We know you are concerned about your privacy, and [Company] LLC and its affiliates are too, and we want you to be familiar with how we collect, use and disclose information, this Privacy Policy [company] practices in connection with information that we collect through the website or [specify if anything other than website is to be included] owned and controlled by [Company] from which you are accessing this Privacy Policy (respectively, the “Site” and the “[as specified]”), as well as offline where notice is legally required. By providing Personal Information to [company], you agree to the terms and conditions of this Privacy Policy.
WHAT WE MEAN BY “PERSONAL INFORMATION”
“Personal Information” is information that identifies you as an individual or that can be used to identify you when combined with other available information about you. We collect Personal Information when you interact with us online and participate in various opportunities that we provide. We may combine Personal Information that we collect about you with Personal Information you provide to [company] through other sources, such as product registrations, inquiries or marketing events. We will use the combined Personal Information in accordance with this Privacy Policy for as long as it is combined.
Information may include:
- Name
- Postal address (including billing and shipping addresses)
- Telephone or fax number
- Email address
- Credit and debit card number
- Vendor Tax ID numbers
- National ID numbers such as Social Security Numbers
- Financial information when you apply for credit
- Purchase history
- Biometric information when it is necessary for you to obtain access to a location
- (for example)
- Demographic information and other information provided by you
- IP Address
HOW WE COLLECT PERSONAL INFORMATION FROM AND ABOUT YOU
[company] may collect Personal Information when you interact with us online or offline, or participate in various opportunities that we provide, for example:
- When you visit out website or any social media account(s)
- Authorize us to communicate with you
- When you contact us for additional information
- When you raise a question or complaint, for example to our [UAN/HOTLINE] or our official email address.
- When you create a business account with us
- When you order a service or product(if applicable)
- When we conduct market research
- When we meet you at a trade show or other event
- When you provide your personal details to our team [specify which team]
- When you visit our location(s) and need to establish/prove your identity to gain access
- Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type, screen resolution, OS, browser type and version.
- Using cookies [if applicable]
- IP Address is identified and logged automatically in [company’s] server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many web sites.
HOW IS YOUR PERSONAL INFORMATION USED BY [COMPANY]
[Company] uses your Personal Information for four basic purposes:
To fulfil your requests; complete [mention service being provided] agreement/contract; to operate our business and improve your online experience; to comply with legal obligations.
Purposes pursuant to fulfilment of an agreement or pre-contractual measures.
- When it is necessary for the performance of a contract or to fulfill your request.
- Respond to your inquiries and fulfill your requests, such as to send you e- mail alerts.
- Complete and fulfill your [order/request], for example, to process your payments, communicate with you regarding your [order/request] and provide you with related customer service.
- To send you important information regarding the Site [or App], changes to [company’s] terms, conditions, and policies and/or other administrative information.
- Personalize your experience on the Site by presenting services and offers tailored to you.
- Allow you to participate in sweepstakes, contests and similar promotions and to administer these activities.
- Allow you to communicate and interact with others through the Site or App (for example, through a blog, message board, messaging functionality, chat functionality, profile or other social media).
- Permit you to register and participate in technology forums and other events with [company].
Purposes within the framework of a legitimate interest on our part or of third parties.
- In addition to the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties. Your data shall only be processed to the extent that you do not have any overriding interests against such processing such as in particular for the following purposes.
- When the processing is necessary for our legitimate interests to enhance our services, campaigns and website.
- To enable [company] business purposes, such as data analysis, audits, researching and developing new products, enhancing [company’s] website,
- improving [company’s] services, developing marketing events, identifying usage trends and determining the effectiveness of [company’s] promotional campaigns. If possible, we will use anonymized data for these purposes, but in the event, we use or combine it with Personal Information we will treat it in accordance with this Privacy Policy for as long as it contains Personal Information.
- To secure access to our systems and facilities.
- [company] uses IP Addresses for purposes such as calculating Site usage levels, helping diagnose server problems, administering the Site and presenting content that is tailored to your [region/country].
Purposes within the framework of your consent.
- With your consent. You have the right to withdraw your consent at any time using [specify unsubscribe mechanism]
- Send you marketing communications that we believe may be of interest to you,
- including information about [trade shows/gatherings/seminars] when you have opted-in to receive such communications.
Purposes within the framework of compliance with a legal obligation
- As we believe to be necessary or appropriate:
(a) under applicable law, including laws outside your country of residence;
(b) to comply with legal process;
(c) to respond to requests from public and government authorities including public and government authorities outside your country of residence;
(d) to enforce [company’s] terms and conditions;
(e) to protect [company’s] operations;
(f) to protect [company’s] rights, privacy, safety or property, you or others;
(g) to allow [company] to pursue available remedies or limit the damages that we may sustain;
(h) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of this Privacy Policy and/or attempts to harm our business or visitors.
- When processing is necessary to comply with a legal obligation.
TO WHOM YOUR PERSONAL INFORMATION IS SHARED
Except to the extent necessary to fulfill our business obligations as described in this Privacy Policy, or to accomplish a disclosure requested or authorized by you based on your express advance consent, we do not sell, transfer, or otherwise disclose the personal information we collect from and about you.
We share your personal information as necessary to complete any transaction that you have requested or authorized. In addition, we share Personal Information among [company’s] [affiliates/subsidiaries] and with vendors or agents working on our behalf for the purposes described in this policy.
Disclosures to Third Parties Based on Your Consent or Express Request
- When you participate in features on a [company] [or its affiliates], social media platform [or App] that provide the opportunity to interact with [company] and with others (for example a blog, message board, messaging functionality, chat functionality, profile or other social media), you should be aware that any information that you submit, including your name, location and e-mail address, may be publicly available to others. We are not responsible for any information you choose to submit through these features, and we strongly discourage you from disclosing any sensitive Personal Information (such as health or credit card information) through these features. If you use these features, your Personal Information may remain on the Site [or App] even after you cease use of the Site [or App].
- To identify you to anyone to whom you send messages through the Site or one of our social media accounts.
Disclosures to our Affiliates and Subsidiaries
- Within the [Stern Group of Companies] for the purposes described in this Privacy Policy. The [Company] and the local affiliate with whom you are interacting are jointly responsible for the management of the jointly-used Personal Information.
Disclosures to Third-Party Service Providers Acting on Our Behalf
- To [company’s] third party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, product distribution, infrastructure provision, IT services, customer service, email delivery services, location security, credit card processing, auditing services and other similar services to enable them to provide services.
- To third parties such as agents and distributers to facilitate the sale and distribution of [company’s] services which may include marketing communications.
- To third parties sponsors of sweepstakes, contests and similar promotions.
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of [company] business, assets or stock (including in connection with any bankruptcy or similar proceedings).
Disclosures for Other Legal and Business Purposes
- As we believe to be necessary or appropriate:
(a) under applicable law, including laws outside your country of residence;
(b) to comply with legal process;
(c) to respond to requests from public and government authorities including public and government authorities outside your region/country of residence;
(d) to enforce [company’s] terms and conditions;
(e) to protect [company’s] operations;
(f) to protect [company’s] rights, privacy, safety or property, you or others; and
(g) to allow [company] to pursue available remedies or limit the damages that we may sustain.
CONTROL OF YOUR PERSONAL INFORMATION
[company] gives you many choices regarding [company’s] use and disclosure of your Personal Information for marketing purposes. We will only use your Personal Information for marketing purposes with your prior consent.
However, by contacting the [specify the respective company’s dept] you may opt-out from receiving future electronic marketing messages from [company] and request that we not share your Personal information with unaffiliated third parties for their marketing purposes.
We will respond to your request(s) as soon as reasonably practicable. Please note that if you opt-out as described above, we will take reasonable steps to inform unaffiliated third parties with which [company] has already shared your Personal Information of the removal of your consent (i.e., to which we have already provided your Personal Information as of the date that we implement your opt-out request). Please also note that if you do opt-out of receiving marketing-related messages from [company], we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.
SUBJECT ACCESS REQUESTS
How you can access, change or suppress your Personal Information
If you would like to review, correct, update, suppress, delete or otherwise limit [company] use of your Personal Information that has been previously provided to [company], you may contact the [specify the respective company’s dept].
In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Information suppressed from a [Company] database or otherwise let [company] know what limitations you would like to put on [ use of your Personal Information. We will respond to your request without undue delay. We will also take reasonable steps to inform unaffiliated third parties with which [company] has already shared your Personal Information of the request to rectify or remove the Personal Information.
RAISING A COMPLAINT
[company] is committed to resolving complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Policy are encouraged to first contact [company] at [dedicated email address if any]. You may also contact the Data Protection Authority / Supervisory Authority in the country of your habitual residence or place of work.
OTHER IMPORTANT PRIVACY INFORMATION
SECURITY
[company] uses reasonable organizational, technical and administrative measures to protect Personal Information under [company] control.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with [company] is no longer secure (for example, if you feel that the security of any account you might have with [company] has been compromised), please immediately notify [company] of the problem by contacting [company] in accordance with the “Contacting Stern” section below.
RETENTION PERIOD
We will retain your Personal Information for the [period] to fulfill the purposes outlined in this Privacy Policy, to perform a service you have requested, or for which you have given consent, or such longer retention period as is required for our business purposes and applicable law.
CROSS BORDER TRANSFERS
Your Personal Information may be stored and processed in any country where we have facilities or where we have engaged a service provider, and by using [company] Site [or App] you consent to the transfer of information to countries outside of your country of residence, including to the United States, which may have different data protection rules than in your country.
Transfers of EU Personal Data to the United States
When required these transfers of EU personal data to the U.S. are also protected by [company] through [Privacy Shield certification] and by its use of EU Standard Contractual Clauses when transferring EU personal data to entities and individuals who do not have Privacy Shield certification or a similar EU-compliant data transfer mechanism already in place.
SENSITIVE INFORMATION
Unless legally required, we ask that you not send [company], and you not disclose, any sensitive Personal Information — information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life or sexual orientation — on or through the Site [or App] or otherwise to [company].
USE OF SITE BY CHILDREN
[company] is committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children’s online activities. [company] does not target the Site [or App] to children less than sixteen (16) years of age or collect information from children for the purpose of selling services. [company] does participate in selected educational programs such as science and environmental awareness in support of schools and communities.
AFFILIATES
We may disclose information (including personal information0 about you to our corporate Affiliates. For purposes of this Privacy Policy, “Affiliates” means any person or entity which directly or indirectly controls, is controlled by or is under common control with us, whether by ownership or otherwise. Any information relating to you that we provide to our Affiliates will be treated by those Affiliates in accordance with the terms of this Privacy Policy.
IP ADDRESSES
Your “IP Address” is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in [company] server log files whenever a user visits the Site. [company] uses IP Addresses to monitor site usage and enhance your online experience. When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device may send us data about your location. Most devices allow you to prevent location data from being sent to us and we honor your settings.
INTERNET-BASED ADVERTISING
[company] and [company’s] third party service providers may use cookies, pixel tags, web beacons, clear GIFs or similar technologies to track the actions of Site users and email recipients across non-affiliate websites over time, in order to personalize your experience on the Site by presenting advertisements that are more relevant to you.
Third Party Sites
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site to which the Site or the App contains a link. The inclusion of a link on the Site or the App does not imply endorsement of the linked site by [company].
Third Party Advertisers
[company] may use third-party advertising companies to serve ads when you visit a [company’s] Site. Please note that these companies may use information about your visit to this Site in order to provide advertisements about goods and services that may be of interest to you. In the course of serving advertisements to this Site, these companies may place or recognize a unique cookie on your browser.
GENERAL DATA PROTECTION REGULATION (GDPR)
We may be collecting and using information from you if you are from the European Economic Area (EA), and in this section of our Privacy Policy we are going to explain exactly how and why this data is collected, and how we maintain this data under protection from being replicated or used in the wrong way.
What is GDPR?
GDP is an EU-wide privacy and data protection law that regulates how EU residents’ data is protected by companies and enhances the control the EU residents have, over their personal data.
What is personal data under GDPR?
Any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical address, sexual orientation, and ethnicity. The Data Protection Principles include requirements such as:
- Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
- Personal data should only be collected to fulfil a specific purpose and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
- Personal data should be held no longer than necessary to fulfil its purpose.
- People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.
Why is GDPR important?
GDPR adds some new requirements regarding how companies should protect individuals’ personal data that they collect and process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. Beyond these facts it’s simply the right thing to do. At [company] we strongly believe that your data privacy is very important, and we already have solid security and privacy practices in place that go beyond the requirements of this new regulation.
Individual Data Subject’s Rhts – Data Access, Portability and Deletion
We are committed to helping our customers meet the data subject rights requirements of GDPR processes or stores all personal data in fully vetted, DA compliant vendors. We do store all conversation and personal data for up to [time period] unless your account is deleted. In which case, we dispose of all data in accordance with our Terms of Service and Privacy Policy, but we will not hold it longer than [period].
CALIFORNIA RESIDENTS
The California Consumer Privacy Act (CCPA) requires us to disclose categories of Personal Information we collect and how we use it, the categories of sources from whom we collect
Personal Information, and the third parties with whom we share it as already discussed above.
We are also required to communicate information about rights California residents have under California law. You may exercise the following rights:
- Right to Know and Access – You may submit a verifiable request for information regarding the:
(1) categories of Personal Information we collect, use, or share;
(2) purposes for which categories of Personal Information are collected or used by us; (3) categories of sources from which we collect Personal Information; and
(4) specific pieces of Personal Information we have collected about you.
- Right to Equal Service – We will not discriminate against you if you exercise your privacy rights.
- Right to Delete – You may submit a verifiable request to close your account and we will delete Personal Information about you that we have collected.
- Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at [specify]
We do not sell the Personal Information of our users.
For more information about these rights, please contact us at [specify].
CALIFORNIA ONLINE PRIVACY PROTECTION ACT (CalOPPA)
CalOPPA requires us to disclose categories of Personal Information we collect and how we use it, the categories of sources from whom we collect Personal Information, and the third parties with whom we share it, which we have explained above.
CalOPPA users have the following rights:
- Right to Know and Access – You may submit a verifiable request for information regarding the:
(1) categories of Personal Information we collect, use, or share;
(2) purposes for which categories of Personal Information are collected or used by us: (3) categories of sources from which we collect Personal Information; and
(4) specific pieces of Personal Information we have collected about you.
- Right to Equal Service – We will not discriminate against you if you exercise your privacy rights.
- Right to Delete – You may submit a verifiable request to close your account and we will delete Personal Information about you that we have collected.
- Right to request – that a business that sells a consumer’s personal data, not sell the consumer’s personal data.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at [specify].
We do not sell the Personal Information of our users.
For more information about these rights, please contact us at [specify].
GOVERNING LAW
The governing law will be Federal and State laws of Wyoming, United States. The said laws shall govern this Agreement and your use of our service. Your use of our service may also be subject to other local, state, national or international laws.
UPDATES TO THIS PRIVACY POLICY
We may change this Privacy Policy. Please take a look at the revision date on this page to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on the Site [or App]. Your use of the Site [or App] following these changes means that you accept the revised Privacy Policy.
CONTACTING STERN
If you have any questions or requests about this Privacy Policy, please contact [company] at [specify], or please write to the following address:
8 THE GREEN, DOVER, DE, 19901
info@stern.llc
Last revised: [date]