EFFECTIVE DATE: JANUARY 1, 2020
INTRODUCTION AND SPECIAL NOTICES
NOTICE TO CALIFORNIA RESIDENTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT OF 2018
SPECIFIC DATA RIGHTS PURSUANT TO THE CCPA
THE CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT FROM YOU.
THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION
WHO WE SHARE YOUR PERSONAL INFORMATION WITH AND FOR THOSE PURPOSES.
YOUR RIGHT TO HAVE ACCESS TO YOUR PERSONAL INFORMATION, YOUR DATA PORTABILITY RIGHTS, AND YOUR DELETION REQUEST RIGHTS; AND HOW TO ACCESS THESE RIGHTS
NOTICE REGARDING SALE OF ANY PERSONAL INFORMATION TO A THIRD PARTY
- INFORMATION COLLECTION
1.1 Information You Provide to Us
We collect information you provide directly to us. For example, we collect information when you create an account, make a purchase, make an appointment with a personal shopper, fill out a form or survey, participate in a contest or promotion, apply for a job, communicate with us via third party social media sites, request customer support, or otherwise communicate with us. The types of information we may collect include your name, postal address, telephone number, e-mail address, product preferences and credit card or gift card information and any other information you choose to provide. In the event you make a purchase, we will collect that payment card information and use a third-party service provider that handles payments for us and will receive your payment card information.
1.2 Information Automatically Collected
When you access or use our Services, we automatically collect information about you, including:
Log and Usage Information: We collect information about your use of the Services, including the type of browser you use, app version, access times, pages viewed, your Internet Protocol address (IP address), and the page you visited before navigating to our Services.
Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
Location Information: In accordance with your device permissions, we may collect information about the precise location of your device. For more details, please see “Your Choices” below.
Information Collected by Cookies and Other Tracking Technologies: We (and our service providers) use different technologies to collect information, including cookies, web beacons, and similar tracking technologies. A cookie is a small data file stored by your web browser on your computer or mobile device (hard drive) that helps us improve our Services and your experience, see which areas and features of our Services are popular, count visits, and prevent fraud. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.
When you purchase, return or exchange a product, we collect information about the transaction, such as product details, purchase price, and the date and location of the transaction. We also record customer service calls and capture video records and photographic information of you when you visit one of our stores.
Widget Information. Our web site includes social media features, such as the Facebook Like button and widgets or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our web site. Your interactions with these features are governed by the privacy policies of the company providing it.
1.3 Information We Collect from Other Sources
Information from third party services. If you choose to link our Services to a third-party account, we may receive information about you, including your profile information, and your use of the third party account. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.
Other third parties. We may receive additional information about you, such as demographic data, from third parties such as data or marketing partners and combine it with other information we have about you.
- USE OF INFORMATION
We use the information we collect to provide, maintain, and improve our Services and to offer you the finest products and shopping experience. We also use the information we collect to:
- Process your purchase transactions, fulfill your orders, process exchanges and returns and send shipping notifications;
- Send support and administrative messages, and respond to your comments, questions, and customer service requests;
- Process your information to evaluate your application if you apply for a job;
- Communicate with you about products, services, offers, and events offered by us and others, and provide news and information we think will be of interest to you (if you prefer not to receive promotional communications from us, you may opt out at any time by following the instructions in the “Your Choices” section below);
- Monitor and analyze trends, usage, and activities in connection with our Services and stores;
- To protect against fraud and unauthorized transactions, including by identifying potential unauthorized users and/or hackers;
- Personalize your experience and the advertisements and content you see when you use the Services based on your preferences, interests, and browsing and purchasing behavior;
- For compliance purposes as may be required by applicable laws and regulations or requested by any judicial process or governmental agency;
- Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards; and
- Carry out any other purpose described to you at the time the information is collected.
- SHARING OF INFORMATION
Vendors and Service Providers. We may share any information we receive with vendors and service providers retained in connection with the provision of our Services.
Social Sharing Features. The Services may offer social sharing features and other integrated tools (such as the Facebook “Like” button), which let you share actions you take on our social media pages. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature.
Third Party App Integrations. If you connect a third-party application to our Services, we may share information with that third party.
Analytics Partners. We use analytics services such as Google Analytics to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Advertising Partners. We work with third party advertising partners to show you ads that we think may interest you. These advertising partners may set and access their own cookies, pixel tags and similar technologies on our Services and they may otherwise collect or have access to information about you which they may collect over time and across different online services. Some of our advertising partners are members of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/) or the Digital Advertising Alliance (http://optout.aboutads.info/?c=2&lang=EN). If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies.
Aggregated Form. We may make certain automatically-collected, aggregated, or otherwise de-identified information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (i) comply with law enforcement requests and legal process, such as a court order or subpoena; (ii) respond to your requests; or (iii) protect your, our, or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through the Services.
Consent. We may also disclose your information with your permission.
- YOUR CHOICES
You can always choose not to provide information, even though it might be needed to make a purchase or to take advantage of certain features on our Services. You may also manage and update your information, or close your account by emailing us at email@example.com.
Marketing Communications. If you would prefer not to receive marketing emails sent by us, simply click on the unsubscribe link included at the bottom of any of those emails. If you opt out of receiving marketing emails, we may still send you other types of messages, such as purchase receipts, information about shipments, or emails about your account.
Location Information. You can prevent your device from sharing precise location information at any time through your device’s operating system settings.
Do Not Track. Some browsers have a “DO NOT TRACK” feature that lets website users inform websites or other applications that they do not want to have their online activities tracked. These “do not track” features may also give website users other choices regarding the collection of their personal identifiable information. However, these “do not track” features and “do not track’ signals are not yet uniform. However, there is no accepted standard on how to respond to Do Not Track signals. ACCORDINGLY, YOU ARE HEREBY NOTIFIED THAT OUR SERVICES ARE NOT CURRENTLY SET UP TO RESPOND TO ANY SUCH “DO NOT TRACK” SIGNALS.
- ADDITIONAL NOTICES TO CALIFORNIA RESIDENTS PURSUANT TO THE CALIFORNIA CONSUMER PRIVACY ACT OF 2018 (CCPA)
5.1 Access to Specific Information and Data Portability Rights
Each California Resident has the right to request that we disclose certain information to you about how we collect and use your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (pursuant to Section 5.4: Exercising Your Access, Data Portability and Deletion Rights), we will disclose to you (per your request):
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose; two separate lists disclosing:
- Sales (if any), identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
5.2 Deletion Request Rights
Each California Consumer has the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (pursuant to Section 5.4: Exercising Your Access, Data Portability and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. However, we may deny your deletion request if retaining the information is necessary for us or its service provider(s) to:
- complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- debug products to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
- enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- comply with a legal obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
5.3 Notification Regarding Sale (If Any) of Personal Information
WE HEREBY NOTIFY CALIFORNIA RESIDENTS THAT IN THE PRECEDING TWELVE (12) MONTHS WE HAVE NOT SOLD ANY PERSONAL INFORMATION TO ANY THIRD PARTY OUTSIDE OF US.
5.4 Exercising Your Access, Data Portability and Deletion Rights
To exercise your access, data portability, or deletion rights as set forth above in this Section 5, a California Resident must submit a verifiable consumer request to us by either:
- Writing us at Capretto LLC, Atten: Privacy Department, 863 Swarthmore Avenue, Pacific Palisades, CA 90272; or
- Emailing us at firstname.lastname@example.org.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request to us related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal Information or an authorized representative of such person.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if the we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
5.5 Response Time and Format
If we receive a verifiable consumer request from a California Resident as set forth in Section 5.4 above, we will endeavor to respond to such verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to a total aggregate of 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
5.6 Non-Discrimination Notice
We will not discriminate against any California Resident for exercising any of your rights under the CCPA. Unless permitted by the CCPA, we will not:
(a) Deny you goods or services;
(b) Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide You a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
The information we collect about you may be transferred to, and accessed from within, the United States and other countries, as permitted by applicable law. These other countries may not offer the same level of data protection as your home jurisdiction. We will take steps to maintain an adequate level of protection for this information in the jurisdictions in which we process it. If you are a resident of the European Union (“EU”), please see “Consumers in the European Union” in Section 10 below.
- CHILDREN’S PRIVACY
- DATA SECURITY
- NOTICE OF CHANGES
- CONSUMERS IN THE EUROPEAN UNION
If you are in the European Union (“EU”), you have certain rights and protections under the law regarding the processing of your personal data.
- LEGAL BASIS FOR PROCESSING
We will only process personal data about in accordance with the following legal basis:
Necessity. As necessary to perform our responsibilities under our contract with you. For example, by processing your order and delivering the products you purchase;
Legitimate Interest. When we have a legitimate interest in processing your personal data. For example, to communicate with you about changes to our Services or legal documents, to prevent fraud, or to provide, protect and improve our products and services. We only rely on our legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests;
Consent. If we request your consent to a specific processing activity (such as to send marketing emails), and you provide your consent in the manner indicated; and
Legal Obligation. In some cases, processing will be necessary for compliance with a legal obligation, such as response to legal process requests.
- DATA SUBJECT REQUESTS
You have a right to request access to and receive information about the Personal Information we maintain about you, update and correct inaccuracies in your Personal Information, restrict or object to the processing of your Personal Information, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place. If you wish to access or amend any Personal Information we hold about you, you may contact us at email@example.com. In addition, you may have the right to withdraw any consent you previously provided to us regarding the processing of your personal information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
You have the right to withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal if you would like to exercise any of these rights, you may contact us by emailing firstname.lastname@example.org
- DATA RETENTION
We store the information we collect about you for as long as is necessary for the purposes for which we originally collected it. We may retain certain information for legitimate business purposes or as required by law. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
- QUESTIONS OR COMPLAINTS
863 Swarthmore Avenue
Pacific Palisades, CA 90272
Attn: Privacy Department
If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local data protection authority, please see: https://edpb.europa.eu/about-edpb/board/members_en