Do We Sell Your Personal Information?
What Personal Information Do We Collect?
You directly provide almost all the personal information that we collect about you. As described below, some information may automatically be collected when you use the Services. The following is a list of items that you provide or input on the Services, including:
We do not store personal financial information from Users. In some cases, we may use your shipping address to send samples, offers, coupons, or cash rebates.
How Do We Use Your Personal Information?
Personal data you provide to the Service. We may use the personal data you provide to the Service for the following purposes:
Data collected automatically. We may use the data collected automatically for the following purposes:
Do We Ever Share Your Personal Information with Third-Parties?
We share the information we collect as follows:
Legal Disclosures. We may disclose a Service user’s information (including personal information) where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes. We may also disclose personal information where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service for our Service, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Service or the general public.
Affiliates and Business Partners. We may share your information with affiliated companies and business partners. When you engage in promotions or Services offered through the Site, we may partner with another company to fulfill that offer. When you accept a particular business partner’s offer, you authorize us to provide your information to that business partner.
Service Providers. We may contract with independent contractors, vendors and suppliers to provide specific services related to the Service, such as third-party couriers, hosting and maintaining the Service, providing payment processing and fraud screening, data analysis, and developing applications for the Service, email services and marketing enrichment services. We may disclose a Service user’s information, or the information of the user’s customers, to these service providers as necessary for those service providers to provide their service.
Aggregate and De-Identified Information. We may also provide aggregate, anonymous or de-identified information about users and the Service for marketing and research purposes. For example, we might inform third parties regarding the number of unique users who visit the Service, the demographic breakdown of our registered users of the Service, and the educational progress of categories of users.
What Privacy Protections are there for third-party links used on the Services?
Content and information posted by the Company or our Users may contain links to other sites, including those of our business partners or affiliates. While we seek to link only to sites that share our high standards and respect for privacy and security, we are not responsible for the privacy practices used by other sites.
The Services, in line with almost every other mobile app or internet-based company, utilizes cookie technology to allow the company to improve the functionality of the service and improve your user experience. Your browser or device may allow you to block or delete cookies from our site, however, this may interfere with the functionality of our Service. Cookies collect information automatically even when a user is not logged into their account. The information collected may include information about the platform and operating system you are using, your browser type and version, computer and connection information, and what time you accessed the site. This information will be collected any time you access the Services unless you opt out.
What are cookies?
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. They are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as “first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the website (“third party cookies”).
Both websites and HTML emails may also contain other tracking technologies such as “web beacons” or “pixels.” These are typically small transparent images that provide us with statistics, for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way. As a result, if you disable cookies, web beacons may still load, but their functionality will be restricted.
Which cookies does The Company use?
Anytime you visit and use a Gratsy website, Gratsy or a third-party places cookies in your browser. Certain cookies are specific to features or specific preferences, and certain cookies will be used all the time. Four different types of cookies are used by The Company.
Essential Cookies. These are cookies are placed in your browser by the Company and are also known as “strictly necessary” cookies. These are necessary to allow you to move around the site and use its features, such as “Save and View Favorites.”
Analytics Cookies. Also known as “performance cookies,” analytics cookies collect information about visits to our sites and how the services we offer are being used. We use this data to make improvements and report our performance. For example, these cookies collect information about how visitors use our sites, which site the visitor came from, the number of each user’s visits and how long a user stays on the site. We might also use analytics cookies to test new ads, pages, or features to see how users react to them. Analytics cookies are primarily third-party cookies.
Functionality Cookies. Sometimes called “preference cookies,” these first-party cookies allow us to remember information you have entered or choices you have made (such as your username, language, region, and marketing preferences) on our sites, so the next time you visit the site you will not have to set them again. These cookies also allow us to provide a better user experience on our website.
Targeting Cookies. The Company and our advertising partners or other third-party partners may use these types of cookies, also known as “advertising cookies,” to deliver advertising and track ad performance, and enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioral” or “targeted” advertising) on our sites.
How can you manage and delete cookies?
Does the Company use any other user tracking technologies?
Technology used on the Internet is constantly changing. The company uses technology standard to the Internet, such as pixel tags, web beacons, and other similar technologies, to track visitors to our sites.
How do we respond to “Do Not Track” Signals?
Are There Any Age Restrictions for Use of the Company’s Services?
You must be at least 18 years old or older to gain access to our Services. These Services are not intended for those who are under 18 years old. The Company does not knowingly collect any information from anyone who is under 18 years of age and does so in compliance with the Children’s Online Privacy Protection Act. Services provided by Gratsy are directed solely to individuals who are at least 18 years old.
If we learn we have collected Personal Data from a child under 18 without parental consent, we will delete that information, unless we are legally obligated to retain such data. If you have any reason to believe we may have unknowingly collected data from a minor under the age of 18, please contact us at firstname.lastname@example.org or by mail at PO Box 1124, Bentonville, AR 72712.
What Rights do You have?
You have the following rights with respect to the personal data we hold about you:
What Additional Rights Do Nevada Users Have?
Under the Nevada Privacy Law (SB220), certain Nevada residents may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
The Company does not sell your personally identifiable information. However, if you are a Nevada resident who has utilized our Services, you may submit a request to opt out of any potential future sales under Nevada law by contacting us at email@example.com or by mail at PO Box 1124, Bentonville, AR 72712. If our policy on selling personal identifiable information changes, we will honor your request.
What Additional Rights Do California Users Have?
The California Consumer Privacy Act provides some California residents with the additional rights listed below.
Right to Know. You have the right to know and see what data we have collected about you over the past twelve (12) months, including:
Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:
Other Rights. You have the right to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclose to third parties for their own direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. You also have the right not to be discriminated against for exercising any of the rights listed above.
Exercising Your California Privacy Rights. To request access to or deletion of your personal information, or to exercise any other data rights under California law, you may contact us at firstname.lastname@example.org or by mail at PO Box 1124, Bentonville, AR 72712. Please include your full name and email address associated with your use of our services, along with why you are writing, so that we can process your request in an efficient manner.
Response Timing and Format. We aim to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.
What Additional Rights do EEA Residents Have?
We currently do not offer our Services outside of the continental United States, Alaska and Hawaii. However, if we were to expand and provide our services outside of the United States, the following would apply. If you are resident outside the United States, including in the EEA; European Economic Area (“EEA”), which includes the member states of the European Union (“EU”), we transfer Personal Data provided by you for processing in the United States, including Personal Information sent via e-mails or when you create an account. Under the GDPR, we are considered a “controller” and a “co-processor” of the Personal Data of EEA Residents. By providing Personal Data to us for the purpose of using the Service, website or mobile application, you consent to the processing of such data in the United States. The transfer of your Personal Data to the United States is necessary for the performance of a contract between you and us for your use of the website or mobile application.
Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.
Rights of EEA Residents
All processing of Personal Data of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council on the protection of natural persons regarding the processing of Personal Data and on the free movement of such data (“GDPR”).
Under the GDPR, we are both the controller and a co-processor of the Personal Data of EEA Residents. Our purpose for collecting and processing Personal Data from EEA Residents is to provide them with the features and functionalities of our website and Mobile Application and information regarding our services. The legal basis for collecting Personal Data is because it is necessary for performance of a contract between us to provide you with the website and Mobile Application and its related features and functionality. We also rely on your consent to receive information about our services. You may withdraw consent from receiving marketing and promotional communications by clicking the “Update Email Preferences” link on the communication. If EEA Residents do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such residents with certain features or functionalities of the website or Mobile Application or information regarding the services, including processing payments.
If you are an EEA resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us at email@example.com or by mail at PO Box 1124, Bentonville, AR 72712.
Additionally, if you are an EEA resident, we are hereby notifying you that we are processing your information in order to fulfill contracts we might have with you, or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to the United States.
Security of Transmission of Personal Information and Risks Related to the Internet
Our Site and Mobile Application have security measures in place to help protect against the loss, theft, misuse and unauthorized access, disclosure, alteration and destruction of the information under the company’s control. The Site and Mobile Application use no encryption (data scrambling) on certain portions of the website or app but does use encryption on portions where you are transmitting financial information, such as credit card information. When you are on any platform that asks you for confidential information, you should check to see if the information being transmitted is encrypted in order to increase the security of your information. Although every effort is made to ensure no one else will view, seize or obtain your information, complete confidentiality and security is not yet possible over the Internet. Any unencrypted email communication over the Internet is not secure or confidential, and is subject to possible interception, loss and alteration. The company, its agents, administrators, employees and affiliates may not be held liable for any damages you or anyone else may suffer or incur as a result of the transmission of confidential or sensitive information over the Internet, and all such communications will be made at your own risk.
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information under our control. For example, we seek to use Secure Sockets Layer ("SSL") technology.
Unfortunately, no data storage system or data transmission over the Internet can be guaranteed to be 100% secure. Please also be aware that we may use third-party cloud service providers that provide hosting, data storage and other services pursuant to standard terms and conditions that may be non-negotiable; these service providers have informed us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures.
How Are Users Notified of Any Changes to this Policy?
How Can I Contact the Company Regarding this Policy?