[WHISTLE MESSAGING, INC. PRIVACY POLICY

Updated: April 28, 2021

Introduction

Welcome! This is the Privacy Policy of Whistle Messaging, Inc. (“Whistle,” “we,” “us” or “our”) and applies to our “Platform,” which includes our messaging service, the trywhistle.com website, its subdomains (the “Website” or “Site”), our software applications and mobile versions (the “Apps”), and all portals, products, goods, services, events, and interactive features controlled by us that post a link to this Privacy Policy (collectively, the “Platform”). 

This Privacy Policy is expressly incorporated into our Terms of Use (“Terms”) and governs information that we collect from you on the Platform, as well as through other online and offline communications with our personnel. We refer to all of the above as our “Services.” If you have questions about this Privacy Policy, contact us at compliance@trywhistle.com.  

Who We Are 

Whistle is a service provider for hotels and other hospitality clients (our “Clients”). Our Platform helps our Clients to communicate with, support, and provide various services to their guests and staff members. 

What Information Does This Policy 

Apply To? 

This Policy only reflects how Whistle processes personal information through our Platform and Services.  It does not apply to our Clients’ uses of your data, or the use of your data by any third party (for example, when you visit a third-party website or interact with third-party services). You should review those third parties’ privacy policies before you use any of their services (“Third Party Services”).  In some instances, Whistle only acts as a “processor” of your information and may not be the “controller” of the information (which may be our Client). Our use of your information is usually in the context of providing a service to our Clients, and you may be required to reach out to the Client directly to remove your information from their databases as well as Whistle’s. 

What Information We Collect

As a preliminary matter, we handle all information provided to us with the utmost care, whether provided by our Clients or provided by you directly. Please note that if you voluntarily provide your information in the course of interfacing with the Platform or using our Services, we will take that as your agreement to our collection, use, and disclosure of your information as set forth in this Privacy Policy. Your use of our Platform indicates your consent to the practices described in this Policy and in our Terms. 

At times, we may need to disclose your personal information to third parties outside the company who may be assisting us with providing Services to you, as set forth in this Policy. 

Information You Provide to Us

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”). At touchpoints throughout your guest journey, we collect Personal Information such as:

• Your first and last name, email address, home or business address, telephone numbers, mobile numbers, credit card or debit card number, bank account and other financial information, your payment and/or service history, your signature, or other information used to identify an individual; 

• Your passport ID or driver’s license or other government ‑issued identification card information; 

• Information about your gender or gender identification, racial or ethnic origin, political opinions, religious or philosophical believes, or trade union membership, biometric data, or information relating to sex life or sexual orientation ;

• Information that you share via a message, free text field, chat function, or other unstructured format on the Platform (please note that we do not collect consumer information via the Platform’s online chat or Contact Us function unless you provide it);

• Information that you provide relating to your hotel, room, or stay preferences, food service or beverage preferences, other amenity requests and preferences;

• Photos and/or videos that you upload through the Platform, including audiovisual recordings sent via customer service calls; 

• If you apply for employment with us, your current or past employment or educational information; 

• Social media or communications platform information, such as usernames or social media handles, User Content (as defined in the Terms) and other data shared with us through third-party features that you use on our Platform (such as tools, payment services, widgets and plug-ins offered by social media services like Facebook, Instagram, LinkedIn, and Twitter) or posted on social media pages (such as our social media page or other pages accessible to us); and/or

• Other information that could reasonably be used to identify you personally or identify your household or device.

We may also obtain Personal Information from you where you expressly provide us with the information. Examples of sources from which we collect information include telephone calls with you, letters, e‑mails or other communications from you, information provided via online chat or support services, web forms or inputs/uploads into our Platform, documents you have provided to us, or references and referrals provided to us in connection with your employment application.

Your decision to provide us with the Personal Information above is voluntary, but if you choose not to provide any requested information, you may not be able to take advantage of all the features of the Platform. 

Information That Is Automatically 

Collected

Like many businesses, we and/or our service providers may automatically collect and/or store certain information when you visit or interact with the Platform (“Usage Information”). This Usage Information may be stored and/or accessed from your personal computer, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Platform. Usage Information may include:

• Your IP address, MAC address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier;

• Your Device functionality (including browser, browser language, operating system, hardware, mobile network information);

• Referring and exit web pages and URLs; 

• The areas within the Platform, Site and Apps that you visit and your activities there, including remembering you and your preferences;

• Your Device location or other geolocation information, including the zip code, state or country from which you accessed the Platform or the Services;

• Your Device characteristics; and

• Certain other Device data, including the time of day you visit our Platform or other information used to provide analytics or other usage information.

For location information, we may use this information to provide customized Services, content, promotional offers, and other information that may be of interest to you. 

If you no longer wish for us or our service providers to collect and use location information, you may disable the location features on your device. Consult your device manufacturer settings for instructions. Please note that if you disable such features, your ability to access the Platform, or certain features, Services, content, promotions, or products may be limited or disabled.

Information from Third Parties

As stated above, Whistle is a service provider to our Clients. The Platform and Services may include functionality that allows certain kinds of interactions between you and the Client. The use of this functionality may involve the Client or a third-party site providing your Personal Information to us. Our receipt of this information is always controlled by a written agreement with the Client that contains specific provisions about our ability to use your Personal Information. We cannot use your Personal Information for any purpose other than fulfilling the business relationship with the Client.

For example, we may provide links on the Platform to facilitate sending a communication to/from the Platform to the Client, or we may use third parties to facilitate emails or postings to social media (like a “Share” or “Forward” button for Facebook, Instagram or LinkedIn). The Client or these third parties may retain any information used or provided in any such communications or activities and their privacy practices may be subject to different Terms or Privacy Policies. We may not control or have access to your communications through these third parties. Further, when you use third-party sites or services, you are using their services and not our services and they, not we, are responsible for their practices. 

How We Use Your Information

We may use your information for various purposes, including the following:

• Responding to your requests for information;

• Providing the Platform, products or Services to you and to our Clients;

• Verifying your identity and for fraud prevention;

• Processing your payments (we use a third-party processor for payments and never retain your payment card information);

• Providing you with updates and information about products and Services we provide;

• Sending you marketing information about Whistle or about our Client(s);

• Sending you email communications such as electronic newsletters about our Services, events and promotions, as well as periodic customer satisfaction, market research or quality assurance surveys that may be of interest to you;

• Improving the effectiveness of our Platform, our marketing endeavors, and our product and service offerings;

• Customizing your experience on the Platform;

• Identifying your product and service preferences, providing personalized content and ads and informing you of new or additional information, products and services that may be of interest to you;

• Helping us address problems with and improve our Platform and our products and Services, including testing and creating new products, features, and services;

• Providing mobile marketing messages and other communications and messages; 

• Protecting the security and integrity of the Platform, including understanding and resolving any technical and security issues reported on our Platform;

• Engaging in analysis, research, and reports regarding the use of our Platform and Services;

• For internal business purposes (including but not limited to HR-related functions for applicants and employees, such as evaluating your employment application or administering employee benefits, such as medical, dental, commuter and retirement benefits, including recording and processing eligibility of dependents, absence and leave monitoring, insurance and accident management, rewards or discount programs offered to employees); 

• Complying with the law and protecting the safety, rights, property or security of Whistle, the Services, and the general public; and

• For other purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Policy
  

Disclosure of Your Information

We may be required under our agreement(s) with our Clients to share your Personal Information and preferences with them. We also may share your information, including your Personal Information, with our affiliates, service providers, business associates, and other third parties that perform essential services for us; for example, a payment processor, a cloud-service or internet service provider, an email marketing vendor, a customer service provider, or entities that handle other business functions for us. 

As permitted by law, we insist that these partners follow the same rules and standards with respect to your personal information as we do, and we typically have a contractual agreement in place with the other party which prohibits them from disclosing or using the information other than for the business purposes for which it was disclosed.

In addition, we may disclose your information to companies with whom we have marketing or other relationship for direct marketing purposes. (If you are a California resident, you may have additional rights with respect to the transmission of your information for this purpose. Please see the section entitled “Your California Privacy Rights” below for more information.) We may also share the information we have collected about you, including your Personal Information, in ways other than as described in this Privacy Policy if they are disclosed at or before the time you provide your information.

We may aggregate, de-identify, and/or anonymize any information collected through the Platform or Services such that such information is no longer linked to your personally identifiable information. We may use and share this aggregated and anonymized information (which is no longer considered Personal Information) for any purpose, including without limitation, for research and marketing purposes, analytics, and may also share such data with our affiliates and third parties, including advertisers, promotional partners and others.

Certain Personal Information about you may also be disclosed in the following situations: 

• To comply with a validly issued and enforceable subpoena or summons;

• As necessary to properly comply with or respond to an inquiry or complaint from a federal or state agency;

• In conjunction with a prospective purchase, sale, or merger of all or part of our practice, provided that we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review; and

• As a part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us, provided we disclose only the information necessary to file, pursue, or defend against the lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record.

Cookies and Other Tracking Technologies

We may use various methods and technologies to store or collect information about you (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies used on the Site or Apps, include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):

• • Cookies. Cookies are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. 

  • Web Beacons. A Web Beacon is a small tag (which may be invisible to you) that may be placed on our Site’s pages and messages.

  • Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on. 

• ETag, or entity tag. An Etag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. 

• Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.

• Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user). 

We may use Tracking Technologies for a variety of purposes, including:

• • To allow you to use and access the Site or Apps, including for the prevention of fraudulent activity and improved security functionality;

• To facilitate navigation, display data more effectively, collect statistical data, personalize your experience while using the Online Services and recognize your computer to assist your use of the Online Services;

• To assess the performance of the Site or Apps, including as part of our analytic practices or otherwise to improve the design and functionality, content, products or services offered through the Site or Apps;

• To offer you enhanced functionality when accessing the Site or Apps, including identifying you when you sign into our Site or Apps or keeping track of your specified preferences or to track your online activities over time and across third-party sites; and

• To deliver content relevant to your interests on our Site, Apps and third-party sites based on how you interact with our content.

You can choose whether to accept cookies by changing the settings on your browser. If you choose not to enable cookies, you will still be able to browse our Site, but doing so will restrict some of the functionality of our Site and what you can do. To learn more, please see our Cookie Policy. 

We may also collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/ and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout. You can learn more about Adobe and opt out by visiting http://www.adobe.com/privacy/opt-out.html.

Do Not Track Signals

Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals), but there is no universally agreed-upon standard for what a company should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. You can learn more about Do Not Track here. 

Ads and Information About You

We, and certain third parties operating on or through our Platform, may engage in online behavioral advertising. This form of advertising includes various parties and service providers, including third party data controllers, engaged in the processing of personal data in connection with advertising, and may also use Device and Usage Information, as well as Personal Information, in order to deliver more relevant advertising to you. The parties that control the processing of Personal Information for behavioral advertising may track your online activities over time and across third party websites and online services by collecting information through automated means, including through the use of the Tracking Technologies described above. The information they collect may include information about your visits to our Site(s), such as the pages you have viewed. In some cases, these parties may also develop and assess aspects of a profile about you to determine whether you are a type of person the company wants to advertise to, and determine whether and how ads you see are effective, and these third parties may augment your profile with information derived from these observations.  This collection and ad targeting takes place both on our Site(s) and on third-party websites that participate in the advertising network. This process also helps us track the effectiveness of our communications and marketing efforts. See “Your Choices About the Information We Collect,” “Your Data Protection Rights Under GDPR” and “Your California Privacy Rights” for information about how you may be able to limit or opt out of this Processing.

Your Choices About the Information We Collect 

You have choices when it comes to how we use your information, and we want to ensure you have the information to make the choices that are right for you.

If you no longer want to receive marketing-related emails, you may opt out by following the instructions in any such email you receive from us or contacting us at compliance@trywhistle.com.

If you would prefer that we not share your name and mailing address with third parties (other than with our affiliates) to receive promotional offers, you have the option to opt out of such sharing. To do so, please email us at compliance@trywhistle.com. Your choice will not affect our ability to share information in the other ways described in this Privacy Policy.

If you no longer wish to receive SMS messages, you may need to contact the Whistle Client who provided us with your information based on consent they received at the time of opt-in. While Whistle also provides tools to collect or withdraw consents from users for SMS messaging via an SMS opt-in/opt-out process, a voice responses, electronic response, or other appropriate methods (please refer to the method of communication for opt-out instructions), Whistle’s Clients, as the controllers of the data, remain wholly responsible for obtaining any necessary consent and giving effect to users’ choices. Our SMS services are available to users on the following mobile carriers in the United States: AT&T (includes Cricket), Sprint, T‑Mobile (includes MetroPCS), US Cellular, and Verizon, and may not be available to all users. Normal messaging and data rates may apply. 

Children’s Privacy

The Platform and our Services are not intended for use by children under the age of 16. We do not request, or knowingly collect, any Personal Information from children under the age of 16. If you are the parent or guardian of a child under 16 who you believe has provided her or his information to us, please contact us at compliance@trywhistle.com to request the deletion of that information. 

Security

We use reasonable organizational, technical and administrative measures to protect Personal Information. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contact Us” section, below. 

Links to Other Web Sites

For your convenience, the Platform and this Privacy Policy may contain links to other websites. Whistle is not responsible for the privacy practices, advertising, products, services, or the content of such other websites. None of the links on the Platform should be deemed to imply that Whistle endorses or has any affiliation with the links. Please see our Terms of Use for more information.

Updating Personal Information

We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please contact us at compliance@trywhistle.com. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records). 

International Data Transfers 

We operate in and use service providers located in the United States. Because Whistle works with global companies and technologies, we may transfer your personal information outside of the country in which it was originally provided. When we transfer Personal Information outside of these areas, we take steps to make sure that appropriate safeguards are in place to protect your personal information. As a result, if you are located outside the U.S., we are notifying you that your Personal Information may be transferred to the U.S. pursuant to the Standard Contractual Clauses or other adequacy mechanisms, or pursuant to exemptions provided under European Union laws. Note that U.S. data protection laws may not offer the same level of protection as those in the European Union. 

Your Data Protection Rights under the General Data Protection Regulation (GDPR)

This section of the Privacy Policy applies solely to visitors, users, and others who reside or are located in the European Economic Area (“EEA”). We adopted this Policy to comply with European privacy laws, including the General Data Protection Regulation (“GDPR”). Any terms defined in the GDPR have the same meaning when used in this Section.

If you are a resident of or located within the EEA, you have certain data protection rights. These rights include:

• The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Information by contacting us at the contact information below. 

• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

• The right to object. You have the right to object to our processing of your Personal Information.

• The right of restriction. You have the right to request that we restrict the processing of your Personal Information.

• The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.

• The right to withdraw consent. You also have the right to withdraw your consent at any time where Whistle relied on your consent to process your Personal Information.

Legal Basis for Processing Personal Information Under GDPR

In most instances, Whistle is a processor of Personal Information; however, in some instances Whistle may be a controller of Personal Information. Whistle’ legal basis for collecting and using the Personal Information described in this section depends on the Personal Information we collect and the specific context in which we collect it.

Whistle may collect or process your Personal Information because:

• We need it to provide a service to you;

• You have given us your consent to do so;

• The processing is in our legitimate interests and it is not overridden by your rights; or

• To comply with the law.

Retention of Information

Whistle will retain your Personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your personal information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Whistle will also retain Personal information, including Usage Data, for internal analysis purposes. Usage Data is data collected automatically either generated by the use of the Site or from the Site infrastructure itself (for example, the duration of a page visit). Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site or we are legally obligated to retain this data for longer periods.

Disclosure of Personal Information

Under certain circumstances, Whistle may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

Legal Requirements

Whistle may disclose your Personal Information in the good faith belief that such action is necessary to:

• To comply with a legal obligation; 

• To protect and defend the rights or property of Whistle; 

• To prevent or investigate possible wrongdoing in connection with the Service; 

• To protect the personal safety of users of the Service or the public; and/or

• To protect against legal liability.

Exercising Your Rights Under GDPR

If applicable, you may exercise any of your rights under the GDPR by submitting a verifiable data subject request to us by using the details in the Contact Us section below. You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of the EEA by including your country of citizenship or residence in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in the EEA in order to obtain the information. We will respond to your request within 30 days or let you know if we need additional time. 

Please note that we will ask you to verify your identity before responding to such requests, and we may deny your request if we are unable to verify your identity or authority to make the request.

Should you wish to raise a concern about our use of your data (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us at compliance@trywhistle.com. 

For more information about the GDPR, please contact your local data protection authority in the EEA. 

Your Additional Data Protection 

Rights Under the Lei Geral de Proteção de Dados (LGPD)

If you are located in the national territory of Brazil, you have certain additional data protection rights under the Lei Geral de Proteção de Dados (“LGPD”). These rights include:

• The right to confirmation of the existence of the processing;

• The right to access the data;

• The right to correct incomplete, inaccurate or out-of-date data;

• The right to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD;

• The right to the portability of data to another service or product provider, by means of an express request;

• The right to delete personal data processed with the consent of the data subject;

• The right to information about public and private entities with which the controller has shared data;

• The right to information about the possibility of denying consent and the consequences of such denial; and

• The right to revoke consent.

Legal Basis for Processing Data Under the LGPD

Whistle’s legal bases for collecting or processing your Personal Information are as follows:

• We need to provide a service to you;

• You have given us your consent to do so;

• The processing is in our legitimate interests and it is not overridden by your rights; or

• To comply with the law.
  

Duration of Processing

Whistle will process and retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Whistle will also retain Personal Information and usage data for internal analysis purposes. Usage Data is data collected automatically either generated by the use of the Site or from the Site infrastructure itself (for example, the duration of a page visit). Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site or we are legally obligated to retain this data for longer periods.

Exercising Your Rights Under the 

LGPD

If applicable, you may exercise any of your rights under the LGPD by submitting a verifiable data subject request to us by using the details in the Contact Us section below. You may make a request related to your personal information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of Brazil in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in order to obtain the information. We will respond to your request within 15 days or let you know if we need additional time. 

Your California Privacy Rights

This section of the Privacy Policy applies solely to California residents. We adopt this Policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this Section.

California residents have the following rights:

• The right to know what personal information is being collected about you;

• The right to know whether your personal information is sold or disclosed and to whom;

• The right to access your personal information;

• The right, in certain circumstances, to delete the information you have provided to us; 

• The right to opt out of the sale of personal information; and

• The right not to be discriminated against, even if you exercise your privacy rights
  

Request for Information or Deletion

California consumers have the right to request, under certain circumstances, that a business that collects personal information about the consumer disclose to the consumer the information listed below for the preceding 12 months:

• The categories of personal information collected about you;

• The categories of sources from which we collected your personal information;

• The categories of personal information that we have sold or disclosed about you for a business purpose;

• The categories of third parties to whom your personal information was disclosed for a business purpose;

• Our business or commercial purpose for collecting or selling your personal information; and

• The specific pieces of personal information we have collected about you.

Whistle collects certain types of personal information about you during your relationship with us, as explained above. In particular, our Site and Apps have collected the following categories of Personal Information from consumers within the last twelve (12) months:

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

You can also request that we delete your personal information. There may be certain exceptions to our obligation to delete your information such as if you have an existing account or transaction with us or if we have a legitimate business reason to keep your information. 

Do Not Sell My Personal Information

As a California resident, you also have the right, at any time, to tell us not to sell personal information – this is called the “right to opt-out” of the sale of personal information. At this time, we do not sell our consumers’ personal information to third parties. We will, however, honor your request to opt out of any marketing emails or correspondence. 

Right Not to Be Discriminated Against

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

• Provide you a different level or quality of goods or services.

• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

Third Party Marketing

California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. As stated above, we are usually required to provide your Personal Information to our Clients, as they are the ultimate controllers of the information. We do not currently disclose personal information protected under this section to other third parties for their own direct marketing purposes. 

Exercising Your Rights Under the 

CCPA

You or your authorized agent may make a request to access, correct, delete or opt-out of the sale of your information by visiting by contacting us as follows:

• Email Address: compliance@trywhistle.com 

If you use an authorized agent to submit your CCPA request, we may require proof of the written authorization you have given to the agent. We also may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request twice in a 12-month period. For emails, please include “California Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a California resident. We will acknowledge your request within 10 days and respond to your request within 45 days or let you know if we need additional time. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

Changes in Privacy Policy

We may elect to change or amend our Privacy Policy; in such event, we will post the policy changes in our Privacy Policy on the Platform, and they will become effective on the date posted. If you are concerned about how your personal information is used, please visit this Site often for this and other important announcements and updates.