Last Revised: January 1, 2020
NOTICE TO CALIFORNIA RESIDENTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT OF 2018:
SPECIFIC DATA RIGHTS PURSUANT TO THE CCPA
THE CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT FROM YOU.
THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION
WHO WE SHARE YOUR PERSONAL INFORMATION WITH AND FOR THOSE PURPOSES.
YOUR RIGHT TO HAVE ACCESS TO YOUR PERSONAL INFORMATION, YOUR DATA PORTABILITY RIGHTS, AND YOUR DELETION REQUEST RIGHTS; AND HOW TO ACCESS THESE RIGHTS
NOTICE REGARDING SALE OF ANY PERSONAL INFORMATION TO A THIRD PARTY
1. Information We Collect
During a User’s access or use of the Company Website or any other Company Program, the Company may, either directly or by using its service providers, gather, collect, record, hold, distribute, share, disclose or otherwise use personal information or data about You which You provide to Us, as described in Section 1.1 below, or which is automatically collected, as described in Section 1.2 below (hereinafter collectively referred to as the User’s “Personal Information”).
1.1 INFORMATION YOU PROVIDE TO US.
We collect Personal Information that You provide directly to Us. For example, we may collect Personal Information from You if You:
- provide Us with any data about You through the Company Website or any other Company Program, or via telephone;
- create an account with Us;
- purchase or otherwise request any of the Company’s products or services;
- request any customer support;
- request any exchange or return of any of the Company’s products or services;
- request any information from or about the Company, such as a newsletter, e-alert, or any other information about Our products, services, events or business partners;
- fill out any other information through any Company Program;
- communicate with any other representative of our Company;
- communicate with Us via third party social media sites;
- participate in any contest, promotion or sweepstake;
- apply for a job with the Company; or
- otherwise communicate with Us in any other way.
In these instances, the types of Personal Information that We may collect from You may include:
- Your name;
- Mailing address and/or billing address;
- E-mail address;
- Phone (or mobile) number;
- Date of birth or age;
- Credit or debit card number and other information about the same (if You make a payment either directly to Us or by using a third party payment provider that handles payments and will receive Your payment card information);
- Information about Your bank or checking account (if you make a payment through Your bank transfer);
- Gift card information or related gift information;
- Information You provide when You purchase any of Our goods or services, including product or service parameters or preferences You provided when making a purchase; or
- Information You provide or otherwise involved in the return or exchange of a product, such as information about the transaction, product details, purchase price, and the date and location/media of the transaction;
- Demographic information about you;
- Your user name/password for their account;
- Income information, any credit rating information, or any related passwords to access this information; and/or
- The history of Your prior purchases of Our goods/services or any records about the foregoing.
1.2 INFORMATION AUTOMATICALLY COLLECTED.
When a User accesses or otherwise uses the Company Website or any other Company Program, We automatically collect certain Personal Information about You, including:
- Device Related Information. When You use Our Company Site or any other Company Program, We (or our service providers) may collect (automatically or otherwise) information or other data (including without limitation technical and statistical information) about Your computer, tablet, phone or other device You use to access or use any of the Company Programs, including without limitation any Internet Protocol addresses, hardware models, operating systems and versions, mobile network information, browser types, Internet Site provider (ISP), referring/exit pages and other related data including without limitation , date/time stamps, clickstream data, pages You visit, any of Your search terms, or any other unique identifiers related to Your Device (hereinafter collectively referred to as “Device Identifiers/Log Data”).
- Geo-location Data: Subject to any of Your device permissions, We (or our service providers) may be able to collect information about the precise location of Your device or may gather other general location data based on GPS data, mailing address, and/or billing address (hereinafter collectively referred to as “Geo-location Data”).
- Social Media Information. If any of Our Company Programs offer any social media features, such as the Facebook “Like” buttons or similar social media interactive mini-programs, these features may collect Your Internet Protocol address, which page You are visiting on Our Company Program, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on Our Company Program. Your interactions with these features maybe governed by the privacy policies of the company providing it (see Section 12 regarding Third Party Sites).
1.3 EXCLUSIONS FROM PERSONAL INFORMATION
Personal Information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA's scope, such as: (i) health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or (ii) personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
2. HOW WE USE YOUR INFORMATION.
2.1 PRIMARY WAYS WE USE YOUR INFORMATION. User’s Personal Information may be gathered, collected, recorded, held, or otherwise used by or on behalf of the Company (including by Our service providers) to provide, maintain, and improve our Services to You, including for the following purposes:
- Process your purchase transactions, fulfill your orders, process exchanges and returns and send shipping notifications;
- Send support and administrative messages, including without limitation messages or notices about changes to this Company Site or to any other Company Program;
- Send responds to your comments, questions, or customer service requests;
- Communicate with you about products, services, offers, and events offered by Us and others, and provide news and information We think will be of interest to You (if you prefer not to receive promotional communications from Us, you may “Opt Out” at any time by following the “Opt Out” instructions in Section 5.1 herein;
- Monitor and analyze trends, usage, and activities in connection with Our goods or services;
- To conduct credit card screenings or to otherwise protect against fraud or unauthorized transactions, including by identifying potential unauthorized users or hackers or to perform credit checks;
- Personalize Your experience and the advertisements and content You see when You use any Company Program based on Your preferences, interests, and browsing and purchasing behavior;
- For compliance purposes as may be required by applicable laws or regulations or as requested by any judicial process or governmental agency (including without limitation for Company’s tax reporting) or as may be requested under any subpoena;
- To facilitate Your use of various social media sharing features or other integrated tools (such as the Facebook “Like” button) which You may use as part of social media pages;
- To facilitate any contests, sweepstakes, or promotions that We may offer or run and process and deliver entries and rewards;
- To carry out any other purpose described to You at the time the Personal Information is collected;
- To use with, or otherwise distribute, share or disclose to, any of the Company’s professional advisors such as attorneys or accountants (“Outside Professionals”) in order to facilitate the professional advice from those Outside Professionals; or
- To use with, or otherwise distribute, share or disclose to, any government agencies or third parties in order to comply with, or otherwise pursuant to, any subpoena, court order, or other governmental order, law or regulation (including without limitation tax reporting).
2.2 OTHER WAYS WE MAY USE YOUR INFORMATION.
In addition to the disclosures set forth above, we may in particular use your Personal Information as set forth below:
- We may also use your Device Identifier/Log Data or Cookies to: (i) administer the Company Site or other Company Programs and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to determine whether certain requests are fraudulent or frivolous or to cross reference your Internet Protocol address or other Device Identifiers with your domain name; (ii) improve the Company Site or other Company Programs to ensure that content is presented in the most effective manner for You and for Your device; (iii) allow You to participate in interactive features of the Company Site or other Company Programs, when You choose to do so; or (iv) as part of our efforts to keep the Company Site or other Company Program Site safe and secure.
- In addition, We use “Pixel Tags” (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to browser Cookies that are used to track online movements of Web users. In contrast to browser Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in Web pages. Pixel Tags also allow Us to send email messages in a format users can read, and they tell us whether emails have been opened to ensure that We are sending only messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to users. We do not tie the information gathered by Pixel Tags to Personal Information.
- After removing any information that would personally identify You from within the set of Personal Information that We may collect regarding You, We may combine that information with information We collect from other users and customers (collectively the "Aggregated Data") in order to improve the quality and value of Company Site or other Company Programs and to analyze and understand how the same are used. We may share Aggregated Data (after stripping of any information that would personally identify you) and certain Device Identifiers/Log Data with third parties for industry analysis, demographic profiling, or other purposes.
- We partner with a third party to either display advertising on our Company Site or other Company Programs or to manage our advertising on other sites. Our thirdparty partners may use technologies such as Cookies to gather information about Your activities with the Company Site or other Company Programs or any other sites in order to provide You advertising based upon Your browsing activities and interests. If You wish to not have this information used for the purpose of serving you interestbased ads, you may opt out by going to http://preferencesmgr.truste.com/ (or if located in the European Union please go here http://www.youronlinechoices.eu/). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
2.3 OTHER TERMS REGARDING THE USE OF YOUR INFORMATION.
2.3.1 We will use or share Your Personal Information only for the purposes as described in this Section 2 and in Section 3 herein, unless We reasonably determine We need to use it for another reason and that reason is compatible with the original purpose(s) described herein. For example, We consider de-identification, aggregation, and other forms of anonymization of Personal Information to be compatible with the purposes listed herein and in Your interest because the anonymization of such information reduces the likelihood of improper disclosure of that information. If We need to use Your Personal Information for an unrelated purpose, We will notify You and We will explain the legal basis which allows Us to do so.
- SHARING OF INFORMATION
We may distribute, share or disclose Personal Information about You as follows or as otherwise described herein:
- Affiliates and Subsidiaries. We may disclose Your Personal Information with our affiliates or subsidiaries for any of the purposes described herein.
- Service Providers. We may share or disclose Your Personal Information with Our service provides or other third party vendors that We retain in connection with the provision of the Company Programs, including without limitation the following types of service providers that We may engage:
- Email, internet or other telecommunication service providers;
- Cloud, other data storage, or other hosting service providers;
- Third party payment service providers, including without limitation third party credit card processors (see Third Party Application Providers below);
- Analytics companies who assist Us with various types of data analytics (see Analytics Partners below);
- Third parties shippers; or
- Other third party contractors we engage to assist Us in providing Our goods and services.
- Third Party Application Providers. If a third-party application is used to support Our Company Programs, We may share or disclose Your Personal Information to such third party application providers, including without limitation third party credit card processors or other third party payment service providers.
- Analytics Partners. We may use analytics services provided by a third party analytics service provider or by using one of their tools, such as but not limited to Google Analytics, to collect and process certain analytics data. These services may also collect data about Your use of other websites, apps, and online resources.
- Aggregated Form. We may make certain automatically-collected, aggregated, or otherwise de-identified Personal Information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing or advertising purposes; or (iii) to assist such parties in understanding our Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Company Programs.
- Advertising Partners. We may work with third party advertising/marketing companies or third party sales reporting companies or third party sales representative organizations (collectively, “Advertising Partners”) in order to provide You with advertisements or other information that We think may interest You. These Advertising partners may set or access their own cookies, pixel tags or similar technologies on our Company Programs or they may otherwise collect or have access to data about You which they may collect over time and across different online services. These Advertising partners may also provide Us with their own independent data about potential customers and such data could include data about You previously collected by the Advertising Partner.
- Social Media Features. The Company Programs may offer social media features, including certain sharing tools or other integrated tools (such as the Facebook “Like” button), which let You share actions that You take on Our social media pages. Your use of such features enables the sharing of Personal Information with the public, depending on the settings You establish with the entity that provides the social sharing feature.
- As Required By Law, Subpoena or Similar Government Order. We may access, preserve, share, or disclose Your Personal Information if We believe doing so is required or appropriate to: (i) comply with all laws or regulations, including any tax reporting requirements of the Company; (ii) comply with any other law enforcement requests or legal process, such as a court order or subpoena; (iii) respond to Your requests; or (iv) protect Your, Our, or others’ rights, property, or safety. FOR THE AVOIDANCE OF DOUBT, WE MAY BE REQUIRED TO DISCLOSURE YOUR PERSONAL INFORMATION TO: (I) TAXING AUTHORITIES AS PART OF OUR TAX REPORTING REQUIREMENTS; OR (II) LAW ENFORCEMENT AUTHORITIES OR OTHER GOVERNMENTAL AGENCIES OR VIA SUBPOENA ARISING OUT OF YOUR USE OF ANY UNLAWFUL OR INFRINGING CONTENT WHILE USING ANY COMPANY PROGRAM.
- Company’s Outside Professional Advisors. We may share or disclose Your Personal Information with any of the Company’s Outside Professions (as defined in Section 2.1 herein) in order to facilitate the professional advice such Outside Professionals provide to the Company.
- Consent. We may also share or disclose Your Personal Information with your permission.
- ADDITIONAL RIGHTS OF CALIFORNIA RESIDENTS UNDER THE CCPA
4.1 ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS
Each User has the right to request that the Company disclose certain information to You about the Company’s collection and use of Your Personal Information over the past 12 months. Once the Company receives and confirms Your verifiable consumer request (see Section 4.4: Exercising Your Access, Data Portability, and Deletion Rights), the Company will disclose to You (per your request):
- The categories of Personal Information We collected about You.
- The categories of sources for the Personal Information We collected about You.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom We share that Personal Information.
- The specific pieces of Personal Information We collected about You (also called a data portability request).
- If We sold or disclosed your Personal Information for a business purpose; two separate lists disclosing:
- Sales (if any), identifying the Personal Information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
4.2 DELETION REQUEST RIGHTS
Each User has the right to request that the Company delete any of Your Personal Information that the Company collected from You and retained, subject to certain exceptions. Once the Company receives and confirms Your verifiable consumer request (see Section 4.4: Exercising Your Access, Data Portability, and Deletion Rights), the Company will delete (and direct our service providers to delete) Your Personal Information from our records, unless an exception applies. However, the Company may deny Your deletion request if retaining the information is necessary for the Company or its service provider(s) to:
- Complete the transaction for which We collected the Personal Information, provide a good or service that You requested, take actions reasonably anticipated within the context of Our ongoing business relationship with You, or otherwise perform Our contract with You;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if You previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us; or
- Comply with a legal obligation; or
- Make other internal or lawful uses of that information that are compatible with the context in which You provided it.
4.3 NOTIFICATION REGARDING SALE (IF ANY) OF PERSONAL INFORMATION
WE HEREBY NOTIFY CALIFORNIA RESIDENTS THAT IN THE PRECEDING TWELVE (12) MONTHS WE HAVE NOT SOLD ANY PERSONAL INFORMATION TO ANY THIRD PARTY OUTSIDE OF THE COMPANY.
4.4 EXERCISING YOUR ACCESS, DATA PORTABILITY, AND DELETION RIGHTS
To exercise the access, data portability, deletion rights, and other rights described in this Section 4, the User must submit a verifiable consumer request to the Company by either:
Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable consumer request to the Company related to Your Personal Information. You may also make a verifiable consumer request on behalf of Your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows the Company to reasonably verify that You are the person about whom We collected Personal Information or an authorized representative.
- Describe Your request with sufficient detail that allows the Company to properly understand, evaluate, and respond to it.
The Company cannot respond to Your request or provide You with Personal Information if the Company cannot verify Your identity or authority to make the request and confirm the Personal Information relates to You. Making a verifiable consumer request does not require You to create an account with us. The Company will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
4.5 RESPONSE TIMING AND FORMAT
If You send a verifiable consumer request from You as set forth in Section 4.4 above, the Company will endeavor to respond to such verifiable consumer request within forty-five (45) days of its receipt. If We require more time (up to a total aggregate of 90 days), the Company will inform You of the reason and extension period in writing. If You have an account with Us, We will deliver our written response to that account. If You do not have an account with Us, We will deliver Our written response by mail or electronically. Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide Your Personal Information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to Your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell You why We made that decision and provide You with a cost estimate before completing Your request.
4.6 NON-DISCRIMINATION NOTICE
The Company will not discriminate against You for exercising any of Your rights under the CCPA. Unless permitted by the CCPA, We will not:
- Deny You goods or services;
- Charge You different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide You a different level or quality of goods or services; or
- Suggest that You may receive a different price or rate for goods or services or a different level or quality of goods or services.
- CERTAIN ADDITIONAL CHOICES YOU MAY HAVE ABOUT YOUR INFORMATION
5.1 OPT-OUT FROM RECEIVING INFORMATION FROM THE COMPANY.
5.2. DO NOT TRACK.
Some browsers have a “DO NOT TRACK” feature that lets website users inform websites or other applications that they do not want to have their online activities tracked. These “do not track” features may also give website users other choices regarding the collection of their personal identifiable information. However, these “do not track” features and “do not track’ signals are not yet uniform. ACCORDINGLY, EACH USER OF THE COMPANY WEBSITE OR ANY OTHER COMPANY PROGRAM IS HEREBY NOTIFIED THAT THE COMPANY WEBSITE AND THE OTHER COMPANY PROGRAMS ARE NOT CURRENTLY SET UP TO RESPOND TO ANY OF THE USER’S “DO NOT TRACK” FEATURES OR “DO NOT TRACK” SIGNALS.
5.3. GEO-LOCATION DATA.
You may be able to prevent your device from sharing precise location information, including without limitation some or all of the Geo-Location Data described in Section 1.2 above, at any time through your device’s operating system settings.
YOUR U.K. PRIVACY RIGHTS
Users from the U.K. have the right to ask us to amend or limit the processing of their Personal Data, (as defined by U.K. law) and in particular not to process their Personal Data for marketing purposes. We will inform you (before collecting your personal data) if we intend to use your Personal Data for such purposes or if we intend to disclose your Personal Data to any third party for such purposes. You can exercise your rights to pre vent such processing by checking certain boxes on the forms we use to collect your Personal Data. You can also exercise the right at any time by contacting us at: firstname.lastname@example.org. The U.K. Data Protection Act 1998 (the “DPA 1998") gives users from the U.K. the right to access information held about you. Your right of access can be exercised in accordance with the DPA 1998. Any access request may be subject to a fee to meet our costs in providing you with details of the information we hold about you.
INTERNATIONAL TRANSFERS OF INFORMATION
If you live in the EU, or a similar international area, you may have additional privacy rights available to you under applicable laws. We will process your requests in accordance with applicable data protection laws. If you would like to exercise any of the below rights, please contact email@example.com so that we may consider your request in accordance with applicable law:
- Right not to provide or withdraw consent: You have the right not to provide or with draw your consent at any time.
- Right of access: You may have the right to access the Personal Data that you provided us.
- Right of erasure: You may have the right to the erasure of Personal Data that we hold about you.
- Right to object to processing: You may have the right to request that we stop processing your Personal Data and/or to stop sending you marketing communications.
- Right to rectification: You may have the right to require us to correct any of your Personal Data.
INFORMATION SECURITY & CONFIDENTIALITY
We maintain (and requires subcontractors and Company Site providers to maintain) appropriate organizational and technical measures designed to protect the security and confidentiality of any information We process. However, no organizational or technical measures are 100% secure so You should take care when disclosing information online and act reasonably to protect Yourself online.
SECURITY & INTERNATIONAL TRANSFER
We are concerned with safeguarding Your information. We employ generally accepted standards of administrative, physical, procedural, and technological measures designed to protect your information from unauthorized access, both during transmission and once it is received. If You have any questions about the security of your personal information, You can contact Us by either:
- Calling the Company at 310-392-2100.
- Emailing the Company at: firstname.lastname@example.org.
However, please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, although We comply with its legal obligations in respect of the security of your personal data we cannot guarantee its absolute security.
- USER RESPONSIBLE FOR UPDATING USER’S OWN PERSONAL INFORMATION.
Users are solely responsible for correcting, updating, or modifying any and all of the User’s Personal Information as it appears in, and as otherwise stored or contained in, any Company Program. Without in any way limiting the foregoing, User acknowledges and agrees that the Company does not have an obligation to maintain the accuracy or completeness of any of Personal Information provided by the User to the Company, including such Personal Information once it is stored, described or otherwise contained in the Company Website or in any other Company Program.
- LINKS TO, AND USE OF, OTHER WEBSITES
The Company Website or other Company Programs may now or in the future provide links or other access to Internet websites, forums or other programs which are not under the Company’s sole control and not solely owned by the Company (collectively referred to as “Third Party Sites”). If a User clicks on a link to, or otherwise gains access to, any such Third Party Site, the User will be transported to one of these Third Party Sites.
WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, EACH USER AGREES THAT IF THE USER USES ANY THIRD PARTY SITES IN ANY WAY, THE USER IS AWARE THAT ANY OF THE USER’S PERSONAL INFORMATION THAT THE USER PROVIDES TO THAT THIRD PARTY SITE MIGHT BE READ, COLLECTED, SHARED, DISTRIBUTED, OR OTHERWISE USED BY OTHER USERS OF THAT THIRD PARTY SITE OR BY ANY OTHER THIRD PARTIES, AND COULD BE USED TO SEND THE USER UNSOLICITED MESSAGES. THE COMPANY IS NOT RESPONSIBLE FOR ANY PERSONAL INFORMATION THAT THE USER ELECTS TO SUBMIT IN, OR OTHERWISE MAKE AVAILABLE TO, THESE THIRD PARTY SITES.
Any link to any Third Party Site from the Company Website or any other Company Program does not imply any endorsement of the privacy practices of such Third Party Site by the Company, and no such Third Party Site is authorized to make any representation or warranty on our behalf.
Our Company Site is not directed to children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal or contact information without their consent, he or she should contact Us at email@example.com. If We become aware that a child under 13 has provided us with personally identifiable information, We will delete such information from our files immediately.
Garrett Leight, LLC
2301 East 7th Street
Los Angeles, CA 90023