Forrester Recognizes Opal in The Marketing Operations Management Solutions Landscape >

Privacy Policy

Last Updated: 02/12/2026, Reviewed: 02/12/2026

Our Privacy Policy is critical to establishing and maintaining trust with you and our customers. At Opal, we believe you should know what data we collect, how we use it, and have meaningful control over both. By accessing Opal’s Website or by using any of Opal’s services or solutions in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and that you have read and understood this Privacy Policy. This Privacy Policy explains how Opal collects, uses, discloses, and otherwise processes Personal Data in connection with Opal’s website (the “Site”) and the Opal Platform. Where required by applicable law, we will obtain your consent for certain processing activities (for example, certain cookies and similar tracking technologies) and provide you with choices and controls as described below.

For clarity, your use of the Site or the Opal Platform is subject to the applicable terms governing that use (including the applicable Opal terms of service or customer agreement including software license agreements).

Scope

In Scope

This Privacy Policy describes how we collect and use your Personal Data when you visit our website (the “Site”) or use the Opal Platform as a licensed subscriber. “Personal Data,” means the data that relates to you as an identified or identifiable natural person, such as your name, email, or other identifying information.  By “Opal Platform,” we mean the cloud-hosted Software-as-a-Service (SaaS) software platform offered by Opal, including all desktop and mobile applications, Opal adapters, APIs, SDKs, and other applications or integrations we make available as part of the Platform.

This Privacy Policy applies when Opal acts as a “controller” (or similar role) for Personal Data, such as when you visit the Site, request a demo, or otherwise interact with Opal directly. When you use the Opal Platform through an Opal customer (for example, your employer), Opal generally processes Customer Data and end-user information on behalf of that customer and in accordance with the applicable customer agreement and data processing terms.

Out of Scope

The Site may contain links to websites or content sponsored or provided by third parties. These sites and services may use their own cookies or data tracking technologies to collect data or information from you. This Privacy Policy does not apply to Personal data collected about you by third-party sites. We do not control third-party cookies’ use or collection. If you have questions about non-Opal websites, services, or other features, you should contact or refer to the third-party providers’ websites directly. To the extent you access the Opal Platform through an Opal customer (for example, your employer), that customer is responsible for providing you with any privacy notices required for its processing of your Personal Data. Opal’s processing of Customer Data on the Platform is governed by Opal’s customer agreement and applicable data processing terms.

The Site uses cookies and similar technologies. Where required by applicable law, we will request your consent before placing non-essential cookies (such as analytics and marketing cookies), and we will provide a cookie preference tool that allows you to choose (i) functional/necessary only, (ii) functional + analytics, or (iii) functional + analytics + marketing. You may change your cookie preferences at any time via Cookie Consent Preference Settings on the Site.

Who We Are

As used in this Privacy Policy, “we,” “us” or “our” means Opal Labs Inc., an Oregon corporation with principal offices located at 555 SE Martin Luther King Jr. Blvd. Suite 105, Portland, OR 97214. If you have questions about this Privacy Policy, you may contact us at privacy@workwithopal.com.

Data protection laws in certain jurisdictions differentiate between a “controller” and “processor” of Personal Data. In general, Opal is the “controller” of Personal Data we collect and process in connection with the Site and our direct business relationships (for example, demo requests, marketing communications, and account administration). When you use the Opal Platform through an Opal customer (for example, your employer), that customer generally acts as the “controller” of Customer Data and end-user Personal Data processed in the Opal Platform, and Opal generally acts as a “processor” (or “service provider”) processing such data on the customer’s instructions, as further described in the applicable customer agreement and data processing terms.

Personal Data We Collect

We collect Personal Data on the Site and within the Opal Platform as further described below. The types of Personal Data we collect, and how we use it, depend on whether you interact with us via the Site or via the Opal Platform through a customer.

THE SITE

Tracking Technologies

Opal, or Opal third-party service providers, may use tracking technologies such as cookies, web beacons, or similar technologies to collect information about your interactions with the Opal website and for other purposes specified under “How We Use Personal Data We Collect” and as described in our cookie consent banner.

Cookies are used to identify which areas of the Site you visited and your actions on the Site. Web beacons are tiny graphics with a unique identifier, used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons may be embedded invisibly on web pages or emails. You may find a list of the cookies collected and used by Opal and their respective purposes in Opal’s cookie consent banner when visiting our website. Where required by applicable law, we will obtain your consent before placing non-essential cookies (including marketing cookies), and you may adjust your preferences at any time using the cookie settings made available on the Site.

Information We Collect Automatically

As is true of most web sites, we gather certain Personal Data automatically and store it in log files. Personal Data may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. This Personal Data may be combined with other Personal Data we collect about you such as name, email, location, job role or company information (for example, if you submit a form or request a demo). 

Employment Applicants

If you apply for employment with us via the Site, we will collect your name, email address, location, phone number, work experience, and qualifications, as well as gender, race/ethnicity, and veteran/disability status. Where required by applicable law, demographic information (such as gender, race/ethnicity, or veteran/disability status) is collected on a voluntary basis and is used for equal opportunity monitoring and compliance purposes, and access is restricted where appropriate.

Sales and Marketing Information

We collect information you provide through our website, including when you submit forms or request a demo. Such data may include name, email address, telephone number and any other information you supply on submitted forms. Where permitted by applicable law, we may use this information to respond to your request, manage our relationship with you or your organization, and send marketing communications, and you may opt out of marketing emails at any time using the unsubscribe mechanism included in those emails.

The Opal Platform

General Use

Opal is a marketing planning and collaboration platform intended for employee marketing collateral collaboration and planning. The Opal Platform allows end users to upload digital assets and other marketing materials for the purpose of using Opal services. . Content may include company images, videos, designs, logos, copy for emails, websites, social media messages, and other forms of data or electronic communications (“Customer Data”), at the Customers discretion. Customer Data includes any data about our Customers, and the third parties they correspond with. Opal processes Customer Data on behalf of and at the direction of the applicable Customer, as described in the applicable customer agreement and data processing terms.

We also collect information about individuals involved in our Customers’ marketing creation process, including employees, agents and contractors, or other individuals who interact with the Opal platform(“User Information”). User Information may include Personal Data related to the individual’s department, name, job title, job duties, profile photograph, work location, work email address, work phone number, and (if provided by Customer or the user) other contact or profile information, or similar kinds of information. User Information may also include identifiers necessary to provision and administer user accounts and access to the Opal Platform.

Customer Supplied Information

We do not control or monitor the information our Customers collect, upload, store, or share through the Opal Platform, or their privacy practices or policies. Unless otherwise required by law, it is our Customer’s obligation to obtain all necessary consents and to comply with all applicable laws with respect to the Customer’s communications and use of the Opal Platform. Our Customer’s privacy policies or practices apply to Customer Data, the purposes for which the Customer collects Customer Data, how the Customer may use Customer Data and what choices the individual user may have with respect to Customer Data. If you are an end user accessing the Opal Platform through an Opal Customer (for example, your employer), and you have questions about how your Personal Data is used in the Opal Platform, please contact that Customer.

Optional Features 

Opal offers some optional features which require express consent prior to processing, such as SMS communications, which may require additional Personal Data sharing, such as phone numbers. The Personal Data that will be collected will be clearly stated and only collected to fulfill the purposes of the feature.  Where required by applicable law, we (or the Customer, as applicable) will obtain any necessary consents for such optional features.

Platform Analytics

We collect Personal Data automatically about how our users interact with the Opal Platform, including username, login credentials (e.g., username and authentication-related information), IP address, device and browser information, and access location (“Automatically Collected Information”). We do this via data collection technologies such as logs, cookies or similar technologies (as applicable). For clarity, cookie choices presented on the Site apply to the Site; the Opal Platform may use necessary cookies or similar technologies for authentication, security, and core functionality, and any additional cookies (if used) will be described in the applicable cookie notice or customer documentation.

How We Use Personal Data We Collect

In general, we process Personal Data when we have a lawful basis to do so, which may include your consent for certain processing activities (for example, certain cookies and similar technologies where required by law), for the performance of a contract with our Customer, when processing is necessary for compliance with a legal obligation to which we are subject, or based on our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require the protection of your Personal Data.

We do not use automated decision-making, including profiling that produces legal or similarly significant effects. We do not sell Personal Data for money. We may disclose Personal Data to service providers and vendors that process information on our behalf, and (where applicable) we may “share” Personal Data for cross-context behavioral advertising as described below and in the “California Privacy Rights” section. Where required by applicable law, we will provide the ability to opt out of such “sharing” (for example, via Cookie Settings and any “Do Not Sell or Share” link we provide).

THE SITE

We use Personal Data collected on the Site in the following ways:

  • To communicate with you; We use information about you to communicate with you in response to any inquiries, or to send you product and website updates, information about upcoming events, support communications, or to answer other questions about the Opal Products. Where required by applicable law, we will provide choices regarding marketing communications (including an unsubscribe mechanism).
  • To process job applications; If you submit a job application through our website, we use Personal Data to respond to qualified applicants and to comply with related legal obligations.
  • To promote and market the Opal product; We may use web beacons or other website analysis tools to determine whether our education, outreach, or marketing campaigns are successful. Generally, we use these technologies to manage content, analyze trends, monitor page visits and content downloads, administer the Site, track users’ activities around the Site, and to gather demographic information about our Site user base as a whole. Where we use advertising or marketing cookies (for example, pixels or tags provided by advertising partners), they may be used to measure campaign performance and, where enabled, to support interest-based advertising. Where required by applicable law, we will obtain your consent before using non-essential cookies (including marketing cookies), and you can manage your cookie preferences via our cookie consent banner/settings. 
  • To investigate or deter against fraudulent, unauthorized, or illegal activity; We may use personal information for different purposes, like market analysis, traffic flow analysis and reporting, or information based on clickstream data. We use this information for a variety of purposes to examine our traffic in aggregate, to investigate misuse of our network or its users, or to cooperate with law enforcement. 
  • To customize or personalize your online experience; We may link, combine, or supplement the Personal Data you provide us with other Personal Data we obtain from cookies. We do this to help understand your needs and provide you with better products and services, to identify you when you return to our Site, to display or provide you with relevant content or communications or to pre-populate forms. This may include functional cookies and, if you consent where required, analytics and marketing cookies.
  • To comply with legal obligations. In some cases, we have to process personal information to comply with applicable laws and regulations. For example, to respond to a request from a regulator or to defend a legal claim. We may also process personal information in the performance and operation of our business, such as to conduct internal audits and investigations or for finance and accounting and archiving and insurance purposes.
  • To otherwise fulfill the purpose for which the Personal Data was provided or as otherwise compatible with the purpose for which it was collected.

Updating and Deleting Personal Data

Please refer to the ‘Your Rights’ section of this policy. If you use the Opal Platform through an Opal customer (for example, your employer), requests to access, correct, or delete Customer Data should generally be directed to that customer.

Lawful Basis 

The legal basis for the processing of Personal Data on The Site is our legitimate interest (Art. 6(1)(f) of the GDPR)  in certain circumstances, such as operating and securing the Site and responding to inquiries. Where you submit forms, request a demo, or otherwise engage with us, we may process Personal Data as necessary to take steps at your request and/or to perform a contract, and/or based on our legitimate interests, depending on the context. Consent is the legal basis used for analytical or marketing cookies where required by applicable law. 

For clarity, Opal may rely on different legal bases depending on your jurisdiction and the specific processing activity (for example, contractual necessity, legitimate interests, compliance with law, and, where required, consent).

The Opal Platform

We treat Customer Data and User Information as the confidential and proprietary information of you or our Customers, as the case may be, subject to the terms of the software license agreement between Opal and the Customer. When you use the Opal Platform through an Opal customer (for example, your employer), Opal generally processes Customer Data and end-user Personal Data on behalf of and at the direction of that customer, as described in the applicable customer agreement and data processing terms.

User Information

We use User Information from the Opal Platform for the following purposes:

  • To provide access to the Opal solution;We use user information, including at a minimum your name and email address, to provide access to the Opal Platform and to create and manage individual user accounts
  • To complete financial transactions; Opal processes your information to manage and complete relevant transactions, such as issuing invoices for payments, and to enable your use of our products and services.
  • To analyze and improve the Opal Platform and services; We may use Automatically Collected Information to understand how you interact with the Opal Platform to improve the product, develop new products and features, and combine it with other information we collect for these purposes.
  • To provide our Customers and end users with certain required tools or features; We may use information to provide Customers and end users with certain tools or features in order to enable requested functionality, support workflows, personalize the platform experience, and ensure the proper performance of the Opal Platform. 
  • To provide our Customers with optional opt-in features: Your information may be processed in order to provide you with additional features, such as SMS communications. These features require affirmative and informed consent before processing where required by applicable law and/or the Customer’s configuration of the feature. 
  • To provide Customer support; We use information about you to respond to inquiries and or to provide technical troubleshooting. We may use third party service providers such as an email service provider to send out emails on our behalf or a chat widget that allows us to communicate with you. We may share your information with these service providers, and others, as necessary for them to perform their functions.
  • To communicate with you;  You may receive service-related communications (such as account, security, or product notices) that are necessary to provide the Opal Platform. Where permitted by applicable law and applicable customer arrangements, Opal may also send educational or general update communications to customer contacts, and you may opt out of marketing emails at any time. 
  • To investigate or deter against fraudulent, unauthorized, or illegal activity; We may use personal information for different purposes, like traffic flow analysis and reporting, or user behavior trend analysis. We use this information for a variety of purposes to examine our traffic in aggregate, to investigate misuse of our network or its users, or to cooperate with law enforcement. 
  • To comply with legal obligations. In some cases, we have to process personal information to comply with applicable laws and regulations. For example, to respond to a request from a regulator or to defend a legal claim. We may also process personal information in the performance and operation of our business, such as to conduct internal audits and investigations or for finance and accounting and archiving and insurance purposes.
  • To share personal experiences with our other customers; Onlyupon explicit consent from you, personal information may be processed to post testimonials or other promotional material on our sites or social media. 
  • To otherwise fulfill the purpose for which the Personal Data was provided or as otherwise compatible with the purpose for which it was collected.

Updating and Deleting Personal Data

Users may update personal information, login credentials and profile information (as applicable) by logging into the Opal Platform and updating the user account. Our Customer may contact their designated Customer Experience Manager for the account (or Opal Support (+1 (844) OUR-OPAL) to request deletion or for help updating their personal data. In some cases, we may not be able to delete User Information, and in such cases we will provide an explanation. If you are an end user accessing the Opal Platform through an Opal customer, requests to access, correct, or delete Customer Data should generally be directed to that customer.

Lawful Basis

The legal basis for processing of Personal Data for the purpose of process improvement, the security of our information and product communications is our legitimate interest (Art. 6(1)(f) of the GDPR). Processing of the data required to supply the Opal Platform is processed on the basis of contractual necessity (Art. 6(1)(b) of the GDPR). Processing which require additional Personal Data that are not necessary to use Opal services, such as marketing activities or optional features, are processed on the basis of consent (Art. 6(1)(a) of the GDPR) where required by applicable law. 

When Opal processes Customer Data as a processor on behalf of an Opal customer, the customer determines the lawful basis for processing under applicable law, and Opal processes such data in accordance with the customer’s instructions and applicable data processing terms.

Who We Share Personal Data With

We may share Personal Data in the following circumstances:

  • Business Transfers – In connection with, or during negotiations for, a merger, acquisition, financing, or sale of company assets.
  • Affiliates – With our affiliates, including current and future parent companies, subsidiaries, and other entities under common ownership or control, for the purposes described in this Privacy Policy.
  • Marketing and Analytics – With analytics providers, advertising partners (where enabled), or search engine providers to analyze usage, improve our websites, and optimize the user experience (and, where required by applicable law, subject to your cookie preferences/consent).
  • Legal Compliance – Where required or permitted by law, regulation, legal process, or government request.
  • Service Providers – With vendors or agents who perform services on our behalf, such as securing systems or providing operational support. These third parties must comply with our data privacy and security requirements and are prohibited from using Personal Data for other purposes. Where required by applicable law, we will enter into appropriate contractual protections with such vendors (for example, data processing terms). A list of third-party processors can be found at: workwithopal.com/sub-processors
  • Automatically Collected Information may be disclosed in anonymized or aggregated form for marketing, analytics, or research purposes.

For clarity, Opal may also disclose Personal Data at your direction or with your consent (where applicable).

How Long We Keep Personal Data

We will only retain the Personal Data which is processed by us for as long as it is necessary in relation to the purposes for which it was collected or otherwise processed (including to comply with legal obligations, resolve disputes, enforce agreements, and protect our legal rights). 

Website Visitors

Website Visitor information is retained unless non-necessary cookies are opted out of or until deletion is requested. You may manage cookie preferences at any time via the cookie consent banner/settings and your browser controls. To request deletion of Personal Data we process as a controller, please refer to the ‘Your Rights’ section of this policy.

Job Applicants

Job Applicant Data for candidates not selected for employment is retained for a period of three years, unless a shorter retention period is required by applicable law or we elect to delete it sooner. To request deletion of your data, please refer to the ‘Your Rights’ section of this policy.

The Opal Platform

Customer data is deleted 60 days following contract termination (subject to any applicable legal hold or contractual requirements). End user personal data is managed by the customer, and deletion of such data must be approved by an authorized representative. To request deletion of your data, please refer to the ‘Your Rights’ section of this policy. If you are an end user, you should direct requests to access, correct, or delete Customer Data to the applicable customer (for example, your employer).

Opt-Out

Website Visitors

Opal does not require that you provide Personal Data through our Site, however, if you do not wish to provide the required Personal Data requested, we may not be able to service you properly or to provide the service benefit for which the Personal Data is requested. Website visitors may opt-out of personal data collection at the time a cookie banner is displayed on the website. Where available, you may select functional cookies only, functional and marketing cookies, or all cookies, and you may update your preferences at any time via the cookie settings.

Job Applicants

Upon applying, candidates are provided with a link to their application profile. Applicants may withdraw their application or request deletion of their personal data at any time. Please refer to the ‘Your Rights’ section of this policy. 

Marketing Communications

You may opt-out of receiving marketing, product or general update emails and other business-related communications by clicking the unsubscribe link (or similar mechanism) in the received email. 

The Opal Platform

For use of the Opal Platform, unless otherwise required by law, individuals must contact their employer (our Customer) in order to correct, amend, or delete their information, or to exercise applicable rights in connection with Customer Data processed on the Opal Platform.

Cookies

Most browsers collect cookies by default. You may control cookie collection by configuring the privacy settings within your browser (Please refer to your browser’s help function to learn more about cookie controls).  Where required by applicable law, you can also manage cookies through our cookie consent banner/settings.

Information Security

We understand the need for user privacy, and we maintain reasonable and appropriate security procedures to protect your information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data. Access to user data is strictly limited to specific individuals who are trained to respect user privacy. The access given to these employees is restricted to their need for such information for business purposes. A log of those who accessed the data is maintained and monitored to prevent security breaches. We also maintain incident response procedures and will notify affected individuals and regulators where required by applicable law.

Children

The Opal Platform and Site are not intended, designed for, or directed to children under the age of 18, and we will not intentionally collect or maintain information about anyone under the age of 18. If it comes to our attention that we have received personal information about anyone under the age of 18, such information will be promptly deleted from our records.

International Data Transfers

Your information, including any Personal Data we collect from you, may be transferred, stored, and processed by us, our affiliates, or other third parties outside the country in which you reside, including, but not limited to, the United States. In such countries, data protection and privacy regulations may not provide the same level of protection as in your home jurisdiction. If you are located in the European Economic Area (EEA) or the United Kingdom (UK), your Personal Data may be processed in countries that are not subject to an adequacy decision by the European Commission or the UK government / competent authority. In these cases, we ensure that your Personal Data is protected through appropriate safeguards. We provide adequate protection for the transfer of your Personal Data to countries outside of the EEA through agreements based on the Standard Contractual Clauses (“SCC’s”) approved by the European Commission (including the SCCs adopted under Commission Implementing Decision (EU) 2021/914) and, where applicable for UK transfers, the UK International Data Transfer Agreement (“IDTA”) or the UK Addendum to the EU SCCs.

We take all reasonable steps to ensure that your Personal Data is handled securely and in accordance with this Privacy Policy. Where required by applicable law, we will provide you with additional information regarding the safeguards we use for international transfers and how to obtain a copy of them.

Supplemental Notice for the Privacy Rights to EEA, UK, and Switzerland Residents

For Customers or users located in the European Economic Area (the “EEA”), we process your Personal Data in accordance with the privacy rights and regulations under the General Data Protection Regulation (the “GDPR”). For individuals located in the United Kingdom, we process Personal Data in accordance with the UK GDPR and the Data Protection Act 2018. For individuals located in Switzerland, we process Personal Data in accordance with applicable Swiss data protection law.

Your Rights

Please refer to the ‘Your Rights’ section below.

Legal Bases

Under the GDPR, we may only collect and process your information if we have a legal basis for doing so. The following are examples of legal bases:

  • Processing is necessary for us to provide products and services to you;
  • Processing is necessary for a legitimate interest;
  • Processing is necessary to comply with a legal obligation; or
  • Processing is based on and within the scope of your consent. If our legal basis for collecting and processing your information is your consent, you may withdraw your consent at any time, but our legal basis for collecting and processing your information will apply to processing prior to the date of your withdrawal. 

Sharing Information with Others Unless prohibited by applicable law, we may share your information as follows:

  • In connection with a divestiture, merger, acquisition, sale, or similar transaction;
  • To protect our property or enforce our rights, or the rights of our affiliates, channel partners, agents, subcontractors, representatives, or services providers;
  • In response to a court order, subpoena, or warrant, or to comply with a legal requirement or cooperate with an investigation;
  • To identify persons who may be violating the law, our Terms of Service, the rights of third parties, or persons who may be otherwise misusing the Site or its related properties; or
  • With your consent, or to fulfill the purpose for which you provided the information.

To request a copy of the respective safeguards, please contact us at: privacy@workwithopal.com

Supplemental Notice for the Privacy Rights to California Residents

For Customers or users located in California, we process your Personal Data in accordance with the privacy rights and regulations under the California Consumer Privacy Act, as amended (the “CCPA”). This section describes the categories of personal information we collect, how we use and disclose it, and the rights available to California residents under the CCPA.  This section applies to Personal Data that Opal processes as a “business” (as defined under the CCPA) in connection with the Site and certain direct business interactions. To the extent Opal processes Customer Data on behalf of an Opal customer as a “service provider” or “processor,” Opal’s processing is governed by the applicable customer agreement and data processing terms, and requests regarding such Customer Data should be directed to the applicable customer.

Your Rights

Please refer to the ‘Your Rights’ section below. California residents may have the right to request (a) access to and/or deletion of personal information, (b) correction of inaccurate personal information, (c) information about our collection, use, and disclosure of personal information, and (d) to opt out of “sale” or “sharing” (as those terms are defined under the CCPA), if applicable. We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information Collected

The personal information that we’ve collected in the past 12 months may fall into the following categories specifically established under the California Consumer Privacy Act, as amended (the “CCPA”):

  • Identifiers (CCPA §1798.140(v)(1)(A)): name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name.
  • Customer Records Information (CCPA §1798.140(v)(1)(B)): telephone number, billing address, payment information, employment-related information.
  • Protected Classifications (CCPA §1798.140(v)(1)(C)): age, gender, disability status, or other classifications protected under California or federal law (Only applicable to job applicants located in California)
  • Commercial Information (CCPA §1798.140(v)(1)(D)): records of products or services purchased, obtained, or considered, or purchasing histories or tendencies.
  • Internet or Other Electronic Network Activity (CCPA §1798.140(v)(1)(F)): browsing history, search history, interactions with our website, app, or ads.
  • Geolocation Data (CCPA §1798.140(v)(1)(G)): physical location or movements (e.g., IP-based location or device settings).
  • Sensory Data (CCPA §1798.140(v)(1)(H)): audio, electronic, visual, or similar information (e.g., customer service call recordings).
  • Professional or Employment-Related Information (CCPA §1798.140(v)(1)(I)): job title, company name, professional contact details.
  • Inferences Drawn from Personal Information (CCPA §1798.140(v)(1)(K)): profile information reflecting preferences, characteristics, psychological trends, behavior, or aptitudes.
  • Sensitive Personal Information (CCPA §1798.140(ae)): racial or ethnic origin, health information, or sexual orientation (Only applicable to job applicants located in California).

For more information about the categories of personal information we collect, please see the “Personal Data We Collect” section above.

Categories of Personal Information Disclosed for a Business Purpose

The personal information that we’ve disclosed for a business purpose (including to our service providers) in the past 12 months may fall into the following categories specifically established under the CCPA:

  • Identifiers (CCPA §1798.140(v)(1)(A)): name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name.
  • Customer Records Information (CCPA §1798.140(v)(1)(B)): telephone number, billing address, payment information, employment-related information.
  • Commercial Information (CCPA §1798.140(v)(1)(D)): records of products or services purchased, obtained, or considered, or purchasing histories or tendencies.
  • Internet or Other Electronic Network Activity (CCPA §1798.140(v)(1)(F)): browsing history, search history, interactions with our website, app, or ads.
  • Geolocation Data (CCPA §1798.140(v)(1)(G)): physical location or movements (e.g., IP-based location or device settings).
  • Sensory Data (CCPA §1798.140(v)(1)(H)): audio, electronic, visual, or similar information (e.g., customer service call recordings).
  • Professional or Employment-Related Information (CCPA §1798.140(v)(1)(I)): job title, company name, professional contact details.

For more information about the categories of personal information we disclose to other parties, including to our service providers, please see the “Who We Share Personal Data With” section above.

Categories of Personal Information Shared for Cross-Context Behavioral Advertising

To the extent we “share” personal information for cross-context behavioral advertising (as defined under the CCPA), the categories of personal information may include:

  • Identifiers (CCPA §1798.140(v)(1)(A)): name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name.
  • Internet or Other Electronic Network Activity (CCPA §1798.140(v)(1)(F)): browsing history, search history, interactions with our website, app, or ads.
  • Geolocation Data (CCPA §1798.140(v)(1)(G)): physical location or movements (e.g., IP-based location or device settings).

You may opt out of “sharing” by using our [Cookie Settings] on the Site and, where required, via a “Do Not Sell or Share My Personal Information” link. We also process opt-out preference signals, such as the Global Privacy Control, where required by law. If you enable a browser-based opt-out preference signal, it will generally apply to the browser/device from which you submit the signal.

Sale of Personal Information

Opal does not sell personal information for money. To the extent “sale” is defined more broadly under the CCPA to include certain disclosures for valuable consideration, you may opt out of any such “sale” using the mechanisms described above, where applicable.

Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than permitted under applicable law.

Your Rights

Depending on where you reside, you may have certain rights regarding your Personal Data, including in connection with our collection, use, and disclosure of Personal Data, unless we have to keep the Personal Data for legitimate business or legal purposes. When updating your Personal Data, we may ask you to verify your identity before we can act upon your request. These rights may include:

  • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you, and, where applicable, to receive certain data you have provided to us in a structured, commonly used and machine readable format, and/or to obtain information about how we process it;
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete, outdated or inaccurate information we hold about you corrected;
  • Request deletion of your personal data, where provided by applicable law. In some jurisdictions (including certain U.S. states), this right may be subject to exceptions (for example, where we need to retain information to comply with law, complete transactions, provide services, prevent fraud, or protect our legal rights);
  • Request further information about the processing of your Personal Data by Opal;
  • Request a restriction or submit an objection to the processing, sharing and/or further use of your Personal Data;
  • Request your Personal Data in a portable format and/or transferred to another company or organization;
  • Object to the processing of your personal data if the processing is based on legitimate interests and there is no other lawful basis for processing;
  • Withdraw consent at any time where the processing of your personal data was based on consent. If you withdraw your consent to Opal’s processing your Personal Data, this will not affect any processing which has already taken place;

The right not to be subject to any automatic individual decisions, including profiling, which produces legal effects on you (“Automated Decision Making”) or similarly significantly affects you.

Additional rights for certain U.S. residents (including California): Depending on your state of residence and our role (e.g., “business”/controller vs “service provider”/processor), you may also have the right to (i) opt out of the “sale” or “sharing” of personal information (as defined by applicable law), (ii) limit the use and disclosure of sensitive personal information (where applicable), (iii) not be discriminated against for exercising your rights, (iv) use an authorized agent to submit a request on your behalf, and (v) appeal a denial of your request where required by applicable law. We will honor opt-out preference signals (such as Global Privacy Control) where required by law.

To exercise the rights referred to above, please contact us privacy@workwithopal.com. Please include the right you are requesting and detailed information of the request in the email so we can best serve you. If you access the Opal Platform through an Opal customer (for example, your employer), requests to access, correct, delete, or otherwise exercise rights in connection with Customer Data should generally be directed to that customer, because Opal processes such Customer Data on the customer’s behalf. You may have the right to lodge a complaint with a competent data protection authority or regulator, and (where required by applicable law) to appeal our decision regarding your request.

Questions or Complaints

If you have questions or complaints regarding our Privacy Policy or practices, please contact us at privacy@workwithopal.com or by mail to Opal Labs Inc., ATTN: Legal, 555 SE Martin Luther King Jr. Blvd. Suite 105, Portland, OR 97214. We will respond to your questions or complaints within a reasonable time frame or as otherwise required by law. Following receipt of a complaint, if necessary, we will investigate the issue and provide you with information regarding investigation and the resolution of the complaint.

Data Protection Officer

You may contact our privacy contact at privacy@workwithopal.com. Our EU Representative pursuant to Art. 27 of the General Data Protection Regulation (the “GDPR”) is:

RIVACY GmbH
Mexikoring 33
22297 Hamburg
Germany
info@rivacy.eu
https://www.rivacy.net/en/

Data Protection Authority

Under GDPR, you may lodge a complaint with the relevant data protection authority. The name and contact details of the Data Protection Authorities in the European Union can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Changes to this Policy

From time to time, we may change this policy to conform with changes to our business or as the law requires. We reserve the right to change this Privacy Policy at any time and will keep records of changes as required by applicable law.