Updated as of February 2020
II. General Data Protection Regulation
This Company is headquartered in California. As a California-based company, we do not knowingly advertise in the European Union (EU), or market our Services to residents of the EU. However, our Website and/or App do not restrict visitors from the EU; we do not have in place any protections to prevent EU residents from accessing our Website and/or App. As a result, we provide the foregoing disclosure to EU data subjects.
The Company’s processing of the Personal Information, such as the name, address, email address, or telephone number of an EU data subject (hereinafter, “Personal Information” or “Personal Data”) that is voluntarily supplied by the individual, or supplied by an authorized third party, shall always be in line with the General Data Protection Regulation (“GDPR”), and in accordance with the country-specific data protection regulations applicable to the Company.
Your Privacy Rights under the GDPR. The GDPR includes the following rights for you, as an EU data subjects, if you provide Personal Information to the Company in connection with accessing the Services or visiting our Website:
- The right to be informed about how we store, use, or share your data;
- The right to access your data;
- The right to rectify your data;
- The right to have us erase your data;
- The right to prevent us from processing your data;
- The right to request copies of your data from us in a commonly-used and machine-readable format, free of charge, for the purposes of transfer to a third party, where technically feasible;
- The right to object to use or sharing of your data; and
- The right not to be subject to automated decision-making, including profiling
Legitimate Business Interest under the GDPR. Our use of your Personal Information is based on the legitimate business grounds that:
- The use is necessary in order to fulfill our commitments to you under our Terms of Service or other agreements with you or is necessary to administer your account – for example, in order to enable access to our Website on your device or charge you for our Services;
- The use is necessary for compliance with a legal obligation;
- The use is necessary in order to protect your vital interests or those of another person or entity;
- We have a legitimate interest in using your information – for example, to provide and update our Website or Services, to improve our Website or Services so that we can offer you an even better user experience, to safeguard our Website or Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Services, and to personalize your experience; and/or
- You have given us your consent.
Our Response to Your Requests. If you make any requests regarding your Personal Information, we will not charge you for compliance with the request. The Company will respond and comply within one month. The Company reserves the right to refuse or charge for requests that are manifestly unfounded or excessive. If we refuse your request, we will tell you why we are refusing your request. You have the right to complain to the relevant supervisory authority and to a judicial remedy, but you must do so within one month of our refusal.
Data Controller. With the exception of processing payments, for which Square and Stripe is the Payments Data Controller; the Company is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of Personal Information of the customers of the Company and visitors to its Website. The Company is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc. If you wish to revoke consent for us to store, use, or share your Personal Information, you may contact us at firstname.lastname@example.org.
Data Processor. The Company is the “data processor,” as defined under the GDPR, or the legal entity which processes, as this term is defined here in footnote 1, your Personal Information. The Company has not retained any third-party service provider to process your Personal Information. Any processing of Personal Information shall be done solely by the Company. The Company maintains records of any processing activities it performs, and is able to show how the Company complies with the data protection principles under the GDPR. It has effective policies and procedures in place. If you have questions regarding the processing of your Personal Data, you may contact us at email@example.com.
Data Protection Officer. The Company is not formally required to designate a Data Protection Officer (“DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions. Nonetheless, the Company voluntarily elects to appoint Thi Bui, President/CEO of the Company, as the DPO for this Company. Ms. Bui is responsible for data protection compliance and can answer any questions you may have about your Personal Information. She may be reached at firstname.lastname@example.org.
Breach. The Company has reasonable internal policies and procedures in place to effectively detect, report, and investigate a data breach. The GDPR defines a Personal Information breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information.” Pursuant to the GDPR, the Company will notify you of a Personal Information breach where the Personal Information breaches are likely to present a risk to data subjects to data protection authorities (“DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay. In the unfortunate event of breach, the Company shall provide you with: (i) contact details of the DPO or other contact person for the Company, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the Company has taken or proposes to take to address the breach, and (v) advice on steps data subjects can take to protect themselves.
Note: Data Protection Impact Assessment (DPIA). The Company is not required to undergo a DPIA because the Company’s data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data. If you have any questions regarding DPIA compliance by the Company, please contact the Company’s Data Protection Officer.
Complaints. Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of Personal Information relating to him or her infringes this Regulation.
III. Use and Sharing of Personal Information
The following sections herein apply not only to EU data subjects, but to any person, including those who reside outside of the EU, who shares with us his, her, or a third-party’s Personal Information.
We may use and/or share your Personal Information:
- To respond to your inquiries and your requests regarding our Website or Services.
- To send you information regarding our services and changes to our terms, conditions, and policies.
- To complete your registration, process your payments, and communicate with you regarding your purchase of our Services.
- To send you marketing communication and newsletters about our Services.
- To personalize your experience on our Website.
- To inform you and allow you to participate in our Company’s promotions.
- To facilitate social sharing functionality.
- To collaborate with business affiliates, partners, vendors, or service providers to provide you with our Services.
- In connection with our business purposes, as described above, including but not limited to data analysis, audits, fraud monitoring and prevention, developing or enhancing new and existing products and/or services, expanding our business activities, etc.
We will not use and/or share your Personal Information:
- With anyone except for our Company’s authorized service providers, business affiliates, and business partners, and strictly for business purposes; or unless we specifically inform you, and give you an opportunity to opt out of our sharing your Personal Information.
- To run interest-based advertising campaigns that collect Personal Information such as email addresses, telephone numbers, and credit card numbers.
- To use or associate Personal Information with remarketing lists, cookies, data feeds, or other anonymous identifiers.
- To use or associate targeting information, such as demographics or location, with any Personal Information collected from the ad or its landing page.
- To share any Personal Information with Google or third party companies through our remarketing tag or any product data feeds which might be associated with our ads.
- To send Google or third party companies precise location information without obtaining your consent.
However, we reserve the right to disclose Personal Information that we believe, in our sole discretion, to be necessary or appropriate in the following circumstances:
- As required by law, such as to comply with a subpoena, or similar legal process.
- When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- To enforce our Terms and Conditions.
- To allow us to pursue available remedies or limit the damages that we may sustain.
IV. Collection of Other Information
Passively Collected Information: Your visit to our Website may allow us to obtain certain additional, personally non-identifiable information that is collected passively using various technologies. This information includes but is not limited to, for example, IP addresses, browser types, date and time of page views, location information associated with your IP address, domain names, your interactions to an ad delivered by us or our ad technology partners and other anonymous statistical data involving your use of the Website and/or our services. This information cannot presently be used to specifically identify you.
Aggregated Personal Data: The Company may analyze your Personal Information provided through the Website or in connection with rendering the Services, in aggregate form. This aggregate information does not identify you personally. We may share this aggregate data with our partners, affiliates, agents, or service providers for business purposes. We may also disclose aggregated statistics to explain our Services to current and prospective business partners, and to other third parties for other lawful, business-related purposes.
Customer Credit Card Information. The Company uses a third party, Square, to keep a protected copy of your credit card number. This billing data belongs to you, and by utilizing the Service, you grant the Company a license to use this data to bill you for services rendered.
V. Website Tracking
We may, either directly or through third party companies and individuals we engage to provide services to us, also:
- Track your use of our Website and the Services for purposes of our own customer support, analytics, research, product development, fraud prevention, risk assessment, regulatory compliance, investigation, etc.
- Track your use of the Website and the Services to enable you to use and access the Services and pay for your activities on the Website and through the Services.
- Track your behavior on our own Website and use of the Services to market and advertise our services to you on our Website platform and third party websites. You may opt out of receiving advertisements by visiting the Network Advertising Initiative (http://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (http://www.aboutads.info/choices/). Please note that even if you choose to opt-out of receiving targeted advertising, you may still receive advertising on the Services, generally. The advertising will simply not be targeted or specific to your interests.
VI. Tracking Technologies on our Website
The Company may use the foregoing technologies to track your activity on our Website:
Cookies. When you visit our Website or otherwise interact with the Service, we may send one or more “cookies” to your computer or other devices. Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third party websites. Some features on this site will not function if you do not allow cookies. We may link the information we store in cookies to any Personal Information that you submit while visiting our Website.
We may use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interests of our users to enhance the experience on our site.
Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and Client ID remembrance.
Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns.
Advertising cookies may be set through our Website by our advertising partners. Data may be collected by these companies that enable the companies to serve up advertisements on other sites that are relevant to your interests.
If you reject cookies, you may still use our site, but some features on the site will not function properly.
The Children’s Online Privacy Protection Act of 1998 (COPPA) and its accompanying FTC regulation protects the privacy of American children aged 13 and under, who are using the Internet. The GDPR sets the age at which an EU child can give their own consent in order to process their Personal Data at 16 years of age.
Your Child or Children’s Personal Information. We recognize the need to provide further explanation regarding the privacy protections we afford to Personal Information that we may collect from you or your child/children under the age of 16 (“child” or “children”) via our Website, when you visit our Premises, or attend our events.
First, when you sign up your child/children for our Services on our Website, or as a part of registration at our Premises or events, we may ask you to include Personal Information that identifies your child/children.
Second, while we do not knowingly collect a child’s Personal Information from the child in connection with our Services, it is possible, given the nature of our Services, that a child may visit our Website. To the extent that we actually know that a user of our Website or Services is a child, and said child submits his or her Personal Information to us via our Website, we take additional steps to protect the child’s privacy, including:
- In accordance with applicable law, obtaining consent from parents for the collection of Personal Information from their children, or for sending information about our products and services directly to their children;
- Limiting even inadvertent collection of Personal Information from children to no more than is reasonably necessary to engage in our Services; and
- Giving parents access or the ability to request access to Personal Information we have collected from their children and the ability to request that the Personal Information be changed or deleted.
This policy is in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”). Under the Children’s Online Privacy Protection Act (“COPPA”), we must provide you with direct notice before collecting Personal Information from your child. Effective July 1, 2013, the Federal Trade Commission (“FTC”) updated COPPA to reflect changes in technology, and now considers a photograph, video, or audio file containing a child’s image or voice to be a child’s Personal Information. For more information about COPPA, please visit www.coppa.org. Here, we outline our practices in the United States regarding collection of children’s Personal Information. For more information about COPPA and general tips about protecting children’s online privacy, please visit OnGuard Online.
Retention of Information. In any instance that we collect Personal Information from a child, we will retain that information only so long as reasonably necessary to fulfill the provision of our Services, or as required by law. In the event we discover we have collected information from a child in a manner inconsistent with COPPA’s requirements, we will either delete the information or immediately seek the parent’s consent for that collection.
Registration. As an adult registering a child with the Company for provision of Services, your child/children will have the opportunity to participate in our Services, attend our events, and/or enter our Premises. If you do not provide your child/children’s Personal Information on the Website during the registration process, your child will not be able to register to receive our Services, attend our events, and/or enter our Premises.
Again, while we intend for adults to register a child/children for our Services, it is entirely possible that a child/children may visit our Website and self-register to participate in our Services, attend our events, and/or enter our Premises without consent from parents or guardians. During the registration process, we may ask the child to provide the same information provided by adult Website users or users of our Services, for notification and security purposes, including an email address, and the child’s full name.
Consistent with the requirements of COPPA, if we determine that a particular Website user is age 16 or under, we will ask for a parent or guardian email address before we collect any Personal Information from the child. If you believe your child is participating in an activity on our Website that collects Personal Information, and you or another parent/guardian have NOT received an email providing notice or seeking your consent, please feel free to contact us at email@example.com. We will not use parent emails provided for parental consent purposes to market to the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.
Photos Containing Your Child/Children’s Likeness or Image. On our Website, we may post photos containing your child or children’s image, and therefore, the Federal Trade Commission may classify this as “collecting” and “disclosing” your child’s Personal Information. This Personal Information will not be used for any other purpose, disclosed, or combined with any other information from your child, other than legitimate business purposes described herein. Of course, your consent is required for the collection, use, or disclosure of your child’s information, as his or her image may appear in a photo on our Website. We will not collect, use, or disclose any such information from the child if you do not consent.
Email Contact with a Child. To the extent a child visits the Website and emails the Company from his or her personal email address, Company will delete this information immediately after responding to the question or request. In connection with certain activities or Services, we may collect a child’s online contact information, such as an email address, in order to communicate with the child more than once. In such instances, we will retain the child’s online contact information to honor the request and for no other purpose such as marketing. Whenever we collect a child’s online contact information for ongoing communications, we will simultaneously require a parent or guardian email address in order to notify the parent about the collection and use of the child’s information, as well as to provide the parent an opportunity to prevent further contact with the child.
At any time, you may refuse to permit 1) your child’s participation in the Services, 2) further use of your information or your child/children’s information, or 3) further contact with your child/children, and request that we delete your information or your child/children’s information. To exercise any of your rights, please email us at firstname.lastname@example.org.
In conclusion, your privacy and your child/children’s privacy are important to us. We only share or disclose Personal Information collected from a child/children in a limited number of instances, including the following:
- We may share information with our service providers if necessary for them to perform a business, professional, or technology support function for us.
- We may disclose Personal Information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose Personal Information collected from children (i) in response to a law enforcement or public agency’s (including schools or children services) request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our sites or applications; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.
VIII. Links to Other Websites
We maintain reasonable and appropriate, although not infallible, security precautions. However, we cannot guarantee that hackers or unauthorized personnel will not gain access to your Personal Information, despite our reasonable efforts. You should note that in using the Website, app, and/or our related Services, your information will travel through third-party infrastructures which are not under our control. Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your information to email@example.com.
X. Data Retention
We will retain your Personal Information for four (4) years, or as long as needed to provide the applicable Services. Our data retention period may change in the future if a longer retention period is required or permitted by law.
XI. Do Not Track
XII. Advertising/Google AdWords
On this Website, the Company has integrated Google AdWords. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google’s search results only then displayed when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.
The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website.
If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or canceled a sale of goods.
The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.
The conversion cookie stores personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, Personal Information, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These Personal Information are stored by Google in the United States of America. Google may pass these Personal Information collected through the technical procedure to third parties.
The data subject may, at any time, prevent the setting of cookies by our website, as stated above, by means of a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.
The data subject has a possibility of objecting to the interest based advertisement of Google. Therefore, the data subject must access from each of the browsers in use the link http://www.google.de/settings/ads and set the desired settings.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.
XIII. Analytics/Google Analytics
We and our third party tracking-utility partners use log files on our Service to automatically gather certain information, including but not limited to internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data, for analytics purposes. Specifically, we analyze trends, administer the site, track users’ movements around the Website, and gather demographic information about our user base as a in the aggregate. We and our third party tracking-utility partners use log files on our Service to automatically gather certain information, including but not limited to internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data, for analytics purposes. Specifically, we analyze trends, administer the site, track users’ movements around the Website, and gather demographic information about our user base as a in the aggregate.
On this Website, the Company has integrated the component of Google Analytics. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our Website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of Personal Information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store Personal Information, such as the access time, the location from which the access was made, and the frequency of visits of our Website by the data subject. With each visit to our Internet site, such Personal Information, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These Personal Information are stored by Google in the United States of America. Google may pass these Personal Information collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our Website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
XIV. Your California Privacy Rights
California Shine the Light Law
Under California Civil Code Section 1798.83, California customers are entitled to request information relating to whether a business has disclosed Personal Information to any third parties for the third parties’ direct marketing purposes. This code applies to businesses with 20 or more full or part-time employees.
Mini Cat Town, Inc. does not have 20 or more full-time employees. However, as a courtesy to you, we allow you to request and obtain from us once a year, free of charge, certain information about the Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year, if at all. If applicable, this information would include a list of the categories of Personal Information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to firstname.lastname@example.org.
California Consumer Privacy Act
If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information”, as described under the CCPA).
RIGHT TO KNOW REQUEST – Under the CCPA, you may have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
Categories of and specific pieces of personal information we have collected about you.
Categories of sources from which we collect personal information.
Purposes for collecting, using, or selling personal information.
Categories of third parties with which we share personal information.
Categories of personal information disclosed about you for a business purpose.
If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.
RIGHT TO DELETE REQUEST – You may also have a right to request that we delete personal information, subject to certain exceptions.
If you are a California resident and would like to make a verifiable request for information about the personal information we have collected about you or a request for deletion of such personal information, please submit your request in writing to email@example.com.
If you choose to use our referral service to tell a friend about our Services by email, we will ask for your friend’s email address, and send your friend a one-time email inviting them to visit our Website and inform them of our Services. We will only store your friend’s email address for the sole purpose of sending this one-time message and tracking the success of the referral program. Your friend may contact us at firstname.lastname@example.org to request that we remove this information from our database at any time.
XVII. Incorporation into Terms of Service
XVIII. Opt-Out Policy
If, at any time after registering, you change your mind about receiving information from us or about the use of information volunteered by you, or if you prefer that we do not share your Personal Information with third parties for marketing purposes, please contact us at email@example.com.
XVIV. Contact Us
If you have any questions or concerns relating to our use of your Personal Information, please email firstname.lastname@example.org. Additionally, you may reach us by postal mail at: Mini Cat Town, Inc. 2200 Eastridge Loop, Ste 1076, San Jose, CA, 95122.