Last updated: April 28, 2023
We use your data to provide and improve the Services. By using the Services, you agree to the collection and use of information in accordance with this policy.
1. Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected:
- Personal Data: While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Cookies and Usage Data
- Usage Data: We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.
However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Services.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
2. Use of Data
We use the collected data for various purposes:
- To provide and maintain our Services.
- To notify you about changes to our Services.
- To allow you to participate in interactive features of our Services when you choose to do so.
- To provide customer support.
- To gather analysis or valuable information so that we can improve our Services.
- To monitor the usage of our Services.
- To detect, prevent, and address technical issues.
- We also collect information from you when you register on our site, place an order, subscribe to a newsletter or blog, fill out a form, use chat, request help, or enter information on our site.
3. Data Transfer
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.
4. Disclosure of PII Data
- We may disclose your PII to professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice, and managing legal requirements and matters.
- We may disclose your PII if required to do so by law or subpoena or if we believe that such action is necessary (a) to conform to the law, comply with a judicial or court order or comply with legal processes served on us or Affiliated Parties; (b) to protect and defend our rights and property, the Website, the users of the Website and/or our Affiliated Parties; or (c) to act as needed under the circumstances to protect the safety of users of our Website, ourselves or third parties.
- We may disclose your PII to third-party service providers, vendors, and subcontractors reasonably necessary to provide the Services. Such third-party provider’s vendors and subcontractors will only use the PII to the extent necessary to allow them to perform the services they provide to Prositions.
- We will only disclose your PII to third parties who provide sufficient guarantees that they implement appropriate technical and organizational measures in such a manner that their processing of your PII will meet the requirements of Data Protection Regulations (as defined below) and ensure the protection of your rights and with whom We have written contracts that conform to our legal obligations under Data Protection.
5. Data Security
- We use commercially reasonable and industry-standard physical, management and technical safeguards to preserve the integrity and security of your Personal Information.
- Our website is scanned on a regular basis for known vulnerabilities to make your visit to our site as safe as possible. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
- In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We implement a variety of security measures when a user places an order to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.
- We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential.
- We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
- We will notify you within the time required by applicable law, but no later than three business days from becoming aware of any data breach which compromises your information.
- No method of transmission over the Internet, or method of electronic storage, is 100% safe. Therefore, while We strive to use commercially acceptable means to protect PII, We cannot guarantee its absolute security.
6. International Transmission of Data
7. Retaining and Deleting PII
Our data retention policies and procedures are designed to help ensure that We comply with our legal obligations in relation to the retention and deletion of PII. We retain and delete your PII as follows:
- PII will be retained for the duration of the term, which Services are rendered to you after which period it will be deleted from our systems, unless otherwise required under applicable situations.
8. Third-Party Data Collectors
In general, the third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the Services they provide to us. However, certain third-party service providers have their own privacy policies in respect to the information we are required to provide to them for your related use.
- For these providers, we recommend that you read their privacy policies so you can understand the way your PII will be handled by these providers. Remember that certain providers may be in or have facilities that are located a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
9. Third-Party Links
Occasionally, at our discretion, We may include or offer third-party services on our Website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, We seek to protect the integrity of our site and welcome any feedback about these sites.
10. Your Rights
We have done our best to summarize the rights that you may have under applicable privacy and data protection laws and requirements. These are complex, and not all the details have been included herein. Considering this, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under Privacy and Data Protection Regulations are all or some of the following:
- The right to access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to object to processing.
- The right to data portability.
- The right to complain to a supervisory authority; and
- The right to withdraw.
We reserve all rights required to maintain compliance with a legal obligation, and/or the establishment, exercise, or defense of legal claims.
In accordance with the CAN-SPAM Act:
- We do not use false or misleading subjects or email.
- We identify applicable messages as an advertisement in some reasonable way.
- We include the physical address of our business headquarters.
- We monitor third-party email marketing services for compliance.
- We honor opt-out/unsubscribe requests.
- We allow users to unsubscribe by using the link at the bottom of each mailing piece.
12. California Online Privacy Protection Act, California Consumer Privacy Act, and California Privacy Rights Act
In accordance to CAOPPA, CCPA and CPRA, we adhere to the following:
- Ensure that the policy contains a section explaining your websites stance on online tracking and ensure it is clearly labeled. Explain how you respond to Do Not Track signals and whether or not you disclose personal information to any third parties.
- Disclose all of the ways personal data is collected and used and provide links, where possible, to any third parties that personal data may be shared.
- Disclose in the policy, any choices users have in relation to the collection, use and sharing of their personal information.
- Ensure accountable by providing clear contact details so that users can contact the Prositions with any questions or concerns they may have.
- A list of the categories of personally identifiable information the operator collects.
- A list of the categories of third parties with whom the operator may share such personally identifiable information.
- A description of the process (if any) by which the consumer can review and request changes to his or her personally identifiable information as collected by the operator.
- The Right to Notice. Inform users at or before the point of collection what types of personal information you will collect from them and why.
- The Right to Access: users should be able to request a business to disclose the categories of personal information collected about them, as well as the categories of third parties with which the business shares user information.
- The Right to Deletion: Users should be able to request the deletion of any personal information collected on them by a business.
- The Right to Opt-Out: Users should have the authority to stop the sale of their personal information to third parties. Minors aged 13-16 also have the right to opt-in to the sale of their data, while those aged under 13 require the prior consent of a parent or guardian.
- The Right to Equal Services and Prices: If a user chooses to exercise any of these rights, a business must not treat them any differently.
- The Right to Initiate Cause of Action: In cases of data breaches have rights to legal action.
- Right to correct: Correct inaccurate personal information.
- Right to limit use and disclosure: Can request limit of use and disclosure of sensitive personal information (social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership, the contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication, or a consumer’s genetic data).
13. COPPA (Children Online Privacy Protection Act)
- When it comes to the collection of PII from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ Consumer Protection Agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety.
- We do not market to children under the age of 13 years old, and 13-year-olds are prohibited from using this Website without proper consents from parents or legal guardians.
- By accessing and using our site, you represent that you are at least the age of majority in your state, province, or country of residence, or that you are the age of majority in your state, province or country of residence and you have given us your consent to allow any of your minor dependents to use this site.
14. Fair Information Principles
In accordance with Fair Information Practice Principles, we adhere to the following:
- Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
- Data Quality Principle. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
- Purpose Specification Principle. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
- Use Limitation Principle. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with [the Purpose Specification Principle] except: a) with the consent of the data subject; or b) by the authority of law.
- Security Safeguards Principle. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
- Openness Principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
- Individual Participation Principle. An individual should have the right:
- To obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
- To have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him;
- To be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and
- To challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.
- Accountability Principle. A data controller should be accountable for complying with measures which give effect to the principles stated above.
- If We are acquired or merged with another company, your information may be transferred to the new owners so that We may continue to provide our Services to you.
16. Contacting Us