Privacy policy
Privacy Policy and Cookies Policy
Last modified September 5, 2024
At Piping Rock Health Products, LLC (“Piping Rock,” We,” “us,” or “our”), We care deeply about your privacy rights. We are fully committed to being transparent about our privacy practices, including how We treat your Personal Information. This Privacy Policy and Cookies Policy describes the information collected through your use of our websites, online store, blog, and electronic services (collectively, our “Service”), how We use it, how We share it, how We protect it, and the choices you can make about your information.
This does not apply to the Personal Information of our employees, independent contractors, and job applicants when such information is collected and used by us when they act in those capacities. We make disclosures about their Personal Information in other documents.
ATTENTION: PLEASE READ OUR PRIVACY POLICY AND COOKIES POLICY CAREFULLY BEFORE USING OUR SERVICE. USING OUR SERVICE INDICATES THAT YOU ACCEPT AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND COOKIES POLICY IN FULL. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY AND COOKIES POLICY, DO NOT USE OUR SERVICE. You acknowledge (a) that you have read and understood this Privacy Policy and Cookies Policy; and (b) this Privacy Policy and Cookies Policy will have the same force and effect as a signed agreement.
Table of Contents
We recommend that you read this Privacy Policy and Cookies Policy (this “Policy”) in full to ensure you are fully informed; however, if you only want to access a particular section of this Privacy Policy and Cookies Policy, then you can click on the relevant link below to jump to that section.
Quick Links | Summary | |
---|---|---|
I. | Types of Personal Information We Receive or Collect | We collect various personal details from direct and indirect sources when you interact with our Service, including contact information, unique identifiers, demographic data, internet activity, audio recordings, and commercial information. This excludes data that cannot identify you. |
II. | How We Use Your Information | We use the Personal Information collected for multiple purposes such as responding to your inquiries, providing services, improving our service, marketing, and for legal and HR-related activities. We also may share your information with our partners for Service-related purposes. |
III. | Legal Bases for Using Personal Information | We process your Personal Information based on legitimate interests, contract performance and, where required, your consent. Where we rely on consent as the legal basis, you have the right to withdraw consent at any time. |
IV. | How Your Information is Disclosed | Your information may be shared with third-party service providers, during business changes, with affiliates, for legal reasons, and in de-identified form for analytics. We also use tracking technologies like cookies and web beacons. |
V. | Cookies and Other Tracking Technologies | We, along with third parties, use cookies and other technologies for tracking, analytics and personalization and optimization of our Service. |
VI. | Data Retention Policy, Managing Your Information | We retain your information as long as necessary for the purpose for which it was collected or compliance with law. |
VII. | Security | We implement reasonable security measures to protect your Personal Information, but no system is infallible. To the extent permitted by law, we are not liable for Personal Information disclosed due to factors beyond our control. |
VIII. | Cross Border Transfers | Personal Information collected is stored and processed in the United States of America (the “U.S.”), with appropriate safeguards for international users. |
IX. | Links to Other Websites or Applications | This Policy only applies to our Service and not to any linked websites or apps, which should be reviewed separately. |
X. | Your Choices Regarding Your Information | You have control over your Personal Information and can update, delete, or opt-out of certain uses. You can also decline to share certain information with us. |
XI. | Information Collected From Other Websites and Mobile Applications and Do Not Track Policy | Our Service does not support "Do Not Track" requests, and we may collect certain information from other websites or apps. |
XII. | Aggregated and De-Identified Information | We may use and disclose non-identifiable data for various purposes, maintaining it in de-identified form. |
XIII. | Children | Our Service is not intended for children under the legal age of majority, and we do not knowingly collect their information. |
XIV. | Accessibility | We provide assistance for accessibility-related requests or issues. |
XV. | Changes to this Policy | We may update this policy and will notify you of significant changes. Review this policy periodically for updates. |
XVI. | How to Contact Us | Please contact us by email at data-privacy@pipingrock.com for further information. |
I. | APPENDIX 1: U.S. STATE CONSUMER PRIVACY SUPPLEMENT | |
II. | APPENDIX 2: EEA/UK SUPPLEMENT |
I. Types of Personal Information We Receive or Collect
“Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you, your device, or your household. Personal Information does not include aggregated or de-identified information that cannot be used directly or indirectly to personally identify you, your accounts. or devices.
We receive or collect Personal Information from you when you use our Service, contact or interact with us, sign up for our newsletter or other mailing list, and voluntarily provide us with your feedback, comments, and other content in connection with using our Service.
In addition to the Personal Information you provide directly to us, we also may collect certain Personal Information about you from indirect sources. These indirect sources may include third-parties and our partners. For instance, we may receive information about you from a friend who refers you to our Service, from a partner company that helps us to provide our Service, or from a social media platform that you use to interact with our Service or content. We may combine the information we receive from these indirect sources with information you provide directly to us and use it for the purposes described in this Policy.
The following list describes the general categories of Personal Information We have collected or otherwise received in the past 12 months, along with examples of some of the types of information within these categories that may constitute Personal Information and which We may have collected or otherwise received. These examples are not intended to be comprehensive, and there may be overlap between categories.
- Contact information and other identifiers, such as name, contact information, including email address, telephone number, shipping and billing address, payment information, account name and other similar identifiers.
- Unique device, internet/electronic network activity and online identifiers such as your IPaddress, the domain name of your Internet service provider, your location and geolocation, your mobile device information (e.g., device model and operating system version), your browsing information, information about connections with social media pages you access from our Service (such as Facebook, Twitter, and Pinterest), your social sharing activity and other similar identifiers. We also collect aggregated information that, on its own, cannot be used to specifically identify you.
- Audio information, such as voice call recordings from our call center.
- Commercial information, such as records of products purchased or considered.
Additional Personal Information We collect is described in Section V (Cookies and Other Tracking Technologies).
II. How We Use Your Information
Depending on our relationship with you, We use the information that We collect for several purposes, including:
- The purposes for which you provided it;
- To provide information and services to you;
- To process and respond to your inquiries and comments;
- To send you information about your relationship with us or about new projects or other information that We think you may find interesting;
- To contact you for market research purposes and to use this information to customize our Service according to your interests;
- To administer, operate, and improve our Service, or to further the mission of Piping Rock;
- To personalize and enhance your experience using our Service;
- To send periodic emails. If you choose, the email address you provide may be used to send you occasional news, updates, related product or service information, etc. Note: If, at any time, you would like to unsubscribe from receiving future emails, We include detailed unsubscribe instructions at the bottom of each email;
- To deliver more personalized and relevant advertisements to you;
- To generate and review reports and data about our user base and Service usage patterns;
- To analyze the accuracy, effectiveness, usability, or popularity of our Service;
- To compile aggregate data for internal and external business purposes;
- To prevent fraud and abuse of our Service and to otherwise protect users and visitors and our business;
- To provide human resources services, such as administering benefits and payroll, and activities related to recruiting, hiring, performance and talent management;
- To assist law enforcement and respond to subpoenas;
- To perform other business activities as needed, or as described elsewhere in this Policy; and
- As explained elsewhere in this Policy, Personal Information We collect may be processed by our partners in providing services related to our Service (such as administration services, technical services relating to the maintenance, servicing, and upgrading of software, hosting services, customer service, data migration services, payment processing services and analytical services, among others).
III. Legal Bases for Using Personal Information
- Legitimate interests. We may use your Personal Information for our legitimate interests. For example, We rely on our legitimate interest to analyze and improve our Service and the content on our website, to send you notifications about our Service, or to use your Personal Information for administrative, fraud detection, or other legal purposes.
- Performance of a contract. The use of your Personal Information may be necessary to perform the agreement you have with us to provide products and services. For example, to complete your purchase, to register and maintain your account, to help with delivery issues, to handle returns, and to respond to your requests.
- Consent. We may process your Personal Information when you have provided your informed consent to that processing. Where we rely on your consent to process your Personal Information, you are free to withdraw your consent at any time, subject to the “your Choices Regarding your Information” section below and the preceding Legal Bases for Using Personal Information in this Section.
IV. How Your Information is Disclosed
Information may be disclosed to third parties in accordance with this Policy. Please note that a user may choose not to share certain information as described in Your Choices Regarding Your Information section below.
A. Third Party Service Providers
We may use third-party service providers to perform functions in connection with our Service, such as payment processing, email marketing, site analytics, social sharing, relationship management, functions related to analyzing and improving our Service usefulness, reliability, user experience, operation, data storage, and as otherwise described in this Policy. Specifically, our service providers may be assisting us with verification of your shipping address, content delivery, monitoring inventory levels, product ratings and reviews, providing credit and debit card payment processing and order fulfillment and shipment processing, email marketing, fraud prevention and order placements, facilitating communications for order fulfillment, email transmission for multi-factor verification, creation of shopping feeds for our users, and communicate with users regarding orders and other customer service inquiries. The identity of certain of these service providers is confidential. Our third-party providers include the following:
-
Twitter. By clicking on the Twitter button on our Service, you will automatically be transported to the official Twitter feed of Piping Rock, @PipingRock, https://twitter.com/Piping_Rock.
-
Facebook. By clicking on the Facebook button on our Service, you will be automatically transported to the official Facebook Page for Piping Rock, https://www.facebook.com/PipingRock. Piping Rock allows users to comment on blog posts using the Facebook Comments Plugin and in doing so, Piping Rock may have access to Personal Information about you. For more information on the Facebook Comments Plugin, please visit https://developers.facebook.com/products/social-plugins/comments/
-
Pinterest. By clicking on the Pinterest button on our Service, you will be automatically transported to the official Pinterest profile for Piping Rock, https://www.pinterest.com/PipingRock/.
-
PayPal. We use PayPal to process payments. PayPal may collect information from users, including name, physical address, IP address, device information, phone number, financial account information, details including gender, and other demographic information. For more information, please visit PayPal’s privacy policy.
B. Business Changes
If We become involved in a merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction, or if the ownership of all or substantially all of our business otherwise changes, We may transfer your information to a third party or parties in connection therewith.
C. Affiliates
We may also share your information with our affiliates for purposes consistent with this Policy. Our affiliates will be required to maintain that information in accordance with this Policy.
D. Investigations and Law
We may disclose information about you to third parties if We believe that such disclosure is necessary to:
- Comply with the law or guidance and cooperate with government, regulatory authorities or law enforcement officials or private parties;
- Investigate, prevent or take action regarding suspected illegal activities, suspected fraud, the rights, reputation, safety, and property of us, users or others, or violations of our policies or other agreements with us; or
- Respond to claims and legal process (for example, subpoenas), or protect against legal liability.
E. Aggregated Information
We may disclose aggregate, anonymous, and other non-identifiable data related to our business and our Services for quality control, analytics, research, development and other purposes. This information does not contain Personal Information about any user. Where we use, disclose or process de-identified data (data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal device) we will maintain and use the information in deidentified form and not to attempt to reidentify the information, except as permitted by applicable privacy laws (such as to confirm whether our deidentification processes are reasonable and adequate).
V. Cookies and Other Tracking Technologies
We, along with third parties, use cookies, local shared objects, web beacons, pixels, scripts, and other technologies for tracking, analytics and personalization and optimization of our Service. These technologies may collect information about you and your use of our Service, your preferences and activities, pages you visit before and after your use of our Service; pages browsed; items and content you view, search for, hover over, or click on; and information you type or enter into our Service. This information may be used to analyze and track data, determine the popularity of certain content, better understand your online activity and interests, save your preferences and interests so We can personalize your future visits and interactions with us, deliver more relevant and personalized advertising to you, compile aggregate data about Service traffic and interactions, and assist us in improving our Service, among other things.
Cookies are small files that are transferred to and stored on your computer through your Web browser (if you allow it) that enable the website’s or service provider’s system to recognize your browser and capture and remember certain information. You can instruct your browser to stop accepting cookies. But if you do not accept cookies, you may not be able to use all portions of all functionalities of our Service.
- Persistent cookies remain on the visitor’s computer after the browser has been closed.
- Session cookies exist only during a visitor’s online session and disappear from the visitor’s computer when they close the browser software.
Flash cookies (also known as local shared objects) are data files that can be created on your computer by the websites you visit and are a way for websites to store information for later use. Flash cookies are stored in different parts of your computer from ordinary browser cookies. You can disable the storage of flash cookies. For additional information about managing and disabling flash cookies, please visit our website.
Web beacons are small strings of code that provide a method for delivering a graphic image on a Web page or in an email message for the purpose of transferring data. You can disable the ability of Web beacons to capture information by blocking cookies.
Some of our service providers, such as our analytics providers, social sharing provider, and social media connections, also use these and other tracking technologies on our website, some of which may track users across websites and over time. If you have any questions concerning the use or policies of those third parties, We encourage you to consult their Privacy Policies and Terms of Use directly.
VI. Data Retention Policy, Managing Your Information
We will retain your information for as long as you use our Service and for no longer than is necessary for the purposes for which the Personal Information is processed and to the extent permitted by laws. PipingRock is a regulated entity and must retain order records under United States Food and Drug Administration regulations. We may maintain anonymized or aggregated data, including usage data, for analytics purposes. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, or for the period required by laws in applicable jurisdictions. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide our Services to you; (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); and (iii) whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation, or regulatory investigations).
Please note that all or some of the information We have collected may be required for our Service to function properly. Our current policy is to maintain order records for two (2) years to allow us to protect and meet our legal and policy requirements, rights, and responsibilities.
VII. Security
We implement and maintain reasonable technical and organizational security measures appropriate to the nature of the Personal Information that We collect, use, retain, transfer or otherwise process. Our reasonable security program is implemented and maintained in accordance with law and relevant standards. However, there is no perfect security, and reasonable security is a process that involves risk management rather than risk elimination. While We are committed to developing, implementing, maintaining, monitoring and updating a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits, and other factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.
TO THE EXTENT PERMISSIBLE UNDER LAW, WE ASSUME NO LIABILITY FOR DISCLOSURE OF YOUR INFORMATION DUE TO TRANSMISSION ERRORS, THIRD PARTY ACCESS, OR CAUSES BEYOND OUR CONTROL.
VIII. Cross Border Transfers
Any information collected through our Service is stored and processed in the U.S. If you use our Service outside of the U.S., We will take steps that are reasonably necessary to ensure that your Personal Information is treated securely and appropriately safeguarded in accordance with this Policy and applicable data protection or privacy laws.
IX. Links to Other Websites or Applications
This Policy applies only to our Service. Our Service may contain links to other websites or apps or may forward users to other websites or apps that We may not own or operate and to which this Policy does not apply. The links from our Service do not imply that We endorse or have reviewed these websites or apps. The policies and procedures We describe here do not apply to these websites or apps. We neither can control nor are responsible for the privacy practices or content of these websites or apps. We suggest contacting these websites or app providers directly for information on their privacy policies. Nonetheless, We seek to protect the integrity of our Service, and welcome any feedback about these linked websites and mobile applications.
X. Your Choices Regarding Your Information
You have choices regarding the use of information by our Service. We respect your privacy rights and provide you with reasonable access to the Personal Information that you may have provided through your use of our Services. You may update, correct, or delete your account information and preferences at any time by accessing your account settings page on our Service. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, We may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where We otherwise reasonably believe that We have a legitimate reason to do so.
You may decline to share certain Personal Information with us, in which case We may not be able to provide to you some of the features and functionality of our Service.
PipingRock offers you the opportunity to opt-out from marketing email communications from PipingRock or manage your subscription preferences for emails from us at any time by using the “unsubscribe” mechanism within any marketing email we send to you. We will implement your opt-out request within ten (10) business days of receiving it. Even if you opt out, we may still send you non-commercial emails, such as registration confirmation, Vehicle updates, and responses to direct requests.
Changing Your Information
To change your information, please contact us at data-privacy@pipingrock.com.
XI. Information Collected From Other Websites and Mobile Applications and Do Not Track Policy
Your browser or device may offer you a “Do Not Track” option, which allows you to signal to operators of websites, web applications, mobile applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time or across different websites or applications. Our Service does not support Do Not Track requests at this time.
We may share aggregated information relating to users of the Service with affiliated or unaffiliated third parties. This aggregated information does not contain Personal Information about any user.
XIII. Children
Our Service is not intended for children under the legal age of majority in your jurisdiction. We do not knowingly collect or sell Personal Information from individuals under the legal age of majority. If you are under the legal age of majority in your jurisdiction, please do not submit any Personal Information through our Service. If you have reason to believe that We may have accidentally received Personal Information from an individual under the legal age of majority, please contact us immediately at customerservice@pipingrock.com.
XIV. Accessibility
To make accessibility-related requests or report barriers, please contact us at 1800 544 1925 or customerservice@pipingrock.com.
XV. Changes to Policy
We reserve the right to update or modify this Policy at any time and from time to time without prior notice. We will post those changes on the website or update this Policy modification date below. In certain cases, and if the changes are material, you will be notified via email or a notice on our website.
Please review this Policy periodically, and especially before you provide any information. This Policy was made effective on the date indicated above.
XVI. How to Contact Us
Please feel free to contact us by email at data-privacy@pipingrock.com, calling our toll-free number at 1800 544 1925, or by writing us at Piping Rock Health Products, LLC, 3900 Veterans Memorial Highway, Suite 200, Bohemia, New York 11716, if you have any questions about this Policy.
APPENDIX 1: U.S. STATE CONSUMER PRIVACY SUPPLEMENT
This Appendix 1 (the “U.S. Appendix”) supplements the provisions of the Privacy Policy and Cookies Policy to which it is appended and aims to identify the applicable U.S. legal, regulatory and privacy requirements with which We will comply when handling data of certain Data Subjects located in the U.S. .
NOTICE AT COLLECTION
1. Collection, Processing, Disclosure, and Sharing of Personal Information
The following chart details which categories of Personal Information we have collected and disclosed for our operational business purposes, including within the 12 months preceding the date this Policy was last updated. The chart also details the categories of Personal Information that we “share” for purposes of cross-context behavioral or targeted advertising, including within the 12 months preceding the date of this Policy was last updated.
Categories of Personal Information Collected | Categories of Third Parties to Whom We May Disclose this Personal Information for Business or Commercial Purposes | Categories of Third Parties with Which We “Share” Personal Information for Cross-Context Behavioral or Targeted Advertising | Processing Purposes (See Section “How We Use Your Personal Information” below for a detailed description of each Processing Purpose) | |
---|---|---|---|---|
Contact Information and Other Identifiers | Such as name, contact information including email address, telephone number, shipping and billing address, payment information, account name and other similar identifiers. | Affiliates and subsidiaries; service providers and suppliers; marketing partners; digital advertising and analytics providers; payment services companies; third-party services or providers; government entities; and others where required by law or directed or authorized by you. | Service providers (such as advertising networks, email service providers , analytics providers) | Providing our Services; communicating with you; safety, recall and warranty; analyzing and improving our Services and offerings; personalizing content and experiences; marketing and promotional purposes; in support of our general business operations; securing and protecting our rights; and complying with legal requests and obligations. |
Unique Device, Internet/Electronic Network Activity and Online Identifiers | Such as Internet Protocol address (“IP Address”), device identification, and other similar identifiers. device’s IP address, the domain name of your Internet service provider, your location and geolocation, your mobile device information (e.g. device model and operating system version), your browsing information, information about connections with social media pages you access from our Services (such as Facebook, Twitter, and Pinterest), and your social sharing activity. We also collect aggregated information that, on its own, cannot be used to specifically identify you. | Affiliates and subsidiaries; service providers and suppliers; marketing partners; digital advertising and analytics providers; government entities; third-party services or providers; and others where required others where required by law or directed or authorized by you. | Service providers (such as advertising networks, email service providers , analytics providers) | Providing our Services; communicating with you; safety, recall and warranty; analyzing and improving our Services and offerings; personalizing content and experiences; marketing and promotional purposes; in support of our general business operations; securing and protecting our rights; and complying with legal requests and obligations. |
Audio information | Such as voice call recordings from our call center. | Affiliates and subsidiaries; service providers and suppliers; marketing partners; digital advertising and analytics providers; government entities; third-party services or providers; and others where required others where required by law or directed or authorized by you. | None | Providing our Services; communicating with you; safety, recall and warranty; analyzing and improving our Services and offerings; personalizing content and experiences; marketing and promotional purposes; in support of our general business operations; securing and protecting our rights; and complying with legal requests and obligations. |
Commercial information | Such as records of products purchased or considered. | Affiliates and subsidiaries; service providers and suppliers; marketing partners; digital advertising and analytics providers; payment services companies; third-party services or providers; and government entities; and others where required others where required by law or directed or authorized by you. | Service providers (such as advertising networks, email service providers , analytics providers) | Providing our Services; communicating with you; safety, recall and warranty; analyzing and improving our Services and offerings; personalizing content and experiences; marketing and promotional purposes; in support of our general business operations; securing and protecting our rights; and complying with legal requests and obligations. |
Consumer Health Data (as defined under the Washington My Health My Data Act) | Such as information identifying a health condition, treatment, disease, or diagnosis, such as purchases of certain supplements or medication used to treat an identifiable, sensitive health condition; information identifying a health-related surgery or procedure, such as purchase of supplements that reduce swelling;, information identifying bodily functions, vital signs, or symptoms, such as purchase of products used to address a specific, identifiable function or symptom; information identifying diagnoses or diagnostic testing, treatment, or medication; reproductive or sexual health information, such as purchase of prenatal vitamins. | Affiliates and subsidiaries; service providers and suppliers; marketing partners; digital advertising and analytics providers; government entities; third-party services or providers; and others where required others where required by law or directed or authorized by you. | None | Providing our Services; communicating with you; safety, recall and warranty; analyzing and improving our Services and offerings; personalizing content and experiences; marketing and promotional purposes; in support of our general business operations; securing and protecting our rights; and complying with legal requests and obligations. |
We do not “sell” Personal Information, including Sensitive Personal Information, as defined under U.S. State Privacy Laws (“Sensitive Personal Information”), with third parties. We have not engaged in such activities in the 12 months preceding the “Last Updated” date. Without limiting the above, we do not “sell” the Personal Information, including the Sensitive Personal Information, of minors under 16 years of age and have no actual knowledge of any such “sale” or “sharing.”
To request to opt-out of any future “sharing” of your Personal Information for purposes of cross-contextual advertising, or any future processing for purposes of targeted advertising email us at data-privacy@pipingrock.com and state your request. With respect to requests to delete your personal data, We will delete or block any ability to access any reference to you in our database, except for information required to be retained as provided for in the Policy, and consistent with our legal requirements and internal data retention policies, as described above. This deletion is permanent, and your account cannot be reinstated. Please refer to Section X (Your Choices Regarding Your Information) in the Policy for more information
2. Sensitive Personal Information
We do not collect Sensitive Personal Information as defined under applicable U.S. state privacy laws.
3. Retention Period
Please refer to Section VI (Data Retention Policy, Managing Your Information) in the Privacy Policy and Cookies Policy for more information.
4. Sources of Personal Information
We collect Personal Information from you and from [affiliates, trusted third-party services providers, ad networks, internet service providers, data analytics providers, operating systems and platforms, social networks, data brokers, publicly available databases, cooperative databases, and joint marketing partners, when they share the information with us.]
5. U.S. State Law Privacy Rights
If you are a resident of California, Colorado, Connecticut, Montana, Oregon, Virginia, Utah, Texas, or Washington, you may have certain rights with respect to Personal Information We collect about you, as set forth in the California Consumer Privacy Act of 2018 (“CCPA”), Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”), Montana Consumer Data Privacy Act (“MTCDPA”), Oregon Consumer Privacy Act (“OCRA”), Texas Data Privacy and Security Act (“TDPSA”), Virginia Consumer Data Protection Act (“VCDPA”), Utah Privacy Act (“UPA”), and Washington’s My Health My Data Act (“WMHMDA”). The following sections describe those rights in greater detail and how California residents can exercise them.
Your Right To Request Disclosure of Information We Collect and Share About You
We are committed to ensuring that you know what Personal Information We collect. To that end and to the extent that the right is provided to you under applicable law, you can request the following information from us, with respect to the Personal Information that We have collected about you in the 12 months prior to our receipt of your request:
- The categories of Personal Information We have collected about you.
- The categories of sources from which We collected your Personal Information
- The business or commercial purposes for which We collected the Personal Information
- The categories of third parties with which We shared the information
- The specific pieces of Personal Information We collected
You can also submit a request to us for the categories of Personal Information that We have disclosed for a business purpose.
Your Right To Request Correction or Deletion of Personal Information We Have Collected From You
Upon your request and to the extent the right is provided to you under applicable law, We will correct or delete the Personal Information We have collected about you, except for situations where we cannot verify your identify or the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a product or service that you requested; perform a contract We entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.
Your Right to Withdraw Consent
To the extent the right is provided to you under applicable law, you can withdraw your consent to process your Consumer Health Data (as defined under WMHMDA).
California Shine the Light
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about the Personal Information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not share Personal Information with third parties for their own marketing purposes.
Exercising Your Rights and How We Will Respond
To exercise any of the rights above, or to ask a question, contact us by emailing us at data-privacy@pipingrock.com and stating your request.
For requests for know, access, correction, or deletion, We will first acknowledge receipt of your request within 10 days of receipt of your request. We provide a substantive response to your request as soon as We can, generally within 45 days from when We receive your request, although We may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances. If We expect your request is going to take us longer than normal to fulfill, We will let you know.
We usually act on requests and provide information free of charge, but We may charge a reasonable fee to cover our administrative costs of providing the information in certain situations.
In some cases, the law may allow us to refuse to act on certain requests. When this is the case, We will endeavor to provide you with an explanation as to why.
Verification of Identity – Know, Access, Correction, or Deletion Requests
To submit a request, we ask that you provide us with your name, email address, telephone number, and mailing address, such that we can verify your request. We will process your request based upon the Personal Information in our records that is linked or reasonably linkable to the information provided in your request. We will take steps to verify your request and will process your request by matching the information provided in your request with the information we have in our records. If we cannot verify your identity, we will be unable to process your request to know/access, correct or delete. We will respond to your request as required under the applicable privacy laws. There may also be certain Personal Information for which we will not be able to process your request. For example, if you request deletion, we may need to retain certain Personal Information to comply with our legal obligations or other permitted purposes.
If We are unable to verify your identity with the degree of certainty required based on the type of information or action you are requesting, We will not be able to respond to the request. We will notify you to explain the basis of the denial.
Authorized Agents
You may designate an agent to submit requests on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain Personal Information as described above, depending on whether you hold an account with us or not and the nature of the information you require, which We will endeavor to match the information submitted to information We maintain about you. Additionally, We will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent’s identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
Requests for Household Information
There may be some types of Personal Information that can be associated with a household (a group of people living together in a single dwelling). Requests for access or deletion of household Personal Information must be made by each member of the household. We will verify each member of the household using the verification criteria explained above.
If We are unable to verify the identity of each household member with the degree of certainty required, We will not be able to respond to the request. We will notify you to explain the basis of our denial.
Right to Appeal
If we deny your request, you may have the right to appeal our decision by submitting an appeal by contacting us at data-privacy@pipingrock.com and stating your request.
Our Commitment to Honoring Your Rights – Non-Discrimination
If you exercise any of the rights explained in this Privacy Policy and Cookies Policy, We will continue to treat you fairly. If you exercise your rights under the CCPA, you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than others.
6. Financial Incentives/Loyalty Programs
California residents have the right to understand the material terms of any “financial incentive” offered to them and to not be included in such without consent. If We provide any programs or offerings that are considered “financial incentives” under the CCPA, we will disclose the material details of such program to you so that you can choose whether to opt in. You also have the right to opt out of a financial incentive program at any time.
APPENDIX 2: EEA/UK SUPPLEMENT
This Appendix 2 (the “EEA/UK Supplement”) supplements the provisions of the Policy if you are located in the European Economic Area (“EEA”) or the United Kingdom of Great Britain and Northern Ireland (the “UK”), and are subject to the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) or the UK General Data Protection Regulation, as defined in the Data Protection Act 2018 (“UK GDPR,” and collectively with the GDPR, the “European Privacy Laws”).
A. Definitions
With respect to EEA and UK data subjects, “Personal Data” has the same meaning given to it in the European Privacy Laws. References to “Personal Data” in this EEA/UK Supplement are equivalent to “Personal Information” as used in the Policy.
B. Purposes of Processing
Please refer to Section II (How We Use Your Information) in the Policy for information on the purposes We may use your Personal Data for.
C. Lawful Bases for Processing
We collect and process Personal Data about you only where we have a legal basis for doing so under the European Privacy Laws. Please refer to Section III (Legal Bases for Using Personal Information) in the Policy for more information on the types of legal bases that we may rely upon. Note that We may process your Personal Data for more than one purpose, each of which will rely on an appropriate legal basis.
Where We process personal data to meet our legitimate interests, where necessary to meet our legal obligations, We put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Please reach out to us if you need further details about the legal basis We are relying on for a specific purpose to process your Personal Data.
D. Cookies Policy
You can find more information about the individual cookies we use, their purpose and their duration in the table below:
Purpose |
Cookie Type/Name |
Duration |
---|---|---|
Targeted |
_fbp |
90 days |
Targeted |
_tt_enable_cookie |
1 year |
Targeted |
_gads |
1 year |
Targeted |
_gac |
90 days |
Targeted |
_gcl_au |
90 days |
Targeted |
_uetsid |
1 year |
Targeted |
_uetvid |
1 year |
Targeted |
criteo_write_test |
Session or persistent |
Targeted |
_criteo_c |
1 year |
Targeted |
fledge_id |
30 days |
Targeted |
fledge_test |
Session or persistent |
Targeted |
_ll_uid |
1 year |
Targeted |
_ll_cid |
1 year |
Targeted |
_pushowl |
1 year |
Targeted |
_powl |
1 year |
Targeted |
_klaviyo |
2 years |
Targeted |
_kuid |
2 years |
Strictly Necessary |
_ab |
1y |
Strictly Necessary |
_abv |
1y |
Strictly Necessary |
_checkout_queue_token |
1y |
Strictly Necessary |
_cmp_a |
1d |
Strictly Necessary |
_identity_session |
2y |
Strictly Necessary |
_master_udr |
session |
Strictly Necessary |
_pay_session |
session |
Strictly Necessary |
_secure_account_session_id |
30d |
Strictly Necessary |
_session_id |
2y |
Strictly Necessary |
_shopify_country |
30min |
Strictly Necessary |
_shopify_essential |
1y |
Strictly Necessary |
_storefront_u |
1min |
Strictly Necessary |
_tracking_consent |
1y |
Strictly Necessary |
auth_state_<<id>> |
25min |
Strictly Necessary |
card_update_verification_id |
20min |
Strictly Necessary |
cart |
2w |
Strictly Necessary |
cart_currency |
2w |
Strictly Necessary |
cart_sig |
2w |
Strictly Necessary |
cart_ts |
2w |
Strictly Necessary |
cart_ver |
2w |
Strictly Necessary |
checkout |
21d |
Strictly Necessary |
checkout_one_remember_me |
1y |
Strictly Necessary |
checkout_prefill |
5min |
Strictly Necessary |
checkout_session_lookup |
3w |
Strictly Necessary |
checkout_session_token_<<id>> |
3w |
Strictly Necessary |
checkout_token |
session |
Strictly Necessary |
customer_account_locale |
1y |
Strictly Necessary |
customer_payment_method |
1h |
Strictly Necessary |
customer_shop_pay_agreement |
20min |
Strictly Necessary |
device_fp_id |
session |
Strictly Necessary |
device_id |
session |
Strictly Necessary |
discount_code |
session |
Strictly Necessary |
dynamic_checkout_shown_on_cart |
30min |
Strictly Necessary |
hide_shopify_pay_for_checkout |
session |
Strictly Necessary |
identity-state |
1d |
Strictly Necessary |
identity-state-<<id>> |
1d |
Strictly Necessary |
identity_customer_account_number |
12w |
Strictly Necessary |
keep_alive |
session |
Strictly Necessary |
locale_bar_accepted |
session |
Strictly Necessary |
locale_bar_dismissed |
1d |
Strictly Necessary |
localization |
2w |
Strictly Necessary |
logged_in |
12w |
Strictly Necessary |
login_with_shop_finalize |
5min |
Strictly Necessary |
master_device_id |
1y |
Strictly Necessary |
order |
3w |
Strictly Necessary |
pay_update_intent_id |
20min |
Strictly Necessary |
preview_theme |
session |
Strictly Necessary |
previous_checkout_one_token |
1y |
Strictly Necessary |
previous_checkout_token |
1y |
Strictly Necessary |
previous_step |
1y |
Strictly Necessary |
profile_preview_token |
5min |
Strictly Necessary |
receive-cookie-deprecation |
session |
Strictly Necessary |
remember_me |
1y |
Strictly Necessary |
secure_customer_sig |
1y |
Strictly Necessary |
shop_pay_accelerated |
1y |
Strictly Necessary |
shopify-editor-unconfirmed-settings |
16h |
Strictly Necessary |
shopify_pay |
1y |
Strictly Necessary |
shopify_pay_redirect |
1y |
Strictly Necessary |
storefront_digest |
1y |
Strictly Necessary |
tracked_start_checkout |
1y |
Strictly Necessary |
user |
1y |
Strictly Necessary |
user_cross_site |
1y |
Strictly Necessary |
wpm-domain-test |
session |
Performance |
_ceg.s |
5 years |
Performance |
_ceg.u |
5 years |
Performance |
_clck |
1 year |
Performance |
_clsk |
1 year |
Analytics |
_landing_page |
2w |
Analytics |
_orig_referrer |
2w |
Analytics |
_shopify_ga |
session |
Analytics |
_shopify_s |
30min |
Analytics |
_shopify_sa_p |
30min |
Analytics |
_shopify_sa_t |
30min |
Analytics |
_shopify_y |
1y |
Analytics |
checkout_one_experiment |
session |
Analytics |
shop_analytics |
1y |
Analytics |
unique_interaction_id |
10min |
Analytics |
_assignment |
1y |
Analytics |
_ga |
2 years |
Analytics |
_gid |
24 hours |
Analytics |
_gat |
1 minute |
Analytics |
_appstle_sub |
1 year |
Analytics |
_appstle_sess |
Session |
E. Recipients of Personal Data
Please refer to Section IV (How Your Information is Disclosed) in the Policy for information on the categories of recipients of your Personal Data.
F. Cross Border Transfers
As outlined in Section VIII (Cross Border Transfers) in the Privacy Policy and Cookies Policy, the Personal Data collected through our Service is stored and processed in the United States. When transferring your Personal Data out of the EEA/UK We will take steps that are reasonably necessary to ensure that your Personal Data is treated securely and appropriately safeguarded in accordance with European Privacy Laws, including by way of a valid transfer mechanism.
You may contact us at data-privacy@pipingrock.com if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA/UK.
G. Retention Periods
We will keep your personal data for no longer than is necessary for the purposes for which the Personal Data is processed and to the extent permitted by law. Please refer to Section VI (Data Retention Policy, Managing Your Information) in the Policy for more information on how long We will store your Personal Data.
H. EEA/UK Data Subjects Rights
EEA/UK data subjects have the right (subject to certain limitations) under European Privacy Laws to:
- confirm that We are processing their Personal Data, and how;
- access or rectify the Personal Data We keep about them;
- restrict, object to, or erase the processing of your Personal Data, for example where there is no longer a legal ground for us to hold it;
- where We have relied on consent as the legal basis and they withdraw consent for the processing of their Personal Data at any time; and
- in some circumstances, transfer or port any Personal Data We hold about them to a specified third party.
If you are an EEA/UK data subject and wish to access, transfer, or delete any Personal Data that We hold about you, withdraw your consent to collection or processing your data, or request that We delete any information about you that We have obtained, you can do so by emailing us at data-privacy@pipingrock.com and stating your request. With respect to requests to delete your Personal Data, We will delete or block any ability to access any reference to you in our database, except for information required to be retained as provided for in our Privacy Policy and Cookies Policy, and consistent with our legal requirements and internal data retention policies, as described above in Section VI (Data Retention Policy, Managing Your Information) in the Policy. This deletion is permanent, and your account cannot be reinstated.
EEA/UK data subjects also have the right to lodge a complaint with the appropriate supervisory authority in the country where the subject habitually resides, the subject’s place of work, or the place where an alleged infringement of the law occurred. Contact details are available for EEA data protection authorities here, and for the UK here.
I. Contact Information
If you have questions or concerns regarding the way in which your personal data has been used, please contact us at data-privacy@pipingrock.com.