Last modified: 07/22/2020
What Information Do We Collect?
The information we gather enables us to personalize, improve and continue to operate the Services. In connection with certain aspects of the Services, we may request, collect and/or display some of your Personal Information. We receive and store any information you knowingly provide to us. We collect the following types of information from our users.
When you create an Account, you will provide information that could be Personal Information, such as your username, password and email address. You acknowledge that this information may be personal to you, and by creating an account on the Services and providing Personal Information to us, you allow others, including us, to identify you and therefore may not be anonymous. We may use your contact information to send you information about our Services, but only rarely when we feel such information is important. You may unsubscribe from these messages through your Account settings, although we, regardless, reserve the right to contact you when we believe it is necessary, such as for account recovery purposes.
Some of our Services may include features based on users’ actual locations and may report on users’ current locations (“Location-Based Services”). To the extent you use any Location-Based Services, we may collect and store information about your location at the time you use those Location-Based Services (in addition to some automatically collected geolocation data as noted below). This information can come from a variety of sources depending on the device you use to access the Services; for example, a mobile phone may report its GPS location at the time Location-Based Services are used.
IP Address Information and Other Information Collected Automatically:
- We automatically receive and record information on our server logs from your web browser or device when you interact with the Services, including your IP address, geolocation data, device identification, cookie information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. This information is used for fighting spam/malware and also to facilitate collection of data concerning your interaction with the Services (e.g., what links you have clicked on).
Generally, the Services automatically collect usage information, such as the number and frequency of visitors to the Site. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Services so that we can analyze and improve them. Email Communications:
We may receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.
Information Collected Using Cookies:
- Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.We strongly recommend that you leave cookies active, because they enable you to take advantage of the most attractive features of the Services.
- Our advertising partners may also transmit cookies to your browser or device, when you visit the Site or click on ads that appear on the Services. If you click on a link to a third party website or service, a third party may also transmit cookies to you.
- For more information on cookies, including how to control your cookie settings and preferences, visithttp://www.allaboutcookies.org.
- We use the following cookies:
Essential cookies are required for providing you features or services that you have requested. For example, certain cookies enable you to log into secure areas of our Site or use a shopping cart feature within our Services. Disabling these cookies may make certain features and services unavailable.
Functional cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
Performance/analytical cookies allow us to understand how visitors use our Site and Services such as by collecting information about the number of visitors to the Site, what pages visitors view on our Site, and how long visitors are viewing pages on the Site. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising.
Retargeting/advertising cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.
Do Not Track Policy:
Information Related to Advertising and the Use of Web Beacons:
To support and enhance the Services, we may serve advertisements, and also allow third parties advertisements, through the Services. These advertisements are sometimes targeted and served to particular users and may come from third party companies called “ad networks.” Ad networks include third party ad servers, ad agencies, ad technology vendors and research firms.
Advertisements served through the Services may be targeted to users who fit a certain general profile category and may be based on anonymized information inferred from information provided to us by a user, including Personal Information (e.g., gender or age), may be based on the Services usage patterns of particular users, or may be based on your activity on Third Party Services. We do not provide Personal Information to any ad networks for use outside of the Services.
To increase the effectiveness of ad delivery, we may deliver a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Because your web browser must request these advertisements and web beacons from the ad network’s servers, these companies can view, edit or set their own cookies, just as if you had requested a web page from their site. You may be able to opt-out of web beacon tracking conducted by third parties through our Services by adjusting the Do Not Track settings on your browser; please note that we don’t control whether or how these third parties comply with Do Not Track requests.
We collect statistical information about how both unregistered and registered users, collectively, use the Services (“Aggregate Information”). Some of this information is derived from Personal Information. This statistical information is not Personal Information and cannot be tied back to you, your Account or your web browser.
Information Regarding Your Social Networks:
Occasionally, you can use your Account on our Services to interact with your accounts on other services, such as Facebook or Twitter. In addition to using your third party account credentials to sign in to the Services, you can access posting and sharing tools on the Services, including a “share” button that allows you to post information to your social networks outside of the Services (“Share”).
How, and With Whom, Is My Information Shared?
Public Information About Your Activity on the Services:
Some of your activity on and through the Services is public by default. This may include, but is not limited to, content you have posted publicly on the Site or otherwise through the Services.
Please also remember that if you choose to provide Personal Information using certain public features of the Services, then that information is governed by the privacy settings of those particular features and may be publicly available. Individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about what you choose to disclose publicly and make sure it’s information you want to share with everyone.
IP Address Information:
Information You Elect to Share:
We share Aggregate Information with our partners, service providers and other persons with whom we conduct business. We share this type of statistical data so that our partners can understand how and how often people use our Services and their services or websites, which facilitates improving both their services and how our Services interface with them. In addition, these third parties may share with us non-private, aggregated or otherwise non Personal Information about you that they have independently developed or acquired.
Email Communications with Us:
As part of the Services, you may occasionally receive email and other communications from us, such as communications relating to your Account. Communications relating to your Account will only be sent for purposes important to the Services, such as password recovery.
User Profile Information:
User profile information including your username and other information you enter may be displayed to other users to facilitate user interaction within the Services. We will not directly reveal user email addresses to other users.
Additionally, if you sign into the Services through a third party social networking site or service, your list of “friends” from that site or service may be automatically imported to the Services, and such “friends,” if they are also registered users of the Services, may be able to access certain non-public information you have entered in your Services user profile. Again, we do not control the policies and practices of any other third party site or service.
As stated above, we do not currently collect financial information, as that information is collected and stored by our Payment Processor. However, we may from time to time request and receive some of your financial information from our Payment Processor for the purposes of completing transactions you have initiated through the Services, enrolling you in discount, rebate, and other programs in which you elect to participate, protecting against or identifying possible fraudulent transactions, and otherwise as needed to manage our business.
Information Shared with Affiliated Businesses:
In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.
Information Shared with Advertisers:
We allow advertisers and/or merchant partners (“Advertisers”) to choose the demographic information of users who will see their advertisements and/or promotional offers and you agree that we may provide any of the information we have collected from you in non-personally identifiable form to an Advertiser, in order for that Advertiser to select the appropriate audience for those advertisements and/or offers. For example, we might use the fact you are located in San Francisco to show you ads or offers for San Francisco businesses, but we will not tell such businesses who you are. Or, we might allow Advertisers to display their ads to users with similar usage patterns to yours, but we will not disclose usage information to Advertisers except in aggregate form, and not in a manner that would identify you personally. Note that if an advertiser asks us to show an ad to a certain audience or audience segment and you respond to that ad, the advertiser may conclude that you fit the description of the audience they were trying to reach.
Information Shared with Our Agents:
In some cases, we share information that we store (such as IP Addresses) with third parties, such as service providers, consultants, and other agents ("Agents"), for the purposes of operating, enhancing, and improving the Services, and developing new products and services. For example, we use a payment processing company to receive and process your credit card transactions for us. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.
Information Disclosed Pursuant to Business Transfers:
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.
Information Disclosed for Our Protection and the Protection of Others:
Information We Share With Your Consent:
Except as set forth above, you will be notified when your Personal Information may be shared with third parties, and will be able to prevent the sharing of this information.
Is Information About Me Secure?
Your Account information will be protected by a password for your privacy and security. If you access your Account via a third party site or service, you may have additional or different sign-on protections via that third party site or service. You need to prevent unauthorized access to your Account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account.
We seek to protect Account information to ensure that it is kept private; however, we cannot guarantee the security of any Account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
We otherwise store all of our information, including your IP address information, using industry-standard techniques. We do not guarantee or warrant that such techniques will prevent unauthorized access to information about you that we store, Personal Information or otherwise.
What Information of Mine Can I Access?
If you are a registered user, you can access information associated with your Account by logging into the Services. Registered and unregistered users can access and delete cookies through their web browser settings.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at email@example.com.
California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: PO Box 1210, New York, NY 10013.
How Can I Delete My Account?
Should you ever decide to delete your Account, you may do so by emailing firstname.lastname@example.org. If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account. However, given the nature of sharing on the Services, any public activity on your Account prior to deletion will remain stored on our servers and will remain accessible to the public.
What Choices Do I Have Regarding My Information?
- You can use many of the features of the Services without registering, thereby limiting the type of information that we collect.
- You can always opt not to disclose certain information to us, even though it may be needed to take advantage of some of our features.
- You can delete your Account. Please note that we will need to verify that you have the authority to delete the Account, and activity generated prior to deletion will remain stored by us and may be publicly accessible.
What If I Have Questions or Concerns?
If you have any questions or concerns regarding privacy using the Services, please send us a detailed message to email@example.com. We will make every effort to resolve your concerns.
If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. The Grail Watch will be the controller of your Personal Data processed in connection with the Services.
What Personal Data Do We Collect From You?
We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.
Information we collect directly from you: We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:
- First and last name
- Email address
- Mailing address
- Telephone number
- Credit/debit card information
- Your purchase history
- User content, for example, comments and posts you submit publically (which can include Personal Data if you include Personal Data in such content)
Information we receive from third party sources: Some third parties such as our business partners and service providers, including Shopify and MailChimp, provide us with Personal Data about you, such as the following:
- Account information for third party services:If you interact with a third party service when using our Services, such as if you use a third party service to log-in to our Services (e.g., Facebook Connect or Twitter OAuth), or if you share content from our Services through a third party social media service, the third party service will send us information about you, such as information from your public profile, if the third party service and your account settings allow such sharing. The information we receive will depend on the policies and your account settings with the third party service.
- Information from our advertising partners:We receive information about you from some of our service providers who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements or communications, including BackinStock.org and MailChimp, which help us send you marketing related emails.
Information we automatically collect when you use our Services: Some Personal Data is automatically collected when you use our Services, such as the following:
- IP address
- Device identifiers
- Web browser information
- Page view statistics
- Browsing history
- Usage information
- Transaction information (e.g. transaction amount, date and time such transaction occurred)
- Cookies and other tracking technologies (e.g. web beacons, pixel tags, SDKs, etc.) -- For more information, please review our cookies section above).
- Location information (e.g. IP address, zip code)
- Log data (e.g. access times, hardware and software information)
How Do We Use Your Personal Data? We process Personal Data to operate, improve, understand and personalize our Services. For example, we use Personal Data to:
- Communicate with you about the Services
- Process orders
- Contact you about Service announcements, updates or offers
- Provide support and assistance for the Services
- Conduct product research and development
- Analyze our Services and activities of users of the Services
- Personalize website content and communications based on your preferences
- Meet contract or legal obligations
- Respond to user inquiries
- Fulfill user requests
- Comply with our legal or contractual obligations
- Resolve disputes
- Protect against or deter fraudulent, illegal or harmful actions
- Enforce our Terms of Service
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
Contractual Necessity:We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Services, including sending emails related to order purchases and inventory alerts. We store your Personal Data in our centralized customer database in order for us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
- Email address
- Phone number
- Purchase history
Legitimate Interest:We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties.
- Email address
- Phone number
- Purchase history
Examples of these legitimate interests include:
- Operation and improvement of our business, products and services
- Marketing of our products and services
- Web analytics
- Research and development
- Provision of customer support
- Protection from fraud or security threats
- Compliance with legal obligations
- Completion of corporate transactions
- Consent:In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
- Other Processing Grounds:From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
- Payment processors and ecommerce platforms
- Marketing automation platforms and email marketing software and services
- Fraud prevention service providers
- Ad networks
- Analytics service providers
- Staff augmentation and contract personnel
- Hosting service providers
- Co-location service providers
- Telecommunications service providers
- Insurance Services
We also share Personal Data when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested. In addition to those set forth above, these parties also include:
- Other users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorized by you through the Services)
- Social media services (if you interact with them through your use of the Services)
- Third party business partners who you access through the Services
- Other parties authorized by you
We also share information with third parties when you have given us consent to do so (as indicated at the point such information is collected).
We also share Personal Data when we believe it is necessary to:
- Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
- Protect us, our business or our users, for example to enforce our terms of service, prevent spam or other unwanted communications and investigate or protect against fraud
- Maintain the security of our products and services
Last, we share Personal Data with our affiliates or other members of our corporate family. Furthermore, if we choose to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and we would share Personal Data with the party that is acquiring our assets. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.
How Long Do We Retain Your Personal Data? We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you Services. We retain Personal Data for analytics purposes in anonymized form for 26 months. We retain Personal Data with respect to Prospects of our Services for up to 4 years and Personal Data with respect to Ex-Prospects for up to 2 years. A “Prospect” is someone who has signed up to receive marketing communications. An “Ex-Prospect” is defined as someone who has not engaged with us for more than 4 years since the time they have signed up to receive marketing communications. Therefore, we retain Personal Data with respect to Prospects for at least 6 years. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
What Security Measures Do We Use? We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity. For example, we only work with third party technological or software platforms that have industry standard security measures to handle our data and transactions. For additional security measure, all passwords are being stored as a salted hash using industry standard methods. While we seek to protect Personal Data, we cannot guarantee the security of any Personal Data. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We do not guarantee or warrant that our industry-standard techniques will prevent unauthorized access to information about you that we store, Personal Data or otherwise.
What Rights Do You Have Regarding Your Personal Data? You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email GDPR@thegrailwatch.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
- Access:You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging in to your accounts page.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging in to your accounts page.
- Erasure: You can request that we erase some or all of your Personal Data from our systems.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability:You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.
- Restriction of Processing:You can ask us to restrict further processing of your Personal Data.
- Right to File Complaint:You have the right to lodge a complaint about The Grail Watch’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Transfers of Personal Data: The Services are hosted and operated in the United States (“U.S.”) through The Grail Watch and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to The Grail Watch in the U.S. and will be hosted on U.S. servers, and you authorize The Grail Watch to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the details of which are further set forth below.
The Grail Watch has certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the EU. For more information about the Privacy Shield Program, and to view The Grail Watch’s certification, please visit www.privacyshield.gov. The Grail Watch is committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability with respect to all Personal Data received from within the EU in reliance on the Privacy Shield. The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). The Grail Watch’s compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us at GDPR@thegrailwatch.com with any questions or concerns relating to our Privacy Shield Certification. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States. You can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.