PRIVACY POLICY
Impact Travel Group (US), LLC
Version: 002 Effective Date: 1st April 2026
This Privacy Policy is incorporated by reference into the ITG US Terms and Conditions. Defined terms used in this Privacy Policy that are not separately defined herein have the meanings given to them in the Terms and Conditions. By making a Booking or otherwise submitting Personal Information to ITG US, the Booking Party confirms acceptance of this Privacy Policy.
1. DEFINITIONS
The following defined terms apply throughout this Privacy Policy:
(a) “ITG US,” “we,” “us,” and “our” means Impact Travel Group (US), LLC, formerly known as World Endeavors, LLC, doing business under the following brand names: Camps International, African Impact, Kaya Responsible Travel, Raleigh International, Roots Interns, World Endeavors, StudyAbroad.com, Marine Impact, Penda Photo Tours, Ecua Explora, African Horse Safaris, Beyond TEFL, Impact Gap Year, Rebel Innovation, and Leading Lines.
(b) “Brand” means the individual trading name under which a particular Program or series of Programs is marketed by ITG US, as identified in Section 1(a). This Privacy Policy is published on each Brand’s website separately. References to the Brand mean the specific Brand whose website the Individual is accessing at the time of data collection.
(c) “Booking Party,” “Participant,” “Organization,” and “Program” have the meanings given to those terms in the Terms and Conditions.
(d) “Individual” means any natural person whose Personal Information is collected or processed by ITG US through or in connection with a Brand, whether or not that person has made a Booking. This includes Booking Parties, Participants, prospective customers, website visitors, and any person who submits an enquiry or consents to marketing communications.
(e) “Personal Information” means any information that identifies, relates to, or could reasonably be linked, directly or indirectly, to a particular individual or household.
(f) “Sensitive Personal Information” means Personal Information that reveals a Participant’s medical or health conditions, dietary requirements, mental health conditions, or other categories of sensitive data as defined under applicable US privacy law.
(g) “you” and “your” means the Individual interacting with a Brand. Where a provision applies specifically to a Booking Party, it will be identified as such.
Important — Brand-level data collection. Although this Privacy Policy identifies ITG US as the legal entity responsible for data processing, all Personal Information collected through this website is collected by and on behalf of the Brand you are accessing. Marketing consent, SMS consent, and WhatsApp consent are captured at Brand level and apply only to communications from that Brand. Consent given on one Brand’s website does not constitute consent to receive communications from any other Brand operating under ITG US.
2. SCOPE AND APPLICABLE LAW
(a) This Privacy Policy applies to all Personal Information collected or processed by ITG US in connection with its websites, Programs, services, and communications. It applies to all Individuals who interact with any Brand operating under ITG US, whether or not a Booking has been made.
(b) ITG US aligns its data practices with the California Privacy Rights Act (CPRA) as the most comprehensive state-level privacy framework in the United States. Residents of other states with enacted privacy legislation — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and Oregon (OCPA) — are entitled to equivalent rights, exercisable through the process in Section 7.
(c) This Privacy Policy supplements and is incorporated into the Terms and Conditions. In the event of any conflict on a matter solely concerning data privacy, this Privacy Policy prevails.
3. PERSONAL INFORMATION COLLECTED
(a) ITG US collects only the Personal Information necessary for the purposes in Section 4. The categories collected depend on the Individual’s relationship with ITG US and the stage of that relationship.
3.1 Prospective Customers and Enquirers
Individuals who submit an enquiry or express interest in a Program prior to Booking may provide:
(i) Identity data: full name
(ii) Contact data: email address, telephone number, and mobile number (where SMS or WhatsApp consent is given under Section 6)
(iii) Institutional data: school, college, university, or organization name, and job title or role
(iv) Program interest data: destination preferences, travel dates, group size, and general enquiries
(v) Marketing preferences: consent to receive marketing communications and channel preferences
(vi) Correspondence: records of communications with ITG US
3.2 Booking Parties
The Booking Party provides the following additional categories, typically through the Application Form and Required Forms referred to in the Terms and Conditions:
(i) Identity data: full name, date of birth, gender, and nationality
(ii) Contact data: home address, email address, and telephone number (including mobile number where SMS or WhatsApp consent is given under Section 6)
(iii) Travel document data: passport number, expiry date, and country of issue
(iv) Financial data: payment information processed securely via ITG US’s payment service providers
(v) Health and safety data: medical conditions, allergies, dietary requirements, medications, and mental health information, collected solely for the purposes in Appendix B to the Terms and Conditions
(vi) Emergency contact data: name, relationship, and contact details
(vii) Program data: travel preferences, previous travel experience, and Program-specific information provided on the Application Form
3.3 Information Collected Automatically
When any Individual accesses ITG US websites or digital platforms, ITG US and its technology providers may collect automatically:
(i) IP address and approximate geolocation
(ii) Browser type, version, and device identifiers
(iii) Pages accessed, time spent on pages, and referral source
(iv) Cookie and tracking data (see Section 9)
3.4 Information From Third Parties
Under its legitimate interest in identifying individuals reasonably assumed to be interested in its Programs, ITG US may collect limited Personal Information from publicly available sources (including school and university websites), social media platforms, direct contact with institutional staff, and conversations at events or networking opportunities. In such cases, ITG US collects only: full name, job title and role, email address, telephone number, and organization name. This data is used solely to offer Program opportunities, is not shared with third parties, and may be opted out of at any time under Section 7.
4. USE OF PERSONAL INFORMATION
ITG US uses Personal Information only for the following purposes:
(a) Enquiries and pre-booking communications. To respond to enquiries, provide Program information, and follow up on expressed interest. Individuals will always be given the opportunity to opt out of further communications prior to Booking.
(b) Program delivery. To process Bookings, manage Program logistics, communicate pre-departure information, and share relevant data with in-destination partners and service providers as necessary to fulfil ITG US’s obligations under the Terms and Conditions. ITG US shares only what each provider requires to deliver the service for which it has been contracted.
(c) Health and safety. To ensure the safety of Participants during Programs, including processing Sensitive Personal Information in accordance with Appendix B of the Terms and Conditions. Sensitive Personal Information is not used for any marketing or commercial purpose.
(d) Marketing and communications. To send marketing communications and SMS or WhatsApp messages to Individuals who have given express prior consent at Brand level. Consent is separate from any contractual agreement, may be withdrawn at any time, and is governed by Sections 6 and 10.
(e) Legal and compliance obligations. To comply with applicable US federal and state law, fulfil tax and accounting obligations, prevent fraud, maintain records required by law, and enforce ITG US’s rights under the Terms and Conditions.
(f) Business operations. To maintain internal records, analyse website usage to improve ITG US’s services, and manage its relationship with all Individuals.
5. SHARING OF PERSONAL INFORMATION
(a) Within the ITG group. Personal Information may be accessed by staff of ITG US and its parent company, Impact Travel Group, where necessary to fulfil a Booking, provide customer service, or manage operations. Personal Information is not shared with other brands within the Impact Travel Group for marketing purposes without the Individual’s express consent.
(b) With third-party service providers. ITG US shares Personal Information with third parties only where necessary to deliver a Program or operate its business. Recipients may include airlines and carriers, accommodation providers, in-country partners, payment processors, IT service providers, and legal and compliance advisors. All recipients are contractually required to process Personal Information only on ITG US’s instructions, apply appropriate security measures, and not use it for any other purpose.
(c) Photography and media. ITG US may capture images of Participants during a Program. A Participant may opt out at any time by giving written notice to the Brand. Images and videos of Participants may also be shared with us by our in-country partners, or by Participants themselves. Where consent has been given, images may be used for marketing by ITG US and its brands. Images are not disclosed to third parties outside the group for commercial purposes without the express written consent of the Participant, or their parent or guardian if a minor.
(d) Legal disclosure. ITG US may disclose Personal Information where required by applicable law, in response to a valid legal process, or where necessary to protect the safety of Participants or the public.
(e) No sale of Personal Information. ITG US does not sell Personal Information and does not disclose it to third parties for their own direct marketing purposes.
6. SMS AND WHATSAPP COMMUNICATIONS
(a) ITG US will not send SMS or WhatsApp communications to any Individual unless that Individual has given explicit prior consent to the specific Brand through which that consent was collected. Consent is captured at Brand level and applies only to that Brand. Consent given to one Brand does not authorise communications from any other Brand. Consent is independent of Booking status and may be given or withdrawn at any time.
6.1 SMS Messaging
(b) Where consent has been given, the Brand may send SMS messages for: enquiry responses and pre-booking Program information; marketing and promotional messages (where separately consented); Booking confirmations; pre-departure information and reminders; and operational updates during the Program.
(c) Message and data rates may apply. Message frequency will vary. All SMS communications comply with the Telephone Consumer Protection Act (TCPA).
(d) Opt-out. Any Individual may withdraw SMS consent at any time by: (i) replying STOP to any SMS from ITG US; or (ii) submitting a written request to internship@rootsinterns.com. A final confirmation will be sent and the number removed promptly. Opting out of SMS does not affect any other communications preferences.
6.2 WhatsApp Communications
(e) Where consent has been given, the Brand may use WhatsApp for: enquiry responses and pre-booking information; marketing messages (where separately consented); pre-departure briefings; operational and safety updates during the Program; and Participant group communications.
(f) WhatsApp messages are transmitted via Meta Platforms, Inc. By consenting, the Individual acknowledges that messages are subject to Meta’s privacy policy. ITG US does not share Personal Information with Meta for advertising purposes.
(g) Opt-out. Any Individual may withdraw WhatsApp consent at any time by: (i) sending STOP in any WhatsApp conversation with ITG US; or (ii) submitting a written request to internship@rootsinterns.com. ITG US will confirm opt-out and remove the Individual from active WhatsApp groups promptly.
6.3 CAN-SPAM Act
(h) All email marketing communications comply with the CAN-SPAM Act of 2003. Every marketing email includes a clear and cost-free unsubscribe mechanism. ITG US does not send unsolicited commercial email.
7. US PRIVACY RIGHTS
(a) The following rights apply to all US residents, whether or not they have made a Booking. No individual need be a California resident to exercise these rights. ITG US will not discriminate against any Individual for doing so.
| Right | What This Means |
|---|---|
| Right to Know | Request disclosure of the categories and specific pieces of Personal Information ITG US holds, the purposes for which it is collected, and the categories of third parties with whom it is shared. |
| Right to Access | Request a copy of the specific Personal Information ITG US holds. |
| Right to Correction | Request correction of inaccurate or incomplete Personal Information. |
| Right to Deletion | Request deletion of Personal Information, subject to applicable legal exceptions and retention obligations. |
| Right to Data Portability | Request Personal Information in a structured, commonly used, and machine-readable format, where technically feasible. |
| Right to Opt Out | ITG US does not sell Personal Information. Any Individual may opt out of sharing for cross-context behavioral advertising via the cookie controls in Section 9. |
| Right to Limit Sensitive Data Use | Request that ITG US limit use of Sensitive Personal Information to purposes directly necessary for Program delivery. |
| Right to Non-Discrimination | ITG US will not deny, reduce the quality of, or otherwise discriminate against any Individual for exercising a right under this Section. |
| Right to Object to Automated Processing | Object to decisions made solely by automated processing that produce a significant legal or similarly significant effect. ITG US does not currently make such decisions. |
(b) Exercising rights. Submit a written request to:
| Privacy Officer | Roots Operations Team |
| Entity | Impact Travel Group (US), LLC doing business as Roots Interns |
| internship@rootsinterns.com | |
| Phone | +44 1425 485390 |
| Postal Address | Unit 10 Kingfisher Park RINGWOOD BH24 3NX UNITED KINGDOM |
(c) ITG US will verify the requesting individual’s identity before processing any request and will respond within forty-five (45) days of receipt. Where additional time is required, ITG US will notify the individual within the initial period and may extend by a further forty-five (45) days where reasonably necessary. No fee will be charged unless a request is manifestly unfounded or excessive.
(d) Appeals and escalation. Where ITG US declines a request, it will provide written reasons and inform the individual of the right to appeal. Individuals who remain dissatisfied may contact the Federal Trade Commission at www.ftc.gov or the Attorney General of their state of residence. State-specific appeal deadlines and procedures are set out in the Appendix.
8. STATE-SPECIFIC NOTICES
The following provisions supplement Section 7 and apply to residents of the states identified. All rights in Section 7 apply in addition to any state-specific rights below.
8.1 California (CPRA / CCPA)
(a) California residents have the additional right to: (i) know whether ITG US processes their Sensitive Personal Information and limit that processing to service delivery purposes; (ii) opt out of automated decision-making producing significant legal effects; (iii) use the Global Privacy Control (GPC) browser signal as a valid opt-out from cross-context behavioral advertising; and (iv) designate an authorized agent to submit privacy requests, supported by written authorization or a valid power of attorney. ITG US has not sold Personal Information in the twelve (12) months preceding the effective date of this Privacy Policy.
8.2 Virginia (VCDPA)
(b) Virginia residents may opt out of targeted advertising and profiling producing significant legal effects, and may appeal a refused request within sixty (60) days of ITG US’s written decision. Unresolved appeals may be escalated to the Virginia Attorney General’s Office.
8.3 Colorado (CPA) and Connecticut (CTDPA)
(c) Residents of Colorado and Connecticut may opt out of targeted advertising and profiling. Colorado residents may use the GPC browser signal as a valid opt-out. Appeals unresolved within forty-five (45) days (Colorado) or sixty (60) days (Connecticut) may be escalated to the relevant Attorney General’s Office.
8.4 Texas (TDPSA) and Oregon (OCPA)
(d) Residents of Texas and Oregon may opt out of targeted advertising and the sale of Personal Information. These rights are exercisable through the process in Section 7(b).
8.5 Other States
(e) ITG US monitors US privacy legislation and updates this Privacy Policy as required. Residents of all US states may contact ITG US using the details in Section 7(b). ITG US will respond in good faith to all requests regardless of state of residence.
9. COOKIES AND ONLINE TRACKING
(a) ITG US uses cookies and similar tracking technologies on its websites. Each Brand is responsible for confirming this table accurately reflects the cookies deployed on its own website before publication.
| Cookie Name | Purpose | Type | Data Collected | Third Parties |
|---|---|---|---|---|
| ANONCHK | Analytics / measurement | Third Party | Short-lived measurement check | Microsoft (Clarity) |
| CLID | Analytics | Third Party | Clarity / Microsoft identifier | Microsoft |
| IDE | Marketing | Third Party | DoubleClick ad delivery / measurement | Google (DoubleClick) |
| MR | Marketing / analytics | Third Party | Microsoft syndication / refresh | Microsoft |
| MUID | Marketing / analytics | Third Party | Cross-site Microsoft user ID | Microsoft |
| SM | Marketing | Third Party | Microsoft syndication | Microsoft |
| SRM_B | Marketing | Third Party | Bing / Microsoft Ads measurement | Microsoft |
| VISITOR_INFO1_LIVE | Functional | Third Party | YouTube player bandwidth / preferences | YouTube (Google) |
| VISITOR_PRIVACY_METADATA | Consent storage | Third Party | YouTube privacy / consent metadata | YouTube (Google) |
| YSC | Analytics | Third Party | YouTube session / playback | YouTube (Google) |
| __cf_bm | Necessary / security | First Party | Cloudflare bot management; short-lived session signal | Cloudflare |
| __hstc | Analytics / marketing | First Party | HubSpot visitor session tracking (timestamp chain) | HubSpot |
| lxG241487__consent | Consent storage | First Party | Clickio site-scoped consent state (cookie and/or local storage) | Clickio |
| __lxG__consent__v2 | Consent storage | First Party | Main Clickio consent record (choices / bitstring) | Clickio |
| __lxG__consent__v2_daisybit | Consent storage | First Party | Additional Clickio consent data | Clickio |
| __lxG__consent__v2_gdaisybit | Consent storage | First Party | Additional Clickio consent data | Clickio |
| __Secure-1PAPISID | Preferences / signed-in | Third Party | Google cookie (partitioned context; often when signed into Google) | |
| __Secure-1PSID | Preferences / signed-in | Third Party | Google signed-in session | |
| __Secure-1PSIDCC | Preferences / security | Third Party | Google signed-in / personalization-related | |
| __Secure-1PSIDTS | Preferences / security | Third Party | Google session timestamps | |
| __Secure-3PAPISID | Preferences / signed-in | Third Party | Google third-party cookie (signed-in context) | |
| __Secure-3PSID | Preferences / signed-in | Third Party | Google signed-in session (third-party) | |
| __Secure-3PSIDCC | Preferences / security | Third Party | Google (third-party) | |
| __Secure-3PSIDTS | Preferences / security | Third Party | Google session (third-party) | |
| __Secure-BUCKET | Functional / experiments | Third Party | Google internal bucketing | |
| __Secure-ROLLOUT_TOKEN | Functional | Third Party | YouTube experiment / rollout token | YouTube (Google) |
| __Secure-YNID | Marketing / preferences | Third Party | Google advertising preference signal | |
| _clck | Analytics | First Party | Microsoft Clarity user ID | Microsoft |
| _clsk | Analytics | First Party | Microsoft Clarity session linkage | Microsoft |
| _ga | Analytics | First Party | Google Analytics client / session | |
| _ga_GBC2Q3CEPR | Analytics | First Party | GA4 state for measurement ID G-GBC2Q3CEPR | |
| _gcl_au | Marketing | First Party | Google Ads conversion linker | |
| cf_clearance | Necessary / security | First Party | Cloudflare challenge clearance (when a challenge is shown) | Cloudflare |
| ga_client_id | Analytics support | First Party | Copy of GA client ID from _ga | Derived from Google Analytics |
| interactions | Functional | First Party | Page views / link clicks with timestamps | African Impact |
| source_history | Marketing / attribution | First Party | UTM / campaign history (JSON); set when the URL contains UTM parameters | African Impact |
| test_cookie | Marketing | Third Party | DoubleClick cookie / availability check | Google (DoubleClick) |
(b) Cross-context behavioral advertising. Some third-party cookies, including those placed by Google and Meta, may involve sharing data for cross-context behavioral advertising. Any Individual may opt out by: (i) adjusting browser settings; (ii) using the GPC browser signal (valid opt-out for California and Colorado residents); or (iii) using opt-out tools provided by the relevant third parties directly.
(c) Cookie preferences. Any Individual may manage cookie preferences at any time via the cookie preferences option on the Brand’s website or by contacting internship@rootsinterns.com.
10. MARKETING COMMUNICATIONS
(a) Consent requirement. ITG US sends marketing communications only where the Individual has given express prior consent. Consent is separate from any contractual agreement, is not a condition of Booking or of receiving a response to an enquiry, and will not be inferred from silence, inaction, or pre-ticked boxes.
(b) Brand-level consent. Consent is captured at the level of the individual Brand with whom the Individual is interacting. Consent given to one Brand does not constitute consent to receive communications from any other Brand. Each Brand maintains its own marketing list independently. To receive communications from more than one Brand, separate consent must be given to each.
(c) How consent is collected. Consent may be given when submitting an enquiry via a Brand’s website or digital channel; at the point of Booking through the Application Form; by subscribing to a Brand’s newsletter or marketing list; or by opting in at an event or presentation where that Brand is identified as the communicating party. At every point of consent capture, the Individual will be informed of: (i) which Brand’s communications they are consenting to; (ii) the types of communication they will receive; and (iii) how to withdraw consent.
(d) What a Brand may send. Marketing communications are limited to: information about travel and Program opportunities offered by that Brand; updates on that Brand’s projects, partnerships, and community initiatives; information about affiliated charitable organizations; and special offers and promotional content relating to that Brand’s Programs.
(e) No cross-brand marketing without separate consent. ITG US will not use consent given to one Brand to send communications on behalf of any other Brand. Where ITG US wishes to share an Individual’s contact details with another Brand for marketing purposes, it will first obtain express consent specifically identifying that other Brand by name.
(f) Withdrawal of consent. Any Individual may withdraw consent at any time, without reason and without detriment, by: (i) selecting the unsubscribe option in any marketing email; (ii) replying STOP to any marketing SMS; (iii) sending STOP in any WhatsApp marketing conversation; or (iv) submitting a written request to the Brand Privacy Officer at the contact details in Section 16. ITG US will action withdrawal within ten (10) business days. Withdrawal from one Brand does not affect consent given to any other Brand, and does not affect operational or contractual communications required under the Terms and Conditions.
(g) No purchase or sharing of marketing data. ITG US does not purchase Personal Information from third parties for marketing purposes and does not sell or share Personal Information collected for marketing purposes with any third party outside the ITG US group.
11. DATA SECURITY
(a) ITG US applies appropriate technical and organizational measures to protect Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized access, disclosure, or misuse, including: SSL encryption for all data transmitted through ITG US websites; secure, firewall-protected hosting environments; role-based access controls; and staff training in data protection and confidentiality obligations.
(b) In the event of a personal data breach likely to result in a risk to the rights of affected individuals, ITG US will notify the relevant authorities and, where required by applicable law, the affected individuals, in accordance with US breach notification requirements.
12. DATA RETENTION
(a) ITG US retains Personal Information only as long as necessary to fulfil the purpose for which it was collected, or as required by law. The following periods apply:
(i) Booking and Program records: up to seven (7) years to satisfy contractual, tax, and legal obligations
(ii) Sensitive Personal Information (health and medical data): for the duration of the Program, then securely deleted unless retention is required by law
(iii) Marketing contact records: until the Individual withdraws consent or submits a deletion request under Section 7
(iv) Lead generation records: reviewed annually and deleted where no active legitimate business interest remains
(b) Once Personal Information is no longer required, ITG US will securely delete or irreversibly anonymize it.
13. CHILDREN’S PRIVACY
(a) ITG US does not knowingly collect Personal Information from children under thirteen (13) without verifiable parental or guardian consent, in accordance with the Children’s Online Privacy Protection Act (COPPA). If ITG US becomes aware that such information has been collected without consent, it will promptly delete it.
(b) For Programs involving Participants under eighteen (18), ITG US collects appropriate parental or guardian consent and manages Participant data in accordance with applicable child privacy law.
14. LINKS TO THIRD-PARTY WEBSITES
(a) ITG US websites may contain links to third-party websites provided for convenience only. ITG US does not endorse those sites and accepts no responsibility for their privacy practices or content. This Privacy Policy does not apply to third-party websites. Individuals are advised to review the privacy policy of any external site they access.
15. AMENDMENTS TO THIS PRIVACY POLICY
(a) ITG US reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law or its data practices. Material changes will be notified prominently on the website. The version number and effective date at the head of this document indicate when it was last updated.
(b) Continued use of ITG US’s website or services following the posting of an amendment constitutes acceptance of the revised terms. Any Individual who objects may contact ITG US at internship@rootsinterns.com or discontinue use of the services.
16. PRIVACY OFFICER AND CONTACT INFORMATION
All privacy-related enquiries, requests, and complaints should be directed to:
| Privacy Officer | Roots Operations Team |
| Entity | Impact Travel Group (US), LLC doing business as Roots Interns |
| internship@rootsinterns.com | |
| Phone | +44 1425 485390 |
| Postal Address | Unit 10 Kingfisher Park RINGWOOD BH24 3NX UNITED KINGDOM |
Any Individual may also direct concerns to the Federal Trade Commission at www.ftc.gov or to the Attorney General of their state of residence.
APPENDIX — STATE-SPECIFIC DISCLOSURES
This Appendix supplements Section 8 of the Privacy Policy with additional disclosure requirements under the privacy laws of specific US states. It does not replace the main Privacy Policy or Section 8.
A.1 California — CPRA / CCPA
ITG US has not sold Personal Information as defined under the CPRA / CCPA in the twelve (12) months preceding the effective date of this Privacy Policy. Categories of Personal Information disclosed for a business purpose in that period include: identity data, contact data, travel document data, Program data, and automatically collected technical data. Recipients are identified in Section 5(b). ITG US recognizes the GPC browser signal as a valid opt-out from cross-context behavioral advertising.
A.2 Virginia — VCDPA
Virginia residents may appeal a refused privacy request in writing within sixty (60) days of receiving ITG US’s written decision. If the appeal is denied, residents may contact the Virginia Attorney General’s Office.
A.3 Colorado — CPA
ITG US recognizes the GPC browser signal as a valid opt-out for Colorado residents. Appeals unresolved within forty-five (45) days may be escalated to the Colorado Attorney General’s Office.
A.4 Connecticut — CTDPA
Connecticut residents may appeal a refused privacy request in writing. Appeals unresolved within sixty (60) days may be escalated to the Connecticut Attorney General’s Office.
A.5 Texas — TDPSA
Texas residents may opt out of targeted advertising, the sale of Personal Information, and profiling producing significant effects. These rights are exercisable through the process in Section 7(b).
A.6 Oregon — OCPA
Oregon residents may access, correct, delete, and port their Personal Information and opt out of targeted advertising and the sale of Personal Information. These rights are exercisable through the process in Section 7(b).
