to applicable law.

If you would like to know more about our data transfer practices, please contact our Legal Department at privacy@defiant.com.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Defiant respects your right to access and control personal information about you. You have choices about the data we collect. When you are asked to provide personal information that is not necessary for the purposes of providing you with our Sites and Services, you may decline. However, if you choose not to provide data that is necessary to provide a Service, you may not have access to certain features Sites and Services.

We aim to keep all personal information that we hold accurate, complete and up-to-date. While we will use our best efforts to do so, we encourage you to tell us if you change your contact details and this can be easily accomplished using the Wordfence Dashboard section of the Site. However, if you believe that the information we hold about you is incorrect, incomplete or out-of-date, please contact privacy@defiant.com.

Access to personal information: In some jurisdictions, you have the right to request access to personal information about you. In these cases, we will comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for providing you with a copy of your data (except where this is not permissible under local law).

If you are a corporate user of the Services (which means your employer is a Defiant customer of such Sites and Services): please first request access to personal information about you with your employer. Your employer will then be in touch with us with respect to your request.

Correction and deletion: In some jurisdictions, you have the right to correct or amend personal information about you if it is inaccurate or requires updating. You may also have the right to request deletion of personal information about you. Please note that such a request could be refused because personal information about you is required to provide you with the products or services you requested, e.g. to deliver a product or send an invoice to your email address, or that it is required by the applicable law.

Portability: If you reside within the European Union or United Kingdom, you have the right to ask for a copy of the personal information about you we process and/or ask for it to be ported to another provider of your choice. Please note that such a request could be limited to only personal information you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures.

If you are a corporate user of the Services (which means your employer is a Defiant customer of such Sites and Services): please first request access to personal information about you with your employer. Your employer will then be in touch with us with respect to your request.

Marketing preferences: If you have provided us with your contact information, we may, subject to any applicable Spam Act or similar regulation, contact you via e-mail, postal mail or telephone about Defiant products, services and events that may be of interest to you, including our newsletter.

E-mail communications you receive from Defiant will generally provide an unsubscribe link allowing you to opt-out of receiving future e-mail or to change your contact preferences. E-mail communications may also include a link to directly update and manage your marketing preferences. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.

You can also request changes to your account by contacting Defiant at the email, postal mail, or telephone number listed under the Questions and Complaints section of this Privacy Policy.

California Shine the Light Law: California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of service providers to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to privacy@defiant.com or write us at: Defiant. Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109.

COOKIES & SIMILAR TECHNOLOGIES

Defiant uses cookies (small, often encrypted, text files that are stored on your computer or mobile device) and similar technologies (“Cookies”) to provide the Services and help collect data. This Cookies Policy explains how we use Cookies to collect information about the way you use our Sites and Services, and how you can control them.

How We Use Cookies

We use Cookies to track how you use our Sites and Services by providing usage statistics. Cookies are also used to deliver Company information (including updates) and allow product authentication to you based upon your browsing history and previous visits to the Sites. Information supplied to us using cookies helps us to provide a better online experience to our visitors and users and send marketing communications to them, as the case may be. Information supplied to us upon launching of the Services will enable Defiant to manage your permissions, license, license type, and improve the functionality of the Sites or Services.

While this information on its own may not constitute your “personal information”, we may combine the information we collect via Cookies with personal information that we have collected from you to learn more about how you use our Sites and Services to improve them.

Types of Cookies

We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them). To make it easier for you to understand why we need them, the Cookies we use on our Sites and Services can be grouped into the following categories:

Here is a representative list of the cookies we use.

Necessary Cookies

Name and Website Provided By Persistent or Session Purpose
AWSALB
AWSALBCORS
wordfence.com
defiant.com
fastorslow.com
Amazon Web Services Persistent: 1 year Elastic Load Balancing creates a cookie, that is used to map the session to the instance.
wordpress_test_cookie
wordfence.com
Defiant.com
Fastorslow.com
WordPress Session: Expires at end of session Used for tracking the users session.
wordpress_logged_in_[hash]
wordfence.com
Defiant.com
Fastorslow.com
WordPress Persistent: 2 days standard, if “Remember me is clicked”: 14 days. Used for tracking logged in sessions.
wfwaf-authcookie-*
wordfence.com
Defiant.com
Fastorslow.com
WordPress Persistent: 12 hours, and if you’re still logged into WP while it has expired a new one is set for 12 hours on the next pageview Used to track users’ roles.
XSRF-TOKEN
wordfence.com
Defiant.com
Fastorslow.com
Wordfence Persistent: 120 minutes Used to provide the current XSRF token to the JavaScript environment for AJAX calls.
wfcentral-token
wordfence.com
Wordfence Persistent: 1 Day Used for tracking authentication.
wf_loginalerted_(hash)
wordfence.com
defiant.com
fastorslow.com
Wordfence Persistent: 1 year This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location. This cookie is only set when the administrator enables “Only alert me when that administrator signs in from a new device” or “Only alert me when that user signs in from a new device”
wfCBLBypass
wordfence.com
defiant.com
fastorslow.com
Wordfence Persistent: 1 year When a hidden URL defined by the site admin is visited, this cookie is set to verify the user can access the site from a country restricted through country blocking. This is only set if “Country blocking” is enabled, and the site owner set a path under the “Bypass Cookie option”.
wordfence_central_api_session
wordfence.com
Wordfence Central Session: Expires at end of session PHP session for the WfC application
Wf-try-central
wordfence.com
Wordfence Central Persistent: 90 days Used to prevent repeat redirects to /try-central/ for unauthenticated users.
wordfence_cookie_consent
wordfence.com
defiant.com
fastorslow.com
Wordfence Persistent: 1 year Used to store user preferences for nonessential cookies

Performance/Analytical

Name and Website Provided By Persistent or Session Purpose
_ga
wordfence.com
defiant.com
fastorslow.com
Google Analytics Persistent: 2 years Used by Google Analytics to register a unique ID that is used to generate statistical data on how the visitor uses the website.
_gat_UA-nnnnnnn-nn
wordfence.com
defiant.com
fastorslow.com
Google Analytics Persistent: 90 days. Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
_gid
wordfence.com
defiant.com
fastorslow.com
Google Analytics Persistent: 1 Day Used by Google Analytics to register a unique ID that is used to generate statistical data on how the visitor uses the website.

Marketing and Customer Support

Name and Website Provided By Persistent or Session Purpose
_hstc
wordfence.com
defiant.com
HubSpot Marketing Persistent: 13 months The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
Hubspotutk
wordfence.com
defiant.com
HubSpot Marketing Persistent: 13 months This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts. It contains an opaque GUID to represent the current visitor.
__hssc
wordfence.com
defiant.com
HubSpot Marketing Persistent: 30 minutes. This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
__hssrc
wordfence.com
defiant.com
HubSpot Marketing Session: Expires at the end of the session. Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. It contains the value “1” when present.

Cookies Set by Third Party Sites

To enhance our content and to deliver a better online experience for our users, we sometimes embed images and videos from other websites on the Sites. We currently use, and may in future use content from Sites such as Facebook, LinkedIn, Youtube and Twitter. You may be presented with Cookies from these third-party websites. Please note that we do not control these Cookies. The privacy practices of these third parties will be governed by the parties’ own privacy statements or policies. We are not responsible for the security or privacy of any information collected by these third parties, using cookies or other means. You should consult and review the relevant third-party privacy statement or policy for information on how these cookies are used and how you can control them.

We also use Google, a third-party analytics provider, to collect information about Services usage and the users of the Services, including demographic and interest-level information. Google uses cookies in order to collect demographic and interest-level information and usage information from users that visit the Services, including information about the pages where users enter and exit the Services and what pages users view on the Services, time spent, browser, operating system, and IP address. Cookies allow Google to recognize a user when a user visits the Services and when the user visits other websites. Google uses the information it collects from the Services and other websites to share with us and other website operators’ information about users including age range, gender, geographic regions, general interests, and details about devices used to visit websites and purchase items. We do not link information we receive from Google with any of your personally identifiable information. For more information regarding Google’s use of cookies, and collection and use of information, see the Google Privacy Policy (available at https://policies.google.com/privacy?hl=en). If you would like to opt out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout).

Social Sharing

We also embed social sharing icons throughout our Sites. These sharing options are designed to enable users to easily share content from our Sites with their friends using a variety of different social networks. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these services. These services may collect information such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use, or access. If you do not want personal information about you shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the Services and do not participate in social sharing on the Services.

Other Similar Technologies

Defiant web pages may use other technologies such as web beacons to help deliver cookies on our Sites and count users who have visited those Sites. We also may include web beacons in our promotional email messages or newsletters to determine whether you open and act on them as well as for statistical purposes.

In addition to standard cookies and web beacons, our services can also use other similar technologies to store and read data files on your computer. This is typically done to maintain your preferences or to improve speed and performance by storing certain files locally.

Retargeting and Remarketing

Defiant may use a third-party vendor retargeting tracking cookies, pixels, and other technologies to collect data about your activities that does not personally or directly identify you when you visit our website, the website of entities for which we serve advertisements (our “Advertisers”), or the websites and online services where we display advertisements (“Publishers”). This information may include the content you view, the date and time that you view this content, the products you purchase, or your location information associated with your IP address. We use the information we collect to serve you more relevant advertisements (referred to as “Retargeting”). We collect information about where you saw the ads we serve you and what ads you clicked on to measure the success of our advertising campaigns.

How to Opt-Out of Targeted Advertising

You can generally opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising (DAA) by visiting the opt-out pages on the NAI website (http://optout.networkadvertising.org) and DAA website (http://www.aboutads.info/choices/).

How to Control and Delete Cookies

Cookies can be controlled, blocked or restricted through your web browser settings. Information on how to do this can be found within the Help section of your browser. All Cookies are browser specific. Therefore, if you use multiple browsers or devices to access websites, you will need to manage your cookie preferences across these environments.

If you are using a mobile device to access the Sites, you will need to refer to your instruction manual or other help/settings resource to find out how you can control cookies on your device.

Please note: If you restrict, disable or block any or all Cookies from your web browser or mobile or other device, the Sites may not operate properly, and you may not have access to the Services available through the Sites. Defiant shall not be liable for any impossibility to use the Sites and Services or degraded functioning thereof, where such are caused by your settings and choices regarding cookies.

If you have disabled one or more cookies, we may still use information collected from cookies prior to your disabled preference being set, however, we will stop using the disabled cookie to collect any further information.

To learn more about cookies and web beacons, visit www.allaboutcookies.org.

Do Not Track: Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Defiant, do not respond to DNT signals.

CHILDREN’S PRIVACY

THE SITES ARE NOT INTENDED FOR CHILDREN

You must be at least the age of majority in your place of residence to use the Sites or Services. The Sites or Services are not directed to or intended for use by minors. Consistent with the requirements of the U.S. Children’s Online Privacy Protection Act, if we learn that we received any information directly from a child under age 13 without his or her parent’s verified consent, we will use that information only to inform the child (or his or her parent or legal guardian) that he or she cannot use the Sites or Services.

California Minors: While the Service is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: privacy@defiant.com. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the Content or information. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.

YOUR STATE PRIVACY RIGHTS

State consumer privacy laws may provide their residents with additional rights regarding our use of personal information. The following Section applies to individuals who reside in specific jurisdictions that provide additional privacy rights, including California and Virginia.

Your Rights and Choices

Right to Access Specific Information and Data Portability Right. You have the right to request that we disclose certain information to you about our collection and use of personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

Right to Correct Information. You have the right to request we update personal information about you that is incorrect in our systems.

Right to Delete. You have the right to request that we delete any personal information about you that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) the personal information from our records, unless an exception applies.

Right to Opt-out of the sale or sharing of Personal Information for Cross-Contextual Behavioral Advertising. We do not sell personal information of share personal information for cross-contextual behavioral advertising purposes.

Right to Limit Sensitive Personal Information Use. You have the right to limit the use of sensitive personal information regarding you.

Non-Discrimination. We will not discriminate against you for exercising any of your rights.

To submit a request to exercise these rights you may use one of these two methods:

E-mailing it to us at: privacy@defiant.com

Mailing it to us at: Defiant Inc. Attn: Privacy Policy Issues, 1700 Westlake Ave N Ste 200, Seattle, WA 98109

For submissions via email please use the downloadable Verifiable Consumer Request Form.

For all requests, please clearly state that the request is related to “Your Privacy Rights,” indicate which type of request you are making, and provide your name, street address, city, state, zip code and an e-mail address or phone number where we may contact you. We are not responsible for notices that are not labeled or sent properly or that do not include complete information.

To appeal a decision regarding a consumer rights request, please submit your appeal using one of the two methods above. Your appeal should include an explanation of the reason you disagree with our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Only you, or a person registered with the an applicable Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to personal information about you. You may also make a verifiable consumer request on behalf of your minor child.

You may only make such a request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide the personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

THE GENERAL DATA PROTECTION REGULATION (“GDPR”)

If you reside within the European Union or United Kingdom you may be entitled to other rights under the GDPR. These rights are summarized below. We may require you to verify your identity before we respond to your requests to exercise your rights. If you are entitled to these rights, you may exercise these rights with respect to personal information about you that we collect and store:

You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above listed rights may be made to: privacy@defiant.com.

If you reside within the European Union or United Kingdom, you have the right to lodge a complaint with a Data Protection Authority about how we process personal information at the following websites: for EU residents, https://edpb.europa.eu/about-edpb/board/members_en ; for UK residents https://ico.org.uk/make-a-complaint/.

International Transfers of Personal Data

Whenever we transfer personal information out of the EU or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

For additional information on the mechanisms used to protect personal information, please contact us at privacy@defiant.com.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy based upon evolving Laws, regulations and industry standards, or as we may make changes to our business including our Sites and Services. We will post changes to our Privacy Policy on this page and encourage you to review our Privacy Policy when you use our Sites or Services to stay informed. If we make changes that materially alter your privacy rights, Defiant will provide additional notice, such as via email or through the Sites or Services. If you disagree with the changes to this Privacy Policy, you should discontinue your use of the Sites and/or Services. You may also request access and control of personal information about you as outlined in the Your Rights Regarding Personal Data section of this Privacy Policy.

QUESTIONS OR COMPLAINTS HANDLING

We understand that you may have questions or concerns about this Privacy Policy or our privacy practices or may wish to file a complaint. In such case, please contact us in one of the following ways:

Email: privacy@defiant.com

Mail: Defiant, Inc., Attn: Legal Department, 1700 Westlake Ave N Ste 200, Seattle, WA 98109