SPECIFIC DATA RIGHTS PURSUANT TO THE CCPA; OTHER NOTICES UNDER THE CCPA
THE CATEGORIES OF PERSONAL INFORMATION THAT THE COMPANY COLLECTS FROM YOU.
THE PURPOSES FOR WHICH THE COMPANY USES YOUR PERSONAL INFORMATION
WHO THE COMPANY SHARES YOUR PERSONAL INFORMATION WITH AND FOR WHAT PURPOSES
YOUR RIGHT TO HAVE ACCESS TO YOUR PERSONAL INFORMATION, YOUR DATA PORTABILITY RIGHTS, AND YOUR DELETION REQUEST RIGHTS; AND HOW TO ACCESS THESE RIGHTS
NOTICE REGARDING SALE OF ANY PERSONAL INFORMATION TO A THIRD PARTY
1. INFORMATION THE COMPANY COLLECTS. During a User’s access or use of the Company Website or any other Company Program, the Company may, either directly or by using its service providers, gather, collect, record, hold, distribute, share, disclose or otherwise use personal information or data about You which You provide to the Company, as described in Section 1.1 below, or which is automatically collected, as described in Section 1.2 below (hereinafter collectively referred to as the User’s “Personal Information”).
1.1 INFORMATION YOU PROVIDE TO THE COMPANY. The Company collects Personal Information that You provide directly to the Company, including without limitation any Personal Information You provide during Your use of the Company Website or any other Company Program. For example, the Company may collect Personal Information from You if You:
- provide the Company with any data about You through the Company Website or any other Company Program, or via telephone;
- create an account with the Company;
- seek, purchase or otherwise request any of the Company’s products/services;
- seek to schedule any of Your appointments or meetings with the Company.
- request any customer support;
- call the Company’s customer service number or visit one of the Company’s stores, during which the Company may record the customer service calls and/or capture video records and/or photographic information of You when You visit one of any Company stores;
- request any return of any of the Company’s products/services;
- request any information from or about the Company, such as a newsletter, any digital or off-line communications, or any other information about the Company’s products/ services, events or business partners;
- participate in customer surveys;
- fill out any other information through any Company Program;
- communicate with any other representative of the Company;
- communicate with the Company via third party social media sites;
- participate in any contest, loyalty program, promotion or sweepstake;
- apply for a job with the Company; or
- otherwise communicate with the Company in any other way.
In these instances, the following are the types of Personal Information that may be collected from You:
- Your name;
- Mailing address and/or billing address;
- E-mail address;
- Phone (or mobile) number;
- Date of birth or age;
- Certain financial information, such as certain portions of Your credit or debit card number or other financial information collected during Your purchase of any of the Company’s products or services----this may apply if You make a payment either directly to the Company or by using a third party payment provider that handles payments and as part of that transaction receives Your payment information;
- Gift card information or related gift information; WITH REGARD TO GIFTS: IF YOU ARE PURCHASING A GIFT FOR SOMEONE, AND YOU GIVE THE COMPANY THAT PERSON’S INFORMATION FOR SHIPPING, THE COMPANY IS RELYING ON YOU TO MAKE SURE YOU HAVE THE RIGHT (AND THE CONSENT IF NEEDED0 TO PROVIDE THE COMPANY WITH THE RECIPIENT’S INFORMATION.
- Information You provide when You seek, purchase, or otherwise request any of the Company’s goods/services, including product/service parameters or preferences You provided when making such request;
- Information You provide or otherwise involved in the return of a product, such as information about the transaction, product details, purchase price, and the date and location/media of the transaction;
- History of Your prior purchases of the Company’s goods/services or any records about the foregoing; or
- Written communication with the Company’s customer services team
1.2 INFORMATION AUTOMATICALLY COLLECTED. When a User accesses or otherwise uses the Company Website or any other Company Program, the Company automatically collects certain Personal Information about You, including:
- Device Information. The Company (or the Company’s service providers) may collect information about the computer, tablet, phone or other device you use to access any of the Company Programs, including the Internet Protocol address (also called “IP addresses”), hardware models, operating system and version, mobile network information and other unique device identifiers.
- Geo-location Data. Subject to any of Your device permissions, the Company (or the Company’s service providers) may be able to collect information about the precise location of Your device or may gather other general location data based on GPS data, mailing address, and/or billing address (hereinafter collectively referred to as “Geo-location Data”).
- Social Media Information. If any of the Company Programs offer any social media features, such as the Facebook Like buttons or similar social media interactive mini-programs, these features may collect Your Internet Protocol address, which page You are visiting on the Company Program, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on the Company Program. Your interactions with these features maybe governed by the privacy policies of the company providing it (see Section 8 regarding Third Party Sites).
- Publicly available information from government records or other publicly available sources.
- Any information that is encoded or anonymized or de-identified
- Information that, pursuant to CCPA, is excluded from CCPA’s authority or governance, including without limitation:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA); or
- Any other personal information covered by certain other sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (BLBA), the California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
2. HOW THE COMPANY USES YOUR INFORMATION.
2.1 PRIMARY WAYS THE COMPANY USES YOUR INFORMATION. User’s Personal Information may be gathered, collected, recorded, held, or otherwise used by or on behalf of the Company (including by the Company’s service providers) to provide, maintain, and improve the Company’s Services to You, including for the following purposes:
- Process Your transactions with the Company, including without limitation: (i) fulfilling Your orders, process returns and send shipping notifications; (ii) scheduling any of Your appointments or meetings with the Company.
- Send support and administrative messages, and respond to Your comments, questions, and customer service requests;
- Communicate with You about products, services, offers, or any other events offered by the Company and others, and/or to offer and provide You with news and information the Company thinks will be of interest to You (if You prefer not to receive promotional communications from the Company, You may “Opt Out” at any time by following the “Opt Out” instructions in Section 5.1 herein;
- Allow You to sign up and participate in any other Company communication resources, including without limitation any Company newsletters or blogs (if you prefer not to continue to receive these other Company communications, You may “Opt Out” at any time by following the “Opt Out” instructions in Section 5.1 herein;
- Monitor and analyze trends, usage, and activities in connection with the Company’s goods/services and industry;
- Protect against fraud or unauthorized transactions, including by identifying potential unauthorized users or hackers;
- Personalize Your experience and the advertisements and content You see when You use any Company Program based on Your preferences, interests, and browsing and purchasing behavior;
- For compliance purposes as may be required by applicable laws or regulations or as requested by any judicial process or governmental agency (including without limitation for Company’s tax reporting) or as may be requested under any subpoena;
- Facilitate, now or in the future, Your use of various social media sharing features or other integrated tools (including, for example only, certain Facebook features, such as a Facebook“ Like” button) which You may use as part of social media pages;
- Facilitate any contests, sweepstakes, loyalty programs, or promotions and process and deliver entries and rewards; or
- Carry out any other purpose described to You at the time the Personal Information is collected.
- Conduct customer data analyses, sometimes in partnership with third party agencies the Company designated.
2.2 OTHER WAYS THE COMPANY MAY USE YOUR INFORMATION. In addition to the above, Your Personal Information may be gathered, collected, recorded, held or otherwise used for the following additional purposes:
- To use with, or otherwise distribute, share or disclose to, any of the Company’s professional advisors such as attorneys or accountants (“Outside Professionals”) in order to facilitate the professional advice from those Outside Professionals; or
- To use with, or otherwise distribute, share or disclose to, any government agencies or third parties in order to comply with, or otherwise pursuant to, any subpoena, court order, or other governmental order, law or regulation (including without limitation tax reporting).
2.3 OTHER TERMS REGARDING THE USE OF YOUR INFORMATION.
2.3.1 The Company may also use or share Your Personal Information only for the purposes as described in this Section 2 and in Section 3 herein, unless the Company reasonably determines the Company needs to use it for another reason and that reason is compatible with the original purpose(s) described herein. For example, the Company considers de-identification, aggregation, and other forms of anonymization of Personal Information to be compatible with the purposes listed herein and in Your interest because the anonymization of such information reduces the likelihood of improper disclosure of that information. If the Company needs to use Your Personal Information for an unrelated purpose, the Company will notify You and the Company will explain the legal basis which allows the Company to do so.
SHARING OF INFORMATION. The Company may distribute, share or disclose Personal Information about You as follows or as otherwise described herein:
- Affiliates and Subsidiaries. The Company may disclose Your Personal Information with the Company’s affiliates or subsidiaries for any of the purposes described herein.
- Service Providers. The Company may share or disclose Your Personal Information with the Company’s service provides or other third party vendors that the Company retains in connection with the provision of the Company Programs, including without limitation the following types of service providers that the Company may engage:
- Email, internet or other telecommunication service providers;
- Cloud, other data storage, or other hosting service providers;
- Online publishers;
- Third party payment service providers, including without limitation third party credit card processors or fraud control tools (see Third Party Application Providers below);
- Third party providers the Company uses to track the status of product shipments and deliveries and assist in facilitating returns;
- Analytics companies who assist the Company with various types of data analytics (see Third Party Analytics Tools or Services below);
- Third parties delivery or shipping service providers; or
- Other third party contractors the Company engages to assist the Company in providing the Company’s goods and services.
- Third Party Application Providers. If a third-party application is used to support the Company Programs, the Company may share or disclose Your Personal Information to such third party application providers, including without limitation third party credit card processors, other third party payment service providers, or intermediary services that assist in processing Your payments.
- Aggregated Form. The Company may make certain automatically-collected, aggregated, or otherwise de-identified Personal Information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Company Programs.
- Advertising/Marketing Partners. The Company may work with third party advertising or marketing companies (collectively, “Advertising Partners”) in order to provide You with advertisements, marketing or other information that the Company thinks may interest You. These Advertising partners may set or access their own cookies, pixel tags or similar technologies on the Company Programs or they may otherwise collect or have access to data about You which they may collect over time and across different online services. These Advertising partners may also provide the Company with their own independent data about potential customers and such data could include data about You previously collected by the Advertising Partner.
- Social Media Features. The Company Programs may, now or in the future, offer social media features, including certain sharing tools or other integrated tools (such as the Facebook “Like” button), which let You share actions that You take on the Company’s social media pages. Your use of such features enables the sharing of Personal Information with the public, depending on the settings You establish with the entity that provides the social sharing feature.
- As Required By Law, Subpoena or Similar Government Order. The Company may access, preserve, share, or disclose Your Personal Information if the Company believes doing so is required or appropriate to: (i) comply with all laws or regulations, including any tax reporting requirements of the Company; (ii) comply with any other law enforcement requests or legal process, such as a court order or subpoena; (iii) respond to Your requests; or (iv) protect Your, the Company’s, or others’ rights, property, or safety. FOR THE AVOIDANCE OF DOUBT, THE COMPANY MAY BE REQUIRED TO DISCLOSURE YOUR PERSONAL INFORMATION TO: (I) TAXING AUTHORITIES AS PART OF THE COMPANY’S TAX REPORTING REQUIREMENTS; OR (II) LAW ENFORCEMENT AUTHORITIES OR OTHER GOVERNMENTAL AGENCIES OR VIA SUBPOENA ARISING OUT OF YOUR USE OF ANY UNLAWFUL OR INFRINGING CONTENT WHILE USING ANY COMPANY PROGRAM.
- Company’s Outside Professionals. The Company may share or disclose Your Personal Information with any of the Company’s Outside Professionals (as defined in Section 2.2 herein) in order to facilitate the professional advice such Outside Professionals provide to the Company.
- Consent. The Company may also share or disclose Your Personal Information with your permission.
4.1 ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS UNDER THE CCPA. Each California Resident has the right to request that the Company disclose certain information to such California Resident about the Company’s collection and use of such California Resident’s Personal Information over the past 12 months. Once the Company receives and confirms a California Resident’s verifiable consumer request (see Section 4.4: Exercising Your Access, Data Portability, and Deletion Rights), the Company will disclose to such California Resident (per his/her request):
- The categories of Personal Information the Company collected about such California Resident.
- The categories of sources for the Personal Information the Company collected about such California Resident.
- The Company’s business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom the Company shares that Personal Information.
- The specific pieces of Personal Information the Company collected about such California Resident (also called a data portability request).
- If the Company sold or disclosed Personal Information for a business purpose; two separate lists disclosing:
- Sales (if any), identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
4.2 DELETION REQUEST RIGHTS UNDER THE CCPA. Each California Resident has the right to request that the Company delete any of such California Resident’s Personal Information that the Company collected from such California Resident and retained, subject to certain exceptions. Once the Company receives and confirms a California Resident’s verifiable consumer request (see Section 4.4: Exercising Your Access, Data Portability, and Deletion Rights), the Company will delete (and direct the Company’s service providers to delete) such California Resident’s Personal Information from the Company’s records, unless an exception applies. However, the Company may deny such California Resident’s deletion request if retaining the information is necessary for the Company or its service provider(s) to:
- Complete the transaction for which the Company collected the Personal Information, provide a good or service that such California Resident requested, take actions reasonably anticipated within the context of the Company’s ongoing business relationship with such California Resident, or otherwise perform the Company’s contract with such California Resident;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if such California resident previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on such California Resident’s relationship with the Company; or
- Comply with a legal obligation; or
- Make other internal or lawful uses of that information that are compatible with the context in which such California Resident provided it.
4.3 NOTIFICATION REGARDING “SALE” (IF ANY) OF PERSONAL INFORMATION UNDER THE CCPA. In view of the definition of “sale” under CCPA, the Company may, either now or in the future, exchange, share, and/or “sell” (as defined under the CCPA) certain Personal Information to certain third parties. CLICK HERE for the Company’s “DO NOT SELL MY PERSONAL INFORMATION” notice to California Residents about their right to stop any such “sales”, if any such “sales” exist.
4.4 EXERCISING A CALIFORNIA RESIDENT’S ACCESS, DATA PORTABILITY, AND DELETION RIGHTS UNDER THE CCPA. To exercise the access, data portability, deletion rights, and other rights described in this Section 4, a California Resident must submit a verifiable consumer request to the Company by either:
- Writing the Company at Capretto LLC, Atten: Privacy Department, 11240 Playa CT. Culver City, CA 90230; or
- Emailing the Company at firstname.lastname@example.org.
- Provide sufficient information that allows the Company to reasonably verify that a California Resident is the person about whom the Company collected Personal Information or an authorized representative.
- Describe such California Resident’s request with sufficient detail that allows the Company to properly understand, evaluate, and respond to it.
The Company cannot respond to a California Resident’s request or provide a California Resident with Personal Information if the Company cannot verify the California Resident’s identity or authority to make the request and confirm the Personal Information relates to such California Resident. Making a verifiable consumer request does not require a California Resident to create an account with the Company. The Company will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
4.5 RESPONSE TIMING AND FORMAT UNDER THE CCPA. If a California Resident sends a verifiable consumer request as set forth in Section 4.4 above, the Company will endeavor to respond to such verifiable consumer request within forty-five (45) days of its receipt. If the Company requires more time (up to a total aggregate of 90 days), the Company will inform such California Resident of the reason and extension period in writing. If such California Resident do not have an account with the Company, the Company will deliver the Company’s written response by mail or electronically. Any disclosures the Company provides will only cover the 12-month period preceding the verifiable consumer request's receipt. The response the Company provides will also explain the reasons the Company cannot comply with a request, if applicable. For data portability requests, the Company will select a format to provide the California Resident’s Personal Information that is readily useable and should allow such California Resident to transmit the information from one entity to another entity without hindrance. The Company does not charge a fee to process or respond to a California Resident’s verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If the Company determines that the request warrants a fee, The Company will tell such California Resident why the Company made that decision and provide such California Resident with a cost estimate before completing such California resident’s request.
4.6 NON-DISCRIMINATION NOTICE UNDER THE CCPA. The Company will not discriminate against any California Resident for exercising any of such California Resident’s rights under the CCPA. Unless permitted by the CCPA, the Company will not:
- Deny such California Resident any goods or services;
- Charge such California Resident different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide such California Resident a different level or quality of goods or services; or
- Suggest that such California resident may receive a different price or rate for goods or services or a different level or quality of goods or services.
- ANY HEALTH OR MEDICAL INFORMATION COVERED BY COVERED BY OR OTHERWISE SUBJECT TO: (A) THE U.S. FEDERAL HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) AND ITS RELATED REGULATIONS; OR (B) THE CALIFORNIA CONFIDENTIALITY OF MEDICAL INFORMATION ACT (CMIA) AND ITS RELATED REGULATIONS); OR
- ANY INFORMATION COVERED BY CERTAIN OTHER INDUSTRY SECTOR-SPECIFIC PRIVACY LAWS, INCLUDING THE FAIR CREDIT REPORTING ACT (FRCA), THE GRAMM-LEACH-BLILEY ACT (GLBA), THE CALIFORNIA FINANCIAL INFORMATION PRIVACY ACT (FIPA), AND THE DRIVER'S PRIVACY PROTECTION ACT OF 1994.
- CERTAIN ADDITIONAL CHOICES YOU MAY HAVE ABOUT YOUR INFORMATION; GENERAL COOKIES POLICY.
5.1 OPT-OUT FROM RECEIVING INFORMATION FROM THE COMPANY.
5.2. GEO-LOCATION DATA. You may be able to prevent Your device from sharing precise location information, including without limitation some or all of the Geo-Location Data described in Section 1.2 above, at any time through Your device’s operating system settings
5.3. DO NOT TRACK: SPECIAL ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS. Some browsers have a “DO NOT TRACK” feature that lets website users inform websites or other applications that they do not want to have their online activities tracked. These “do not track” features may also give website users other choices regarding the collection of their personal identifiable information. However, these “do not track” features and “do not track’ signals are not yet uniform. ACCORDINGLY, EACH USER OF THE COMPANY WEBSITE OR ANY OTHER COMPANY PROGRAM IS HEREBY NOTIFIED THAT THE COMPANY WEBSITE AND THE OTHER COMPANY PROGRAMS ARE NOT CURRENTLY SET UP TO RESPOND TO ANY OF THE USER’S “DO NOT TRACK” FEATURES OR “DO NOT TRACK” SIGNALS.
5.4. CHILDREN; COPPA NOTICE. This Company Website and other Company Programs are not directed to children under the age of 13. The Company adheres to the U.S. federal Children's Online Privacy Protection Act ("COPPA") and will not knowingly register or otherwise collect any Personal Information from any child under the age of 13. The Company asks that minors under the age of 13 not submit any Personal Information to the Company. If You (or any parent or guardian of a minor) have reason to believe a child under the age of 13 has provided the Company with any Personal Information, please contact the Company at email@example.com and request that such information be deleted from the Company’s records. PARENT/GUARDIAN RIGHT OF ACCESS: YOUR PARENT AND/OR YOUR LEGAL GUARDIAN HAS THE RIGHT TO ASK ABOUT THE INFORMATION THE COMPANY HAS COLLECTED ABOUT YOU. THE COMPANY WILL ASK THAT PERSON MAKING THE REQUEST TO VERIFY THAT THEY ARE IN FACT YOUR PARENT OR LEGAL GUARDIAN BEFORE THE COMPANY PROVIDES THEM YOUR INFORMATION. THE COMPANY WILL ALSO COLLECT THE CONTACT INFORMATION FOR THE PERSON REQUESTING THIS INFORMATION SO WE CAN RESPOND TO THE REQUEST. FOR MORE INFORMATION ABOUT CHILDREN’S ONLINE PRIVACY, PLEASE VISIT (FOR CHILDREN IN THE U.S.), THE FEDERAL TRADE COMMISSION’S RESOURCE PAGE: HTTPS://WWW.CONSUMER.FTC.GOV/ARTICLES/0031-PROTECTING-YOUR-CHILDS-PRIVACY-ONLINE.
5.5 COOKIES POLICY; HOW YOU CAN DISABLE COOKIES.
5.5.3 Disabling Cookies. You can prevent the setting of cookies by adjusting the settings on Your browser (see Your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that You visit. Disabling cookies will usually result in also disabling certain functionality and features of this Company Website or any other Company Programs. Therefore, it is recommended that You do not disable cookies.
- Email newsletters related cookies: The Company Website or other Company Program may offer newsletters or other types of email subscription services and cookies may be used to remember if You are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
- Orders processing related cookies: The Company Website or other Company Program may offer e-commerce or payment facilities and some cookies are essential to ensure that Your order is remembered between pages so that the Company can process it properly.
- Contact or comment related cookies: When You submit any other data through the Company Website or other Company Program, certain contact or comment-related cookies may be set to remember Your user details for future correspondence or transactions.
- As noted in Section 3, the Company Website or other Company Program may use Third Party Analytics Tools or Services (including without limitation Google Analytics) which provides the Company with widely-used analytics tools or services to help the Company better understand how You and other Users are utilizing the Company Website or other Company Program in order to allow the Company to improve Your experience. These cookies may track things such as how long You spend on the Company Website or other Company Program and the pages that You visit so the Company can continue to produce engaging content.
- Third Party Analytics Tools or Services are also used to track and measure usage of this Company Website or other Company Program so that the Company can continue to produce engaging content, help the Company to understand how the Company can improve the Company Website or other Company Program site for You and and/or to give Us a better understanding of broader industry trends
- From time to time, the Company tests new features and make subtle changes to the way that the Company Website or other Company Programs are delivered. When the Company are still testing new features these cookies may be used to ensure that You receive a consistent experience while on the Company Website or other Company Program while ensuring the Company understands which optimizations the Users appreciate the most.
- As the Company promotes its products or services, it’s important for the Company to better understand statistics about how many of the visitors the Company Website or other Company Programs actually make a purchase or which Company products or services the Users viewed the most and, thus, this is additional types of data that these cookies will track. The Company considers this to be important to You as it means that the Company can accurately make business predictions that allow the Company to monitor its advertising and product /service costs to ensure the best possible services to all of the Users.
- Certain of the Company’s Advertising Partners (as defined in Section 3 of this Policy) may advertise on the Company’s behalf and affiliate tracking cookies allow the Company to see if the Company’s customers have come to the Company Website or other Company Programs through one of these Advertising Partner sites or sources.
- As noted in Section 3, the Company also uses social media buttons and/or plugins on this Company Website or other Company Programs that allow You to connect with Your social network in various ways. For these to work, many social media sites (such as, but not limited to, Facebook, Instagram or LinkedIn) may set cookies through the Company Website or other Company Program and such cookies may be used to enhance Your profile on their social media site or to contribute to the data they hold for various purposes outlined in their respective privacy policies.
7. USER RESPONSIBLE FOR UPDATING USER’S OWN PERSONAL INFORMATION. Users are solely responsible for correcting, updating, or modifying any and all of the User’s Personal Information as it appears in, and as otherwise stored or contained in, any Company Program. Without in any way limiting the foregoing, User acknowledges and agrees that the Company does not have an independent obligation to maintain the accuracy or completeness of any of Personal Information provided by the User to the Company, including such Personal Information once it is stored, described or otherwise contained in the Company Website or in any other Company Program.
8. REASONABLE SECURITY MEASURES. FOR ALL USERS OF THE COMPANY WEBSITE, REGARDLESS OF WHERE YOU ARE LOCATED, THE COMPANY HAS IMPLEMENTED REASONABLE MEASURES DESIGNED TO SECURE YOUR PERSONAL INFORMATION FROM ACCIDENTAL LOSS AND FROM UNAUTHORIZED ACCESS, USE, ALTERATION, AND DISCLOSURE.
THE SAFETY AND SECURITY OF YOUR INFORMATION ALSO DEPENDS ON YOU. WHERE THE COMPANY HAS GIVEN YOU (OR WHERE YOU HAVE CHOSEN) A PASSWORD FOR ACCESS TO CERTAIN PARTS OF THE COMPANY WEBSITE, YOU ARE RESPONSIBLE FOR KEEPING THIS PASSWORD CONFIDENTIAL. THE COMPANY ASKS YOU NOT TO SHARE YOUR PASSWORD WITH ANYONE.
UNFORTUNATELY, THE TRANSMISSION OF INFORMATION VIA THE INTERNET IS NOT COMPLETELY SECURE. ALTHOUGH THE COMPANY DOES USE REASONABLE MEASURES INTENDED TO PROTECT YOUR PERSONAL INFORMATION, THE COMPANY CANNOT GUARANTEE THE SECURITY OF YOUR PERSONAL INFORMATION TRANSMITTED TO THE COMPANY WEBSITE. TO THE FULLEST EXTENT ALLOWED BY LAW, ANY TRANSMISSION OF PERSONAL INFORMATION IS AT YOUR OWN RISK. EXCEPT WHERE THE LAW MANDATES OTHERWISE, THE COMPANY ARE NOT RESPONSIBLE FOR CIRCUMVENTION OF ANY PRIVACY SETTINGS OR SECURITY MEASURES CONTAINED ON THIS SITE.
11. ADDITIONAL NOTICE UNDER THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (“GDPR”).
11.1. DATA SUBJECT RIGHTS UNDER GDPR. To the degree (if at all) the Company collects any “Personal Data” of a “Data Subject”, as such terms are defined under the GDPR, the Company hereby notifies such European Union Data Subjects that they have the following additional rights pursuant to the GDPR:
- Pursuant to GDPR Article 15 (Right of Access by the Data Subject), to obtain from the Company confirmation as to whether or not Personal Data (as such term is defined in the GDPR) has been Processed (as such term is defined in the GDPR) and, if that is the case, access to that Personal Data and additional information about how it has been Processed, including without limitation: (i) the purpose of the Processing; (ii) the category of Personal Data concerned; (iii) the categories of recipients to whom the Data Subject’s Personal Data has been disclosed; (iv) the planned retention period; (v) the existence of Your right of rectification, deletion, limitation of processing or opposition; (vi) the existence of a right to complain; (vii) the source of the collection of Personal Data if not collected from the Company; (viii) and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
- Pursuant to GDPR Article 16 (Right to Rectification), to request the correction (modification) of incorrect Personal Data or any completed Personal Data stored by the Company;
- Pursuant to GDPR Article 17 (Right to Erasure; “Right to be Forgotten”), to request the deletion of the Data Subject’s Personal Data stored by the Company, except for the allowed continued uses permitted by the GDPR, including without limitation as far as the Processing is needed to exercise the right to freedom of expression and information, for the fulfillment of a legal obligations, for reasons of the public interest or for the assertion, exercise or defense of legal claims if required;
- Pursuant to GDPR Article 18 (Right to Restriction of Processing), to demand the restriction of the Processing of the Data Subject’s Personal Data where one of the following applies: (i) as far as the accuracy of the Personal Data is disputed by the Data Subject; (ii) the Processing of the Personal Data is unlawful, but the Data Subject rejects its deletion; (iii) the Company no longer need the Personal Data, but the Data Subject requires it to exercise or defend legal claims; or (iv) the Data Subject has objected to the Processing of the Personal Data in accordance with GDPR Article 21;
- Pursuant to GDPR Article 20 (Right to Data Portability), the right of the Data Subject to receive his/her Personal Data as provided to the Company, in a structured, common and machine-readable format or to request the transfer to another person responsible;
- Pursuant to GDPR Article 7(3) (Conditions of Consent), the Data Subject’s right to withdraw, at any time, the Data Subject’s once granted consent. As a result, the Company is no longer allowed to continue the Processing of Personal Data based on that consent for the future, but such withdrawal does not affect the lawfulness of the Processing of Personal Data based on such consent before such withdrawal; and
- Pursuant to GDPR Article 77 (Right to Lodge a Complaint with a Supervisory Authority), the right of the Data Subject to complain to a Supervisory Authority, as such term is defined in the GDPR. As a general rule, the Data Subject can contact the Supervisory Authority of the Data Subject’s usual place of residence or work or place of the alleged infringement.
11.2. LEGAL BASIS FOR COMPANY’S PROCESSING OF “PERSONAL DATA” UNDER GDPR. In the event the Company does collect or process any Personal Data of a European Union Data Subject, the Company may collect and otherwise process such Personal Data (as such term is defined under the GDPR) under any one or more of the following conditions:
- Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
- Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
- Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
- Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
- Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
- Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.
In any case, the Company will help to clarify the specific legal basis that applies to the collection or processing of a European Union Data Subject’s Personal Data, and in particular whether the provision of Personal Data (as defined under the GDPR) is a statutory or contractual requirement, or a requirement necessary to enter into a contract.