Privacy Policy
CONTENTS
- WHO WE ARE
- INTRODUCTION
- DEFINED TERMS
- HOW WE COLLECT DATA
- TYPES OF DATA WE COLLECT
- WHY WE USE AND PROCESS DATA
- WHO WE SHARE DATA WITH AND WHY
- YOUR CHOICES ABOUT OUR USE OF DATA
- HOW LONG WE USE AND STORE PII
- HOW WE PROTECT DATA
- OPT-OUT PREFERENCES
- PERSONS RESIDING IN CALIFORNIA
- PERSONS OUTSIDE THE UNITED STATES, EU, EEA, UK AND SWITZERLAND
- PERSONS LOCATED IN THE EUROPEAN UNION, EEA, UK AND SWITZERLAND
- CONTACT US
- UPDATES TO THIS PRIVACY POLICY
1. WHO WE ARE
We are located at 137 N Larchmont Blvd, #641, Los Angeles, CA, 90004. Along with our affiliates (collectively, “Company Group”, or “we/our/us”), we own and operate a number of websites (the “Websites” or “Sites”) and mobile applications (the “Apps”).
This global Privacy Policy (“Privacy Policy”) applies to each Website and App that it appears on. By using our Services, you agree to our Privacy Policy.
2. INTRODUCTION
This Privacy Policy explains how we collect, use, process, share and store Data when you use our Services (both terms as defined below), explains rights that you may have under specific data privacy and protection laws, and provides instructions on how to exercise any rights that apply to you (collectively, “Data Laws”).
The rights discussed in the CCPA Notice are for residents of California. The rights discussed in the GDPR Notice are for persons located in the EU, EEA, UK or Switzerland. Depending on where you live or are located, these rights may not apply to you. Both the CCPA Notice and the GDPR Notice are provided as Addenda at the end of this Privacy Policy.
Our Websites, Apps and Services may include links to third-party websites, plug-ins, services, social networks or mobile applications. Clicking on those links, or enabling those connections, may allow the third-party to collect or share Data about you. We do not control these third parties, and you should read each of their privacy notices before you submit any information to them.
Paypal Notices
PayPal is an independent Controller for the purpose of Processing Customer Data. You can access Paypal’s Privacy Statement at: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
You should carefully read this document to understand our policies and practices for processing and storing Data. By interacting with our Services, you accept the policies and practices described in this Privacy Policy. This Privacy Policy may change from time to time (see Updates to This Privacy Policy), and your continued use of our Services after any change means you accept those changes. Please check the Privacy Policy frequently for any updates.
3. DEFINED TERMS
In addition to the terms already defined above, we provide these definitions:
“CCPA” means the California Consumer Privacy Act of 2018, as it may be amended from time to time.
“Data” is information about you that we collect, or that you provide to us, and may include PII.
“Device” means the computer, smart phone or other electronic device that you use to access the Services.
“Device Information” means information about a Device, including the IP address used to access the Services, associated cookies or cookie identifiers, and other information related to the formatting or presentation of the Services for your Device and includes information about the Device often stored in picture files, including Device type and the location you were in when you took the picture.
“EEA” means countries in the EU plus Iceland, Lichtenstein, and Norway.
“EU” means the countries which are currently members of the European Union.
“GDPR” means the General Data Protection Regulation of the European Union, and the equivalent Data laws of the EEA, United Kingdom and Switzerland.
“Identifiable Natural Person” is one who can be identified, directly or indirectly, by a single piece of data such as a name, an ID number, IP address, location data, an online identifier or by other data that, when combined, makes it possible to determine the identity of that natural person.
“Personal Data” means any information about an identified or Identifiable Natural Person who has rights under the GDPR (“Data Subject”).
“Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with a particular consumer, household or Device.
“PII” means personally identifiable information, which is information that can be used to identify a specific individual, including Data that may be classified as Personal Information subject to the CCPA Notice or Personal Data subject to the GDPR Notice.
“Services” means the Sites, Apps, and other services available from us.
4. HOW WE COLLECT DATA
We use different methods to collect Data, including:
Direct Interactions. These direct interactions include the contents of your communications with us, whether via e-mail, chat functionality, social media, telephone or otherwise, and inferences we may make from other personal information we collect. Where permitted by applicable law, we may collect and maintain records of calls and chats with our agents, representatives, or employees via message, chat, post, or similar functionality. Our chatbox vendors may also retain records of your chats with us.
Additionally, data from direct interactions may be collected through third parties that have their own privacy policies and procedures regarding the collection and processing of your data. When using the ChatGPT functionality on the Sites, you consent to our collection of and the transfer and processing of the data you provide in the chat, to ChatGPT.
These interactions also include data you provide when you create an account, subscribe to our Services, search for a product, place an order, upload a photo or other content, create a seller profile on our Services that offer seller capabilities, participate in discussion boards or other social media functions on our Services, enter a competition, promotion or survey, and when you report a problem with our Services. If you choose to make any seller profile that you create public, people may see your name, the country you designate in your profile, and your “About” details. You can adjust the privacy settings for your seller profile at any time.
Automated Technologies or Interactions. As you interact with our Services, we may automatically collect Data about your Device and your browsing actions and patterns, even if you do not create an account or place an order with us. We collect this Data by using cookies, server logs, and other similar technologies. You can block cookies in your browser by activating the settings that allow you to refuse all or some cookies. IMPORTANT NOTE: if you use your browser settings to block all cookies (including essential cookies), the Services may not function properly or may not work at all.
Cross-Device Tracking: Some of our Services use data analytics companies, advertising networks, and/or social media companies to engage in “cross-Device tracking,” which occurs when platforms, publishers, and advertising technology companies try to connect a consumer’s activity across smartphones, tablets, desktop computers, and other connected devices. Cross-Device tracking enables us to link your behavior with our Services across Devices.
Third parties or Publicly Available Sources. We utilize tracking technologies, including pixels and web beacons, to collect information about your interactions with our Services and other websites. These tools may collect data that can be used to identify you, such as your IP address, device information, and browsing history. This data may be shared with third-party service providers, such as advertising networks and analytics companies, to enhance our Services and for marketing purposes.
User Contributions. You may also provide us with Data to post on the Services or to transmit to third parties (collectively, "User Contributions"). User Contributions are submitted at your own risk. We limit access to certain pages, and you can also adjust privacy settings for User Contributions by logging into your account profile. However, we cannot and do not guarantee that unauthorized persons will not be able to view your User Contributions.
By continuing to use our Services, you agree to our Privacy Policy.
5. TYPES OF DATA WE COLLECT
PII We Collect
We collect PII including your name, billing address, delivery address, e-mail address, telephone number, IP address, credit/debit card numbers and other financial information needed to complete your transactions with us, photos and other content you upload, any profile image you provide, user IDs and/or passwords used to access the Services, your Services browsing history, and any phone number used to call our customer service number. Depending on the Services you use and the products you choose to customize, you may also provide us with video and voice recordings, age, date of birth, gender and other similar information.
Device Information
We collect information relating to the Device(s) you use to access the Services, including the Device model, operating system, browser type, IP address, and event information from use of the Services.
Mobile App
Depending on your permissions, if you download and use our Apps, we may collect or access certain information from your mobile Device including:
- Your contacts so you can select a chosen contact to ship your order to. Once you select a contact from your mobile Device, that contact’s information will be stored in our database and their postal address and phone will be used for delivery of your order and for sending you reminders of special occasions that you recorded in the Services; and
- Your phone number, entered by you in response to our request and stored in your account data, as required for shipping in some countries and for retail pickup orders in countries where that option is provided.
Community Postings
You can post information on our blogs, forums, or other public posting areas. Any information you disclose is available to anyone with internet access. You do not have to use these features, but if you do, please use common sense and good judgment when posting in these community spaces or sharing your personal information with others through the Services.
Other Data We Collect
In addition to PII, we collect other Data from you when you use the Services, including:
- Data that neither directly nor indirectly reveals your identity nor directly relates to you, such as statistics, or aggregated information. For example, we may aggregate Data to calculate the percentage of users accessing a specific Website, App, or feature of our Services;
- Technical information, including browser type and version, or operating system and platform; and
- Data about your interactions with our Services, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Services (including date and time), products you viewed or searched for or (in the case of some of our Services) “favorited”; Service response times, download errors, length of visits, interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away.
Shopify
Our store is hosted on Shopify, Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases, and the general Shopify application. They store your data on a secure server behind a firewall.
Payments. If you choose a direct payment gateway to complete your KITSCH purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After the transaction is complete, your transaction data is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standard Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service or its Privacy Statement.
Data About Children
We do not knowingly collect, use, process, share or store PII from children under the age of 18. The Services are not intended for use by children under the age of 18. If you believe that we have unknowingly collected PII from a child under the age of 18, contact us as soon possible at admin@mykitsch.com
RAKUTEN
We partner with Rakuten Advertising, who may collect personal information when you interact with our site. The collection and use of this information is subject to the privacy policy located here: https://rakutenadvertising.com/legal-notices/services-privacy-policy/
6. WHY WE USE AND PROCESS DATA
Use and Processing of PII
We may use and process PII that is either collected by us or provided by you for the following purposes:
- Providing the Services in the manner most effective for you and your Device;
- Fulfilling your orders placed through the Services;
- Making interest-based suggestions and recommendations about our products and Services;
- Assessing the effectiveness of our advertising and tailoring our advertising so you receive only what is relevant to you;
- Improving the Services and notifying you about changes;
- Managing your customer relationship with us;
- Enabling your participation in our Services' interactive, social media, or other similar features;
- Integrating social media into your experience with our Services;
- Carrying out your support requests;
- Notifying you about unfinished transactions, unused credits, or order status;
- Sending you information about discounts, special offers, and new products;
- Managing the Services, including troubleshooting, data analysis, testing, research, statistical analysis, security, quality control, and fraud prevention;
- Verifying your identity;
- Reminding you of special occasions;
- Performing billing, administration, seller payment and collections functions;
- Protecting the Services and our employees and operations;
- Marketing to you directly through the social media platforms that you use and through other websites;
- Sharing information with law enforcement agencies in response to inquiries and with other third parties when required by law and pursuant to our internal policies;
- Carrying out activities related to any of the above, or any other purpose for which the Data was collected, including dispute resolution and protection of our legal rights or the rights of third parties.
Use and Processing of Other Data
We may use Data that is not PII for any business purpose.
You can manage your preferences about how your Data is used by following the instructions in each form or communication you receive from us. For more information, see Your Choices About Our Use of Data.
7. WHO WE SHARE DATA WITH AND WHY
Sharing of PII
We may share Data within our Company Group to comply with internal, contractual and legal obligations, and for marketing activities.
We may also share Data with third parties as follows:
- Business partners, suppliers, service providers, subcontractors and other third parties to enable them to provide services such as fulfillment, billing, IT, logistics, delivery, communication, cybersecurity, fraud protection, and legal/audit;
- Social media platforms;
- Advertisers and ad networks; including identifying and engaging with social influencers;
- Public, governmental, or regulatory authorities and institutions; and
- Potential buyers, investment banks or financial institutions in connection with any contemplated or actual corporate reorganizations or business transactions such as evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Data held by us about our users is among the assets transferred (each, a “Reorganization Use”).
- Courts, law enforcement authorities, regulators, attorneys or other third parties in connection with the establishment, exercise, or defense of legal claims.
Sharing of Other Data
We may share other Data without restriction.
8. YOUR CHOICES ABOUT OUR USE OF DATA
Transactional Emails: We occasionally send transactional emails notifying you about your orders, account information, changes to the Services, updates to our online documents, and other matters. You may not opt out of transactional emails.
Promotional Offers: You can stop receiving promotional offers by following opt-out links in each promotional message, or contacting us at info@mykitsch.com and requesting your removal from our promotional offers list.
Push Notifications on Mobile App: Depending on your Device, push notifications may be turned on by default. You can opt out of push notifications at any time by adjusting your Device settings.
Tracking Technologies and Advertising: You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you refuse all cookies, you will be unable to use the Services. If you disable or refuse some cookies, parts of our Services will be inaccessible or not function properly. For more information about tracking technologies, please see Automated Technologies or Interactions above.
Updating PII. If you wish to update your account information, you may log into your account and make changes, or contact us via the Contact Us link in the App or Website you are using, and we will update or correct any account information at your request. For EU Data Subjects, please use the form located at the Manage Personal Information link at the bottom of each webpage to request correction of your PII.
9. HOW LONG WE USE AND STORE PII
We retain personally identifiable information (PII) only for the period necessary to fulfill legal, regulatory, and business obligations.
10. HOW WE PROTECT DATA
The Services have physical, electronic, and administrative security measures in place designed to protect against the loss, misuse, and unauthorized access, use, alteration, or disclosure of Data under our control. When you submit credit card information through the Services, we create a nonce so your credit card information is never stored by us. While no transmission over the internet can be guaranteed as 100% secure, and we strive to protect PII during transmission, we cannot ensure or warrant the security of any Data that you transmit to or receive from us. We urge you to take steps to keep Data safe (including your account password), log out of your account after use, and close your web browser.
11. OPT-OUT PREFERENCES
You may opt-out of receiving email marketing communications from us by using the “unsubscribe” link in our emails, or by emailing us at info@mykitsch.com. To opt-out of physical mailings and telephone communications, or to add your name to our do-not-share list, you may email us at the admin@mykitsch.com or call us at 424-240-5551. We will be sure your name is removed from our list (and the list we may share with third parties) as soon as possible after we receive your request. Please be aware, however, that even after your request is processed, we may, for a time, retain residual information about you in backup and/or archival copies of our database.
12. FOR PERSONS RESIDING IN CALIFORNIA
This for Persons Residing in California (this “CCPA Notice”) supplements the Privacy Policy and applies only to residents of the State of California. This CCPA Notice is provided in compliance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA), and any terms defined in the CCPA have the same meaning when used in this CCPA Addendum.
13. FOR PERSONS OUTSIDE THE UNITED STATES, EU, EEA, UK AND SWITZERLAND
You confirm that your command and knowledge of the language in which this Privacy Policy is written is sufficient to understand the terms and conditions in this Privacy Policy. If you live in the European Union, EEA, UK or Switzerland, or are located outside the United States: (i) you acknowledge that by using the Services, personal data about you may be transferred to our servers or third-party servers located in the United States in connection with the purposes stated in this Privacy Policy and expressly consent to such transfers, and (ii) you understand that the laws with respect to the protection of Data in the United States may not be as stringent as those in your home jurisdiction. If you live in or are in the European Union, EEA, UK or Switzerland, the Addendum for Persons Located in the European Union, UK, EEA and Switzerland EU below describes additional rights you might have.
14. GDPR Notice
We adopt this GDPR Notice to comply with GDPR, and any terms defined in GDPR (including Personal Data) have the same meaning when used in this GDPR Notice.
IN GENERAL
We do not intentionally collect, use, process, share or store special categories of Personal Data, although you may provide information which constitutes special category Personal Data as part of your personalization choices.
WHO IS RESPONSIBLE FOR PERSONAL DATA ABOUT YOU?
We are responsible for Personal Data about you. Specifically Personal Data is controlled by:
Attn: Privacy Officer
Kitsch
137 N Larchmont Blvd, #641
Los Angeles, CA, 90004
USA
We have appointed ITG EU & GRCI Law to act as our EU and UK Representatives, respectively. If you wish to exercise your rights under EU GDPR or the UK GDPR or have any queries in relation to your rights or privacy matters generally please email from Europe admin@mykitsch.com, or from UK insert kitsch uk email.
We may need to request additional information from you to confirm your identity before responding to your request or question.
ON WHICH EU LEGAL BASIS DO WE PROCESS PERSONAL DATA ABOUT YOU?
Depending on the specific purpose or purposes for the processing of the Personal Data, we rely on the following legal grounds:
- Performance of your customer contract or other contractual obligations or in order to take steps before entering into a contract with you;
- Compliance with a legal obligation (such as record obligations for commercial or tax purposes or other regulatory obligations);
- Protection of your vital interests or the vital interests of another natural person; or
- Our legitimate interests or those of any third-party recipients that receive the Personal Data, provided that such interests are not overridden by your interests or fundamental rights and freedoms;
- Important reasons of public interest;
- The establishment, exercise or defense of legal claims.
Legitimate interests include, for example, developing and improving our internal administration or business and service processes, marketing and reputation activities, keeping our records up to date, handling and managing our legal and contractual duties and obligations, and compliance with internal and legal policies and regulations that apply to us.
In addition, we process Personal Data to let you know about updates to products and services you have purchased from us or expressed interest in before.
NOTICE RE: EU-U.S. AND SWISS-U.S. PRIVACY SHIELD, CJEU SCHREMS II RULING AND EU STANDARD CONTRACT CLAUSES (SCC)
We have withdrawn from the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States as further described below.
On July 16, 2020, the European Court of Justice (CJEU) determined that the EU-U.S. Privacy Shield framework is no longer valid for the transfer of Personal Data from the European Economic Area (EEA) to the U.S. (known as the Schrems II decision). The Schrems II decision also placed additional compliance requirements on the use of EU Standard Contract Clauses (SCC) for the transfer of EU/EEA Personal Data to the U.S. by companies subject to Section 702 of the U.S. Foreign Intelligence Surveillance Act (FISA) and/or Executive Order 12333 (E.O. 12333).
We know our customers, website visitors, and business partners care deeply about privacy and data security.
First, please know that it is our good-faith belief that the types of EU/EEA Personal Data we collect, use, process, share and/or store in the U.S. are not of the types of Personal Data that would be subject to requests from U.S. government authorities pursuant to FISA Section 702 and/or E.O. 12333.
Second, please note that as part of our good-faith efforts to comply with applicable data protection laws, we strive to continue to store and process EU, EEA, UK and Swiss Personal Data in Ireland, on servers located in the EU. In compliance with the GDPR and other applicable laws we also implement at-rest data encryption, data minimization and need to know access to Personal Data.
Third, although we have withdrawn from Privacy Shield, we are retaining the data collected during our participation, and are providing adequate protection for such data.
Fourth, when international transfer of Personal Data is necessary to perform a contract with you, or in individual cases for the purposes of our compelling legitimate business interests, we will use SCC to comply with our internal policies, contractual and legal obligations.
If you represent one of our service providers or business partners and your organization is a party to an agreement with us that includes EU Standard Contract Clauses (SCC) for compliance with EU/EEA data protection laws, please contact us at admin@mykitsch.com to discuss whether any updates to our agreement are needed resulting from the Schrems II decision.
Trust is a top priority for us, and we will continue to work vigilantly to ensure that our customers, website visitors, and business partners are able to continue to enjoy the benefits of our Services securely, compliantly, and without disruption.
YOUR CONSENT TO TRANSFER OF PERSONAL DATA
In addition to the above, we may also process, store, and/or transfer Personal Data we collect about you, in and to a country outside the EU including the United States. Those other countries may have different privacy laws that may or may not be as comprehensive as your own.
By submitting Personal Data or interacting with our Services, you consent to this transfer, storing, and/or processing including in the United States.
-
a. Your Personal Data Use Choices
See Section 8 (Your Choices About Our Use of Data). - b. How Can I Access or Correct Personal Data About Me?
You may exercise your access, correction or deletion rights by using the form located here or by clicking the link at the bottom of each webpage. Alternatively, you may send us an email from Europe at admin@mykitsch.com, or admin@mykitsch.com. to request access to, correction, or deletion of Personal Data that you have provided to us. If Data is deleted by us at your request, we will not be able get it back for you if you change your mind in the future. We may not be able to grant a request to change or delete Personal Data about you if we believe the change or deletion would violate any law or legal requirement or negatively affect the accuracy of the Data.
15. CONTACT US
If you have any concern about the privacy practices of the Services, please contact us at the following address with a detailed description of your concern, and we will try to resolve it:
If you are in Europe,
If you wish to exercise your rights under EU GDPR or the UK GDPR or have any queries in relation to your rights or privacy matters generally please email from Europe admin@mykitsch.com or from UK, admin@mykitsch.com.
16. UPDATES TO THIS PRIVACY POLICY
Please check this Privacy Policy periodically to inform yourself of any changes. We reserve the right to modify this Privacy Policy at any time, so you should review it frequently. If we make material changes to this Privacy Policy, we will post notice of the changes on the Services homepage and/or as required by law notify you by email using the current email address for your account.
HOW WE COLLECT PERSONAL INFORMATION
We collect “Personal Information” as defined in the CCPA. We collect Personal Information from the following categories of sources:
- Directly from you. For example, from your creation of an account, forms you complete or products you purchase and Services you use, and when you participate in a contest or survey.
- Indirectly from you. For example, from your interactions with the Services.
- From other companies in our Company Group.
- From our business partners and service providers.
HOW WE SHARE PERSONAL INFORMATION
Category of Personal Information Collected |
Collected |
Categories of Sources from Which Personal Information is Collected |
Purpose of Collection |
Categories of Third Parties We Share Personal Information With for a Business Purpose |
Category of Third Parties to whom Personal Information is Sold or Shared |
Retention Period |
Identifiers, such as your name, address, phone number, Internet Protocol (IP) address, email address, social media handles, and account name. |
Yes |
You, if you choose to provide it to us. |
To respond to your communications to us. |
Our Service Providers, such as our Website host, payment processors, social networks, order fulfillment processors, and analytics providers. |
We do not sell or share this category of Personal Information. |
N/A |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as your name, address, phone number, credit or debit card number. |
Yes |
You, if you choose to provide it to us. |
To fulfill your orders. |
Our Service Providers such as delivery companies, payment processors, order fulfillment providers, printers, product distributors, social networks, advertisers, and data analytics providers. |
We do not sell or share this category of Personal Information. |
N/A |
Protected Classifications, such as age (40 years or older), gender, etc. |
Yes |
You, directly. |
To analyze the demographics of our customer base. |
Service Providers such as data analytics providers. |
We do not sell or share this category of Personal Information. |
N/A |
Commercial information, such as products or services purchased, obtained, or considered. |
Yes |
You, when you use the Services. |
To fulfill your orders and provide current and future Services to you. |
Service Providers who help us determine our product mix and analyze our customer’s shopping and purchase preferences. |
Advertisers and social networks |
N/A |
Biometric information |
No |
N/A |
N/A |
N/A |
N/A |
N/A |
Internet network and electronic device activity, such as browsing history, search history, and information on your interaction with an internet website, application, or advertisement. |
Yes |
You, through your Device when you use the Services. |
Providing you with a good experience when you use the Services, such as the ability to serve content in your preferred language, provide pricing in local currency, store your user ID and/or password for your convenience, or pre-populate fields in your use of the Services. |
Our Service Providers such as data analytics providers. |
Advertisers and social networks |
N/A |
Geolocation data |
Yes |
You, if you choose to provide it to us. |
Responding to your requests for information. |
Our Service Providers such as delivery companies and fraud prevention companies. |
We do not sell or share this category of Personal Information |
N/A |
Audio, electronic, visual, thermal, olfactory, or other information, such as audio recordings when you call our customer service telephone number, photographic or other images. |
Yes |
You, if you choose to provide it to us, or another customer provides it to us. |
Improvement of Services and Customer Service training |
Service Providers such as our Customer Service ticketing platform |
We do not sell or share this category of Personal Information |
N/A |
Professional or employment-related information |
No |
N/A |
N/A |
N/A |
N/A |
N/A |
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). |
No |
N/A |
N/A |
N/A |
N/A |
N/A |
Inferences drawn from personal information, such as a person’s preferences, characteristics, trends, predispositions, behavior, and attitudes. |
Yes |
Advertising networks, data analytics providers, and special occasions based on our review of product orders. |
Targeted advertising, marketing analytics, reminders of special occasions. |
Our Service Providers such as data analytics providers. |
Advertisers and social networks |
We disclose Personal Information to our Service Providers, Contractors and third-parties for business purposes pursuant to written agreements or contracts.
SUMMARY OF CATEGORIES OF PERSONAL INFORMATION COLLECTED, SOURCES, AND CATEGORIES OF THIRD PARTIES SHARED WITH
The table below summarizes the categories of Personal Information collected, used and shared by us or our Service Providers and Third Parties within the last twelve (12) months.
YOUR CCPA RIGHTS AND CHOICES
The CCPA provides California residents with specific rights regarding Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
- CCPA ACCESS TO SPECIFIC INFORMATION
If you are a California resident, you have the right to request that we disclose certain information to you about our collection and use of Personal Information about you over the past 12 months. Once we receive and confirm your verifiable CCPA request (see Exercising CCPA Access and Deletion Rights below), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we disclose that Personal Information for a business purpose.
- The specific pieces of Personal Information we collected about you.
- The categories of Personal Information shared for cross-context behavioral advertising purposes, and the categories of recipients to whom the Personal Information were disclosed for those purposes; and
- The categories of Personal Information sold (if any), and the categories of third parties to whom the Personal Information was sold.
- CCPA DELETION REQUEST RIGHTS
California residents have the right to request that we delete any of the Personal Information that we collected from them and retained, subject to certain exceptions. Once we receive and confirm your verifiable CCPA request (see Exercising Your CCPA Rights below), we will delete (and direct our Service Providers to delete) Personal Information about you from our records, unless an exception applies.
We may deny your deletion request if retaining the Personal Information is necessary for us or our Service Provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair intended functionality.
- Exercise free speech, ensure the right of another CCPA user to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Enable solely internal uses that are reasonably aligned with user expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of the Personal Information that are compatible with the context in which you provided it.
- CCPA CORRECTION REQUESTS
California residents have the right to request that we correct any incorrect Personal Information that we collect or retain about them, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will correct (and direct any of our service providers that hold your data on our behalf to correct) your Personal Information from our records, unless an exception applies. We may deny your correction request if (a) we believe the Personal Information we maintain about you is accurate; (b) correcting the Personal Information would be impossible or involve disproportionate; or (c) if the request conflicts with our legal obligations.
- CCPA RIGHT TO OPT OUT OF SALES OR SHARING OF PERSONAL INFORMATION
California residents have the right to direct us not to “sell” their Personal Information to third parties for monetary or other valuable consideration, or “share” their Personal Information to third parties for cross-context behavioral advertising purposes.
- EXERCISING CCPA RIGHTS
To exercise the CCPA rights described above, please submit a verifiable CCPA request to us here or email us at admin@mykitsch.com
Only you, or someone legally authorized to act on your behalf, may make a verifiable CCPA request related to Personal Information about you. You may also make a verifiable CCPA request on behalf of your minor child. To designate someone legally authorized to act on your behalf, you may upload proof of the authorization to admin@mykitsch.com
You may make a verifiable CCPA request for access only twice within any 12-month period. The verifiable CCPA request must:
- provide sufficient information that allows us to reasonably verify you are either the person we collected Personal Information about or their authorized representative, which may include information that you have already provided to us, such as your name and email address; and
- describe your CCPA request in sufficient detail so that we can properly understand your request and respond to it.
We may not respond to your CCPA request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information is about you or someone you are legally authorized to act on behalf of. Making a verifiable CCPA request does not require you to create an account with us.
We will use Personal Information provided in a verifiable CCPA request only to verify the requestor’s identity or authority to make the request.
- CCPA RESPONSE TIMING AND FORMAT
We endeavor to respond to verifiable CCPA requests within forty-five (45) days of their receipt. If we require more time (up to 90 days) to respond to your request, we will inform you in writing of the reason and the needed extension period. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response to the email address you provide on the CCPA Request Form.
Any CCPA disclosures we provide will only cover the 12-month period preceding our receipt of your verifiable CCPA request. Our response will also explain the reasons we are not complying with your CCPA request, if applicable.
We do not charge a fee to process or respond to your verifiable CCPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the CCPA request warrants a fee, we will tell you why and provide you with a cost estimate before completing your request.
- CCPA NON-DISCRIMINATION
We do not discriminate against California residents for exercising their CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you with a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- CCPA NOTICE OF FINANCIAL INCENTIVE
We may offer you financial incentives for the collection, sale, retention, and use of your personal information as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels.
Pursuant to the CCPA, this Notice is to provide you with information regarding any financial incentive or “price or service difference" that we may provide in exchange for your personal information. The Personal Information collected from you in exchange for financial incentive or “price or service difference” may include collecting the following categories of personal information from customers who participate: identifiers; customer records; protected class and demographic information; commercial information and preferences; internet or other electronic network activity information and device information; audio, electronic, visual, or other sensory information; and inferences.
In order to participate in our rewards program(s) and use our services, you may provide Personal Information from time to time, directly or indirectly, in exchange for cash, gift cards, or other financial incentive, or price or service difference, the amount or nature of which will be specified in each instance at the time the Personal Information is to be submitted. You can opt-in to the financial incentive or price or service difference by submitting Personal Information. If you wish to opt-out of the financial incentive or price or service difference, do not submit the Personal Information. If you opt-in and subsequently wish to withdraw from the financial incentive or price or service difference, you may request such withdrawal by contacting us here or email us at admin@mykitsch.com.
Each financial incentive or price or service difference related to the collection and use of Personal Information is based upon our sole reasonable, good-faith determination of the estimated value of such information to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized by rewarding brand loyalty. We calculate the value of the offer and financial incentive by using the expense related to the offer. By participating in any of the above promotional programs, you agree that the benefits are reasonably related to the value of the Personal Information collected and contained.
OTHER CALIFORNIA PRIVACY RIGHTS
In addition to your rights under the CCPA, California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes. If you would like more information about our compliance with California’s “Shine the Light” law, please send an email to admin@mykitsch.com or write us at:
Attn: Privacy Officer
Kitsch
137 N Larchmont Blvd, #641
Los Angeles, CA, 90004
USA
CHANGES TO THIS CCPA NOTICE
We reserve the right to amend this CCPA Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the Services and update the Notice’s effective date. Your continued use of the Services following the posting of any changes to this Notice constitutes your acceptance of those changes.
CCPA CONTACT INFORMATION
If you have questions or comments about this Notice, the ways in which we collect and use Personal Information, your choices and rights regarding such use, or you wish to exercise your rights under California law, please contact us at:
Email: admin@mykitsch.com
Web Form: here
Postal Address: Attention: Privacy Officer, Kitsch, 137 N Larchmont Blvd, #641 Los Angeles CA, 90004.
Updated: 04/06/2024