Effective Date: December 2, 2020
• your name;
• e-mail address;
• shipping address;
• billing address;
• credit card account number;
• IP address;
• telephone number; and
• online identifiers you use, such as your username, social media handles, and other similar types of identifiers.
2. Information from Social Networking Sites. Our Service may include interfaces that allow you to connect with social networking sites (each an “SNS”). If you connect to a SNS through the Site, you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.
3. Information Automatically Collected. When you visit our Site, some information is automatically collected. For example, when you visit our Site your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, and the Site you visited before our Site are logged automatically (“Usage Information”). We also collect information about your usage and activity on our Site.
B. Web Beacons. We may collect information using Web beacons. Web beacons are electronic images that may be used on our Site or in our emails. We use Web beacons to deliver cookies, count visits, understand usage and to tell if an email has been opened and acted upon.
C. Local Shared Objects. We may use local shared objects, also known as Flash cookies, to store your preferences such as volume control or to display content based upon what you view on our Site to personalize your visit. Third party partners provide certain features on our Site and Services and display advertising based upon your Web browsing activity using Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and way in which data is stored. Cookie management tools provided by your browser usually will not remove Flash cookies. To limit the websites that can store information in flash cookies on your device, you can use the Adobe Settings Manager available at: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
4. Information Collected from Other Third Parties. We may receive your Personal Information from third party business partners, such as social media sites, ad networks and analytics providers. We may also receive your Personal Information from others that refer you to our Sites and/or Services.
5. Use of Information. We use your Personal Information collected for the purposes described in this Policy. Specifically, we may use your Personal Information to: email@example.com.
• operate and improve our Site and Services;
• understand you and your preferences to enhance your experience;
• track, collate, and analyze your use of our Site and Services;
• process and deliver contest entries and rewards;
• respond to your comments and questions and provide customer service;
• provide and deliver products and Services you request;
• to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
• facilitate your participation in participate in surveys, promotional offers, contests or sweepstakes;
• communicate with you about new contests, promotions, rewards, upcoming events, and other news about products and Services offered by us and our selected partners; and
• link or combine it with other Personal Information we get from third parties, to help understand your needs and provide you with better service.
6. Sharing of Information. We do not share your Personal Information with third parties except in the following circumstances:
• Third Party Service Providers. We may share your Personal Information with our third party vendors, consultants and other service providers who work for us and need access to your information provide you with products, services, or information that you request. For example, we use Mailchimp (https://mailchimp.com/legal/privacy/) to facilitate our email communications, ZenDesk (https://www.zendesk.com/company/customers-partners/privacy-policy/) to provide customer support, and Zoom Video Communications, Inc. (https://zoom.us/privacy) to conduct online classes.
• Corporate Restructuring. We may share your Personal Information in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another entity.
• With Your Consent. We may share your Personal Information with third parties where you have provided consent to such sharing.
We may also share aggregated anonymous or de-identified information. When we use the term “anonymous data”, we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party. We may create anonymous data from the Personal Information we receive about you and other individuals whose Personal Information we collect. Anonymous data might include analytics information and information collected by us using cookies. We make Personal Information into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze usage patterns in order to make improvements to our Services.
7. Payment Card Information. We do not collect, store, or process any payment card information. Instead, we rely on Stripe to facilitate any payment card transactions. For more information about Stripe’s privacy practices, please see: https://stripe.com/us/privacy.
8. Email Opt-Out and Disabling Cookies.
A. Email Opt-Out. You may opt out of receiving promotional emails from us by following the instructions in those emails or sending a message with your request and the subject line “EMAIL OPT OUT REQUEST” to firstname.lastname@example.org. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations.
B. Disabling Cookies. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Site and Services.
9. Third Party Sites and Links. Our Site and Services may contain links to third party sites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their sites, features or policies. Please read their privacy policies before you submit any data to them.
10. Children’s Information. Our Site and Services are not directed children under the age of 13. If you are under 13, you may not access, attempt to access, or use our Site or Services. We do not knowingly collect or allow the collection of Personal Information via the Site or Services from persons under the age of 13, pursuant to applicable law and regulations. If we learn that we have collected the Personal Information of someone under the age of 13, we will take appropriate steps to delete this information. If you are a parent or guardian of someone under the age of 13 and discover that your child has submitted Personal Information to us, you may contact us at email@example.com and ask us to remove your child’s Personal Information from our systems.
11. Information Security. We take reasonable organizational, technical and administrative steps to help protect Personal Information against loss, misuse, unauthorized access or disclosure. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure.
12. Your California Privacy Rights. If you are a California resident, you have the right to request information from us regarding the manner in which SSI shares certain categories of personal information with third parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address listed below to receive the following information:
• The categories of information we disclosed to third parties for their direct marketing purposes during the preceding calendar year;
• the names and addresses of the third parties that received the information; and
• if the nature of the third party’s business cannot be determined from their name, examples of the products or services marketed.
This information may be provided in a standardized format that is not specific to you. The designated email address for these requests can be found at: firstname.lastname@example.org.
Additionally, if you are a California resident and are under the age of 18 and you have posted content or information to our Site or Services, you can request that we remove content or information that you have posted to our Site or Services. Note that fulfillment of the request may not ensure complete or comprehensive removal (e.g., if the content or information has been reposted by other individual).
Also, please note that we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals in light of industry developments or legal changes.
13. European Users’ Rights. If you are located in the EU or Switzerland, you have certain rights with respect to your Personal Information. Following is a summary of those rights and additional information applicable to our collection and use of your Personal Information.
B. Legal Basis for Processing Information
If you are located in the EU or Switzerland, we rely on several legal bases to process your Personal Information. These legal bases include where:
• The processing is necessary to perform our contractual obligations, such as to provide you with our Services;
• You have given your prior consent, which you may withdraw at any time (such as for marketing purposes or other purposes we obtain your consent for from time to time);
• The processing is necessary to comply with a legal obligation, a court order or to exercise or defend legal claims; and
• The processing is necessary for the purposes of our legitimate interests, such as in improving, personalizing, and developing our Site and Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
If you have any questions about or would like further information concerning the legal bases on which we collect and use your Personal Information, please contact us by emailing email@example.com.
C. Rights Under the General Data Protection Regulation
If you are located in the EU or Switzerland, you have the following rights in respect of your Personal Information that we hold:
• Right of access. The right to obtain access to your Personal Information.
• Right to rectification. The right to obtain rectification of your Personal Information without undue delay where that Personal Information is inaccurate or incomplete.
• Right to erasure. The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or processed.
• Right to restriction. The right to obtain the restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the Personal Information is contested by you, for a period enabling us to verify the accuracy of that Personal Information.
• Right to portability. The right to portability allows you to move, copy or transfer Personal Information easily from one organization to another.
• Right to object. You have a right to object to processing based on legitimate interests and direct marketing.
If you wish to exercise one of these rights, please email us at firstname.lastname@example.org. You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
D. Retention of Personal Information. When reserve the right to retain any Personal Information as long as it is needed to: (1) fulfill the purposes for which we collected the Personal Information; and (2) comply with applicable law.
F. Obligations to Data Protection Authorities (DPAs)
We will respond diligently and appropriately to requests from DPAs about this policy or compliance with applicable data protection privacy laws and regulations. We will, upon request, provide DPAs with names and contact details of the individuals designated to handle this process. With regard to transfers of Personal Information, we will (1) cooperate with inquiries from the DPA responsible for the entity exporting the data and (2) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.
G. Contacting Our Data Protection Officer
To contact our designated Data Protection Officer, please send an email to: email@example.com.
14. EU-U.S. and Swiss-U.S. Privacy Shield.
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of July 12, 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the EU to the United States of America.
On September 8, 2020, the Swiss Data Protection Authority, the Federal Data Protection Commissioner (“FDPIC”), announced that it no longer considers the Swiss-U.S. Privacy Shield adequate for purposes of transfers of personal data from Switzerland to the United States of America. As a result of that announcement, the Swiss-U.S. Privacy Shield is no longer a valid mechanism to comply with Swiss data protection requirements when transferring personal data from Switzerland to the United States of America.
Despite the invalidation of the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, SSI remains committed to adhering to applicable Privacy Shield Principles with respect to Personal Information transferred from the EU or Switzerland to the United States of America as further described below.
SSI remains responsible and liable under the Privacy Shield Principles for onward transfers if third-party agents that we engage to process Personal Information on our behalf do so in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, SSI commits to resolve complaints about our collection or use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SSI at: firstname.lastname@example.org.
We have further committed to refer unresolved Privacy Shield complaints to JAMS (Judicial Arbitration and Mediation Services, Inc.), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles. For details, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
SSI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).