3.  A visual observation of an individual’s physical presence in a public place by another person, not including data collected
by a device in the individual’s possession; and
4. A disclosure that has been made to the general public as required by federal, state, or local law.
“Intimate Image” means any visual depiction, photograph, film, video, recording, picture, or computer or computer-generated
image or picture, whether made or produced by electronic, mechanical, or other means, that depicts an identified or identifiable
person’s private parts, or a person engaged in a private act, in circumstances in which a reasonable person would reasonably
expect to be afforded privacy.
“Noncommercial Purpose” as referred to in C.R.S. § 6-1-1304(2)(o) includes, but is not limited to, the following activities
when conducted by: (a) a state institution of higher education, as defined in C.R.S. § 23-18-102(10), the state, the judicial
department of the state, or a county, city and county, or municipality; or (b) a Processor acting on behalf of one or more of
the foregoing:
1. Processing activities related to the delivery of services and benefits;
2. Research purposes;
3. Budgeting;
4. Improving operations or the delivery services or benefits;
5. Auditing operations or service or benefit delivery;
6. Sharing Personal Data between these categories of entities for any of these purposes; or
7.  Any other purpose related to speech that state or federal courts have recognized as noncommercial speech, including
political speech and journalism.
“Opt-Out Purpose” or “Opt-Out Purposes” means the categories of Personal Data Processing from which the Consumer may
opt out pursuant to C.R.S. § 6-1-1306(1)(a).
“Personal Data” is defined as set forth in C.R.S. § 6-1-1303(17), and (a) means information that is linked or reasonably linkable
to an identified or identifiable individual; and (b) does not include de-identified data or Publicly Available Information as used
in (17)(b).
“Process” or “Processing” is defined as set forth in C.R.S. § 6-1-1303(18), and means the collection, use, sale, storage,
disclosure, analysis, deletion, or modification of Personal Data and includes the actions of a Controller directing a Processor
to Process Personal Data.
“Processor” is defined as set forth in C.R.S. § 6-1-1303(19), and means a person that Processes Personal Data on behalf of a
Controller.
“Profiling” is defined as set forth in C.R.S. § 6-1-1303(20), and means any form of automated processing of personal data to
evaluate, analyze, or predict personal aspects concerning an identified or identifiable individual’s economic situation, health,
personal preferences, interests, reliability, behavior, location, or movements.
“Publicly Available Information” is defined as set forth in C.R.S. § 6-1-1303(17), and does not include:
1. Any Personal Data obtained or processed in in violation of C.R.S. §§ 18-7-107 or 18-7- 801;
2. Biometric Data;
123 | Colorado Privacy Act Rules