Privacy and cookies policy

This policy was last updated on 10/10/2025

1 . Introduction

1.1. Bumper.com (our website) is provided by The Lifetime Value Co. LLC. acting through Bumper, LLC (‘we’, ‘our’ or ‘us’). We are the controller of personal data obtained via our website, meaning we are the organization legally responsible for deciding how and for what purposes it is used. You can find out more about us in Section 17.

1.2. We are committed to safeguarding the privacy of our website visitors, service users, individual customers, customer personnel, individual contractors, consultants and freelancers.

1.3. Our website incorporates privacy controls that allow you to manage the use of cookies and similar technologies. By adjusting these settings, you can choose which types of cookies are permitted (for example, performance or targeting cookies). You can access these controls at any time through the “Cookie Settings” button in the footer of our website.

1.4. We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website.

2 . The personal data that we collect

2.1. In this Section 2, we have set out the general categories of personal data that we process and, in the case of personal data that we did not obtain directly from you, information about the source and specific categories of that data.

2.2. We may process data enabling us to get in touch with you ("contact data"). The contact data may include your name, email address, telephone number, and postal address. The source of the contact data is you.

2.3. We may process your website user account data ("account data"). The account data may include your account identifier, name, email address, account creation and modification dates, payment information, purchase history, report history, technical and device information, website settings, and marketing preferences. The primary source of the account data is you, although certain elements of the account data may be generated by our website.

2.4. We may process your personal data in order to provide our data provision services ("service data"). The source of the service data is our third party data providers, and it consists solely of information lawfully obtained from publicly available records and sources. This publicly available data may include:

(a) Contact and Identity Information: Full name, previous names, aliases, addresses (current and historical), phone numbers, and email addresses.

(b) Relatives and Associates Information: Contact and identity information for possible relatives, associates, and neighbors.

(c) Court Record Information: U.S. criminal, civil, and bankruptcy court record information, which may include alleged offense or claim, name on record, address, location, court date, date of alleged offense or filing, case number, disposition, applicable statute, and fines or judgments.

(d) Employment and Education Information: Information relating to an individual’s work and educational background, such as job titles, employers, professional history, schools attended, degrees earned, and fields of study.

(e) Vehicle Record Information: Vehicle information, such as vehicle identification number (VIN), license plate number, vehicle specifications, accident history, reported odometer readings, registration state, and publicly listed sales data.

(f) Property & Asset Record Information: Information that may indicate possible owned assets, such as real estate properties, vehicles, and watercraft. This may also include real estate ownership details, transaction history, and property addresses.

(g) Marriage and Divorce Record Information: Publicly available marriage and divorce information that may include details such as date, ceremony type, filing number, Full name of parties, age, prior marital status, number of marriages or divorces, state of birth, and jurisdiction.

(h) Licenses and Permits Information: Information relating to licenses, registrations, and permits. These may include information from weapons permits, professional licenses, UCC filings, FAA licenses and certifications, watercraft records, controlled substances usage permits, and sporting permits.

(i) Social Media Data: Publicly available social media profiles, usernames, and identifiers.

(j) Other Public Information: Obituary records, unclaimed property information, and other legally accessible public data.

2.5. We may process your personal data that are provided in the course of the use of our chatbot services and generated by our services in the course of such use ("chatbot data"). The chatbot data may include the personal data that you input into our chatbot. The source of the chatbot data is you and/or our services.

2.6. We may process information relating to transactions, including purchases of services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your name, your contact details, your payment card details (or other payment details), and the transaction details. We do not retain full credit card numbers. The source of the transaction data is you and/or our payment services provider.

2.7. We may process information contained in or relating to any communication that you send to us or that we send to you ("communication data"). The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.

2.8. We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, device ID, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system, our advertising networks and search information providers.

2.9. Please do not supply any other person's personal data to us, unless we prompt you to do so.

3 . Purposes of processing and legal bases

3.1. In this Section 3, we have set out the purposes for which we may process personal data and the legal bases of the processing.

3.2. Operations - We may process your personal data for the purposes of operating our website, the processing and fulfilment of orders, providing our services, generating invoices, bills and other payment-related documentation, and credit control. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services, suppliers and business.

3.3. Relationships and communications - We may process contact data, account data, transaction data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, mail, online chat and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers and customer personnel, the maintenance of our relationships, enabling the use of our services and supplied services, and the proper administration of our website, services and business.

3.4. Marketing - We may process contact data, account data, customer relationship data, transaction data and/or usage data for the purposes of creating, targeting and sending direct marketing communications by email, making personalized suggestions and recommendations to you about our services that may be of interest to you, to deliver relevant website content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you. The legal basis for this processing is our legitimate interests (namely to carry out direct marketing, develop our services and grow our business to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) and (where we are required by law to obtain it) consent.

3.5. Research and analysis - We may process usage data, service data, chatbot data and/or transaction data for the purposes of researching and analyzing the use of our website and services, researching and analyzing other interactions with our business, and use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, updating, developing, improving and securing our website, services and business generally and to inform our marketing strategy.

3.6. Record keeping - We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.

3.7. Security - We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.

3.8. Insurance and risk management - We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

3.9. Legal claims - We may process your personal data where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

3.10. Legal compliance and vital interests - We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

4 . Direct Marketing

4.1. During the registration process on our website, when your personal data is collected, you may be asked to indicate your preferences for receiving direct marketing communications from Bumper via email and/or SMS, as required under applicable law. For users located in jurisdictions that require express consent (including the EU, UK, Canada, and certain other countries), we will only send you marketing communications where you have actively consented by selecting your preferences at registration. For U.S. users, by registering or otherwise providing your contact information, you consent to receive marketing communications from us by email, unless and until you choose to opt out. You may update your marketing preferences or opt out at any time by using the link in our emails or contacting us directly.

4.2. We may also analyze your personal data to form a view of which services and offers may be of interest to you so that we can then send you relevant marketing communications.

4.3. We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

4.4. You can ask to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting us using the details set out at Section 17 below.

4.5. If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to order confirmations, updates to our Terms and Conditions, checking that your contact details are correct.

5 . Providing your personal data to others and International Transfers

5.1. In this Section 5, we provide information about the circumstances in which your personal data may be transferred to third parties and to third countries under UK and/or EU data protection law.

5.2. We provide data provision services and therefore, your publicly available personal data, which we obtain from our third party data providers, may be shared with our customers in the form of data reports.

5.3. We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. We and our other group companies have offices and facilities in the United States and Costa Rica. Where required, transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the competent data protection authorities.

5.4. We disclose your personal data to the following suppliers:

| Supplier |Purpose of Transfer |Location of Supplier | | --- | --- | --- | | Customer Support Platform |CRM & Support Services | United States | | Privacy & Compliance Management Tool | Cookie Consent Management | United States | |Customer Care and Contact Center Providers| Customer Support Services | India; Honduras; Philippines | |Web Hosting and CDN Providers | Maintaining platform integrity; Contractual obligations; Proper administration, development, improvement, and security of our website, services, and business | United States | | Tag Management Systems |Maintaining platform integrity; Contractual obligations | United States; Costa Rica | | Analytics and Tracking Providers |Analytics and Tracking Providers| United States|

Wherever we transfer your personal data outside the EEA or the UK, we ensure a similar degree of protection by ensuring at least one of the following safeguards is implemented: the country has an adequacy decision by the European Commission/the UK’s Information Commissioner’s Office; Standard Contractual Clauses (plus UK Addendum if applicable); or other legally valid mechanism under Article 46 GDPR/UK GDPR

5.5. Financial transactions relating to our website and services are handled by our payment services providers, situated in the United States. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. Transfers to PSPs will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the competent data protection authorities.

5.6. We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.

5.7. In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

6 . Retaining and deleting personal data

6.1. This Section 6 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

6.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6.3. We will retain your personal data as follows:

(a) Contact data (such as names, email addresses, phone numbers): retained for up to 2 years from last contact where used for marketing, and up to 10 years from last contact where held in customer relations records;

(b) Account data (such as login credentials, subscription information, an duser account history): retained for up to 10 years from the date of account closure;

(c) Service data (data provided in connection with the performance of a contract): retained for up to 10 years from the end of the relevant contract;

(d) Chatbot data: retained for up to 10 years from the end of the relevant contract;

(e) Transaction data (such as payment records and expense records): retained for up to 10 years from the date of transaction. We do not retain full credit card numbers;

(f) Communication data (such as customer support requests, queries, and complaints): retained for up to 10 years from closure;

(g) Usage data (such as cookie/analytics data and system monitoring logs): generally retained for up to 2 years from collection, or up to 6 years in the case of security and system monitoring logs.

6.4. Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

7 . Security of personal data

7.1. We will take appropriate technical and organizational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.

7.2. We will store your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.

7.3. The following personal data will be stored by us in encrypted form: your name, contact information, password(s) and limited payment card details (such as the last four digits). We do not retain full credit card numbers.

7.4. Data relating to your enquiries and financial transactions that is sent from your web browser to our web server, or from our web server to your web browser, will be protected using encryption technology.

7.5. You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

7.6. You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password (except when you log in to our website).

8 . Your rights

8.1. In this Section 8, we have listed the rights that you have under data protection law.

8.2. Your principal rights under data protection law are:

(a) The right to access - you can ask for copies of your personal data;

(b) The right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data. Please note that we pull service data straight from our third party data providers and any rectification requests will need to be actioned by them – we will provide you with contact details for this purpose;

(c) The right to erasure - you can ask us to erase your personal data;

(d) The right to restrict processing - you can ask us to restrict the processing of your personal data;

(e) The right to object to processing - you can object to the processing of your personal data;

(f) The right to data portability - you can ask that we transfer your personal data to another organization or to you;

(g) The right to complain to a supervisory authority - you can complain about our processing of your personal data; and

(h) The right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

8.3. These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices_en and https://ico.org.uk/for-organizations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

8.4. You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.

9 . Third party websites

9.1. Our website includes hyperlinks to, and details of, third party websites.

9.2. In general we have no control over, and are not responsible for, the privacy policies and practices of third parties.

10 . Personal data of children

10.1. Our website and services are targeted at persons over the age of 18.

10.2. If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.

11 . About cookies

11.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

11.2. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

11.3. Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.

12 . Cookies that we use

12.1. We use cookies for the following purposes:

(a) Authentication and status - we use cookies to identify you when you visit our website and as you navigate our website, and to help us determine if you are logged into our website;

(b) Shopping cart - we use cookies to maintain the state of your shopping cart as you navigate our website;

(c) Personalization - we use cookies to store information about your preferences and to personalize our website for you;

(d) Security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;

(e) Advertising - we use cookies to help us to display advertisements that will be relevant to you;

(f) Analysis - we use cookies to help us to analyze the use and performance of our website and services; and

(g) Cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.

13 . Cookies used by our service providers

13.1. Our service providers use cookies and those cookies may be stored on your computer when you visit our website. In particular, we use:

(a) Analytics cookies - We use providers such as Google Analytics to help us understand how visitors use our website, improve performance, and create usage reports. Analytics cookies may track information such as pages visited, time spent on site, and referral sources.

(b) Advertising cookies - We work with advertising partners such as Google Ads/AdSense and Meta (Facebook, Instagram) to deliver relevant ads, measure ad performance, and provide personalized marketing.

(c) Social media cookies - Platforms such as Meta (Facebook, Instagram), LinkedIn, and Twitter/X may set cookies to enable integration of their services, personalize content, or measure engagement with our website.

(d) Security and fraud prevention cookies - Tools such as Google reCAPTCHA and Cloudflare may set cookies to help protect our website from abuse, detect fraudulent activity, and ensure system security.

(e) Payment service cookies - Payment processors may set cookies to enable secure transactions and prevent fraud.

(f) Customer support and communication cookies - Tools such as Zendesk or similar providers may use cookies to enable live chat, help desk services, or in-site messaging.

13.2. You can learn more about how our service providers use cookies and personal data by reviewing their respective privacy and cookie policies.

(a) https://myadcenter.google.com

(b) https://policies.google.com/privacy

(c) https://www.facebook.com/privacy/policies/cookies/

(d) https://www.facebook.com/privacy/policy

(e) https://www.linkedin.com/legal/privacy-policy

(f) https://www.linkedin.com/legal/cookie-policy

(g) https://x.com/en/privacy

(h) https://help.x.com/en/rules-and-policies/x-cookies

(i) https://www.cloudflare.com/privacypolicy/

(j) https://www.cloudflare.com/cookie-policy/

(k) https://www.zendesk.com/company/agreements-and-terms/privacy-notice/

(l) https://www.zendesk.com/company/agreements-and-terms/cookie-notice/

13.3. You can manage your preferences and opt out of personalized advertising by visiting YourAdChoices or by using the privacy controls available through your browser or device settings.

14 . Managing cookies

14.1. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser and from version to version. You can obtain up-to-date information about managing cookies via these links:

(a) https://support.google.com/chrome/answer/95647 (Chrome);

(b) https://support.mozilla.org/en-US/products/firefox/privacy-and-security (Firefox);

(c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);

(d) https://support.apple.com/en-gb/guide/safari/welcome/mac (Safari); and

(e) https://support.microsoft.com/en-gb/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd (Edge).

14.2. Blocking all cookies will have a negative impact upon the usability of many websites.

14.3. If you block cookies, you will not be able to use all the features on our website.

15 . Cookie preferences

15.1. You can manage your preferences relating to the use of cookies by clicking on the Cookie Settings button in the footer of our website.

16 . Amendments

16.1. We may update this policy from time to time by publishing a new version on our website.

16.2. You should check this page occasionally to ensure you are happy with any changes to this policy.

17 . Our details

17.1. This website is owned and operated by The Lifetime Value Co. LLC.

17.2. You can contact us at: [email protected].

17.3. Our representative within the EU with respect to our obligations under data protection law is European Data Protection Office (EDPO), and you can contact our representative by using EDPO’s online request form: https://edpo.com/gdpr-data-request/, or by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

17.4. Our representative within the UK with respect to our obligations under data protection law is EDPO UK Ltd (EDPO UK), and you can contact our representative by using EDPO UK’s online request form: https://edpo.com/uk-gdpr-data-request/, or by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

17.5. Our data protection officer's contact details are: [email protected].

18 . State-Specific Privacy Rights

18.1. State consumer privacy laws may provide residents with additional rights regarding our use of consumers’ personal information. If you are a resident of California, your privacy rights are described in the Notice for California Residents section below.

18.2. If you are a resident of Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah or Virginia, you have the following rights:

(a) Right of Access. You have the right to confirm whether we process your personal information and to access your personal information in a portable and easily usable format.

(b) Right to Deletion. You have the right to delete certain personal information.

(c) Right to Opt-out. You have the right to opt-out of the processing of personal information for purposes of sales/sharing, targeted advertising, or in furtherance of decisions that produce legal or similarly significant effects.

(d) Right to Correction. You have the right to request the correction of inaccuracies in certain personal information, taking into account the nature and the purposes of the processing of the personal information.

18.3. You or your authorized agent may submit a request to exercise your opt-out, access, or deletion rights by filling out our online request form, emailing us at [email protected], or contacting us via the phone number or postal address listed above. Requests to correct inaccurate personal information that we maintain may be sent to [email protected] or the postal address listed above.

18.4. To update or correct inaccuracies in your personal information that was provided to us as part of creating or maintaining your account, you may do so by accessing your My Account page and selecting “Edit account info,” or by contacting us at [email protected].

18.5. If you are a resident of Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas or Virginia, you have the right to appeal a decision denying your privacy request. You may request an appeal of such a decision by contacting us at [email protected] and providing the state you are writing from and documentation you may have regarding the matter you are appealing. In the event your appeal is denied, your jurisdiction may allow you to file a complaint with your state Attorney General’s Office regarding your concerns with the result of your appeal request. You may do so by selecting the appropriate link: Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, and Virginia.

19 . Notice for California Residents

19.1. In addition to the above, the following, intended solely for California residents, concerns our handling of certain personally identifiable and/or personal information as required by the California Online Privacy Protection Act and the California Consumer Privacy Act (collectively, "CCPA"). If you are a California resident, you may have additional rights where some of your "Public" and "Personal" information is concerned. If applicable, you may have the right to request that we disclose to you categories and specific pieces of Public information we may have obtained from public data sources and Personal information we may have collected directly from you, if any, and delete such, where required. Please note that we never sell Personal information obtained from you under any circumstances.

19.2. Categories of personal information we obtain, collect and/or disclose for business purposes - Various methods for submitting requests are referenced above, as well as the specific types of Public information we obtain from publicly available data sources and/or Personal information we collect directly from our users. Per CCPA, in response to verified requests for disclosure, we will provide those "categories" of information we obtain or collect. The categories we have obtained or directly collected are: identifiers (such as name, address, email address); general geolocation information (e.g., your city and state); and/or other information that identifies or can be reasonably associated with you. We may disclose these categories of information about you or your use of the Site for business purposes (as defined by applicable law) or as required by applicable law.

19.3. How categories of Personal information could be used - We and our service providers may use the categories of Personal information we collect from and about you consistent with the various aforedescribed business purposes and/or as required by law. Please see the relevant sections above for more information.

19.4. Sale of Public information - CCPA sets forth certain obligations for businesses that “sell” personal information. We do not sell Personal information obtained from our site's visitors or subscribers, such as a name or email address provided when subscribing to our Site (unless such information happens to also be publicly available "Public" information that was NOT obtained from such visitors or subscribers but was instead obtained from publicly available data sources independent of anything visitors or subscribers may have provided us). As permitted by law and CCPA regulatory guidance, we may need to share certain limited information about your activity, for example through cookies (see above), with third parties in certain instances--you can control these cookies through browser settings--but this limited sharing would not constitute a sale of Personal information.

19.5. Non-discrimination for exercising your rights - In addition to including information as to how you can exercise your rights under CCPA, please note that we will never discriminate against you for exercising your CCPA or any other rights. We will not deny you any access or service, charge you a different price, whether via a discount or other benefit, or impose fees or penalties, provide a different level of service, or the like (though CCPA permits such practices in some scenarios). CCPA permits companies to offer certain incentives that might result in different prices, rates or quality levels, but any CCPA-permitted financial incentive should reasonably relate to your information’s value and contain written terms that describe the program’s material aspects and participation in any such financial incentive program requires your prior opt-in consent, which you may revoke at any time. We do not engage in any such practices.

19.6. Authorized Agents - You may authorize another person to submit a request on your behalf. Please note that before completing any requests, and in addition to our identification verification process, we are required to verify that your agent has been properly authorized to make a request on your behalf and this may take additional time to fulfill your request.

19.7. To make a request on behalf of a Bumper consumer, the authorized agent must first provide a copy of either (a) a letter signed by the consumer authorizing the agent to submit a CCPA request on his or her behalf, or (b) a valid power of attorney issued pursuant to California Probate Code §§ 4000 to 4465. An authorized agent must email one of these documents to [email protected]. For the safety and security of the consumer’s information, “requests to delete” and “right to know” requests submitted by an authorized agent must include the following information regarding the consumer:

(a) First, Middle (if available), and Last Name

(b) Valid email address

(c) Age

(d) Address

19.8. Right to Know - You may have the right to know and see the categories of data we have obtained, collected or shared about you over the past 12 months (or if we have not done so), including:

(a) the categories of Personal information we collected about you, or disclosed about you for a business purpose;

(b) the categories of sources from which the personal information is collected;

(c) the business or commercial purpose for collecting, obtaining or selling your personal information;

(d) the categories of third parties with whom we have shared your personal information; and

(e) the specific items of Personal information we have collected or Public information we have obtained about you.

19.9. To begin your Right-to-Know request, please email us at [email protected], fill out our online request form or contact us via the phone number or postal address listed above. We will respond within 10 days of receipt with instructions for continuing your Right-to-know request, including any additional information needed concerning yourself so that we may search for applicable Personal information collected or Public information obtained that pertains to You. The information you provide must sufficiently match the information in our database to permit us to verify your request. An authorized agent may also make a request on your behalf.

19.10. We will endeavor to respond to a verifiable consumer request within forty-five days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

19.11. Right to Delete - You may have the right to request that we delete information we have obtained regarding, or collected directly from, you (and ask our service providers to do the same). However, we cannot delete Personal information that we are under a legal obligation to maintain and there are a number of other exceptions that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:

(a) complete and process your transaction;

(b) provide you with a product or service;

(c) perform a contract between us and you;

(d) protect your security and prosecute those responsible for breaching it;

(e) fix our system in the case of a bug;

(f) protect your or other users’ free speech rights;

(g) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);

(h) engage in public/peer-reviewed research in the public interest, adhering to all applicable ethics and privacy laws;

(i) comply with a legal obligation; or

(j) make other internal and lawful uses of information compatible with the context in which you provided it.

19.12. To begin your Right-to-Delete request, please email us at [email protected], fill out our online request form or contact us via the phone number or postal address listed above.

19.13. Right to ask us not to sell (also known as the right to opt-out) - As explained above, we do not sell Personal information obtained from our site's visitors or subscribers, such as a name or email address provided when subscribing to our Site (unless such information happens to also be publicly available "Public" information that was NOT obtained from such visitors or subscribers but was instead obtained from publicly available data sources independent of anything visitors or subscribers may have provided us). As for the Public information obtained from publicly available data sources, for many years now, we have accommodated requests to opt-out/not to sell/share such information, which can be done in various locations on the Site. For your convenience, you may also email us at [email protected], or contact us via the phone number or postal address listed above to request that we not sell and opt-out your Public information. While we will not sell such Public information that has been opted-out, we reserve the right to disclose Public information to third parties, without notice to you, if required to do so by law, or if we have a good faith belief that disclosure is necessary to (i) act in an emergency to protect someone’s safety; (ii) comply with legal process served on us; or (iii) protect and defend our rights or property. We also reserve the right to transfer Public information to any successor-in-interest to our business.

19.14. Right to Correct - Requests to correct inaccurate personal information that we maintain may be sent to [email protected].

19.15. Privacy Rights Request Metrics

20 . In summary:

20.1. At no cost, you may request information each year regarding any disclosure of your Public or Personal information to third parties for their own direct marketing purposes during the preceding calendar year. You have the right not to be discriminated against for exercising any of the rights listed above. To request access to or deletion of your information, or to exercise any other data rights under California law, please contact us using one of the methods set forth above.