Effective date: August 3, 2020
PERSONAL DATA WE COLLECT
We, directly or through our third-party service providers, also may collect certain information automatically when you visit or use the Website (“Usage Information”), including:
- Your browser type and operating system;
- Your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area;
- Geolocation information;
- Other unique identifiers, including mobile device identification numbers;
- Sites you visited before and after visiting the Website;
- Pages you view and links you click on within the Website;
- Information collected through cookies, web beacons, and other technologies;
- Information about your interactions with e-mail messages, such as the links clicked on and whether the messages were opened or forwarded; and
- Standard Server Log Information.
Cookies, Pixel Tags, and Local Shared Objects
Cookies are small bits of information that are stored by your Device’s web browser. You can decide if and how your Device will accept a cookie by configuring your preferences or options in your browser. However, if you choose to reject cookies, you may not be able to use certain online products, services or features on the Website.
Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your Device.
Local Shared Objects (sometimes referred to as “Flash Cookies”) are similar to standard cookies except that they can be larger and are downloaded to a Device by the Adobe Flash media player. Please note that you may need to take additional steps beyond changing your browser settings to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Website may no longer be available to you.
An embedded script is programming code designed to collect information about your interactions with the Website. It is temporarily downloaded onto your Device from our web server or a third party with whom we work, is active only while you are connected to the Website, and deleted or deactivated thereafter.
GPS (global positioning systems) software, geo-filtering, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting relevant content based on your location.
In-App Tracking Methods
There is a variety of tracking technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as “Ad IDs” to associate app user activity to a particular app and to track user activity across apps. You can stop all collection of information via any mobile applications by uninstalling them. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain location-based services, by adjusting the permissions in your mobile device.
For further information on tracking technologies and your choices regarding them, please see SHARING YOUR PERSONAL DATA below.
We are providing you with detailed information about the various tracking technologies and your choices regarding them so that your consent to our use of them is meaningfully informed.
When you visit or use the Website, you may engage in communications where you may post an opinion, provide a comment or product review, submit an article, engage in a chat with us or participate in an on-line forum or community, or subscribe to information that we may publish and electronically distribute. In the course of these various offerings, we often seek to collect various forms of personal information, such as your first and last name, address, telephone numbers, email address, social media information, and images. We consider this all to be Personal Data, except that, to the extent that you permit your communications to or with us (e.g., published articles, social media posts, submitted product reviews, on line chats) to be publicly published on our Website or in our social media channels, you agree that such published information separate from the Personal Data we have collected is no longer considered to be Personal Data to the extent it is published.
Additionally, when you make a purchase or attempt to make a purchase through the Website, including when you create a password protected account for making orders and purchases through our Website and tracking our fulfillment, shipping and delivery of those orders (an “Account”), we collect certain information from you, including your name, billing address, shipping address, payment information (including bank account information, credit card numbers, PayPal, Shop Pay, and Apple Pay, other forms of electronic payment services), email address, and phone number. We refer to this information as “Order Information.”
We consider Order Information to be Personal Data. To the extent that Order Information is permitted by you to be retained by us following the completion of a transaction, it may be combined with your other Personal Data that we collect.
We may obtain information about you from other sources, including other users with whom you may transact business, using our Website or by going outside of our Website, service providers and third-party services, and combine such information with information we have collected about you. We also may collect information about you from public sources as allowed by applicable law. We may do this to enhance our ability to serve you and offer you opportunities that may be of interest to you.
HOW DO WE USE YOUR PERSONAL DATA?
Generally, the Personal Data we collect is used as is necessary to provide our services and to offer for sale and sell products to you and as reasonably required for our business purposes, and for any other purpose with your consent as required by applicable law. We use your Personal Data in a variety of ways to provide and improve our services and the operation of our Website, provide you with information about the products we offer and our mission, curate our available product and service offerings, provide you with a personalized experience on our Website, contact you about our product offerings and your shopping activities, provide you customer service and to respond to your requests, and provide you with information in accordance with preferences you have provided.
We use the Personal Data, and in particular the Order Information, that we collect generally to process and fulfill any purchases you make through the Website, such as processing the information as to how you will pay for the purchase, how we will ship the ordered merchandise to you, and generating and sending you an invoice and confirmations about your transactions and/or shipments. In addition, we may use your Personal Data to:
- Establish with your consent a personalized transaction Account;
- Communicate with you, including communications regarding your Account, to update information in your Account, to resolve a dispute about an order, to collect payments or provide refunds, and otherwise provide customer service (note that for certain electronic communications data and usage rates may apply);
- Based on any preferences you have shared with us, provide you with information or advertising relating to our product offerings or services;
- Prevent, detect, mitigate, and investigate risk, fraud, security breaches or other potentially prohibited or illegal activities and keep our Website safe, secure, and operational.
The information we collect in connection with our online forums and communities is used to provide an interactive experience, and we use this information to facilitate participation in these online forums and communities and, from time to time, offer you products, programs, or services.
We use the Usage Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Website (for example, by generating analytics about how our customers browse and interact with the Website, and to assess the success of our marketing and advertising campaigns).
TSL reserves the right, but has no obligation, to monitor any content you post on the Website. We reserve the right to remove any such information or material for any reason or no reason, including without limitation if in our sole opinion such information or material violates, or may violate, any applicable law or our Terms of Service, or to protect or defend our rights or property or those of any third party. TSL also reserves the right to remove information upon the request of any third party.
We may use technologies considered automated decision making or profiling or artificial intelligence. This is to learn more about our customers so we can better serve their needs. We will not make automated-decisions about you that would significantly affect you, unless such a decision is necessary as part of a your transaction with us, we have your consent, or we are required by law to use such technology.
SHARING YOUR PERSONAL DATA
In addition, we use Shopify to power our online store and handle the billing and payment processing on our behalf and will share with Shopify Personal Data you provide in connection with your purchases. You can read more about how Shopify uses your Personal Data here: https://www.shopify.com/legal/privacy.
Any personal information or content that you voluntarily disclose for posting to the Website, for example, in an online forum or community chat, in an article or comment or opinion piece, or a product review, becomes available to the public, as controlled by any applicable privacy settings. To change your privacy settings, please contact us at email@example.com. If you remove information that you posted to the Website, copies may remain viewable in cached and archived pages of the Website, or if other users or third parties have copied or saved that information. If you do not with to have your Personal Data disclosed for posting to the Website, you can choose not to make any such posting[RI1] .
From time to time, we may run contests, special or promotional offers, or other events or activities (“Events”) on the Website, including together with a third party partner. If you provide information to such third parties, you give them permission to use it for the purpose of that Event and any other use that you approve. We cannot control such third parties’ use of your information. If you do not want your information to be collected by or shared with a third party, you can choose not to participate in these Events. If you do not wish to have your Personal Data used by us to promote products we may offer, you can opt-out by checking the relevant box located on the form used to collect your information. You can always opt-out by sending us an email stating your request to firstname.lastname@example.org.
We may share Personal Data with other members or agents of our corporate group in order to work with them, including affiliates. We may also transfer your Personal Data in the event of an audit or if we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, or liquidation).
We implement reasonable technical and organizational measures designed to protect your Personal Data against accidental or intentional destruction or loss, and unauthorized disclosure or access. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Website, and provide us with your information, at your own risk.
You are responsible for maintaining your privacy settings and the confidentiality of your Account password, answers to any security questions we may employ, and for any access to or use of the Website using your password, whether or not authorized by you. Please notify us immediately of any unauthorized use of your password or Account or any other breach of security.
As described above, we may use your Personal Data to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook/Instagram: https://www.facebook.com/settings/?tab=ads
- AdRoll: https://app.adroll.com/optout.
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Some web browsers may transmit “do-not-track” signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, TSL and our third-party service providers currently do not take action in response to these signals. For more information on “do-not-track,” visit http://www.allaboutdnt.com.
We offer Website visitors and customers who provide Personal Data the means to choose how we use the Personal Data we collect. To the extent required by law, TSL obtains opt-in consent for certain uses and disclosure of Personal Data. You have a right to withdraw such consent at any time. We shall make reasonable efforts to accommodate individual privacy preferences.
You generally have the right to access your Personal Data. Accordingly, where appropriate, we provide you with reasonable access to the Personal Data we maintain about you. We also provide you with a reasonable opportunity to correct, amend, or delete your information. For example, if you created a password protected Account within our Website, you can access that Account to review and correct, as needed, the information you provided. If you would like to exercise this right, please contact us at email@example.com with your instructions.
If you are a European Union resident, you have the right to access the Personal Data we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us at firstname.lastname@example.org with your instructions.
Please be aware that we may have the legal right to limit your right to change or delete your Personal Data, for example, where the burden or expense of honoring a request would be disproportionate to the risks to your privacy, or where the rights of persons other than you would be violated. Other reasons for denying or limiting requests for access include (i) interference with the execution or enforcement of the law or with private causes of action, including the prevention, investigation, or detection of offenses, (ii) breaching a legal or other professional privilege or obligation, and (iii) prejudicing security investigations or grievance proceedings or in connection with succession planning and corporate reorganizations. If access cannot be granted as requested, we will respond with a reason for denying your request.
If you are located in the European Union, you have the right to lodge a complaint with a European Union Supervisory Authority. As it pertains to users of our services located in the EU, the controller of your Personal Data is TSL (located at the address below). However, if you have a complaint regarding the processing of your Personal Data we request that you first contact us and we will reply on a timely basis.
If you are a resident of California or Nevada, please refer to our CCPA compliance section below or email email@example.com to learn more about how TSL collects, uses or discloses Personal Data. You can also use this email address to request we delete the data we have stored on you. Pursuant to California’s “Shine The Light” law, California Civil Code Section 1798.83, California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of Personal Data to third parties for their own direct marketing purposes in the preceding calendar year. You may request this disclosure information by email to firstname.lastname@example.org referencing “California Shine The Light Request” in the subject matter line so that we can process your request. Please include your mailing address, state of residence and email address with your request. You also may opt-out of any future sharing of such Personal Data with third parties for their direct marketing purposes by contacting us by email as above or by mail at our mailing address below, adding: ATTENTION: California Shine The Light Request.
You may choose to receive communications (including emails and text messages) in connection with Events and potential or actual purchases, and similar communications from us when you provide information for your Account or you place an order for merchandise. You may opt out of receiving any certain promotional and/or marketing communications from us at any time by (i) for promotional/marketing emails, clicking on the opt-out or “unsubscribe” link included in the commercial emails you receive or emailing us at email@example.com referencing “Unsubscribe” in the subject matter line with your unsubscribe instructions; and (ii) for text messages, following the instructions provided in text messages from us to text the word “STOP”. Please note that your opt-out is limited to the email address or phone number used and will not affect any subsequent subscriptions. Opt-out requests for e-mail may take up to 10 business days to be effective. Your opt-out request will not apply to messages that you request or emails that are not commercial in nature or communications concerning your placed orders.
CCPA COMPLIANCE FOR CALIFORNIA RESIDENTS
In California, the disclosure of Personal Data for which we receive valuable consideration (i.e., the receipt of some benefit other than money) is considered a “sale”.
Please note that your opt-out only applies to the browser you use to submit your opt-out, so if you use multiple browsers or devices, you must opt-out on each browser, on each device. Your opt-out is enabled using cookies so once you opt-out, if you delete your browser’s saved cookies on a device, you will need to opt-out again on that browser on that device.
We do not sell the Personal Data of users without consent, and therefore we do not sell the Personal Data of minors under 16 years of age without affirmative authorization from a parent or guardian if we have actual knowledge of the individual’s age.
Your Personal Data is stored on our servers and on the servers of Shopify who manages our customer database and possibly others that we engage with directly or indirectly which are located in the United States. We protect your Personal Data using technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our contractor’s data centers, and information access authorization controls.
How long we retain Personal Data can vary significantly based on the context of the services we provide and on our legal obligations. The following factors typically influence retention periods:
- How long the Personal Data is needed to provide our services. This includes such things as maintaining and improving the performance of our Website, keeping our systems secure, and maintaining appropriate business and financial records. As a baseline, we retain your data including Personal Data as long as you have an active Account and for twenty-four months following your termination of use of our Website, and data regarding financial transactions for six (6) years following the transaction completion date in accordance with applicable tax regulations.
- If you indicate to us that certain Personal Data is sensitive, we may apply a shortened retention time in the absence of any business or legal need to retain it for a longer term.
- If you have provided consent for a longer retention period, then we will retain your data in accordance with your consent.
- If we are subject to a legal, contractual, or similar obligation to retain your Personal Data, for example, in the circumstances of mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or Personal Data required to be retained in connection with potential or ongoing litigation, then we will retain such data until this legal, contractual or other obligation is no longer in place.
When you place an order or establish an Account through the Website, we will maintain your Order Information for our records, including in your Account if you establish one, unless and until you ask us to delete this information. After it is no longer necessary for us to retain your Personal Data for any business purpose, we will dispose of it in a secure manner in accordance with standard industry practices then in effect.
LINKS TO THIRD PARTY SITES AND SERVICES
We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties to help them understand the usage patterns for the Website.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, or change any of your preferences, please contact us by e‑mail at firstname.lastname@example.org or by mail using the details provided below:
Privacy Compliance Officer
The Sustainability Lab LLC
48 Bi-State Plaza
Old Tappan, NJ 07675