SHIFTING PRIVACY LEFT PODCAST PRIVACY POLICY 

Originally published on October 17, 2022 

Thank you for choosing to be part of our Shifting Privacy Left community, operated by Principled LLC ("Company," "we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy policy or our practices with regard to your personal information, please contact us at privacy@principledadvisor.com. 

This privacy policy describes how we might use your information if you: 

• Visit our website at https://shiftingprivacyleft.com
• Engage with us in other related ways ― including any sales, marketing, or events 

In this privacy policy, if we refer to: 

• "Website," we are referring to any website of ours that references or links to this policy 
• "Services," we are referring to our Website, and other related services, including any sales, marketing, or events 

The purpose of this privacy policy is to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it. If there are any terms in this privacy policy that you do not agree with, please discontinue use of our Services immediately. 

Please read this privacy policy carefully, as it will help you understand what we do with the information that we collect. 

1. WHAT INFORMATION DO WE COLLECT? 

The personal information you disclose to us

We collect only personal information that you voluntarily provide to us when: 

• You express an interest in obtaining information about the Shifting Privacy Left Podcast, Principled LLC, booking a meeting with Debra, or our products or services; 
• When you register for a Website account to comment on posted content or access paid content;
• Subscribe to our mailing list; or
• When you contact us via the contact form on this website or send us an email. 

We collect personal information that you voluntarily provide to us

The only personal information that we may collect is that which is provided by you for purposes of engaging with the website or to respond to your inquiries. That includes: email address; name; and other relevant contact information. 

2. HOW DO WE USE YOUR INFORMATION? 

We process your information for the following purposes (legitimate business interests): based on fulfillment of our contract with you; compliance with our legal obligations; and/or your consent. We use personal information collected via our Website for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below. 

We use the information we collect or receive: 

• To send you notifications when you subscribe to the Shifting Privacy Left Podcast mailing in order to notify you when new content is available via the Website.
• To respond to inquiries that you make via the Website’s Contact form or when you send us an email. 
• To send you an email confirmation for a scheduled meeting.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE? 

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or fulfill business obligations. If you live in the EEA, we may process or share your data that we hold based on the following legal bases: 

• Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose. 
• Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests. 
• Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract. 
• Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law or in response to a court order or a subpoena.
• Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may share your personal information in the following situation: 

• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. 

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES? 

We only use cookies that are strictly necessary for using the website’s features to collect and store your information. More specifically, we only use session cookies, deployed by our podcast platform provider, SupaPass. We do not, and never will, sell or share your data with third parties for marketing or sales purposes. In addition, as a privacy-respecting company, we will not use your personal data for purposes advertising to you. Instead, sponsorship fees paid by our awesome sponsors enable us to make the Website’s content freely available to anyone.

5. HOW LONG DO WE KEEP YOUR INFORMATION? 

We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy, but no longer than one year after you last interact with the Website, unless otherwise required by law.

6. HOW DO WE KEEP YOUR INFORMATION SAFE? 

We use administrative technical and physical security measures to protect your personal information. These measures include computer safeguards and secured files and facilities. We take reasonable steps to securely destroy or permanently de-identify personal information when we no longer need it. We will keep your personal information only as long as we must to deliver our products and services, unless we are required by law or regulation or for litigation and regulatory investigations to keep it.

7. DO WE COLLECT INFORMATION FROM MINORS? 

We do not knowingly collect data from or market to children under 18 years of age. We do not knowingly solicit data from or market to children under 18 years of age. By using the Website, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Website. 

8. WHAT ARE YOUR PRIVACY RIGHTS? 

In some regions, such as the European Economic Area (EEA) and the United Kingdom (UK), you have rights that allow you greater access to and control over your personal information. In some regions (like the EEA and UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information.

To make such a request, please email privacy@principledadvisor.com. We will consider and act upon any request in accordance with applicable data protection laws. If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

If you are a resident in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find find their contact details on this European Commission website: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html. 

9. CONTROLS FOR DO-NOT-TRACK FEATURES

Fear not! We do not collect or use any personal data for advertising purposes or for tracking you online. Thus, there is no need to respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. 

10. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? 

Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information. California Civil Code Section 1798.83 (The "Shine The Light" law), permits our users who are California residents to request and obtain from us, once a year and free of charge, information about the categories of personal information (if any) that we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. 

If you are a California resident and would like to make such a request, please submit your request in writing to us using the email address provided below. 

CCPA privacy policy 

The California Code of Regulations defines a "resident" as: 

(1) every individual who is in the State of California for other than a temporary or transitory purpose and 

(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose. 

All other individuals are defined as "non-residents." 

If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information. 

What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months: 

• Identifiers: examples include contact details, such as real name; alias; phone number; unique personal identifier; online identifier; email address; and account name.
• Personal information categories listed in the California Customer Records statute: Name and contact information

We may also collect other personal information outside of these categories instances where you interact with us in-person, online, or by phone or mail in the context of: 

• Participation in customer surveys or contests; or 
• Facilitation in the delivery of our Services and to respond to your inquiries. 

How do we use and share your personal information? 

More information about our data collection and sharing practices can be found in other sections of this privacy policy. You may contact us by email at privacy@principledadvisor.com. If you are using an authorized agent to exercise your right to opt-out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf. 

Will your information be shared with anyone else? 

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider processes the information on our behalf in fulfillment of services that we provide to you. Except as otherwise outlined in this policy, we will not share your personal information with any other third parties. 

Your rights with respect to your personal data 

Right to request deletion of the data - Request to delete 

You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities. 

Right to be informed - Request to know Depending on the circumstances, you have a right to know:

• whether we collect and use your personal information; 
• the categories of personal information that we collect; 
• the purposes for which the collected personal information is used; 
• whether we sell your personal information to third parties; 
• the categories of personal information that we sold or disclosed for a business purpose; 
• the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and 
• the business or commercial purpose for collecting or selling personal information. 

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request. 

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights 

We will not discriminate against you if you exercise your privacy rights. 

Verification process 

Upon receiving your request, we will need to verify your identity to determine whether you are the same person whose personal information we have in our system. These verification efforts require us to ask you to provide that personal information so that we can match it with the information that you have previously provided to us. 

We may also use other verification methods as the circumstances dictate. However, we will only use the personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional personal information for the purposes of verifying your identity and for security or fraud prevention purposes. 

We will delete such additionally provided information as soon as we finish verifying you. 

Other privacy rights:

To exercise the following rights, contact us by email at privacy@principledadvisor.com.

• You may object to the processing of your personal data. 
• You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the data. 
• You can designate an authorized agent to make a request under the CCPA on your behalf. Note, however, that we may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA. 

If you have a complaint about how we handle your data, we would like to hear from you. 

11. DO WE MAKE UPDATES TO THIS POLICY? 

Yes, we will update this notice as necessary to stay compliant with relevant laws and if our business practices should change. We may update this privacy policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. 

If we make material changes to this privacy policy, we will notify you either by prominently posting a notice of such changes or by directly sending you an email notification. 

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE? 

If you have questions or comments about this notice, you may contact us by email or postal mail:

Debra J Farber, Owner & Privacy Officer 

Principled LLC

Email: privacy@principledadvisor.com

Address: 15102 NE 98th Cir, Vancouver, WA 98682, United States

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information that we collected from you, change that information, or delete it under some circumstances. 

To request to review, update, or delete your personal information, please submit a request form via the Website or send an email to: privacy@principledadvisor.com.