Virginia Privacy Policy

Last Updated: August 2023

This Virginia Privacy Notice (this “Virginia Notice”) supplements the information contained in our Privacy Policy and applies to residents of Virginia.  This Virginia Notice is meant to cover the requirements of and our activities subject to the Virginia Consumer Data Protection Act (the “VCDPA”).

When we use the term “personal data” in this Virginia Notice, we are referring to information that is linked or reasonably linkable to an identified or identifiable natural person, such as your real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.  Personal data does not include de-identified data or publicly available information or information that is regulated by certain other applicable laws and exempt from the requirements of the VCDPA, such as personal health information subject to The Health Insurance Portability and Accountability Act of 1996.

Your Rights and Choices under the VCDPA
Information Retention
Our Sources for Personal Information
Our Business Purposes for Collecting Personal Information
Sharing Personal Information for a Business Purpose
How to Contact us to Exercise Your VCDPA Rights
Verification of Requests and Authorised Agents

Your Rights and Choices under the VCDPA

Right to Know & Data Portability

You have the right to request that we disclose certain information to you about personal data we collected about you. Such information shall cover the 12-month period preceding our receipt of your request. Upon our receipt of your verified request, we will provide you with the following in a portable and usable format (to the extent technical feasible) at no charge to you:

  • The categories of personal data we have collected about you, and the specific pieces of personal data we have collected about you.
  • The categories of sources from which we collect your personal data.
  • The business or commercial purpose for collecting, selling, or sharing your personal data.
  • The categories of third parties with whom we have shared your personal data for a business or commercial purpose.

You may only make a verifiable “Right to Know” request twice within a 12-month period.

Right to Opt-Out 

We do not sell your personal data or engage in targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you; however, we are required to let you know that you have the right to opt-out of the sale or your personal data or use of your data for targeted advertising or certain profiling if we ever engage in such activities as defined by the VCDPA.

Right to Delete

You have the right at any time to request that we delete your personal data. However, in some cases we cannot delete all or some of your personal data as required or permitted by applicable laws.

Right to Correct

You have the right to request that we correct inaccurate personal data that we maintain about you taking into account the nature of the personal data and the purposes of the processing of the personal data. However, in some cases, we may deny requests to correct inaccurate personal data, or may alternatively delete such personal data.

Right to Non-Discrimination

We will not discriminate against you for exercising your rights under the VCDPA, such as by denying you products and services, charging you different rates or prices, including use of discounts or penalties, or suggesting or providing a different level of service or quality of products to you. However, we may charge a different price or provide a different level or quality of products and services if the price or difference is directly related to the value provided to you by your personal data.

We do not offer financial incentives of any type related to your personal data.

Information We Collect

In the preceding 12 months, we have collected categories of personal data listed below.  For more details about the specific data points we may collect, please see the “What kind of data is being collected” section in our Privacy Policy.

  • Category of Information
    A. Identifiers
    Examples
    Email address, alias, IP addresses, device identifiers, identifiers such as a real name and account information.
    Category of Information
    B. Personal data categories listed in the VCDPA
    Examples
    Name and contact information provided when you create your account with social logins, education and profession if you choose to provide this information when we conduct marketing surveys. Some personal data included in this category may overlap with other categories.
    Category of Information
    C. Commercial information
    Examples
    Products or services you considered, transaction information, purchase history, either directly or through a third party payment processor as described in our Privacy Policy.
    Category of Information
    D. Internet or other similar network activity
    Examples
    Browser type, frequency and time and date of visits to our Services, operating system, website activity, and information about and from your device, including but not limited to device ID, device language, and operating system.
    Category of Information
    E. Geolocation data
    Examples
    Approximate location based on IP address.
    Category of Information
    F. Audio, electronic, visual, or similar information
    Examples
    Images, visuals and similar information, such as those associated with the social logins you use to connect to our Services or when you create an account with us or when you provide those to us in connection with the Services we provide to you.
    Category of Information
    G. Inferences drawn from other personal information.
    Examples
    We may draw inferences drawn from any of the information identified above to reflect preferences, create profiles of users and those that interact with us reflecting a person’s preferences, behavior, attitudes, intelligence, abilities, and aptitudes, so that we may contact you with messaging that may interest you.

We do not collect, and please do not provide to us certain sensitive data (as defined in the VCDPA), including but not limited to racial and ethnic information, and information about one’s sexual orientation, and genetic data, biometric or health information.

Information Retention

In general, we will retain your personal data for as long as is necessary for the purposes set out in our Privacy Policy and the business purposes set forth below, or for longer (a) as required under any applicable legal, regulatory, accounting, or reporting requirements; (b) based on the agreement you have with us; or (c) in order to resolve disputes or enforce our agreements.

Please note that we are not required to: (i) retain any personal data about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained; or (ii) re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal data.

Our Sources for Personal Information

We collect personal information from you from the sources described in the “What Kind of Data is Being Collected” section of our Privacy Policy.

Our Business Purposes for Collecting Personal Information

The personal data we collect from you is being used for the business purposes described in the “What is this data being used for” and “Who is my data disclosed to” sections of our Privacy Policy.

Sharing Personal Information for a Business Purpose

We may disclose your personal information for the business or commercial purposes set forth in the “Who is my data disclosed to” section of our Privacy Policy and/or or as otherwise required or permitted by law in connection with our business.

How to Contact us to Exercise Your VCDPA Rights

To submit a request to exercise your “Right to Know” “Right to Correct” or “Right to Delete” provided in this notice, please use either of these two methods:

  1. email legal@goodnotes.com or Support Services via support@goodnotes.com
  2. submit request through the web form provided at https://support.goodnotes.com/hc/en-us/requests/new

We will evaluate the request and take action where required to do so. 

We will confirm receipt of your request within 10 business days and will provide information about how we will process your request. We endeavour to respond to your request as soon as we can, within the timeframes permitted under the VCDPA. If we are not able to respond to your request within 45 days, we will let you know within that timeframe that we may require additional time (up to 90 total days).

You may have the right to appeal our refusal to a request you make, and instructions on how to avail yourself of the right to appeal will be included in any communication related to your request.  We will reply to appeals informing you of any action taken or not taken in response to your appeal within 60 days of the receipt of your appeal.

Verification of Requests and Authorised Agents

Depending on the nature of your request, we may have to verify your identity when you contact us to exercise your rights.  Our verification process may vary depending on the nature of your request. However, generally, we will verify your request by asking you to:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm that the personal data relates to you.

Legal

Privacy Policy
California Privacy Policy
Virginia Privacy Notice
Cookie Policy
Terms and Conditions
Take Down Requests Notice
Goodnotes uses cookies to enhance user experience and analyze traffic. Details of which cookies we use are available at our Cookie Policy. By continuing to browse the site, you accept cookies. You can withdraw your consent by adapting your preferences in the ‘preferences’ section.
PreferencesDenyAccept