Last Updated March 10, 2020
We are based in California, and this policy incorporates protections for California residents provided under the California Consumer Privacy Act of 2018 (“CCPA”). Since we care about your privacy, we provide the same rights to all of our customers whether or not they are California residents. As discussed further below under Legal Disclaimers, your use of this Site and our services are subject to California and United States law.
If you ever have any questions about how we use and store your personal information, you can submit those questions to us at firstname.lastname@example.org. Below is a non-exhaustive summary of the rights you have in this policy. This summary is only for your convenience: it does not change the details, exceptions and legal obligations that apply to these items set out in more detail below:
Who is Collecting Your Data
Sumbody controls the data that is collected on the Site. You can contact us anytime at email@example.com or by phone (1-866-SUMBODY).
We collect and store certain personal information about you at various points in order to provide you with products and services. We collect this information from information that either you provide us directly or gathered from your devices. As discussed further below, we are required to collect certain information from you such as your residence in order to sell and ship your product. We also use this information and additional information we collect to customize our services to your preferences and provide you with products and services that we believe will appeal to you.
|Category||Examples of Types of Data||Do We Collect It?||Disclosed to Third Parties||Sold to Third Parties|
|name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, etc.||YES||NO
|(B) Additional Identifiers||telephone number, driver’s license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information||YES||NO|
|(C) Characteristics of protected classifications under California or federal law||age (if 40 and over), gender, marital status, race, national origin and other protected classes||YES||NO|
|(D) Commercial information
|records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies||YES||NO|
|(E) Biometric information||genetic, physiological, biological or behavioral characteristics, that can be used to establish individual identity such as fingerprints or facial recognition||NO||NO|
|(F) Internet or other electronic network activity information||browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement||YES||NO|
|(G) Geolocation data||location of your electronic device||YES||NO|
|(H) Sensory data||audio, electronic, visual, thermal, olfactory, or similar information||NO||NO|
|(I) Professional or employment-related information||job history or performance evaluations||NO||NO|
|(J) Non-public education information||student education, financial or disciplinary records||NO||NO|
|(K) Inferences||drawn from any of the information above to create a profile about a consumer||YES||NO|
Why We Collect Your Information
We collect your information to manage our relationship with you and send you communications, and for a number of our other business purposes, including the following:
We are required to collect and provide your information to certain of our Service Providers and third-party vendors in order to store your data, process orders and shipments, email newsletter management as discussed below.
We also use the information we collect for our marketing purposes, including sending out our newsletter. If you would like to opt out of our use of your information for marketing purposes, or to be removed from our email list, you may contact us at firstname.lastname@example.org or by phone (1-866-SUMBODY). Even if you opt out, we may still send emails to you concerning specific transactions or other non-marketing related messages. Our Service Providers are not permitted to use your information for their own marketing purposes, unless they have an independent relationship to you and have obtained your information from another source.
When you visit the Site, we also collect some basic non-personal information about you and your browser. Examples of such non-personal information that is collected include what type of browser and operating system you are using, how long you remained on our Site and what pages you looked at while here. This non-personal information is anonymous and helps us understand how visitors browse our Site, so that we can make their shopping experience better. We do not make any efforts to identify you from this non-personal information.
“Do Not Sell My Personal Information”
Under California law, you have the right to opt out of the sale of your personal information. We do not sell personal information, but we are providing you with the ability to opt out of the sale of your personal information in any event by sending an email to us at email@example.com with the subject line “Do Not Sell My Personal Information.”
How Long We Keep Your Information
We will retain your information for as long as your account is active or as necessary to provide you services and to maintain a record of your transactions for financial reporting and compliance purposes. If you wish to cancel your account, please contact us at firstname.lastname@example.org. We will keep your order history on file indefinitely so that we can always provide you with information on what you ordered previously unless you ask us to delete it.
Your Rights to Access or Delete Your Data
If you so desire, we will provide you with a copy of your account data or delete your account at your request. Up to twice a year, you may ask us whether we are collecting, storing, using, disclosing or selling your personal information, what categories and specific pieces of personal information of yours we are collecting and storing, the categories of sources from which our personal information is collected, the business or commercial purpose for collecting your personal information, and whom we may have shared your information with.
You may request a copy of the categories of personal information we have about you by email@example.com or by phone (1-866-SUMBODY). We may contact you further to verify your identity if we do not have sufficient proof in your request, such as the request being sent from your email address that matches the one we have. If you request specific pieces of information, to verify your request you will need to provide a declaration to us via mail at firstname.lastname@example.org. We will work diligently to respond to your requests and will provide you with a free response within 45 days.
If you would like us to delete your data, please contact us at email@example.com or by phone (1-866-SUMBODY). Depending on the nature of the data that you request we delete, we may require you provide two or more data points that match the information in our file. Note that even if you request deletion, we may continue to retain and use information as may be authorized or necessary under California Law.
We will verify your identity for purposes of such a request to delete or a request to know. If you have an account on the Site, we will verify your request for information through your account. If you do not have an account, we will verify your request depending on the nature of the request. If you request to know the categories of information, we will request that you provide two pieces of information that match our records, which may vary depending on the information we have on file. If you request to know specific pieces of information, we will require additional verification to match three pieces of information on file, as well as a signed declaration. If you would like to designate an authorized agent to make such a request or your behalf you may do so by providing us with your written permission of such authorization and the agent provides verification of their identity.
In order to ensure protection of your information from fraudulent requests, we require you provide us with additional information to verify your identity should you wish to access or delete your data. For your protection, in the event the requisite verification is not satisfied, we may deny the request for access to your account data or to delete your account.
Protecting Your Information
We make every effort to ensure that any data that we store about you is kept behind a secure firewall and is not accessible to the public in any way. Any sensitive information (such as credit card number) that we collect from you is encrypted. We protect user data offline as well by restricting access to information to only those employees (for example, a Customer Care representative) who need the information to perform a specific job. All employees are kept up to date on our security and privacy practices and are aware of the importance of keeping customer data secure and safe at all times. We also outsource certain of our data processing operations to third parties as discussed below, and we have agreements with those Service Providers that require them to maintain security over your information.
Although we use our best efforts to protect the security of your information and our system, and we have agreements in place with our processors requiring them to do the same, no transmission via the internet or storage of data can be guaranteed to be 100% secure. As a result of this and other factors beyond our control, we cannot guarantee the security of the information that you transmit to or through our Site. Therefore, you assume that risk by using the Site.
If you have any questions about the security of our Site, please feel free to contact us at firstname.lastname@example.org.
How We Share Your Information With Third Parties and Service Providers
We value your privacy, and we will never sell or rent any personal information to any Third Party for that Third Party’s marketing purposes unless we are given explicit and affirmative authority to do so by you.
We work with Service Providers and Third Parties to assist us to fulfill our sales and services to you and to process your data, including shipping companies, data hosts, credit card processors, and email management companies to host our databases, ship orders, process credit cards, bill users for goods and services. We require all such Service Providers and Third Parties to keep any information they receive confidential, maintain the privacy of all our customers, and to use any information provided to only provide services on behalf of us and you. We have in the past and may continue to disclose for business purposes your personal information with these Third Parties and Service Providers as set forth in the table above.
From time to time, we may also employ other Service Providers and Third Parties to perform services, to maintain and operate the Site, and to maintain certain features on the Site. To such parties, we may disclose non-personal information such as traffic patterns and website usage data, but in no event will we disclose any personal information. Third Parties and Service Providers may also acquire browsing data or other information about your activity on the Site through cookies, as discussed below.
We also may employ Service Providers and Third Parties to analyze our sales data for internal purposes in which case we may disclose information to such parties such as the products purchased, the location of shipment, and the frequency of purchases. We additionally may enlist a Service Provider or Third Party to assist with marketing and sending member e-mails, in which case we will provide these third party vendors with member e-mail addresses. Again, we require all such Service Providers and Third Parties to keep any information they receive confidential, maintain the privacy of all our customers, and to use any information provided for services on our and your behalf.
Do Not Track Signals
Some browsers have incorporated “do not track” features to enable users to make privacy and security choices. By using these settings, your browser may send a signal to our website not to collect tracking information. The Site does not track information from users through cookies if a “do not track” signal is received. Information tracked by the Site through cookies is discussed above.
Data of Minors
Our products and services are not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Data through the Services. We will not knowingly collect information from minors of any age in the U.S., including those under 16, with or without consent from their parents or guardians. If we learn that we collected the personal information of a minor, we will take steps to delete the information as soon as possible. If you believe we have inadvertently collected the personal information of your minor child, please contact us at email@example.com.
In addition to the use of your personal information for our business purposes, and subject to our not otherwise sharing or selling your data to Third Parties except as set forth above, Sumbody reserves the right to disclose your personally identifiable information as allowed or required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Site.
Privacy Policies Update
If you have any questions about this policy, you can reach us at firstname.lastname@example.org.