At Comet LLC (d/b/a “Cometly”), we respect the privacy of individuals whose data we may process when providing services. This page explains how to submit a Data Subject Access Request (DSAR) for personal data that may be processed by us, and the steps we take to respond.

Important: This DSAR process is provided for informational purposes and does not constitute legal advice. If you have questions about your specific obligations, please consult an attorney.

1. Who We Are

Cometly provides marketing analytics and attribution solutions to our customers (the “Controller”). In doing so, we may process personal data on behalf of these customers. Under laws such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA), the customer is typically the “controller,” and Cometly is the “processor.”

2. Data Subject Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data, including the right to:

• Access: Receive a copy of personal data we hold about you.
• Rectify: Correct inaccurate or incomplete personal data.
• Erase (Right to Be Forgotten): Request deletion of personal data, subject to certain legal exceptions.
• Restrict: Ask us to limit how your data is processed.
• Object: Object to certain data uses (e.g., direct marketing).
• Data Portability: Obtain personal data in a structured, commonly used format.

If you want to exercise any of these rights, please follow the instructions below.

3. Submitting a DSAR

3.1 If You Are a Visitor or End User of a Cometly Customer

1. Contact the Website Owner
   • If you interacted with a website or app that uses Cometly’s tracking pixel, that website owner is your primary point of contact. They act as the data controller responsible for deciding what data is collected, for what purposes, and how.
   • Submit your DSAR directly to the website owner or business that collected your data.
2. Forwarding Requests
   • If the website owner determines Cometly holds data relevant to your request, they can forward the request to us. We will assist them by locating, exporting, or deleting the relevant data, in accordance with our contractual obligations.

3.2 If You Are a Direct Customer of Cometly

If you (or your organization) have a direct account with Cometly and believe we store your personal data (e.g., billing contact info, support interactions), you can email us at:

privacy@cometly.com

Please include:

• Your full name
• Email address associated with your Cometly account
• A detailed description of your request (access, rectification, erasure, etc.)

3.3 Verification & Timeline

• Verification: We may request additional information to verify your identity or your authority to request on behalf of someone else.
• Response Timeline: We aim to respond within 30 days of receiving a verified and complete request. If additional time is needed (e.g., the request is complex), we will inform you of the extension and the reason why.

4. Our DSAR Process

1. Request Reception
   • We review each DSAR to confirm whether it falls under our scope as a processor or a direct controller for certain data.
   • If you’re an end user of a Cometly customer, we may refer you back to that customer if they alone can verify your identity or have full context of the data collected.
2. Data Identification
   • If the request is valid and pertains to data we hold, Cometly will search our systems for relevant records (e.g., analytics events, billing records, support logs).
3. Data Compilation & Review
   • We compile responsive data and, if necessary, confirm with the customer (the controller) that releasing or deleting this data aligns with our legal and contractual obligations.
4. Response
   • For valid requests, we provide the requested information (often in a structured, machine-readable format like CSV or JSON) or confirm the data’s deletion/anonymization, subject to lawful exceptions (e.g., mandatory record-keeping).

5. Exceptions & Limitations

• Legal/Contractual Obligations: We may deny or limit a DSAR if fulfilling it would infringe upon others’ rights, violate legal obligations, or if the request is manifestly unfounded or excessive.
• Retention Obligations: If certain data must be retained for compliance, dispute resolution, or contract administration, we may not fully delete it until obligations expire.

6. Controllership & Liability

• Cometly as Processor: For most end-user data collected via our pixel, Cometly is a processor. We follow the instructions of our customers (the controllers) regarding data storage, processing, and deletion.
• Cometly as Controller: For data we collect directly from our business contacts or account holders (e.g., billing info, support emails), Cometly may act as a controller. DSARs related to such data can be directed to us at privacy@cometly.com.

7. Contact Information

For DSAR inquiries, verification steps, or any questions about this process, please reach out:

Comet LLC (d/b/a Cometly)
41 University Drive
Suite 400
Newtown, PA 18940
United States

Email: privacy@cometly.com

‍

If you have further concerns about our data handling practices, please consult our Privacy Policy or Data Processing Addendum (DPA).

8. Disclaimer

This page does not constitute legal advice. It is intended to inform about Cometly’s DSAR process and to help end users and customers understand how requests are handled. If you have questions regarding your legal rights or obligations, consult an attorney experienced in data protection law.