IDT Corporation Privacy Policy

Updated as of January 1, 2025


We know your privacy is important to you, and we want you to know it’s important to us too.  This Privacy Policy is meant to explain our practices when it comes to your use of our products, services, apps and websites.  We encourage you to take the time to review it carefully, to understand what information we collect, why we collect it, and what we do with it.

1. Who We Are

IDT Corporation, including its corporate affiliates (collectively “IDT”), is a global provider of various telecommunication, payment and other services and products for our business and residential customers.

If you are a customer located in the European Economic Area (“EEA”), the following corporate affiliate of IDT Corporation processes your personal data as a controller under the General Data Protection Regulation, including for the provision of its products and services, marketing and support:

IDT Retail Europe Limited

Registration number 135555314

c/o Sable Accounting Ltd, 13th Floor

One Croydon, 12-16 Addiscombe Road

Croydon, CR0 0XT

This Privacy Policy sets forth our policies and procedures regarding the collection, use and sharing of your personal information.  We also explain the steps we take to protect your information and how you can limit the collection, use and sharing of your information.

2. Who This Privacy Policy Applies To

IDT Corporation has many corporate affiliates, both in the United States and internationally, and this Privacy Policy applies generally to our customers, prospective customers, users of our products and services, users of and visitors to the IDT family of websites and applications, and members of any IDT loyalty or rewards program.  In addition to this general Privacy Policy, the specific privacy policies listed below in the section Specific Product or Brand Privacy Policies also apply if you use any of the applicable products and services or interact with any of the referenced IDT affiliates.  If there is any conflict between the provisions of this general IDT privacy policy and any applicable specific privacy policy listed below in Section 3, then the provisions of the applicable specific privacy policy shall control.

This Privacy Policy and the policies listed below under Specific Product or Brand Privacy Policies apply only to IDT products, services, websites and applications that carry an IDT brand.  

This Privacy Policy and the policies listed in Section 3 below do not apply to any website, product, or service of any third-party companies, advertisers, partners, or service providers, even if the website links to (or is linked from) an IDT website or app.  Our websites and apps may contain links to other third-party websites not owned, operated, maintained by or related to IDT (“Third-Party Sites”).  Any such hyperlinks are to be accessed at the user’s own risk.  We are not responsible for the content, privacy practices, data collection, policies, or any other aspect of a Third-Party Site, even if an IDT website or app contains a link to such site.  This Policy and the policies listed in Section 3 below do not apply to Third Party Sites, and we encourage you to independently read and understand each Third-Party Site’s own privacy policies.  The presence of a link to a Third-Party Site does not necessarily indicate that such Third-Party Site is sponsored by or affiliated with IDT in any way.

By accessing or using any IDT product, service, website or app (collectively, “Product”), you agree to this Privacy Policy, the applicable specific brand or product privacy policy listed in Section 3 below and any applicable Product terms of use, which are incorporated by reference into this Privacy Policy.  If you do not agree with our policies and practices, you may choose not to use our Products.  Your use of the Products, and any dispute over privacy, is subject to this Privacy Policy and our terms of use, including its applicable limitations on damages and the resolution of disputes. 

We or third parties we work with may automatically collect certain information using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools, further described below.  By using the Products, you consent to IDT and third parties obtaining data about your visits to and use of the Products, including, but not limited, to via technologies like Google Analytics.

Depending on where you reside, you may have additional rights, which are described in greater detail in this Privacy Policy and the Appendices to this Privacy Policy.  Also, if you are a California resident, please review our California Rights Notice, which further supplements this Privacy Policy and explains additional rights you may have under California law regarding our use of your personal information.

If you do not agree with this Privacy Policy, do not access or use our products, services, websites or apps, or interact with any other aspect of our business. 

3. Specific Product or Brand Privacy Policies

The following specific privacy policies apply to the customers and prospective customers of the referenced IDT Corporation affiliates (service providers) and to and users of the following products, services, websites and applications:

A. Boss Revolution Telecommunication Products, Services, Websites and Applications (by country or residence and the country of the phone number you use to register with us)

1. United States or any North American Numbering Plan Country (except Canada)

Privacy Policy Link:  www.bossrevolution.com/privacy-policy

Websites:  www.bossrevolution.com, www.bosswireless.com, www.bossrevolutionmobile.com, https://brmarket.bossrevolution.com/, https://brmarket.net/ and www.brclubsaves.com

Apps:  BR Calling App

Service Provider:  IDT Domestic Telecom, Inc.

2. Canada

Privacy Policy Link:  www.bossrevolution.ca/en-ca/privacy-policy

Websites:  www.bossrevolution.ca 

Apps:  BR Calling App

Service Provider:  IDT Canada Corp.

3. United Kingdom

Privacy Policy Link:  https://www.bossrevolution.com/en-gb/privacy-policy

Websites:  www.bossrevolution.co.uk 

Apps:  BR Calling App

Service Provider:  Interdirect Tel Limited

4. Rest of World – Excluding EU Countries and Countries Listed Above

Privacy Policy Link:  www.bossrevolution.com/privacy-policy

Websites:  www.bossrevolution.com 

Apps:  BR Calling App

Service Provider:  IDT Domestic Telecom, Inc.

5. Rest of World – EU Countries Not Listed Above

Privacy Policy Link:  www.bossrevolution.com/privacy-policy-rorow 

Apps:  BR Calling App

Service Provider:  IDT Retail Europe Limited

B. Boss Revolution Money Transfer Products, Services, Websites and Applications (by country)

1. United States

Privacy Policy Link:  https://cdn.bossrevolution.com/Content/pdf/IDT-Payment-Services-Privacy-Statement-EN.pdf 

Websites:  https://www.bossrevolution.com/en-us/services/money-transfer 

Apps:  Boss Revolution Money App

Service Provider:  IDT Payment Services, Inc. and IDT Payment Services of New York LLC

2. Canada

Privacy Policy Link:  https://bossrevolution.ca/en-ca/privacy-policy 

Websites:  https://bossrevolution.ca/en-ca 

Apps:  :  Boss Revolution Money App

Service Provider:  IDT Payment Services, Inc.

C. Net2Phone Products and Services (United States)

Privacy Policy Link:  https://www.net2phone.com/privacy-policy/

Websites:  www.net2phone.com

Apps:  Net2Phone Mobile App

Service Provider:  Net2Phone, Inc.

D. National Retail Solutions Products and Services (United States)

Privacy Policy Link:  https://nrsplus.com/privacy-policy/

Websites:  www.nrsplus.com, NRSPlus.com, nrspay.com, nrsdigitalmedia.com, nrsmarket.com, homeimprovementpos.com, nrsinsights.com, nrsmarketplace.com, and nrsliquorpos.com

Apps:  BR Club Shopping App, My NRS Store App

Service Provider:  National Retails Solutions, Inc. (“NRS”)

4. What Information We Collect

IDT may receive and collect both personal identifying and non-identifying information from you when we provide you with our services, when you install, access or use our websites, apps and services and when you interact or communicate with us.  Personal information means information either on its own or in conjunction with other data that enables a specific person to be identified, but does not include “de-identified,” “anonymous,” or “aggregate” information, which is not otherwise associated with a specific person.  Non-identifying information means information that by itself cannot be used to identify a specific person.

We may collect your information in the following ways:

A. Information you provide directly to us.  When you purchase, use or sign up for one of our products or services, when you request us to contact you, or through other interactions with us, we may ask you for certain personal information, such as your name, birthdate, address, e-mail address, telephone number, and payment information.  When you request support from us, we may also collect information from you such as login credentials, security code, contact information, documentation, screenshots, or other information you or we may believe is helpful to solving the issue.  When you speak with our customer service or sales representative on the phone, your calls may be recorded and/or monitored for quality assurance and training purposes.

B. Information we collect automatically.  We and our service providers and vendors, such as our advertising and analytics partners, collect information about your visits to our websites and your interactions with our services, apps, advertisements and content.  Depending on the service and your device, we may automatically collect information such as your IP address, service related diagnostic and performance information (how you use the service), call records or messages sent with our services, browsing history, certain data on your device, device and marketing identifiers, and geolocation data (if you use our location services on your devices).

C. Information we get from third parties.  Third party sources of information include:

D. Information collected in connection with your use of services delivered via our platform.  We and our service providers may collect information in connection with your use of our services delivered via our platform.

E. Device information.  We may collect device-specific information from you, including your hardware model, operating system version, firmware, browser information, device and network configuration, device identifier, and IP address.  We use the device information we collect in order to deliver and improve our services.

5. Why We collect Your Information and How We Use It

We may use all the information we collect and receive, or you provide, to help us operate, provide, improve, understand, customize, support, and market our services (and some third party services).  In addition, we may use your information for general, operational and administrative purposes, including maintaining your account, authenticating you and contacting you.  As used in this Privacy Policy, the terms “use,” “using” and “processing” information include using cookies or other similar technologies on a computer/phone/device, subjecting the information to statistical or other analysis and using or handling information in any way, including but not limited to, scanning, collecting, storing, evaluating, aggregating, modifying, deleting, using, combining, disclosing and sharing information among our affiliates both in and outside the United States and to select service providers and vendors.

In addition, how we use the information we collect depends on which of our services you use, how you use them, and specific preferences you may have communicated to us.  We list below the specific purposes for which we may collect your information.

6. Who We Share Your Information With and Why

We may share all the information we collect and receive with our affiliates, both in and outside the United States, and to select service providers and vendors, to help us operate, provide, improve, understand, customize, support, and market our services (and some third party services), and for general, operational and administrative purposes, including maintaining your account, authenticating you and contacting you.  NRS also shares information with each NRS store with which you interact.  When we share information with our service providers and vendors, we require them to use your information in accordance with our instructions and terms or with express permission from you and not to sell your information.  In addition, you share your information as you use and communicate through our services.

More specifically, we may share your information as detailed below:

A. Within the IDT family of companies.  We may share information within the IDT family of companies, including our affiliates both in and outside the United States primarily to operate, provide, support and market our services.  For example, if you purchase a service, then we share your purchase information with various IDT affiliates in order to process your transaction.  We may share your information in connection with a sale, merger, liquidation, or reorganization of our business or assets.

B. Service Providers and Vendors.  We work with various service providers and vendors for a variety of business purposes such as to help us deliver, support and market our services.  We may share information with these service providers and vendors to the extent reasonably necessary for them to perform work on our behalf.  For example, we may provide your credit card information and billing address to our payment processing company solely for the purpose of processing payment for a transaction you have requested.  More specifically we share information with the following service providers and vendors: 

C. Compliance with applicable law and enforcement of our rights.  We may disclose personal data as required by applicable law, regulation, legal process or government request; to protect IDT, our services, our customers or the public from harm or illegal activities, and to enforce our agreements, policies and service terms.  We may share personal data with our outside auditors, lawyers and regulators.

D. With your explicit consent.  We share information about you with third parties when you give us consent to do so.  For example, we often display use cases or testimonials of satisfied customers on our public websites and require your consent to identify you in your individual capacity.

E. Sharing with senders and recipients of your communications.  You share your information as you use and communicate through our services.  The name on your account, your phone number, profile name, photo, and/or online status may be displayed to people that you make calls to and to other users of the services so that they may contact you.  Depending on the service you’re using, you may be able to control what’s displayed by adjusting your settings within the mobile app or your customer account, or by contacting customer care at the address provided when you signed up for the services.

F. Credit control.  We may conduct credit checks on new customers in order to control the risk of non-payment.  In the event of non- or late payment, we may disclose your name, address and other details to credit bureaus and agencies.  They may use that information to assess your credit rating and provide that rating to other companies.

G. Other.  IDT does not sell, rent or lease its customer lists to third parties.

7. How we Protect Your Information

IDT has technical, organizational and physical safeguards in place to help protect against unauthorized access to, use or disclosure of the information we collect and store.  Employees are trained on the importance of protecting privacy and on the proper access to, use and disclosure of customer information.  IDT secures information on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.  We use Secure Socket Layer (SSL) encrypted protection to protect the personal information transmitted to our websites.  Our websites and apps are PCI compliant in connection with your credit card information.  Although we work hard to protect your information that we collect and store, no program is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose that information.  Therefore, you acknowledge the risk that third parties may gain unauthorized access to your information.  Keep your account password secret and please let us know immediately if you think your password was compromised.  Remember, you are responsible for any activity under your account using your account password or other credentials.  IDT maintains security and incident response plans to handle incidents involving unauthorized access to information we collect or store.  In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.  If you become aware of a security issue, please contact us.

8. Where we Store Your Information

Personal information held by IDT is stored on and processed on computers situated in the United States and in the EEA.  We and/or our service providers also process data in some other countries for customer care, account management and service provisioning.

If you are an EEA resident, your personal data held by IDT may be transferred to, and stored at, destinations outside the EEA that may not be subject to equivalent data protection laws, including the United States.  When you sign up for service with IDT or inquire about our services, we transfer your information to the United States and other countries as necessary to perform our agreement with you or to respond to an inquiry you make.  It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.

Accordingly, by using our services, you authorize the transfer of your information to the United States, where we are based, and to other locations where we and/or our service providers operate, and to its (and their) storage and use as specified in this Privacy Policy and any applicable terms of service or other agreement between you and IDT.  In some cases, IDT may seek specific consent for the use or transfer of your information overseas at the time of collection.  If you do not consent, we may be unable to provide you with the services you requested.  The United States and other countries where we operate may not have protections for personal information equivalent to those in your home country.

Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this Privacy Policy.

To facilitate our global operations, we transfer information among our corporate affiliates in countries whose privacy and data protection laws may not be as robust as the laws of the countries where our customers and users are based.  For data transfers from the EEA to the United States and other countries we make use of legally recognized data transfer mechanisms, which may include standard contractual clauses approved by the European Commission, reliance on the European Commission’s adequacy decisions about certain countries, privacy shield frameworks, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer.

Some of the service providers and vendors described in this Privacy Policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside.  When we share information of users in the EEA with such service providers and vendors, we shall make use of legally-recognized data transfer mechanisms, which may include privacy shield frameworks, the European Commission’s standard contractual clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer.

9. How Long We Store Your Information

We store your information until it is no longer necessary to provide the services or otherwise relevant for the purposes for which it was collected.  This time period may vary depending on the type of information and the services used, as detailed below, and applicable law, which may require us to maintain information for a set amount of time.  After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.  We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services.  You cannot be identified from anonymized information retained or used for these purposes.

10. How To Access and Control Your Information

Your choices.  You may have choices about how we use and share your information and there may be additional protections that apply with regard to certain information we collect depending on where you reside.

Access to your account information.  Consistent with applicable laws and data security requirements, we will reasonably honor written requests from you to access or amend your account information, such as name, address, and billing information.  You are responsible for ensuring that the information on file with IDT is current and accurate.  You may access and update your account information by logging into your account or contacting us as described in this Privacy Policy.  Where permitted by law, we may charge a reasonable fee to process requests for access to data and may limit the number of requests per year.  Your right to amend your information is subject to our records retention policies.  To request deletion of your IDT account, please contact us as described in this Privacy Policy.  You should know that deletion of your IDT account will result in you permanently losing access to your account and all customer data to which you previously had access through your account.  Please note that certain data associated with that account may nonetheless remain on IDT’s servers in an aggregated or anonymized form that does not specifically identify you.  Similarly, data associated with your account that we are required by law to maintain will also not be deleted.

Customer Proprietary Network Information (CPNI).  For residents of the United States, CPNI is information made available to us solely by virtue of our relationship with you that relates to the type, quantity, destination, technical configuration, location, and amount of use of the telecommunications and interconnected VoIP services you purchase from us, as well as related billing information.  You have a right, and we have a duty, under U.S. federal law to protect the confidentiality of your CPNI.  We use and share your CPNI within the IDT family of Companies and with/to their agents, contractors and partners for marketing purposes, including to offer you services that are different from the services you currently purchase from us.  If you don’t want your CPNI used for the marketing purposes described above, please contact us as described in this Privacy Policy.  Unless you notify us, we may use your CPNI as described above and your choice will remain valid until you notify us that you wish to change your selection.  Your decision about use of your CPNI will not affect the provision of any services you currently have with us.  Note:  this CPNI notice may not apply to residents of certain states, including Arizona.

Do Not Call.  U.S. federal “Do Not Call” laws allow U.S. residents you to place your phone numbers on the National Do Not Call Registry to prevent telemarketing calls to those numbers.  To add your numbers to this list, please call 1-888-382-1222, or visit www.donotcall.gov.  Most telemarketing laws allow companies to contact their own customers without consulting the Federal or State Do Not Call lists.  If you would like to be removed from IDT’s telemarketing list, please contact us as described in this Privacy Policy.  Please allow 30 days for your telephone number to be removed from any sales programs that are currently underway.  Please note that we may still call you regarding your services and account even if you remove your number from our telemarketing list.

Communications.  If you do not wish to receive promotional communications from IDT, you can opt out at any time by following the unsubscribe instructions provided in those communications, or by contacting us as provided in the “Contact Us” section below.  Please note that IDT may still continue to send you non-promotional emails, such as those regarding your orders, feedback submissions, and other service-related matters.  You may refuse to consent to receive calls and texts from IDT and its affiliates that require your consent, including autodialed, pre-recorded or artificial voice telemarketing calls.  You may also withdraw your previously given consent to receive such calls and texts.  Your ability to manage some of our Products could be limited if you withdraw your consent to receive text and SMS messages.  IDT does not recommend using those Products without authorization to receive such messages.

Promotional Emails.  You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties.  You can opt out of receiving promotional emails by following the unsubscribe instructions in the emails that you receive.  If you decide not to receive promotional emails, we may still send you service-related communications.

Promotional Mailings.  If at any time you do not want to receive offers and/or circulars from us by mail, you can remove yourself from our mailing lists by emailing us (our contact information is below) with “NO SNAIL MAIL” in the subject line along with your name, address, and zip code.  Please note that our mailings are prepared in advance of their being sent.  Although we will remove your name from our mailing list after receiving your request, you may still receive mailings from us that had been initiated prior to your name being removed.

Promotional Text Messages.  You can opt-out of receiving marketing text messages at any time by replying “STOP,” or following the unsubscribe instructions contained in the text messages that you receive.

Push Notifications.  You can opt out of receiving push notifications from us via our apps by going to your device “Settings” and clicking on “Notifications,” and then changing those settings for the applicable app.  Please note that you cannot withdraw your consent to receive certain in-app messages from IDT.  

Cookies.  Web browser applications (such as Microsoft Internet Explorer, Google Chrome, Firefox and Apple Safari) typically have features that prevent cookies from being sent or notify you when they are sent.  You will need to update your browser’s cookie settings in accordance with your preferences.  Your ability to limit cookies is subject to your browser settings and limitations.  If you use multiple browsers on your device, you will need to update each browser’s settings separately.  Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his/her online activity and behavior tracked.  IDT does not respond to DNT signals or other similar mechanisms.  If you are using a mobile device, you can reset your device settings to limit the use of information collected about you, including your location data.  This is typically done by disabling your location settings/permissions.  Please contact Apple Support or Google for Android (as applicable) for more information on how to do this on your device.  You can stop all collection of information via our mobile application by uninstalling the application from your device.

Analytics.  Google provides users choices on how their data is collected by Google Analytics by developing an Opt-out Browser Add-on which can be located at: http://tools.google.com/dlpage/gaoptout?hl=en. By installing this Add-on, no information is being sent to Google Analytics.

Additional U.S. State Privacy Rights.  In certain U.S. jurisdictions you may also have one or more of the following rights regarding your personal information (see below and the Appendices to this Privacy Policy for full details):

(i) Right to Request Access to Your Personal Information – you may request access to your personal information by contacting us at the address described below or filling out the applicable state request form at www.idt.net.  If required by law, upon request, we will grant you reasonable access to the personal information that we have about you;

(ii) Right to Request Deletion of Your Personal Information – you may request that we delete your personal information by contacting us at the address described below or filling out the applicable state request form at www.idt.net.  If required by law we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes;

(iii) Right to Request Correction of Your Personal Information – you have the right to request that we correct or supplement any inaccurate or incomplete personal information we process about you;

(iv) Right to Data Portability – in certain circumstances you have the right to request that we provide the personal information which you provided to us in a structured, commonly used, and machine-readable format; and/or

(v) Right of Non-Discrimination/Retaliation – we do not discriminate against individuals who exercise any of their rights described in this Policy, nor do we retaliate against individuals who exercise these rights.

Many of the above rights are subject to exceptions and limitations.  For example, you may be located in a jurisdiction that does not give you the right to make these requests.  In such a case, your request may not be fulfilled.  To the extent permitted by applicable law, we may reject requests that are unreasonably repetitive, unduly burdensome, risk the privacy of others, or would be very impractical to honor.  If we are not able to provide the requested information or make the change you requested, you will be provided with the reasons for such decisions. 

To exercise these rights, your request must:  (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it.  We may need additional information to confirm your identity or your authorized agent’s identity (such as your name, email address and date of birth) or to obtain proof that you have given your authorized agent permission to act on your behalf.  If our verification process is successful, we will respond to your request within the time and in the manner required by applicable law.  If we cannot validate the identity of you and/or your authorized agent or obtain proof that you have given your authorized agent permission to act on your behalf, we will attempt to contact you to inform you.

If you designate an authorized agent to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent permission to make a request on your behalf.  You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us.  If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of a completed Authorized Agent Designation Form (or equivalent form) indicating that you have authorization to act on the individual’s behalf.

Specific U.S. State Privacy Rights.  If you are a resident of any of the following States of the United States, then the additional terms in the applicable Appendix to this Privacy Policy also apply to you:

California, USA Consumers.  If you are a resident of the State of California, please review Appendix A to this Privacy Policy, which sets forth additional provisions that apply to you;

Colorado, USA Consumers.  If you are a resident of the State of Colorado, please review Appendix B to this Privacy Policy, which sets forth additional provisions that apply to you;

Connecticut, USA Consumers.  If you are a resident of the State of Connecticut, please review Appendix C to this Privacy Policy, which sets forth additional provisions that apply to you;

Montana, USA Consumers.  If you are a resident of the State of Montana, please review Appendix D to this Privacy Policy, which sets forth additional provisions that apply to you;

New Jersey, USA Consumers.  If you are a resident of the State of New Jersey, please review Appendix E to this Privacy Policy, which sets forth additional provisions that apply to you;

Oregon, USA Consumers.  If you are a resident of the State of Oregon, please review Appendix F to this Privacy Policy, which sets forth additional provisions that apply to you;

Texas, USA Consumers. If you are a resident of the State of Texas, please review Appendix G to this Privacy Policy, which sets forth additional provisions that apply to you;

Utah, UTA Consumers.  If you are a resident of the State of Utah, please review Appendix H to this Privacy Policy, which sets forth additional provisions that apply to you.

Virginia, USA Consumers.  If you are a resident of the State of Virginia, please review Appendix I to this Privacy Policy, which sets forth additional provisions that apply to you.

Your rights as an EEA resident.  If you are from the EEA, you may have broader or additional rights, including:

Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.  If you do not want your personal data used by IDT for any direct marketing purposes, or shared with third parties for their own marketing use, then you may opt out of such use or sharing by contacting us, even if you have previously consented to such use.

If you have any concerns or complaints regarding the treatment of your personal information by us, or you believe we have breached any privacy law in relation to your personal information, please contact us.  We will treat any concerns or complaints confidentially.  We will promptly investigate any concern or complaint that you raise with us.

You can exercise the rights listed above at any time by contacting us and if you feel that your request or concern has not been satisfactorily resolved, or if our response was not provided within a reasonable time, you may approach your local data protection authority (links here for residents of the EEA or Australia).  You can reach the Information Commissioner’s Office (ICO) at enquiries@ico.org.uk.  The ICO is the supervisory authority in the United Kingdom and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.

11. Other Important Information

Information from children.  IDT does not sell products or services for purchase by children and we do not knowingly solicit or collect personal data from children under the age of sixteen without obtaining verifiable parental consent.  If you believe that a minor has disclosed personal data to IDT, please contact us.  If you allow a child to use your device or our services, you should be aware that their information could be collected as described in this Privacy Policy.  We encourage parents to be involved in the online activities of their children to ensure that no information is collected from a child without parental permission.

Cookies and Tracking.  See Appendix G to this Privacy Policy.

Use of Third Party Advertising.  The majority of the advertisements you see on IDT websites are displayed by IDT.  In addition, IDT also allows third-party advertisers to display advertisements while you are viewing content on IDT websites.  These advertisements are selected based on what we believe will be of most interest to you.

Electronic Communications.  Unless otherwise required by applicable law, you authorize IDT to send or provide the following categories of information (“Communications”) by electronic means and not in paper format:  (a) any customer agreement you have with IDT and any amendments, modifications or supplements to it; (b) your purchase and use records regarding service transactions; (c) any initial, periodic or other disclosures or notices provided in connection with the services, including without limitation those required by U.S. federal, state, international or other applicable law; (d) any customer service communications, including without limitation, communications with respect to claims of error or unauthorized use of the services; and (e) any other communication related to the services, a transaction or IDT.  Electronic means may include email, SMS/MMS, App to App, text, push notification through our apps, website chat with customer service, or posting in our applicable apps or on our applicable website.  Message and data rates may apply when you receive SMS/MMS, text or push notification messages on your mobile phone.  You may withdraw your consent to receive all Communications electronically (except for app to app messages from IDT) at any time.  In order to withdraw your consent, you must contact us.  In order to access and retain Communications, you must have:  (i) an Internet browser that supports 128-bit encryption, (ii) a mobile number and the capability to receive messages from or on behalf of IDT, and (iii) a device and data or Internet connection capable of supporting the foregoing.

Consent to Receive Messages.  Subject to your ability to opt-out, by using any of our services, you consent to receive text messages, phone calls, faxes, postal mail, push notifications through our apps, and app to app messages from IDT and its affiliates regarding account management activities and special offers.  This consent is specific to the phone number(s) you provide to us to use the services and open accounts.  Where local law permits, you consent to receive phone calls from IDT even if your phone number is listed on “do not call” registries.  Where local law permits, an auto-dialer and/or artificial or prerecorded message may be used to make calls or send text messages to you.  Message and data rates may apply when you receive SMS/MMS, text or push notification messages on your mobile phone.  You may refuse to consent to receive calls and texts from IDT and its affiliates that require your consent, including autodialed, pre-recorded or artificial voice telemarketing calls.  You may also withdraw your previously given consent to receive such calls and texts.  Your ability to manage and use certain features of the services could be limited if you refuse or withdraw your consent to receive these messages.  You are not required to agree to promotional communications in order to purchase goods or services from us.

Changes to this policy.  In the event we make changes to this Privacy Policy, we’ll let you know by posting an updated policy on our website at www.idt.net.

How to contact us

If you are a resident of the EEA, the data controller responsible for your information is:

IDT Retail Europe Limited

c/o Sable Accounting Ltd

13th Floor, One Croydon

12-16 Addiscombe Road, Croydon, CR0 0XT

Email:  legal-uk@idt.net

IDT’s Representative:  Galina Kennard

IDT’s Representative’s Email:  data_info@idt.net

If you live anywhere else, please direct questions about this Privacy Policy to:

IDT Corporation

520 Broad Street

Newark, NJ 07102 USA

E-mail:   ccpa-idt@idt.net 

Appendix A

California Consumers

If you are a resident of California, then the following section also applies to you.

A. Personal Information.  Personal information (as defined in the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (collectively, the “CCPA”)) includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  Personal information does not include publicly available information, including information lawfully made available to the general public by the consumer or from widely distributed media, and deidentified or aggregate consumer information.  IDT may collect and use the following categories of personal information regarding California residents:

Categories of Personal Information CollectedCategories of Sources of Personal InformationWhether Sold, Shared(1) and/or Disclosed for a Business Purpose and Categories of to WhomBusiness or Commercial Purposes for Collection and Use of Personal Information
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideConsumer, consumer’s device, automatic collection by IDT, credit reporting companies, financial companies, third party vendors that provide IDT with transactional services, and data resellersSold – no, except for NRSShared – noDisclosed for a Business Purpose – yesCategories of Third Parties to whom IDT may disclose personal information for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., credit card processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and servicesTo maintain the quality of our products and services, including to improve, upgrade, and enhance our products and servicesTo maintain and service your account, including to process orders and paymentsTo communicate with you about our terms and policiesTo verify you, your account activity and your informationTo detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer serviceTo perform due diligence, credit and fraud prevention checksTo maintain accurate record keepingTo ensure security and integrity of our customers’ personal informationTo perform product, marketing and organizational analysisTo provide advertising and marketing to our customersTo measure our marketing campaigns and to audit consumer interactionsTo comply with regulations and legal requirementsTo comply with contractual requirementsFor risk management and complianceFor legal advice and defense of claimsFor general, operational and administrative purposes
Commercial information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesConsumer, consumer’s device, automatic collection by IDT, credit reporting companies, financial companies, third party vendors that provide IDT with transactional services, and data resellersSold – noShared – noDisclosed for a Business Purpose – yesCategories of Third Parties to whom IDT may disclose personal information for a business purpose:  see list under Personal Identifiers and Information
Internet or other electronic network activity information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsConsumer, consumer’s device, automatic collection by IDT, credit reporting companies, financial companies, third party vendors that provide IDT with transactional services, and data resellersSold – noShared – noDisclosed for a Business Purpose – yesCategories of Third Parties to whom IDT may disclose personal information for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in one of our apps), which may include the location of your deviceConsumer, consumer’s device, and automatic collection by IDTSold – noShared – noDisclosed for a Business Purpose – yesCategories of Third Parties to whom IDT may disclose personal information for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing and purchasing preferences, aggregate information from third partiesConsumer, consumer’s device, automatic collection by IDT, credit reporting companies, financial companies, third party vendors that provide IDT with transactional services, and data resellersSold – noShared – noDisclosed for a Business Purpose – yesCategories of Third Parties to whom IDT may disclose personal information for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., credit card processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

(1) Share and Shared (as defined in the CCPA) mean sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

B. Sensitive Personal Information.  IDT may collect limited sensitive personal information (as defined in the CCPA) and limits the use of that information to those uses which are necessary for us to perform the services and provide the goods consumers have requested and for other uses as authorized by applicable California privacy laws and regulations.  IDT may collect the following sensitive personal information:

Categories of Sensitive Personal Information CollectedIs this infoWhether Sold or Shared(1)Business or Commercial Purposes for Collection and Use of Sensitive Personal Information
Account information, which may include account log-in, financial account, debit card or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;Sold – no
Shared – no
To perform the services and provide the goods requested by the consumer, including to help us operate, provide, customize, bill and support our products and servicesTo ensure the security and integrity of our customers’ personal information, including to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information
For short‐term, transient use, including but not limited to non‐personalized advertising shown as part of a consumer’s current interaction with IDT
To perform services on our behalf, including to maintain or service accounts, provide customer service, process or fulfill orders and transactions, verify customer information, process payments, provide financing, provide analytic services, provide storage, or provide similar services on behalf of our business
To maintain the quality and safety of our products and services, including to improve, upgrade, and enhance our products and services To resist malicious, deceptive, fraudulent, or illegal actions directed at our business and to prosecute those responsible for those actions To verify consumer age To ensure the physical safety of natural persons
Precise geolocation (if you enable location features in one of our apps), which may include the location of your deviceSold – no
Shared – no
Social security, driver’s license, state identification card, or passport number (for age verification by NRS only)Sold – no
Shared – no

(1) Share and Shared (as defined in the CCPA) mean sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

C. Your Rights.  As a California resident you have certain additional rights regarding your personal information under the “CCPA”.  

(i) Right to Know Personal Information Collected, Sold, Shared, or Disclosed – you have the right to request that we provide certain information about how we have handled your personal information including: 

(a) Categories of personal information collected;

(b) Categories of sources of personal information;

(c) Business or commercial purpose for collecting;

(d) Categories of personal information sold or shared with a third party;

(e) Categories of third parties to whom we have sold or shared personal information;

(f) Categories of personal information disclosed to third parties for a business purpose; and

(g) Categories of third parties with whom we have disclosed personal information for a business purpose.  

(ii) Right to Access Personal Information Collected – you have the right to request the specific pieces of personal information that we have collected about you in a format that is easily understandable to the average consumer, and to the extent technically feasible, in a structured, commonly used, machine-readable format that may also be transmitted to another entity at the consumer’s request without hindrance.

(iii) Right of No Retaliation – IDT does not discriminate against any California consumer who exercises any of the consumer’s rights under the CCPA.  Pursuant to the CCPA IDT is permitted to (a) charge a consumer a different price or rate and/or provide a different level of service to the consumer if that difference is reasonably related to the value provided to the consumer by the consumer’s data, (b) offer loyalty, rewards, premium features, discounts, or club card programs to its customers, and (c) offer financial incentives, including payments, as compensation for the collection, sale, sharing or retention of personal information.

(iv) Right to Delete – you have the right to request that IDT delete any personal information that it has collected about you.  There are exceptions to this right and IDT does not have to delete your personal information if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided in the CCPA.  In addition, if your personal information is deleted you may not be able to purchase or use our products and services.

(v) Right to Correct Inaccurate Personal Information – you have the right to request that IDT correct any inaccurate personal information that it maintains about you.

(vi) Right to Opt Out of Sale or Sharing of Personal Information – IDT does not sell (as defined in the CCPA) your personal information, other than NRS which may sell certain pieces of personal information.  IDT does not share (as defined in the CCPA) your personal information.  You have the right to request that IDT, including NRS, not sell or share your personal information.  To exercise this right please go to https://www.idt.net/ccpa-do-not-sell and complete the form.  We will also process any opt-out of sale/sharing preference signal that meets the requirements set forth in the CCPA and its regulations.  IDT does not intentionally collect the personal information of a consumer under the age of 16.  IDT does not intentionally sell or share the personal information of a consumer under the age of 16 unless the consumer (if age 13-16) or the consumer’s parent (for consumers under 13) affirmatively authorizes the sale or sharing.  

(vii) Right to Limit Use and Disclosure of Sensitive Personal Information – IDT does not use your sensitive personal information (as defined in the CCPA) for purposes other than as set forth in the CCPA.  Nonetheless, you have the right to direct IDT to limit its use of your sensitive personal information to that use which is necessary for IDT to perform the services and provide the goods you requested from IDT, to ensure the security and integrity of your personal information, to perform services on our behalf, including to maintain or service accounts, provide customer service, process or fulfill orders and transactions, verify customer information, process payments, provide analytic services, to maintain the quality of our products and services, and as otherwise provided in the CCPA.  Please note that sensitive personal information that is collected or processed by IDT without the purpose of inferring characteristics about a consumer, is not subject to this section, and shall be treated as personal information. To exercise this right please go to https://www.idt.net/ccpa-do-not-sell and complete the form.

(viii) California’s “Shine the Light” law (Civil Code Section § 1798.83) permits you to request certain information regarding our disclosure of your personal information to third parties for marketing purposes.

D. How to Exercise Your Rights.  To exercise your rights to know and access your personal information collected, sold, shared or disclosed by IDT, or to exercise your right to delete your personal information or to correct inaccurate personal information, please go to https://www.idt.net/ccpa-request and complete the form.  To exercise your right to opt out of the sale or sharing of your personal information, or to exercise your right to limit the use and disclosure of your sensitive personal information please go to https://www.idt.net/ccpa-do-not-sell and complete the form.  We will also process any opt-out of sale/sharing preference signal that meets the requirements set forth in the CCPA and its regulations.  In addition, you can exercise your rights by calling the following toll-free number:  888-412-0477.  Your authorized agent can make these requests on your behalf using the same links and methods.

E. Verification of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably verify the requestor.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to verify the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.  If a third party, relative or representative is requesting the data on your behalf, we will verify their authority to act for you and may contact you and them to confirm you and their identity and gain your authorization prior to responding to the request.

F. Responding to Consumer Requests.  IDT will attempt to confirm receipt of each request by contacting the requestor either at the email or telephone number submitted, through the consumer’s account or by other electronic means.  IDT will attempt to verify each request and if it is able to verify a request will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  IDT may charge a fee or refuse to act on any request that is manifestly unfounded or excessive.  All IDT responses shall be in writing and cover the previous 12 month period unless the consumer requests information beyond the 12 month period (only applies to personal information collected on or after January 1, 2022).  Where possible the response shall be sent through the consumer’s account.  Otherwise, the response shall be sent by mail or electronically.  IDT is not obligated to provide a response to a consumer more than two times in any 12 month period.  The CCPA contains certain exemptions and exceptions to the exercise of some of these rights.  If one or more of those exemptions or exceptions applies to your request, then we may not be able to act upon your request.  Where possible we will inform you of the reasons for not acting upon your request.

G. How Long will IDT Retain Your Personal Information.  See Section 9 of Privacy Policy above.

H. For More Info.  For more information on your rights and our obligations under the CCPA please send an email to ccpa-idt@idt.net.  For California residents with a disability please send an email to ccpa-idt@idt.net for information on how to access this policy in another format.

Appendix B

Colorado Consumers

If you are a resident of Colorado, then the following section also applies to you.

A. Personal Data.  Personal data (as defined in the Colorado Privacy Act (the “COPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual.  Personal data does not include de-identified data or publicly available information.  IDT may collect and process the following categories of personal data regarding Colorado residents:

Categories of Personal Data Collected or ProcessedWhether Sold, Shared with Third Parties, Processed for Targeted Advertising or Processed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects and Categories of to WhomPurposes for Collection and Processing of Personal Data
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideSold – no, except for NRSProcessed for Targeted Advertising – noProcessed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and servicesTo maintain the quality of our products and services, including to improve, upgrade, and enhance our products and servicesTo maintain and service your account, including to process orders and paymentsTo communicate with you about our terms and policiesTo verify you, your account activity and your informationTo detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer serviceTo perform due diligence, credit and fraud prevention checksTo maintain accurate record keepingTo ensure security and integrity of our customers’ personal informationTo perform product, marketing and organizational analysisTo provide advertising and marketing to our customersTo measure our marketing campaigns and to audit consumer interactionsTo comply with regulations and legal requirementsTo comply with contractual requirementsFor risk management and complianceFor legal advice and defense of claimsFor general, operational and administrative purposes
Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesSold – noProcessed for Targeted Advertising – noProcessed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsSold – noProcessed for Targeted Advertising – noProcessed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in one of our apps), which may include the location of your deviceSold – noProcessed for Targeted Advertising – noProcessed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing and purchasing preferences, aggregate information from third partiesSold – noProcessed for Targeted Advertising – noProcessed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Your Rights.  As a Colorado resident you have certain additional rights regarding your personal data under the “COPA”:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you.  There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Colorado law.  In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable, and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance;

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the COPA) your personal data, other than NRS which may sell certain pieces of personal information.  IDT does not process your personal data for Targeted Advertising (as defined in the COPA) or process your personal data for Profiling (as defined in the COPA) for decisions that produce legal or similarly significant effects.  Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes.  To exercise this right please go to https://www.idt.net/copa-request and complete the form.

C. How to Exercise Your Rights.  To exercise any of your rights, please (i) go to https://www.idt.net/copa-request and complete the form, or (ii) send an email to copa@idt.net detailing your request(s).  The COPA applies to individuals who are Colorado residents, but does not apply to individuals acting in a commercial context.  An authorized agent may submit an opt-out request on your behalf using the same methods listed in this section.

D. Authentication of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably authenticate the request.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to authenticate the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.  If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

E. Responding to Consumer Requests.  IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  All IDT responses shall be in writing.  The response shall be sent by mail or electronically.  If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

F. Appeal of Refusal to Take Action.  If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to copa@idt.net and requesting an appeal.  Within 45 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision.  If your appeal is denied, then you may contact the Colorado Attorney General at https://coag.gov/ or 720-508-6000.

Appendix C

Connecticut Consumers

If you are a resident of Connecticut, then the following section also applies to you.

A. Personal Data.  Personal data (as defined in the Connecticut Privacy Act (the “CTPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual.  Personal data does not include de-identified data or publicly available information.  IDT may collect and process the following categories of personal data regarding Connecticut residents:

Categories of Personal Data Collected or ProcessedWhether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to WhomPurposes for Collection and Processing of Personal Data
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideSold – no, except for NRSProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and servicesTo maintain the quality of our products and services, including to improve, upgrade, and enhance our products and servicesTo maintain and service your account, including to process orders and paymentsTo communicate with you about our terms and policiesTo verify you, your account activity and your informationTo detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer serviceTo perform due diligence, credit and fraud prevention checksTo maintain accurate record keepingTo ensure security and integrity of our customers’ personal informationTo perform product, marketing and organizational analysisTo provide advertising and marketing to our customersTo measure our marketing campaigns and to audit consumer interactionsTo comply with regulations and legal requirementsTo comply with contractual requirementsFor risk management and complianceFor legal advice and defense of claimsFor general, operational and administrative purposes
Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in one of our apps), which may include the location of your deviceSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing and purchasing preferences, aggregate information from third partiesSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data.  The only sensitive data (as defined in the CTPA) that IDT may collect and process is precise geolocation data (as defined in the CTPA) from some of our apps primarily for transaction compliance reasons if the user enables the app’s location feature.  Users of our apps can enable or disable an app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights.  As a Connecticut resident you have certain additional rights regarding your personal data under the “CTPA”:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you.  There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Connecticut law.  In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable , and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance;

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the CTPA) your personal data, other than NRS which may sell certain pieces of personal information.  IDT does not process your personal data for Targeted Advertising (as defined in the CTPA) or process your personal data for Profiling (as defined in the CTPA) for decisions that produce legal or similarly significant effects.  Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes.  To exercise this right please go to https://www.idt.net/ctpa-request and complete the form.

D. How to Exercise Your Rights.  To exercise any of your rights, please go to https://www.idt.net/ctpa-request and complete the form.  The CTPA applies to individuals who are Connecticut residents, but does not apply to individuals acting in a commercial context.  An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

E. Authentication of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably authenticate the request.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to authenticate the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.  If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

F. Responding to Consumer Requests.  IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  All IDT responses shall be in writing.  The response shall be sent by mail or electronically.  If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

G. Appeal of Refusal to Take Action.  If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to ctpa@idt.net and requesting an appeal.  Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision.  If your appeal is denied, then you may contact the Connecticut Attorney General by email at Attorney.General@ct.gov or by phone at 860-808-5318.

Appendix D

Montana Consumers

If you are a resident of Montana, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Montana Consumer Data Privacy Act (the “MCDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Montana residents:

Categories of Personal Data Collected or ProcessedWhether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to WhomPurposes for Collection and Processing of Personal Data
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideSold – no, except for NRSProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services.To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services.To maintain and service your account, including to process orders and payments.To communicate with you about our terms and policies.To verify you, your account activity and your information.To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service.To perform due diligence, credit and fraud prevention checks.To maintain accurate record keeping.To ensure security and integrity of our customers’ personal information.To perform product, marketing and organizational analysis.To provide advertising and marketing to our customers.To measure our marketing campaigns and to audit consumer interactions.To comply with regulations and legal requirements.To comply with contractual requirements.For risk management and compliance.For legal advice and defense of claims.For general, operational and administrative purposes.
Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third  Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App), which may include the location of your deviceSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third partiesSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data.  The only sensitive data (as defined in the MCDPA) that IDT may collect and process is precise geolocation data (as defined in the MCDPA) from some of our apps, primarily for transaction compliance reasons if the user enables the app’s location feature.  Users of our apps can enable or disable the app’s location feature in the app.  By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights.  As a Montana resident you have certain additional rights regarding your personal data under the MCDPA:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you.  There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Montana law.  In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance; and

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the MCDPA) your personal data, other than NRS which may sell certain pieces of personal information.  IDT does not process your personal data for Targeted Advertising (as defined in the MCDPA) or process your personal data for Profiling (as defined in the MCDPA) for decisions that produce legal or similarly significant effects.  Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes.  To exercise this right please go to https://www.idt.net/mtpa-request and complete the form.

D. How to Exercise Your Rights.  To exercise any of your rights, please go to https://www.idt.net/mtpa-request and complete the form.  The MCDPA applies to individuals who are Montana residents, but does not apply to individuals acting in a commercial context.  An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

E. Authentication of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably authenticate the request.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to authenticate the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.  If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

F. Responding to Consumer Requests.  IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  All IDT responses shall be in writing.  The response shall be sent by mail or electronically.  If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

G. Appeal of Refusal to Take Action.  If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to mtpa@idt.net and requesting an appeal.  Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision.  If your appeal is denied, then you may contact the Montana Attorney General at https://dojmt.gov/consumer/consumer-complaints/.

Appendix E

New Jersey Consumers

If you are a resident of New Jersey, then the following section also applies to you.

A. Personal Data.  Personal data (as defined in the New Jersey Data Privacy Act (the “NJDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual.  Personal data does not include de-identified data or publicly available information.  IDT may collect and process the following categories of personal data regarding New Jersey residents:

Categories of Personal Data Collected or ProcessedWhether Sold, Shared with Third Parties, or Processed for Targeted Advertising or Profiling in furtherance of Decisions that Produce Legal or Similarly Significant Effects and Categories of to WhomPurposes for Collection and Processing of Personal Data
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideSold – no, except for NRSProcessed for Targeted Advertising or Profiling in furtherance of Decisions that Produce Legal Effect – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services.To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services.To maintain and service your account, including to process orders and payments.To communicate with you about our terms and policies.To verify you, your account activity and your information.To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service.To perform due diligence, credit and fraud prevention checks.To maintain accurate record keeping.To ensure security and integrity of our customers’ personal information.To perform product, marketing and organizational analysis.To provide advertising and marketing to our customers.To measure our marketing campaigns and to audit consumer interactions.To comply with regulations and legal requirements.To comply with contractual requirements.For risk management and compliance.For legal advice and defense of claims.For general, operational and administrative purposes.
Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesSold – noProcessed for Targeted Advertising or Profiling in furtherance of Decisions that Produce Legal Effect – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsSold – noProcessed for Targeted Advertising or Profiling in furtherance of Decisions that Produce Legal Effect – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App), which may include the location of your deviceSold – noProcessed for Targeted Advertising or Profiling in furtherance of Decisions that Produce Legal Effect – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third partiesSold – noProcessed for Targeted Advertising or Profiling in furtherance of Decisions that Produce Legal Effect – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data.  The only sensitive data (as defined in the NJDPA) that IDT may collect and process is precise geolocation data (as defined in the NJDPA) from some of our apps, primarily for transaction compliance reasons if the user enables the app’s location feature.  Users of our apps can enable or disable the app’s location feature in the app.  By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights.  As a New Jersey resident you have certain additional rights regarding your personal data under the NJDPA:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you.  There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by New Jersey law.  In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable and, to the extent technically feasible, a readily usable, format that allows you to transmit the data to another entity without hinderance; and

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling in Furtherance of Decisions that Produce Legal Effects – IDT does not sell (as defined in the NJDPA) your personal data, other than NRS which may sell certain pieces of personal information.  IDT does not process your personal data for Targeted Advertising (as defined in the NJDPA) or process your personal data for profiling in furtherance of decisions that produce legal or similarly significant effects (as defined in the NJDPA).  Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes.  To exercise this right please go to https://www.idt.net/njpa-request and complete the form.

D. How to Exercise Your Rights.  To exercise any of your rights, please go to https://www.idt.net/njpa-request and complete the form.  The NJDPA applies to individuals who are New Jersey residents, but does not apply to individuals acting in a commercial context.  An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

E. Authentication of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably authenticate the request.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to authenticate the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.  If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

F. Responding to Consumer Requests.  IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  All IDT responses shall be in writing.  The response shall be sent by mail or electronically.  If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

G. Appeal of Refusal to Take Action.  If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to njpa@idt.net and requesting an appeal.  Within 45 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision.  If your appeal is denied, then you may contact the New Jersey Division of Consumer Affairs in the Department of Law and Public Safety at https://www.njconsumeraffairs.gov/Pages/Consumer-Complaints.aspx.

H. How to Contact IDT.  You can contact IDT by sending an email to njpa@idt.net.

Appendix F

Oregon Consumers

If you are a resident of Oregon, then the following section also applies to you.

A. Personal Data.  Personal data (as defined in the Oregon Privacy Act (the “ORPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual.  Personal data does not include de-identified data or publicly available information.  IDT may collect and process the following categories of personal data regarding Oregon residents:

Categories of Personal Data Collected or ProcessedWether Sold, Shared with Third Parties, or Processed for Targeted Advertising or Profiling for Decisions that Produce Legal Effects, and Categories of to WhomPurposes for Collection and Processing of Personal Data
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideSold – no, except for NRSProcessed for Targeted Advertising or Profiling for Decisions that Produce Legal Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and servicesTo maintain the quality of our products and services, including to improve, upgrade, and enhance our products and servicesTo maintain and service your account, including to process orders and paymentsTo communicate with you about our terms and policiesTo verify you, your account activity and your informationTo detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer serviceTo perform due diligence, credit and fraud prevention checksTo maintain accurate record keepingTo ensure security and integrity of our customers’ personal informationTo perform product, marketing and organizational analysisTo provide advertising and marketing to our customersTo measure our marketing campaigns and to audit consumer interactionsTo comply with regulations and legal requirementsTo comply with contractual requirementsFor risk management and complianceFor legal advice and defense of claimsFor general, operational and administrative purposes
Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesSold – noProcessed for Targeted Advertising or Profiling for Decisions that Produce Legal Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsSold – noProcessed for Targeted Advertising or Profiling for Decisions that Produce Legal Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in our apps), which may include the location of your deviceSold – noProcessed for Targeted Advertising or Profiling for Decisions that Produce Legal Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing and purchasing preferences, aggregate information from third partiesSold – noProcessed for Targeted Advertising or Profiling for Decisions that Produce Legal Effects – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the ORPA) that IDT may collect and process is precise geolocation data (as defined in the ORPA) from some of our apps primarily for transaction compliance reasons if the user enables the app’s location feature. Users of our apps can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights.  As an Oregon resident you have certain additional rights regarding your personal data under the “ORPA”:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you.  There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Oregon law.  In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable, and to the extent technically feasible a readily usable, format; and

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the ORPA) your personal data, other than NRS which may sell certain pieces of personal information. IDT does not process your personal data for Targeted Advertising (as defined in the ORPA) or process your personal data for Profiling (as defined in the ORPA) for decisions that produce legal or similarly significant effects. Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/orpa-request and complete the form.

D. How to Exercise Your Rights.  To exercise any of your rights, please go to https://www.idt.net/orpa-request and complete the form.  The ORPA applies to individuals who are Oregon residents, but does not apply to individuals acting in a commercial context.  An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

E. Authentication of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably authenticate the request.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to authenticate the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.  If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

F. Responding to Consumer Requests.  IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  All IDT responses shall be in writing.  The response shall be sent by mail or electronically.  If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

G. Appeal of Refusal to Take Action.  If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to orpa@idt.net and requesting an appeal.  Within 45 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision.  If your appeal is denied, then you may contact the Oregon Attorney General by email at AttorneyGeneral@doj.state.or.us or by phone at 877-877-9392.

Appendix G

Texas Consumers

If you are a resident of Texas, then the following section also applies to you.

A. Personal Data.  Personal data (as defined in the Texas Data Privacy and Security Act (the “TDPSA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual.  Personal data does not include de-identified data or publicly available information.  IDT may collect and process the following categories of personal data regarding Texas residents:

Categories of Personal Data Collected or ProcessedWhether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to WhomPurposes for Collection and Processing of Personal Data
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideSold – no, except for NRSProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services.To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services.To maintain and service your account, including to process orders and payments.To communicate with you about our terms and policies.To verify you, your account activity and your information.To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service.To perform due diligence, credit and fraud prevention checks.To maintain accurate record keeping.To ensure security and integrity of our customers’ personal information.To perform product, marketing and organizational analysis.To provide advertising and marketing to our customers.To measure our marketing campaigns and to audit consumer interactions.To comply with regulations and legal requirements.To comply with contractual requirements.For risk management and compliance.For legal advice and defense of claims.For general, operational and administrative purposes.
Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App), which may include the location of your deviceSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third partiesSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data.  The only sensitive data (as defined in the TDPSA) that IDT may collect and process is precise geolocation data (as defined in the TDPSA) from some of our apps primarily for transaction compliance reasons if the user enables the app’s location feature.  Users of our apps can enable or disable the app’s location feature in the app.  By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights.  As a Texas resident you have certain additional rights regarding your personal data under the TDPSA:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you.  There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Texas law.  In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you (if available in a digital format) in a portable and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance; and

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the TDPSA) your personal data, other than NRS which may sell certain pieces of personal information.  IDT does not process your personal data for Targeted Advertising (as defined in the TDPSA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the TDPSA).  Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes.  To exercise this right please go to https://www.idt.net/txpa-request and complete the form.

D. How to Exercise Your Rights.  To exercise any of your rights, please go to https://www.idt.net/txpa-request and complete the form.  The TDPSA applies to individuals who are Texas residents, but does not apply to individuals acting in a commercial context.  An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

E. Authentication of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably authenticate the request.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to authenticate the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.  If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

F. Responding to Consumer Requests.  IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  All IDT responses shall be in writing.  The response shall be sent by mail or electronically.  If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

G. Appeal of Refusal to Take Action.  If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to mtpa@idt.net and requesting an appeal.  Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision.  If your appeal is denied, then you may contact the Texas Attorney General at https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint.

Appendix H

Utah Consumers

If you are a resident of Utah, then the following section also applies to you.

A. Personal Data.  Personal data (as defined in the Utah Privacy Act (the “UTPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual.  Personal data does not include de-identified data, aggregated data or publicly available information.  IDT may collect and process the following categories of personal data regarding Utah residents:

Categories of Personal Data Collected or ProcessedWether Sold to Third Parties, Shared with Third Parties, and/or Processed for Targeted Advertising and Categories of to WhomPurposes for Collection and Processing of Personal Data
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideSold to Third Parties – no, except for NRSProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and servicesTo maintain the quality of our products and services, including to improve, upgrade, and enhance our products and servicesTo maintain and service your account, including to process orders and paymentsTo communicate with you about our terms and policiesTo verify you, your account activity and your informationTo detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer serviceTo perform due diligence, credit and fraud prevention checksTo maintain accurate record keepingTo ensure security and integrity of our customers’ personal informationTo perform product, marketing and organizational analysisTo provide advertising and marketing to our customersTo measure our marketing campaigns and to audit consumer interactionsTo comply with regulations and legal requirementsTo comply with contractual requirementsFor risk management and complianceFor legal advice and defense of claimsFor general, operational and administrative purposes
Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesSold to Third Parties – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsSold to Third Parties – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in our apps), which may include the location of your deviceSold to Third Parties – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing and purchasing preferences, aggregate information from third partiesSold to Third Parties – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data.  The only sensitive data (as defined in the UTPA) that IDT may collect and process is specific geolocation data (as defined in the UTPA) from some of our apps, primarily for transaction compliance reasons, if the user enables the app’s location feature.  Users of our apps can enable or disable an app’s location feature in the app.  By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights.  As a Utah resident you have certain additional rights regarding your personal data under the “UTPA”:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Your Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Delete – you have the right to request that IDT delete any personal data that you provided to it.  There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Utah law.  In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iii) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that you previously provided to us in a portable and readily usable format to the extent technically feasible and practicable that allows you to transmit the data to another entity without impedimentp; and

(iv) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising and/or Sale – IDT does not sell (as defined in the UTPA) your personal data, other than NRS which may sell certain pieces of personal information.  IDT does  not process your personal data for Targeted Advertising (as defined in the UTPA).  Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes.  To exercise this right please go to https://www.idt.net/utpa-request and complete the form.

D. How to Exercise Your Rights.  To exercise any of your rights, please go to https://www.idt.net/utpa-request and complete the form.  The UTPA applies to individuals who are Utah residents, but does not apply to individuals acting in a commercial context.  An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

E. Authentication of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably authenticate the request.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to authenticate the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.  If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

F. Responding to Consumer Requests.  IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  All IDT responses shall be in writing.  The response shall be sent by mail or electronically.  If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

Appendix I

Virginia Consumers

If you are a resident of Virginia, then the following section also applies to you.

A. Personal Data.  Personal data (as defined in the Virginia Consumer Data Protection Act (the “VCDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable natural person.  Personal data does not include de-identified data or publicly available information.  IDT may collect and process the following categories of personal data regarding Virginia residents:

Categories of Personal Data Collected and ProcessedWether, Shared with Third Parties and/or Processed for Targeted Advertising and Categories of to WhomPurposes for Collection and Processing of Personal Data
Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provideSold – no, except for NRSProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., credit card processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulatorsTo manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and servicesTo maintain the quality of our products and services, including to improve, upgrade, and enhance our products and servicesTo maintain and service your account, including to process orders and paymentsTo communicate with you about our terms and policiesTo verify you, your account activity and your informationTo detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer serviceTo perform due diligence, credit and fraud prevention checksTo maintain accurate record keepingTo ensure security and integrity of our customers’ personal informationTo perform product, marketing and organizational analysisTo provide advertising and marketing to our customersTo measure our marketing campaigns and to audit consumer interactionsTo comply with regulations and legal requirementsTo comply with contractual requirementsFor risk management and complianceFor legal advice and defense of claimsFor general, operational and administrative purposes
Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming historiesSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisementsSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in one of our apps), which may include the location of your deviceSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  see list under Personal Identifiers and Information
Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing and purchasing preferences, aggregate information from third partiesSold – noProcessed for Targeted Advertising – noShared with Third Parties – yesCategories of Third Parties to whom IDT may share personal data for a business purpose:  IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., credit card processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data.  The only sensitive data (as defined in the VCDPA) that IDT may collect and process is precise geolocation data (as defined in the VCDPA) from some of our apps primarily for transaction compliance reasons if the user turns on the app’s location feature. Users of our apps can enable or disable an app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights.  As a Virginia resident you have certain additional rights regarding your personal data under the “VCDPA”:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you.  There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Virginia law.  In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(v) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable, and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance;

(vi) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the VCDPA) your personal data, process your personal data for Targeted Advertising (as defined in the VCDPA) or process your personal data for Profiling (as defined in the VCDPA) for decisions that produce legal or similarly significant effects.  Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes.  To exercise this right please go to https://www.idt.net/vcdpa-request and complete the form.

D. How to Exercise Your Rights.  To exercise any of your rights, please go to https://www.idt.net/vcdpa-request and complete the form.  The VCDPA applies to individuals who are Virginia residents, but does not apply to individuals acting in a commercial context.

E. Authentication of Consumer Requests.  In order to comply with a consumer request, IDT must reasonably authenticate the request.  A record of each request is made as soon as it is received by our data protection team.  IDT will use all reasonable measures to authenticate the identity of the individual making the request.  We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request.  This is to protect your data and rights.

F. Responding to Consumer Requests.  IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days.  If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay.  All IDT responses shall be in writing.  The response shall be sent by mail or electronically.  If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

G. Appeal of Refusal to Take Action.  If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to vcdpa@idt.net and requesting an appeal.  Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision.  If your appeal is denied, then you may contact the Virginia Attorney General at (804)786-2071 to submit a complaint.

Appendix J

Cookies and Tracking Notice

A cookie is a small text file that a website saves on your computer or mobile device in order to facilitate and enhance your interaction with that service.  We or our service providers may use cookies and equivalent technologies such as clear gifs, web beacons, pixel tags, Javascript, device fingerprinting, and third-party cookies on our websites and, where relevant, in our promotional e-mails.

They also help us track users, conduct research, allow you to back click to earlier registration pages viewed by you and improve our content and services.  For instance, we may use web beacons on our websites to access and set cookies and otherwise help us to better understand how users are moving through our websites.  Information provided by the web beacon includes the computer’s IP address, the type of browser being used and the time that the web beacon was viewed.  We may also use web beacons in e-mails so that we know when such communications have been opened and to otherwise help us tailor our communications to individual users.  Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

You can control and/or delete cookies as you wish.  You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed.  If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.  You will not be able to opt-out of any cookies or other technologies that are “strictly necessary” for the services.  Where you have not set your permissions, we may also separately prompt you regarding our use of cookies on the site.  We do not honor any web browser “do not track” signals or other mechanisms that provide you the ability to exercise choice regarding the collection of information about your online activities over time and across other websites or online services.  

Learn more about when and how we use cookies and tracking technologies:

These cookies and other technologies enable us to recognize you when you return to our service and to maintain your web session so you can more easily navigate the subscription process.  They are also essential for you to access secure areas of our sites, for example, to use shopping baskets or make payments.

These cookies and similar technologies collect statistical information about how you use our websites so that we can improve your user experience.  We use cookies to identify the number of unique visitors we receive to different parts of the website and identify where leads originate.  This helps us for our legitimate interests of improving the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Google Analytics is one of the analytics providers that we use to help us improve our website.  Google Analytics uses cookies to help the website analyze how visitors use the site.  The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by a Google server in the United States.  Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing website operators with other services relating to website activity and internet usage.  You can prevent the storage of data relating to your use of the website and created via the cookie (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available here.

These cookies and similar technologies can tell us which language you prefer and what your communications preferences are.  They can help you fill out forms on our sites more easily.  They also enable customization of the layout and/or content of the pages on our sites.

These cookies and other technologies record your visits to our website, the pages you have visited and the links you have followed.  We will use this information subject to your choices and preferences to make our website more relevant to your interests.  We may also share this information with our service providers and vendors for this purpose.  These companies may use information about your online activities over time and across our services and other online properties, the region of the country or world where your IP address indicates you are located, as well as other information about you, in order to provide advertisements about goods and services of interest to you.  The information practices of these ads networks are governed by their own privacy policies and are not covered by this Privacy Policy.  You have to opt out using each of your web browsing applications, computers and mobile devices separately.

We use social media platforms to advertise to you online and to monitor the success of our advertising (for instance by receiving reports when you click on our ads on social media sites).  We may use Google Customer Match and Facebook Custom Audience or other similar services to enable us to display personalized ads to people on our e-mail lists when they visit Google or Facebook.  We provide personal information such as your e-mail address and phone number in encrypted form to these social networks (so they cannot be seen by anyone at the social network) to enable the social network to determine if you are a registered account holder with them.