Alesco Data

Privacy Policy

We take consumer privacy seriously. In compliance with all laws, regulations and best practices, we have implemented comprehensive and secure data handling policies which ensure privacy, security and transparency in the way we handle data.

How We Collect and Use Personal Information  

Alesco respects the privacy of every individual about whom we compile, aggregate and process information. Alesco’s primary business is focused on offering a suite of data products that focus on marketing and marketing services. We also sell data to third parties. Our clients use Alesco’s data products and services to market their own products and services to existing and prospective customers through various advertising channels including, but not limited to, direct mail, email and digital display campaigns.

Our data products contain information about individuals and households in the U.S. and are developed from publicly available information (such as tax assessor records) and from other information providers such as surveys and questionnaires.

Consumers may opt-out of our data products by emailing info@alescodata.com, or by calling (800) 701-6531.

Our Websites 

Our websites allow you to request information from Alesco and register for certain offers and services by providing your personal contact information.   All personal information is stored in our private and secure CRM system.  The information you provide will be used to support your relationship with Alesco and to facilitate the delivery of our products and services.  We may process personal information we receive from you and other sources to present you with advertisements or send you marketing communications about our products and services. We may process personal information to comply with the law, protect our rights and safety, or protect the rights and safety of others.  Alesco does not combine any personal information received from you with any information maintained in our consumer or business data products. 

Information We Collect on Our Customers: 

Alesco collects, manages, and stores the following information about our customers:  

  • Personal identifiers (name, address, phone number, email address)  
  • Online identifiers 
  • Commercial transactions specific to Alesco and affiliated companies 
  • Location data: If you are using a mobile device, we may collect location data directly from your mobile device if your device allows us to do so. Your IP address may provide an approximate geo-location 
  • Transactional information: When you purchase a product or service, we collection information about the transaction, such as the date of the purchase and location 
  • Emails: When you receive emails from us, we collection certain metrics and statistics, including whether or not you opened the email, whether you clicked on certain images or elements, or whether your computer or mobile device is capable of receiving HTML-based email 
  • Phone calls: We may monitor and/or record phone calls for quality assurance and customer satisfaction purposes. In locations where consent is required for a party to record a phone call, you consent to us recording such calls. 

Categories of Information We Disclose: 

Information Collected:  Category of Third Parties: 
Identifiers 
  • Companies provide services to Alesco Data 
  • Third parties upon a request by the user that requires we disclose certain information 
  • The Alesco Group of Companies 
  • Partners and Vendors 
  • Courts, government officials, attorneys, investigators and other third parties 
  • Counterparties in financings, asset sales or other strategic transactions 
Personal information categories listed in the California consumer records statute 
  • Companies providing business services to Alesco Data 
  • Third parties upon a request by the user that requires disclosure 
  • Partners 
  • Courts, government officials, attorneys, investigators and other third parties 
  • Counterparties in financing, asset sales or other strategic transactions 
Protected classification characteristics under California or federal law 
  • Companies providing business services to Alesco Data 
  • Third parties upon a request by the user that requires disclosure 
  • Partners 
  • Courts, government officials, attorneys, investigators and other third parties 
Commercial Information 
  • Companies providing business services to Alesco Data 
  • Third parties upon a request that requires disclosure 
  • Partners 
  • Courts, government officials, attorneys, investigators and other third parties 
  • Counterparts in financing, asset sales or other strategic transactions 
Internet or Other Network Activity 
  • Companies providing business services to Alesco Data 
  • Advertising networks 
  • Courts, government officials, attorneys, investigators, and other parties 
Geolocation Data 
  • None (except approximate geo-location data included in information in other categories) 

Data Products & Third Party Data

Customers look to our company to provide them with PII-based consumer and business data products.  We ethically aggregate data from trusted, secure third-party sources. Our customers then utilize this data to market their products and services and to better understand their own clientele.  

Our marketing data contains available public information and data aggregated from trusted third-party providers and collectors. This data is used by clients and businesses in their online and offline marketing programs and for Alesco’s own internal marketing efforts. This PII data includes information such as name, postal address, phone number, email address and social media identifiers.  We may also process information such as demographics (age, gender, marital status, date of birth), interests (lifestyle activities) and buying habits (purchases, brand affinity, channel preferences) and firmographic information (company name, job funtion, employee size, revenue, SIC/NAICS). 

As a leading data marketing provider, we comply with all industry policies and guidelines, principles and ethical practices for data collection, processing, and protection. 

Our services are not directed at children, and you may not utilize our data solutions if you are under the age of 18. We do not knowingly collect, disclose, or use data for marketing purposes for anyone under the age of 18.  

Categories of Personal Information Collected

In the last 12 months, Alesco Data has collected the following categories of personal information from the categories of sources described above. We consider this information to be personal information to the extent that it is information that uniquely identifies a person, is unique financial information, or is linked to a person’s unique identifier(s), or if it is defined as personal information by applicable state law.

 

Category

Examples

Identifiers
  • Real name, unique personal identifier, email address, or other similar identifiers
  • Postal address (in states that designate a postal address as personal information, such as California)

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Name, telephone number, credit card number, debit card number, bank account number, or other financial information, education, employment, employment history
  • Address (in states that designate a postal address as personal information, such as California)
  • Types of personal information included in the CA customer records statute that are included in other categories have not been repeated here

Protected classification characteristics under California or federal law
  • Age (40 years or older), marital status, sex (including gender), religion/creed, or veteran or military status

Commercial Information
  • Records of personal or real property, products or services purchased, obtained, or considered, type of credit card used, or other purchasing or consuming histories or tendencies.

Internet or other similar network activity
  • Browsing history, search history or information on a consumer’s interaction with a website, application, or advertisement

Geolocation data
  • Physical location or physical movements

Audio, electronic, visual, thermal, olfactory, or similar information
  • None

Professional or employment-related information
  • Current job title

Education Information
  • None (except as included in other categories)

Biometric Information
  • None

Inferences drawn from other personal information
  • Profile reflecting a person’s preferences, characteristics, predispositions, or behavior

 

How We Use Information We Collect 

We use the information we collect to operate our business, including: 

  • To provide, maintain, improve, and personalize the services we provide 
  • To connect users with professionals and other companies that receive or help us meet requests and needs for our data products and solutions 
  • To process transactions, to provide and improve customer experiences, to communicate with you about your account, changes in our policies or services, and to otherwise manage our customer relationships 
  • To market our products and services from Alesco Data, to optimize marketing campaigns and to analyze their effectiveness, distribution and reach 
  • To develop new products and services 
  • To administer promotions 
  • To detect, investigate and address technical issues, security incidents, fraudulent transactions, abuse, violations of our agreements and policies or illegal activities 
  • To comply with our legal obligations and legal process 
  • To carry out certain short-term activities and other reasonable internal purposes related to the services, the products, or services you purchase through us or your ongoing relationship with us 
  • To perform other business purposes described at the time the information is collected or as otherwise set forth in applicable data privacy laws. 

 Alesco Data will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice. 

How We Share Information 

Alesco Data receives data from, and handles data on behalf of, a variety of consumer-facing companies, applications and services, business-facing companies, and data compilers. We also may obtain data through public sources, such as census data and other public records. Some of the data we receive and use is Personal Information (PII) data. In addition, some of our services involve using and making available “business to business” (“B2B”) data, which is obtained from a number of sources, including public directories, filings and publications, surveys and subscriptions. If we share your personal information, it’s only in the following scenarios:

Alesco Group of Companies 

We share information with Alesco Data and its companies for marketing-related purposes, to allow them to improve their products and services (such as confirming or supplementing information they have about a person to classify a person as a mover), in connection with the data, technical, legal, accounting, and other services shared between the Alesco Group of Companies, and for other internal business purposes. Alesco Data will be bound by the terms of this privacy policy with respect to personal information received from Alesco Data and will use that personal information only as described in the Privacy Policy. 

Companies Providing Services to Alesco Data 

We share information with third-party vendors, consultants, and other service providers that are providing business services to Alesco Data. For example, we may share information about you with a third-party service provider that creates reports or other products ordered by users, sends out emails, serves ads to you on a third-party platform, or monitors or analyzes data. Such companies will have access to personal information only as necessary to carry out their work and are prohibited from using it for any other purpose.  

User-Directed Disclosures 

We share your personal information when you direct us to do something that requires its disclosure or when you otherwise provide your consent.  

Partners 

We share your personal information in connection with Services offered to you in conjunction with our partners or in connection with partner programs or promotions.  

If you request, access or use our services through our partners (which could be an Alesco Data company or a third party) or if you request, access or use their services through our Properties, both Alesco Data and the partner may receive your personal information.  

For example, if you sign up with Alesco Data, request services from Alesco Data or consent to receive communications from Alesco Data through a partner-promoted (A partner in this instance can be a Third Party or Data Reseller or Ad Agency or Marketer) or co-branded website or within a partner’s store, Alesco Data and that partner may share your personal information with each other. We may also disclose your personal information to partners if you participate in their promotion offered through us or you purchase or request information about a partner’s products or services from us. For example, if we offer a discount on a partner product or service through a marketing email or a website link, we may disclose to the partner personal information about our users who contact us or visit the partner’s website or their users who visit our website. 

Companies with Whom You Have an Existing Relationship 

If you are already a customer of or otherwise have a direct relationship with a business partner of Alesco Data or an Alesco Data Company (an “Existing Relationship Company”), we may disclose information about you to that Existing Relationship Company. If you are a match to a customer on the Existing Relationship Company customer list, we may provide the Existing Relationship Customer with information such as the groups or segments you belong to (such as mover or homeowner) and demographic information about you and your home (such as estimated household income and square footage), so that the Existing Relationship Company can provide you with more relevant advertising, products and services. We will not give the Existing Relationship Company your contact information, your unique personal identifiers, or your unique financial information unless for another purpose permitted in this Privacy Policy. However, the Existing Relationship Company may already have some or all of that information (because of your existing relationship with them) and they will be able to link you with the other information about you that we provide to them. 

Compliance with Laws and Policies; Protection of Rights 

We may disclose your personal information if we believe disclosure is necessary to comply with any applicable law, regulation, or legal process, to cooperate with government or law enforcement, or to avoid legal liability; to resolve complaints or disputes; to investigate and resolve technical issues, security incidents, fraud, abuse, and illegal activities; if we believe your actions are inconsistent with the spirit or language of our user agreements or policies; or to protect the rights, reputation, safety and property of Alesco Data or others. 

Strategic Transactions 

We may disclose personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business or in a bankruptcy, liquidation, dissolution, or similar transaction. In the event that we or all of our assets are acquired in such a transaction, our collected information would be one of the transferred assets. 

Professional Information 

We do not consider the business information of Professionals to be personal information. Accordingly, we may share Professionals’ business names, owner/proprietor names, business contact information and other information with third parties for any purpose. 

Your Privacy Rights and Opting Out 

As of January 1, 2023, five new state privacy laws went into effect. These states include: California, Colorado, Connecticut, Virginia, and Utah. The new laws include a definition of sensitive personal information with business obligations associated with the processing of this sensitive data. To be removed from our databases visit – Do Not Sell My Personal Information

How is “Processing” Defined?

“Processing” is defined by these laws as:

“Any operation or set of operations performed – whether by manual or automated means – on personal data or on sets of personal data, such as the collection, use, storage, disclosure, analysis, deletion or modification of personal data.”

Managing Your Personal Information 

You may request to access, update and delete your personal information anytime by emailing: info@alescodata.com, or by calling (800) 701-6531. Please note that even if your personal information is deleted from our internal database, any information that you chose to provide or opted in for any other services, will remain public and may remain and otherwise retained by users, Professionals, and other third parties which whom this information has been shared, and we may retain your information as required by law for legitimate business purposes.  

You may also request to access information or to update or correct inaccurate information by emailing us at: info@alescodata.com or writing to us at: 4575 Via Royale, Suite 110, Fort Myers, FL 33919. 

Promotional Communication 

To opt out from receiving promotional communications from Alesco Data or another third party, or to make requests regarding your personal information or other information held by them, you should contact them directly. 

California Resident Privacy Rights 

Under the California Consumer Privacy Act, (2018; effective January 1, 2020), known as the “CCPA”, amended in 2020, California residents have certain rights regarding their personal information. This includes:

  • The categories of personal information we’ve collected, and the categories of sources where we got the information
  • The business purposes for which we’ve shared their personal information
  • The categories of third parties with whom we’ve shared their personal information
  • Access to the specific pieces of personal information we’ve collected and to request deletion of that personal information, subject to certain exceptions
  • The right to opt out of the sale of their personal information
  • The right to not be discriminated against for exercising their CCPA privacy rights
  • The right to correct inaccurate personal information

“Sensitive” Data is defined under California state law as:

  1. Social security, driver’s license, state identification card, or passport numbers
  2. An account login, financial account, debit card, or credit card number in combination with any required security codes
  3. Precise geo-location
  4. Racial and ethnic origins, religious or philosophical beliefs, union memberships
  5. Contents of mail, email, and text messages to unintended recipients
  6. Genetic data
  7. Biometric information if use to uniquely identify a person
  8. Personal health information
  9. Personal information related to a person’s personal life or sexual orientation

For purposes of these rights, “sold” and “business purpose” have the meanings given in the CCPA. For example, if you submit an opt-out request, you will not be opted out from transactions that the CCPA does not deem to be sales. In addition, please note that the CCPA does not require us to delete personal information that we need to maintain for certain purposes.

If you are a California resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please contact us at: info@alescodata.com.

You can also request to have your personal information deleted that has been collected about you. To submit a deletion request, please contact us at: info@alescodata.com

You can also call (877) 652-5002 to speak with a CCPA (California Consumer Privacy Act) compliance specialist about opting out or removing your information from our database.

Alesco Data’s official data broker registration with California  

Colorado Resident Privacy Rights 

Under Colorado’s Consumer Privacy Act, (effective as of July 1, 2023), Colorado residents have certain rights regarding their personal information. This includes:

  • Access to the specific pieces of personal information we’ve collected, and to request deletion of that personal information
  • The right to opt out of the sale of their personal information
  • The right to opt-out of targeted advertising
  • The right to request correction of inaccurate personal information and to request to limit disclosure or use of your sensitive personal information.

 “Sensitive” Data is defined under Colorado state law as:

  1. Racial or ethnic origin
  2. Religious beliefs
  3. Sexual orientation
  4. Citizenship or immigration status
  5. Biometric or genetic data
  6. Information regarding an individual’s medical history, mental or physical health condition, medical treatment, or diagnosis
  7. Personal data from a known child

If you are a Colorado resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call (800) 701-6531.

Connecticut Resident Privacy Rights 

Under Connecticut’s Data Privacy Act, (effective as of July 1, 2023), Connecticut residents have certain rights regarding their personal information. This includes:

  • Access the specific pieces of their personal information we’ve collected and to request deletion of that personal information
  • The right to opt out of the sale of their personal information
  • The right to opt-out of targeted advertising
  • The right to request correction of inaccurate personal information and to request to limit disclosure or use of your sensitive personal information.

“Sensitive” Data is defined under Connecticut state law as:

  1. Racial or ethnic origin
  2. Religious beliefs
  3. Sexual orientation
  4. Citizenship or immigration status
  5. Biometric or genetic data
  6. Information regarding an individual’s medical history, mental or physical health condition, medical treatment, or diagnosis
  7. Personal data from a known child
  8. Precise geolocation at a radius of 1,750 feet or less

If you are a Connecticut resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call (800) 701-6531.

Delaware Personal Data Privacy Act

The Delaware Personal Data Privacy Act (effective January 1, 2025) is a state-level legislative measure aimed at protecting the personal data of Delaware residents. It sets forth various requirements and obligations for businesses that handle personal data. Here are some key aspects of the DPDPA:

  1. Scope and Applicability:
    • The act applies to businesses operating in Delaware or targeting Delaware residents, handling a specified amount of personal data.
    • It covers businesses that control or process the personal data of 10,000 or more consumers annually or derive more than 50% of their gross revenue from the sale of personal data.
  2. Consumer Rights:
    • Right to Access: Consumers can request access to their personal data held by a business.
    • Right to Correction: Consumers can request corrections to inaccurate personal data.
    • Right to Deletion: Consumers can request the deletion of their personal data.
    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.
    • Right to Opt-Out: Consumers can opt out of the sale of their personal data, targeted advertising, and profiling.
  3. Business Obligations:
    • Data Minimization: Businesses must limit the collection of personal data to what is necessary for the purposes disclosed to consumers.
    • Data Security: Businesses are required to implement reasonable security measures to protect personal data.
    • Data Processing Agreements: When transferring data to third parties, businesses must ensure that data processing agreements are in place to protect personal data.
    • Privacy Notices: Businesses must provide clear and transparent information about their data collection, use, and sharing practices.
  4. Enforcement:
    • The Delaware Attorney General has the authority to enforce the DPDPA.
    • Penalties for non-compliance can include fines and other legal actions.
  5. Exemptions:
    • Certain types of data and entities are exempt from the act, such as data subject to federal regulations like HIPAA or Gramm-Leach-Bliley Act, and certain small businesses.

If you are a Delaware resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call (800) 701-6531.

Indiana Consumer Data Protection Act

The Indiana Consumer Data Protection Act (effective January 1, 2026) is a state-level legislative measure designed to protect the personal data of Indiana residents. It outlines various rights for consumers and imposes specific obligations on businesses that collect, process, or sell personal data. Here are some key aspects of the ICDPA:

  1. Scope and Applicability:
    • The ICDPA applies to entities conducting business in Indiana or targeting Indiana residents.
    • It primarily affects businesses that process personal data of 100,000 or more consumers annually or derive over 50% of their gross revenue from the sale of personal data.
  2. Consumer Rights:
    • Right to Access: Consumers can request access to their personal data held by a business.
    • Right to Correction: Consumers can request corrections to inaccurate personal data.
    • Right to Deletion: Consumers can request the deletion of their personal data.
    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.
    • Right to Opt-Out: Consumers can opt out of the sale of their personal data, targeted advertising, and profiling.
  3. Business Obligations:
    • Data Minimization: Businesses must limit data collection to what is necessary for the purposes disclosed to consumers.
    • Data Security: Businesses are required to implement reasonable security measures to protect personal data.
    • Data Processing Agreements: Businesses must ensure data processing agreements are in place when transferring data to third parties.
    • Privacy Notices: Businesses must provide clear and transparent information about their data collection, use, and sharing practices.
  4. Enforcement:
    • The Indiana Attorney General has the authority to enforce the ICDPA.
    • Penalties for non-compliance can include fines and other legal actions.
  5. Exemptions:
    • Certain types of data and entities are exempt from the act, such as data subject to federal regulations like HIPAA or Gramm-Leach-Bliley Act, and certain small businesses.

If you are an Indiana resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call (800) 701-6531.

Iowa Consumer Data Protection Act

The Iowa Consumer Data Protection Act (effective January 1, 2025) is a legislative measure designed to protect the personal data of Iowa residents. Similar to data protection laws in other states, the ICDPA grants specific rights to consumers and imposes various obligations on businesses that handle personal data. Here are the key aspects of the ICDPA:

  1. Scope and Applicability:
    • The ICDPA applies to entities conducting business in Iowa or targeting Iowa residents.
    • It primarily affects businesses that control or process personal data of 100,000 or more consumers annually, or control or process personal data of 25,000 or more consumers and derive over 50% of their gross revenue from the sale of personal data.
  2. Consumer Rights:
    • Right to Access: Consumers can request access to their personal data held by a business.
    • Right to Correction: Consumers can request corrections to inaccurate personal data.
    • Right to Deletion: Consumers can request the deletion of their personal data.
    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.
    • Right to Opt-Out: Consumers can opt out of the sale of their personal data, targeted advertising, and profiling.
  3. Business Obligations:
    • Data Minimization: Businesses must limit the collection of personal data to what is necessary for the purposes disclosed to consumers.
    • Data Security: Businesses are required to implement reasonable security measures to protect personal data.
    • Data Processing Agreements: Businesses must ensure that data processing agreements are in place when transferring data to third parties.
    • Privacy Notices: Businesses must provide clear and transparent information about their data collection, use, and sharing practices.
  4. Enforcement:
    • The Iowa Attorney General has the authority to enforce the ICDPA.
    • Penalties for non-compliance can include fines and other legal actions.
  5. Exemptions:
    • Certain types of data and entities are exempt from the act, such as data subject to federal regulations like HIPAA or the Gramm-Leach-Bliley Act, and certain small businesses.

If you are an Iowa resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call (800) 701-6531.

Kentucky Consumer Data Protection Act

The Kentucky Consumer Data Protection Act (KCDPA) is a proposed state-level legislative measure aimed at protecting the personal data of Kentucky residents. This act is designed to provide consumers with specific rights regarding their personal data and impose various obligations on businesses that collect, process, or sell personal data. Here are the key aspects of the KCDPA:

  1. Scope and Applicability:
    • The KCDPA applies to entities conducting business in Kentucky or targeting Kentucky residents.
    • It primarily affects businesses that control or process personal data of 25,000 or more consumers annually, or derive over 50% of their gross revenue from the sale of personal data.
  2. Consumer Rights:
    • Right to Access: Consumers can request access to their personal data held by a business.
    • Right to Correction: Consumers can request corrections to inaccurate personal data.
    • Right to Deletion: Consumers can request the deletion of their personal data.
    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.
    • Right to Opt-Out: Consumers can opt out of the sale of their personal data, targeted advertising, and profiling.
  3. Business Obligations:
    • Data Minimization: Businesses must limit the collection of personal data to what is necessary for the purposes disclosed to consumers.
    • Data Security: Businesses are required to implement reasonable security measures to protect personal data.
    • Data Processing Agreements: When transferring data to third parties, businesses must ensure that data processing agreements are in place to protect personal data.
    • Privacy Notices: Businesses must provide clear and transparent information about their data collection, use, and sharing practices.
  4. Enforcement:
    • The Kentucky Attorney General has the authority to enforce the KCDPA.
    • Penalties for non-compliance can include fines and other legal actions.
  5. Exemptions:
    • Certain types of data and entities are exempt from the act, such as data subject to federal regulations like HIPAA or the Gramm-Leach-Bliley Act, and certain small businesses.

If you are a Kentucky resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call (800) 701-6531.

Montana Consumer Data Protection Act

The Montana Consumer Data Protection Act (effective October 1, 2024) is a legislative measure enacted to protect the personal data of Montana residents. It establishes specific rights for consumers and sets forth various obligations for businesses that handle personal data. Here are the key aspects of the MCDPA:

  1. Scope and Applicability:
    • The MCDPA applies to entities conducting business in Montana or targeting Montana residents.
    • It affects businesses that control or process the personal data of 50,000 or more consumers, households, or devices annually or derive more than 25% of their gross revenue from the sale of personal data.
  2. Consumer Rights:
    • Right to Access: Consumers can request access to their personal data held by a business.
    • Right to Correction: Consumers can request corrections to inaccurate personal data.
    • Right to Deletion: Consumers can request the deletion of their personal data.
    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.
    • Right to Opt-Out: Consumers can opt out of the sale of their personal data, targeted advertising, and profiling.
  3. Business Obligations:
    • Data Minimization: Businesses must limit the collection of personal data to what is necessary for the purposes disclosed to consumers.
    • Data Security: Businesses are required to implement reasonable security measures to protect personal data.
    • Data Processing Agreements: When transferring data to third parties, businesses must ensure that data processing agreements are in place to protect personal data.
    • Privacy Notices: Businesses must provide clear and transparent information about their data collection, use, and sharing practices.
  4. Enforcement:
    • The Montana Attorney General has the authority to enforce the MCDPA.
    • Penalties for non-compliance can include fines and other legal actions.
  5. Exemptions:
    • Certain types of data and entities are exempt from the act, such as data subject to federal regulations like HIPAA or the Gramm-Leach-Bliley Act, and certain small businesses.

The MCDPA aims to enhance consumer privacy protections and ensure that businesses adhere to responsible data management practices. By providing consumers with more control over their personal data and demanding greater transparency from businesses, the act reflects a growing movement towards comprehensive state-level data privacy legislation in the United States.

Nebraska Data Privacy Act

The Nebraska Data Privacy Act (effective January 1, 2025) is a state-level legislative measure designed to protect the personal data of Nebraska residents. This act grants specific rights to consumers and imposes various obligations on businesses that handle personal data. While the precise details can vary based on amendments and interpretations, here are the key aspects generally covered by such data privacy acts:

  1. Scope and Applicability:
    • The NDPA applies to entities conducting business in Nebraska or targeting Nebraska residents.
    • It affects businesses that control or process personal data of a significant number of consumers, typically 50,000 or more annually, or derive a substantial portion of their revenue from the sale of personal data.
  2. Consumer Rights:
    • Right to Access: Consumers can request access to their personal data held by a business.
    • Right to Correction: Consumers can request corrections to inaccurate personal data.
    • Right to Deletion: Consumers can request the deletion of their personal data.
    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.
    • Right to Opt-Out: Consumers can opt out of the sale of their personal data, targeted advertising, and profiling.
  3. Business Obligations:
    • Data Minimization: Businesses must limit the collection of personal data to what is necessary for the purposes disclosed to consumers.
    • Data Security: Businesses are required to implement reasonable security measures to protect personal data.
    • Data Processing Agreements: When transferring data to third parties, businesses must ensure that data processing agreements are in place to protect personal data.
    • Privacy Notices: Businesses must provide clear and transparent information about their data collection, use, and sharing practices.
  4. Enforcement:
    • The Nebraska Attorney General has the authority to enforce the NDPA.
    • Penalties for non-compliance can include fines and other legal actions.
  5. Exemptions:
    • Certain types of data and entities are exempt from the act, such as data subject to federal regulations like HIPAA or the Gramm-Leach-Bliley Act, and certain small businesses.

If you are a Nebraska resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call: (800) 701-6531.

New Hampshire Data Privacy and Security Act

New Hampshire’s Senate Bill 255, also known as the New Hampshire Data Privacy and Security Act, (effective January 1, 2025) represents a significant step towards comprehensive data privacy legislation in the state. The bill aims to enhance the protection of personal data for New Hampshire residents by establishing clear rights for consumers and responsibilities for businesses. Here are the key aspects of Senate Bill 255:

  1. Scope and Applicability:
    • The bill applies to businesses that conduct business in New Hampshire or target New Hampshire residents.
    • It specifically affects businesses that control or process the personal data of at least 50,000 consumers, households, or devices annually or derive more than 50% of their gross revenue from the sale of personal data.
  2. Consumer Rights:
    • Right to Access: Consumers can request access to the personal data a business holds about them.
    • Right to Correction: Consumers can request corrections to any inaccurate personal data.
    • Right to Deletion: Consumers can request the deletion of their personal data.
    • Right to Data Portability: Consumers can request a copy of their personal data in a portable, easily accessible format.
    • Right to Opt-Out: Consumers have the right to opt out of the sale of their personal data, targeted advertising, and profiling.
  3. Business Obligations:
    • Transparency: Businesses must provide clear and transparent information regarding their data collection, use, and sharing practices through privacy notices.
    • Data Minimization: Businesses are required to limit the collection of personal data to what is necessary for the purposes disclosed to consumers.
    • Data Security: Businesses must implement reasonable security measures to protect personal data from unauthorized access, use, or disclosure.
    • Data Processing Agreements: Businesses that transfer personal data to third parties must ensure that data processing agreements are in place to protect the data.
  4. Enforcement:
    • The New Hampshire Attorney General is empowered to enforce the provisions of the bill.
    • Non-compliance with the bill can result in civil penalties, including fines.
  5. Exemptions:
    • Certain types of data and entities are exempt from the bill, such as data subject to federal regulations like the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA).

If you are a New Hampshire resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call: (800) 701-6531.

Oregon Consumer Privacy Act

The Oregon Consumer Privacy Act (effective July 1, 2024), empowers Oregon residents with control over their personal data collected by certain businesses. Here’s a breakdown of the key provisions:

Consumer Rights under the OCPA:

  • Right to Access: Consumers can confirm whether a business is processing their personal data and request details about the categories of data collected, the purpose of processing, and any third-party disclosures.
  • Right to Correction: Consumers have the right to request correction of inaccurate personal data held by a business.
  • Right to Deletion: Consumers can request deletion of their personal data, including data they provided directly, data obtained from other sources, and derived data.
  • Right to Data Portability: Consumers can obtain a copy of their personal data in a transferable format that allows them to easily move it to another business.
  • Right to Opt-Out: Consumers can opt-out of the sale of their personal data and targeted advertising. Additionally, they have the right to opt-in for the processing of “sensitive data” such as social security numbers, passport numbers, or data revealing race, religion, or sexual orientation.

Business Obligations under the OCPA:

  • Applicability: The OCPA applies to businesses that control or process the personal data of at least 25,000 Oregon residents annually, or derive over 50% of their gross revenue from the sale of personal data and process the data of at least 10,000 Oregon residents annually.
  • Privacy Notice: Businesses must provide a clear and comprehensive privacy notice explaining the categories of personal data collected, the purposes for processing, how consumers can exercise their rights, and the categories of third parties with whom data is shared.
  • Data Minimization: Businesses can only collect personal data that is reasonably necessary for the disclosed purposes.
  • Reasonable Security: Businesses must implement reasonable security measures to protect personal data from unauthorized access, disclosure, or use.
  • Data Processing Assessments: For activities that present a heightened risk of harm to consumers, such as targeted advertising, sale of data, or profiling for automated decisions, businesses must conduct data privacy assessments to identify and mitigate risks.
  • Consumer Requests: Businesses must establish a mechanism for consumers to submit requests to exercise their rights and respond to requests within a reasonable timeframe (generally within 45 days).

Enforcement:

The Oregon Attorney General’s office is responsible for enforcing the OCPA. Consumers can file complaints with the Attorney General if they believe a business has violated their rights.

Additional Notes:

  • The OCPA exempts certain data from its scope, including public data, de-identified data, and data covered by other specific privacy laws (e.g., HIPAA).
  • The OCPA allows businesses to charge a reasonable fee for data portability requests if they exceed a certain frequency.

If you are a Oregon resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call: (800) 701-6531.

Tennessee Information Protection Act (TIPA)

The Tennessee Information Protection Act (effective July 1, 2025) grants Tennessee residents control over their personal data and places obligations on businesses that handle this data. Here’s a comprehensive look at TIPA’s key provisions:

Consumer Rights under TIPA:

  • Access, Correction, and Deletion: Consumers have the right to:
    • Confirm whether a business is processing their personal information.
    • Access a copy of their personal information.
    • Request correction of any inaccuracies in their data.
    • Request deletion of their personal information, subject to certain exceptions.
  • Data Portability: Consumers can obtain their personal information in a usable and portable format to transfer it to another business.
  • Opt-Out Rights: Consumers have the right to opt-out of:
    • The sale of their personal information.
    • Targeted advertising based on their personal information.
    • Profiling that results in automated decisions that have a significant impact on them.

Business Obligations under TIPA:

  • Applicability: TIPA applies to businesses that meet at least one of the following criteria:
    • Control or process personal information of at least 175,000 consumers in a year and have over $25 million in gross revenue.
    • Control or process personal information of at least 25,000 consumers and derive more than 50% of gross revenue from the sale of personal data.
  • Privacy Notice: Businesses must provide a clear and comprehensive privacy notice explaining:
    • The categories of personal information collected.
    • The purposes for processing the data.
    • Consumers’ rights under TIPA and how to exercise them.
    • The categories of third parties with whom data is shared.
  • Reasonable Security: Businesses must implement reasonable security measures to protect personal data from unauthorized access, disclosure, or use.
  • Data Minimization: Businesses can only collect personal data that is reasonably necessary for the disclosed purposes.
  • Contracts with Processors: Businesses must have written contracts with any third-party processors that handle personal data on their behalf. These contracts must ensure the processors comply with TIPA’s requirements.

Enforcement:

The Tennessee Attorney General’s office is responsible for enforcing TIPA. While consumers cannot directly sue businesses under TIPA, the Attorney General can take legal action against businesses for violations.

Exceptions and Additional Notes:

  • TIPA exempts certain data from its scope, including public data and data covered by other specific privacy laws (e.g., HIPAA).
  • TIPA offers a unique “affirmative defense” provision. Businesses that create and comply with a written privacy policy that aligns with the National Institute of Standards and Technology (NIST) Privacy Framework or other documented standards designed to safeguard consumer privacy may have a defense against TIPA violations.
  • Businesses are exempt from certain provisions if they are already subject to and comply with stricter federal privacy laws. Notably, TIPA exempts all insurance companies licensed under Tennessee law.

If you are a Tennessee resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call: (800) 701-6531.

New Jersey Data Protection Act

The New Jersey Data Protection Act (effective on January 15, 2025) grants New Jersey residents control over their personal data and imposes obligations on businesses that collect and process it. Here’s a breakdown of the key provisions:

Consumer Rights under the NJDPA:

  • Right to Know: Consumers can confirm whether a business is processing their personal data and access details about the categories of data collected, the purpose of processing, and any third-party disclosures.
  • Right to Correction: Consumers have the right to request correction of inaccurate personal data held by a business.
  • Right to Deletion: Consumers can request deletion of their personal data, with some exceptions for businesses with legal obligations to retain data.
  • Right to Portability: Consumers can obtain a copy of their personal data in a transferable format that allows them to move it to another business.
  • Right to Opt-Out: Consumers can opt-out of the processing of their personal data for:
    • Targeted advertising.
    • Sale of personal data (except for consumers under 18, where opt-in is required).
    • Profiling in furtherance of automated decisions that produce legal or similar effects concerning them.

Business Obligations under the NJDPA:

  • Applicability: The NJDPA applies to businesses that meet at least one of the following criteria:
    • Control or process personal data of at least 100,000 consumers annually (increased from 50,000 after July 1, 2027).
    • Derive over 50% of their gross revenue from the sale of personal data and process the data of at least 25,000 consumers annually.
  • Privacy Notice: Businesses must provide a clear and comprehensive privacy notice explaining:
    • The categories of personal data collected.
    • The purposes for processing the data.
    • Consumers’ rights under NJDPA and how to exercise them.
    • The categories of third parties with whom data is shared.
    • How consumers can opt-out of the sale of personal data and targeted advertising (starting July 15, 2025, universal opt-out mechanisms must be recognized).
  • Reasonable Security: Businesses must implement reasonable security measures to protect personal data from unauthorized access, disclosure, or use.
  • Data Minimization: Businesses can only collect personal data that is reasonably necessary for the disclosed purposes.
  • Sensitive Data: For “sensitive data” (including racial data, sexual orientation, precise geolocation, etc.), businesses must obtain opt-in consent before processing.

Enforcement:

The New Jersey Attorney General’s Office is responsible for enforcing the NJDPA. The Attorney General can investigate violations, issue civil penalties, and seek injunctive relief. Consumers can also file private lawsuits for certain violations.

Additional Notes:

  • The NJDPA exempts certain data from its scope, including public data and data covered by other specific privacy laws (e.g., HIPAA).
  • The NJDPA prohibits discrimination against consumers for exercising their rights under the law.
  • Businesses have a duty to respond to consumer requests within a reasonable timeframe (generally 45 days).

If you are a New Jersey resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call: (800) 701-6531.

 

Virginia Resident Privacy Rights

Under Virginia’s Consumer Data Protection Act, (effective as of January 1, 2023), Virginia residents have certain rights regarding their personal information. This includes:

  • Access the specific pieces of their personal information we’ve collected and to request deletion of that personal information
  • The right to opt out of the sale of their personal information
  • The right to opt-out of targeted advertising
  • The right to request correction of inaccurate personal information and to request to limit disclosure or use of your sensitive personal information.

“Sensitive” Data is defined under Virginia state law as:

  1. Racial or ethnic origin
  2. Religious beliefs
  3. Sexual orientation
  4. Citizenship or immigration status
  5. Biometric or genetic data
  6. Information regarding an individual’s medical history, mental or physical health condition, medical treatment, or diagnosis
  7. Personal data from a known child
  8. Precise geolocation at a radius of 1,750 feet or less

If you are a Virginia resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call: (800) 701-6531.

Utah Resident Privacy Rights

Under Utah’s Consumer Privacy Act, (effective as of December 31, 2023), Utah residents have certain rights regarding their personal information. This includes:

  • Access the specific pieces of their personal information we’ve collected and to request deletion of that personal information
  • The right to opt out of the sale of their personal information
  • The right to opt-out of targeted advertising
  • The right to request correction of inaccurate personal information and to request to limit disclosure or use of your sensitive personal information.

“Sensitive” Data is defined under Utah state law as:

  1. Racial or ethnic origin
  2. Religious beliefs
  3. Sexual orientation
  4. Citizenship or immigration status
  5. Biometric or genetic data
  6. Information regarding an individual’s medical history, mental or physical health condition, medical treatment, or diagnosis
  7. Personal data from a known child
  8. Precise geolocation at a radius of 1,750 feet or less

If you are a Utah resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call: (800) 701-6531.

Texas Resident Privacy Rights

Texas is the latest state to pass new resident privacy protection laws. Known as the Texas Data Privacy and Security Act, (effective March 1, 2024), Texas residents will have certain rights regarding their personal information. This includes: 

  • Access the specific pieces of their personal information we’ve collected and to request deletion of that personal information 
  • Confirm that the data controller is processing their data 
  • Correct inaccuracies in their personal data 
  • Delete their personal data 
  • Obtain a copy of their data in a portable and readily usable format 
  • Opt out of having their data processed for the purpose of targeted advertising, the sale of their data, or profiling that produces a legal or significant effect on the consumer. 

“Sensitive” Data is defined under Texas state law as:

  1. Racial or ethnic origin 
  2. Religious beliefs 
  3. Mental or physical health diagnosis 
  4. Sexual orientation 
  5. Citizenship or immigration status 
  6. Genetic or biometric data 
  7. Children’s data 
  8. Precise geolocation data 

Effective March 1, 2024, if you are a Texas resident, you have the right to request that Alesco Data disclose the specific personal information and categories we have collected about you. To request this information, please email us at: info@alescodata.com or call: (800) 701-6531.

The entity maintaining this website is a data broker under Texas law. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.

Vermont Data Broker Act

The Act relating to Data Brokers and Consumer Protection went into full effect on January 1, 2019. The Data Broker Act imposes specific registration, disclosure, and security requirements on data brokers. Additionally, the Data Broker Act prohibits any person or entity from fraudulently acquiring or using brokered personal information.

The Data Broker Act defines the term ‘data broker’ as any business or unit of businesses that knowingly collects and sells, or licenses to third parties, ‘brokered personal information’ of a consumer (i.e.. a Vermont resident) with whom the business does not have a direct relationship. “Brokered personal information” includes any of the following data elements about a consumer, if categorized or organized for dissemination to third parties:

  • Name
  • Address
  • Date or place of birth
  • Mother’s maiden name
  • Unique biometric data that can identify or authenticate a consumer (e.g. fingerprint, retina, or iris image)
  • Name or address of a member of the consumer’s immediate family or household
  • Social security number or other government-issued identification number or
  • Any other information that, alone or in combination with the other information sold or licensed, would allow a reasonable person to identify the consumer with reasonable certainty

Data brokers must register with the Vermont Secretary of State annually and must provide certain information as part of that process. The purpose of the registration requirement is to provide consumers with factual information to help protect themselves from deception related to data broker activities.

Alesco Data’s official data broker registration with Vermont

GDPR Compliance 

Alesco Data only collects and stores data of individuals in the United States and Canada.  

Complaint Process 

There is a formal process available to file a complaint about our practices or procedures. To learn how to file a complaint, please email us at: info@alescodata.com 

Additional Information:  

Accuracy 

We maintain quality control procedures to ensure the information we provide is accurate and as complete as possible. We will always respond promptly to questions from our clients and consumers regarding the accuracy of our information. 

Security 

Alesco has extensive security procedures in place to keep information we own, license and process from being accessed by any unauthorized person or business. Strict measures are in place to protect and manage unauthorized access, alteration, or dissemination or personal information. We also maintain physical security and limit protected information to certain areas of our business.  

Acceptable Use Policy 

Alesco Products and Services may only be used for lawful purposes. You agree and warrant that your use of the Products and Services will comply with all applicable federal, state, local, and foreign laws, statutes, rules, and regulations (“Laws”), including, but not limited to: CCPA, CAN-SPAM Act, Canadian Anti-Spam Law, TCPA, COPPA State Registry Laws and Do Not Call lists. 

By using Alesco’s Product and Services, you agree that you will use your best efforts to prevent the misuse or unauthorized use of the Products and Services by any third person or entity. 

Read the entire policy here. 

Consumer Advocacy 

Our Privacy Advocate is available to assist consumers with any privacy concerns they may have. Our privacy advocate will take each individual’s concerns seriously and will ensure that any necessary steps are taken to resolve any potential conflicts.  For inquiries email privacy@alescodata.com. 

Internal Monitoring 

Our Privacy Advocate also ensures that all aspects of our privacy policy are upheld and that all employees receive the appropriate training and resources to ensure privacy compliance.   

Policy Changes 

Alesco may update this policy from time to time. Any changes to this policy will be posted here along with an updated revision date.  

Questions? 

For any questions related to our privacy policy, please email: info@alescodata.com. You may also send correspondence to: 

Attn: Privacy Policy Department 

4575 Via Royale, Suite 110 

Fort Myers, FL 33919 

This policy was last revised on 8/7/23