BriteBox LLC
Privacy Policy

The following sets forth the policies for the collection and use of personally identifiable information (“Information”) by BriteBox LLC (together with its affiliated companies, “BriteBox LLC”) in connection with its operation of the Web site located at (the “Site”).  BriteBox LLC takes its obligations regarding privacy very seriously, and it wants to ensure users are fully informed about the Information they are providing to it.

Collection of Information.

In connection with the Site, BriteBox LLC may collect Information in the following ways:

• Through registration forms filled out by a user on the Site
• Through Information provided by a user in connection with the purchase of products or services on the Site
• Through the maintenance and analysis of Web server logs
• Via e-mail sent by a user to BriteBox LLC
• Through the use by BriteBox LLC of third-party databases from which user Information is extracted and combined with Information obtained by BriteBox LLC through other means.

BriteBox LLC may also connect non-personally identifiable information from users via “cookies” (small text files placed by BriteBox LLC on user computers), single-pixel GIF image files (also called “Web beacons”), Web server log analysis and other similar technological means.  Such non-personally identifiable information may be used to track site trends and enhance the user experience, and may be shared with third parties.
To the extent third parties may place advertising on the Site, such third parties may utilize cookies or other technological means within the advertising to collect and utilize non-personally identifiable information.  BriteBox LLC is not responsible for information collected by third parties in this manner, nor for the collection or use of Information by other sites to which the Site is linked.

Types of Information Collected by BriteBox LLC.

The following types of Information about a user are among those that may be collected by BriteBox LLC in connection with the Site:

• Name
• Postal address
• E-mail address
• Telephone number
• Cellular telephone number
• Facsimile number
• Payment information (e.g. credit card numbers and billing addresses), if purchases or payments are made
• Banking information
• Social Security number
• Date of birth
• Age except with any offer of credit
• Gender except with any offer of credit
• Other demographic information (e.g. occupation, income range)
• IP Address
• Referring site
• Other technical information collected by the Site’s servers.

Sharing Personal Information with Third Parties.

We may share, sell or trade your personal information gathered online with third parties. We will share your information in order to provide services and process your requests. We may share your personal information with our corporation affiliates and business united within the same corporation.

By completing the online form you expressly consent to receive text message, autodialed and/or prerecorded calls from us, our marketing partners and the parties listed on the Site. I understand that consenting is not required to make any purchase.

No Collection of Information from Children.

The Site is not intended for users under the age of 18, nor does BriteBox LLC knowingly collect or retain Information in connection with the Site from children under the age of 13.

Use of Information.

BriteBox LLC may use Information collected in connection with the Site in the following ways:

• To provide requested information, products and services to users
• To improve the user experience with the Site
• In connection with the operation of the Site and BriteBox LLC’s internal business
• In connection with other Sites or offline businesses owned or operated by BriteBox LLC
• For Users to obtain information and offers for products and services offered by BriteBox LLC as well as selected third parties.

In order to do the foregoing, BriteBox LLC may provide your Information to trusted third parties, including but not limited to selected third party marketers and vendors as well as third party contractors providing services to BriteBox LLC for the operation of the Site and its business, communication services and fulfillment of orders. Email address will only be provided to a select mailing partner for the purpose of sending third-party promotional emails. BriteBox LLC will use commercially reasonable efforts to limit use of the Information by such third parties to the specific uses set forth above.  BriteBox LLC also utilizes electronic and physical security to reduce the risk of improper access to or manipulation of Information during transmission and storage, but cannot guarantee the security or integrity of the Information.

Access to Information.

Users may modify and correct certain Information through a written request sent to BriteBox LLC, 9100 Conroy Windermere Rd., Windermere, FL 34786.

Changes to this Privacy Policy.

BriteBox LLC reserves the right to revise and update this Privacy Policy at any time. Any such revisions will be effective on the date of posting to the Site, and will apply to all information collected by BriteBox LLC both prior to and following the effective date. Your use of the Site following any such revisions will be deemed your acceptance of such revisions. Users should periodically visit this page to review the current policies with regard to Information.

Opting Out from Offers from BriteBox LLC.

At any time, a user may opt out from receiving future offers from BriteBox LLC by following the instructions contained within each marketing communication.  Such opting out will not apply to any communications from third parties to whom BriteBox LLC may have provided Information regarding the user.  Third parties’ use of the Information is subject to such parties’ own privacy policies, for which BriteBox LLC shall not be responsible.

Your California Privacy Rights.

Beginning on January 1, 2005, California Civil Code Section 1798.83 permits customers of BriteBox LLC who are California residents to request certain information regarding BriteBox LLC’s disclosure of personal information for their direct marketing purposes. To make such a request, please write to: BriteBox LLC, 9100 Conroy Windermere Rd., Windermere, FL 34786.  Within thirty days of receiving such a request, BriteBox LLC will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year.  BriteBox LLC reserves its right not to respond to requests submitted other than to the address specified in this paragraph.

Many browsers including Internet Explorer, Firefox, and Google Chrome contain a “do not track” optional setting. In general, when a “do not track” setting is active, the user’s browser notifies websites that the user does not want the user’s personally identifiable information about an individual consumer’s online activities tracked over time and across different Web sites or online services. Websites are not required to honor a do not track request and as required by amendments to the California Shine the Light law, we are informing you that we do not honor such requests.

Arbitration Agreement.

Please read this Arbitration Agreement (the “Agreement”) carefully. THIS AGREEMENT STARTS WHEN YOU ACCEPT. You accept when you do any of the following things after an opportunity to review this agreement: give us a written or electronic signature; tell us orally or electronically that you accept; submit information to us on our website. This Agreement affects your legal rights and remedies and provides that disputes between you and BriteBox LLC Revenue (the “Company”), must be resolved through binding arbitration rather than in a court.

Resolution Of Claims or Disputes.

BriteBox LLC hopes to make you a happy customer and most customer concerns can be resolved quickly and to the customer's satisfaction by email our customer service department. If, however, there is an issue that needs to be resolved, this Agreement describes how both of us will proceed. Any claim or dispute between you and BriteBox LLC (or any of Company’s subsidiaries or affiliates) arising out of or relating in any way to the product or this Agreement shall be resolved through final, binding arbitration. This obligation applies regardless of whether the claim or dispute involves a tort, fraud, breach of contract, misrepresentation, product liability, negligence, violation of a statute, or any other legal theory. Included are all claims arising out of or relating to any aspect of our relationship; claims that may arise after the termination of this Agreement; and claims related to direct marketing efforts, including complaints concerning unsolicited text messages, emails, and telemarketing calls.

Limitation of Legal Remedies.

We each agree that each of us may bring claims against the other only in an individual capacity and not in a class action or representative proceeding. All arbitrations under this Agreement shall be conducted on an individual (and not a class-wide) basis, and an arbitrator shall have no authority to award class-wide relief. You acknowledge and agree that this Agreement specifically prohibits you from commencing arbitration proceedings as a representative of others or joining in any arbitration proceedings brought by any other person.

Arbitration Procedures.

A party who intends to seek arbitration must first send to the other a written Notice of Dispute describing the nature and basis of the claim or dispute and setting forth the specific relief sought. All Notices to BriteBox LLC shall be sent to the following address: BriteBox LLC, 9100 Conroy Windermere Rd., Windermere, FL 34786. Upon receipt of such Notice, the other party shall have a thirty-day period in which it may satisfy the claim against it by fully curing the dispute and/or providing all the relief requested in the Notice. After the expiration of such thirty-day cure period, you or BriteBox LLC may commence an arbitration proceeding. The arbitration of any claim or dispute under this Agreement shall be conducted pursuant to the American Arbitration Association’s (“AAA”) United States Commercial Dispute Resolution Procedures and Supplementary Procedures for Consumer-Related Disputes. These rules and procedures are available by calling the AAA or by visiting its web site at www.adr.org. The arbitration of any claim or dispute under this Agreement shall be conducted in the State of New York or in the location in which you received this Agreement or in your home state. For any non-frivolous claim that does not exceed $25,000, BriteBox LLC will pay all costs of the arbitration and will agree to conduct the arbitration through the AAA offices in your home state. For any claim under $10,000, BriteBox LLC further agrees that any hearings may be held by telephone and that BriteBox LLC will not seek attorney’s fees in the event BriteBox LLC prevails. You acknowledge and agree that each party shall pay the fees and costs of its own counsel, experts and witnesses.

Choice of Law.

This Agreement concerns a transaction in interstate commerce, and therefore shall be governed by the United States Federal Arbitration Act, 9 U.S.C. § 1 et seq.

Severability.

If any provision of this Agreement is declared or found to be unlawful, unenforceable or void, such provision will be ineffective only to the extent that it is found unlawful, unenforceable or void, and the remainder of the provision and all other provisions shall remain fully enforceable.

PRIVACY NOTICE FOR RESIDENTS OF CALIFORNIA, VIRGINIA, COLORADO, CONNECTICUT, AND UTAH

This PRIVACY NOTICE FOR RESIDENTS OF CALIFORNIA, VIRGINIA, COLORADO, CONNECTICUT, AND UTAH (“Notice”) supplements the information contained in the Privacy Policy and applies solely to those individuals who have consumer privacy rights under the following laws ("consumers" or "you"): the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (together "CCPA"), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Utah Consumer Privacy Act (“UCPA”).

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). We have collected the following categories of personal information from consumers within the last twelve (12) months:

Categories	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	NO
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
G. Geolocation data.	Physical location or movements.	NO
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO

Public information does not include:

• Publicly available information from government records.
• De-identified or aggregated consumer information.
• Information excluded from the CCPA, VCDPA, CPA, CTDPA and UCPA’s scope, like:
• • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you.
• Indirectly from you. For example, through information we collect from our clients in the course of providing services to them.
• Directly and indirectly from activity on our website.
• From third-parties that interact with us in connection with the services we perform.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

• To fulfill or meet the reason for which the information is provided.
• To provide you with information, products or services that you request from us.
• To provide you with email alerts.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
• To improve our website and present its contents to you.
• For testing, research, analysis and product development.
• As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA, VCDPA, CPA, CTDPA or UCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.
Category B: Customer Records personal information categories.
Category F: Internet or other similar network activity.

We disclose your personal information for a business purpose to the following categories of third parties:

• Our affiliates.
• Service providers.
• Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
• Third party marketers who we feel you will benefit from their services.

In the preceding twelve (12) months, we have not sold any personal information.

Your Rights and Choices

You have specific rights regarding their personal information. This section describes your CCPA, VCDPA, CPA, CTDPA and UCPA’s rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
• • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
7. Comply with a legal obligation.
8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Calling us at (855) 918-0447
• By writing us at: BriteBox LLC, 9100 Conroy Windermere Rd., Windermere, FL 34786
• Visiting https://docs.britebox.io/ccparequest.aspx to fill out a request form.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If we deny your request, you may have the right to appeal our decision. We will respond to appeals from Virginia and Connecticut residents within 60 days. We will respond to appeals from Colorado residents within 45 days.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA, VCDPA, CPA, CTDPA and UCPA rights. Unless permitted by the CCPA, VCDPA, CPA, CTDPA and UCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.

Contact Information

If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights, please do not hesitate to contact us at:

Phone: (855) 918-0447
Website: www.briteboxllc.com
Email: info@briteboxllc.com
Postal Address: BriteBox LLC
Attn: Privacy Compliance Officer
9100 Conroy Windermere Rd.
Windermere, FL 34786

Policy Last Revised: Oct 5, 2023