LAST UPDATED: JUNE 14, 2022
SpoiledChild Inc. (“SPOILEDCHILD®”, “we”, “us”, or “our”) respects the privacy of your Personal Data (defined below), and as such, we make every effort to ensure that your Personal Data is protected and private.
SUPPLEMENTAL SECTIONS APPLICABLE TO CERTAIN JURISDICTIONS:
- VISITING FROM OUTSIDE THE UNITED STATES; INTERNATIONAL TRANSFERS OF PERSONAL DATA
- PRIVACY RIGHTS APPLICABLE TO EUROPEAN UNION AND UNITED KINGDOM RESIDENTS
- PRIVACY RIGHTS APPLICABLE TO CALIFORNIA RESIDENTS
- PRIVACY RIGHTS APPLICABLE TO NEVADA RESIDENTS
- PRIVACY RIGHTS APPLICABLE TO CANADIAN RESIDENTS
- PRIVACY RIGHTS APPLICABLE TO AUSTRALIAN USERS
- HOW AND WHY WE COLLECT PERSONAL DATA
- HOW AND WHY WE MAY CONTACT YOUR MOBILE DEVICE
- HOW AND WHY WE SHARE PERSONAL INFORMATION
- HOW WE COLLECT AND USE NON-PERSONALLY IDENTIFIABLE INFORMATION
- YOUR RIGHTS REGARDING YOUR INFORMATION
- HOSTING OF OUR SITES
- OUR SECURITY MEASURES
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- CHILDREN’S PRIVACY
- QUESTIONS REGARDING OUR PRIVACY PRACTICES
- FILING A COMPLAINT WITH THE FEDERAL TRADE COMMISSION
HOW AND WHY WE COLLECT PERSONAL DATA
Please see our Provisions for California Residents below for additional details regarding the categories of Personal Data collected, and the business purposes for such collection.
Providing Personal Data is Your Choice. However, if you choose to make use of certain Site Offerings and/or Site features, you may need to provide certain Personal Data to us. If you choose not to provide mandatory Personal Data, you may still visit parts of our Sites but you may be unable to access certain Site Offerings, options, programs, offers, and services that involve our interaction with you. If you do provide us with Personal Data as described below, you agree that it will be accurate and complete, and it is your responsibility to keep it current.
The types of Personal Data you may be asked to provide, and the circumstances in which we request it, are described below. We present the information below based on the categories of information collected, but please be aware that similar specific pieces of information may apply to multiple categories. For example, your name and email address may be included within each of the “Identification and Contact Information”, “Billing Information”, and “User-Provided Information” categories described below.
- Identification and Contact Information.
- This is information that identifies you as an individual, such as your first and last name, and information that enables us to contact you, such as an email address, mailing address, or phone number, as well as information about Site pages and products you have browsed, and actions taken on these pages. This information is generally collected when you: (i) create an account with us; (ii) contact us using the Sites; (iii) provide answers to quizzes and/or surveys provided by us; (iv) access the Sites from certain marketing material, links and emails; (v) request to receive newsletters and other materials; (vi) submit a product review; (vii) make a purchase (or attempt to make a purchase, but do not complete the purchase process); and (viii) participate in interactive features of the Sites, such as SpoiledBrain.
- Below is some additional information on how we collect this information:
- Account Creation: During your use of our Sites, and in order to use certain Site Offerings, you may choose, or be required, to create an account, referred to herein as an “Account.” We may offer different options to create an Account, including:
- Direct registration, where you input your Personal Data to complete and submit a registration form directly on our Sites.
- Upon purchasing any SPOILEDCHILD® products and/or services and/or upon subscribing to our Auto-Refill service, an Account will automatically be created for you so that you may access, manage and cancel your subscription.
- Registration using third party accounts, where you use a “login with…” (or similar) button that we display on our Sites for a designated third party service, referred to herein as a “Third Party Account”, such as Facebook® or Google®. Doing so will enable you to link your Account and your Third Party Account. If you choose this option, then you will be required to approve the connection as well as the types of information (which may include Personal Data) that we will obtain from your Third Party Account and the types of activities that we may perform in connection with your Third Party Account. Please note that in order to use this option, you will need to have, and may need to be signed-in to, an existing Third Party Account.
- Share with Friends Services: Our Sites may allow you to invite friends to use our Sites by sending them an invitation email or message. You may do so by:
- Using our Sites to send or post an invitation message via your Third Party Account; and/or
- Using our Sites to send an invitation email to your friend’s external email address (for example, a Gmail address).
- If you send or post an invitation message to a friend, we may collect Personal Data about the recipient, such as their email address or Third Party Account user name and ID. Your name and/or email address may also be included in their invitation or email message. If we collect Personal Data about the recipient of an invitation from you, we will only use such Personal Data for the one (1) time purpose of sending the subject invitation message, and for no other purpose.
- Interactive Site Services: Our Site may from time to time offer interactive services that allow or request you to submit information about yourself in order to receive information, products, and services from us. For example, for our quiz(s) or similar digital experiences, you may elect to submit, or we may ask you to provide, pictures of yourself.
- Account Creation: During your use of our Sites, and in order to use certain Site Offerings, you may choose, or be required, to create an account, referred to herein as an “Account.” We may offer different options to create an Account, including:
- We collect and use this category of Personal Data:
- for purposes of verifying your identity when you create an Account, make a purchase, or access certain Site Offerings and/or other features of our Sites;
- for purposes of providing you with Site Offerings, products, services, or content you have purchased, used, or otherwise engaged with;
- for purposes of contacting you regarding your use of the Site Offerings, purchases, or your Account, which may include providing updates and/or seeking feedback on our products;
- for purposes of sharing invitations and messages with your friends at your request;
- for purposes of responding to your inquiries and administrative requests;
- subject to your right to opt out and subject to applicable law, for purposes of sending you newsletters and other marketing and promotional communications that we believe may be of interest to you;
- for purposes of targeting you with relevant ads on third party media companies;
- for purposes of providing and improving our Sites and associated Site Offerings; and
- for internal business purposes, such as analysing and managing our service offerings including, without limitation, the Site Offerings.
We may also combine the information we have gathered about you with information from other sources.
- At times, we may want to contact you via telephone regarding your use of the Site Offerings. For EU and UK residents, we will only contact you via telephone regarding your use of the Site Offerings and/or for telemarketing purposes where you provide your consent as required under the GDPR and UK-GDPR, respectively, or we have another valid legal basis under the GDPR and UK-GDPR, respectively, to do so. For US residents, by submitting your Personal Data by and through the Sites and/or Site Offerings, you agree that such act constitutes an inquiry and/or application for purposes of the Amended Telemarketing Sales Rule (16 CFR §310 et seq.), as amended from time to time (the “Rule”) and applicable state do-not-call regulations. As such, notwithstanding that your telephone number may be listed on the Federal Trade Commission’s Do-Not-Call List, and/or on applicable state do-not-call lists, we retain the right to contact US residents via telemarketing in accordance with the Rule and applicable state do-not-call regulations. For Australian residents, we will not contact you for telemarketing purposes where you are registered on the Do Not Call Register.
- Photo Data.
- You may be offered the opportunity to submit a photograph (“Photograph”) in order for us to identify skin conditions and properties. We may apply software and algorithms against the Photographs to detect the general structure of your face (“Structural Data,” together with the Photograph, the “Photo Data”) and generate data derived from your Photo Data that has been de-identified, anonymized, and/or aggregated as those terms are defined by applicable law (“Derived Data”) as legally permitted.
- We only collect Photo Data if you provide it to us through your mobile device, computer or other digital transfer as part of our quizzes or other Services.
- We use Photo Data and Derived Data to (i) improve our software and algorithms in order to provide the most accurate recommendations of our Site Offerings, and/or (ii) for research, product development, general Service improvements, and other legal purposes.
- Our legal basis for processing Photo Data provided by you to us is our legitimate business interests, specifically our ability to improve our existing and future Site Offerings and Services.
- Unless required to retain Photo Data to comply with the law or defend our rights, we will delete Photo Data upon the earlier of: (1) the initial purpose for collecting or obtaining such Photo Data being satisfied, or (2) 5 years since of your last interaction with SPOILEDCHILD®.
- Billing Information.
- We collect and use this type of information for the purpose of processing required payments.
- Our legal basis for processing this information is your contractual agreement to pay for our products.
- We will retain this information for as long as necessary to complete your purchase and/or to process any return, unless you have opted to save your billing information. If you do so, we will retain the information for as long as you maintain your Account.
- User-Provided Information.
- Some parts of our Sites may enable you to build a public profile in connection with your Account, referred to herein as a “Public Profile.” Your Public Profile may include your name and other information that you choose to include in your Public Profile, such as your gender and a profile picture. Our Sites may also include interactive features, such as our SpoiledBrain program which allows you to answer questions about your preferences, or pages that allow users to submit product reviews or upload content. If you participate in any of these interactive areas, we will collect whatever Personal Data you choose to include.
- We collect and use this information for the purpose of allowing our customers and fans to engage with us and others through the Sites.
- Our legal basis for processing this information is our legitimate business interests, specifically our ability to operate an interactive platform that allows our customers and others to learn more about our products and for us to learn more about our customers’ needs and preferences with respect to our existing or future product lines.
- We will retain this information for as long as we have a business need to do so, unless a longer period is required by law. Note that while you can, in some circumstances, request removal of this type of information, in some cases we may not be able to remove Personal Data that you voluntarily disclose due to technical limitations. We will inform you if we cannot remove information as requested.
- A Special Note About User-Provided Information. If you create a Public Profile or use other interactive features of the Sites, or engage with us via any social media websites, the information (including Personal Data) that you submit may be seen and used by others for as long as the applicable web pages remain active, and may be visible longer if pages are cached (depending on your privacy settings associated with your accounts with the applicable social media websites). This information may be used by other end-users of the Sites or the public to send you unsolicited messages. We provided notices and tools on our Sites to inform you of which content may be publicly available. However, we are not responsible for the Personal Data that you choose to post in this manner, and we encourage you to think carefully before posting anything in any public area of our Sites, and only to post information that you are sure you want to be accessible to everyone. Further, the social media websites operate independently from us, and we are not responsible for such social media websites’ interfaces or privacy or security practices. We encourage you to review the privacy policies and settings of the social media websites with which you interact to help you understand those social media websites’ privacy practices. If you have questions about the security and privacy settings of any social media websites that you use, please refer to their applicable privacy notices or policies.
- Location Information.
- We may provide certain location-based services, or “Location Services,” through our Sites that are dependent on data related to the geographic location, or the Location Data, of your mobile device and/or other device through which you are accessing our Sites. You should be able to use the settings on your mobile device or other device to turn off location-sharing features.
- We collect this information for purposes of offering the Location Services on our Sites so that we can provide the applicable location-based content and any location-based Site Offerings to you.
- Our legal basis for processing this information is our legitimate business interests, specifically our ability to provide products and services that are applicable in the area in which our users are accessing and using the Sites.
- We will retain this information for only as long as the location services are active on your device.
- Log Files.
- We may (directly or through third parties) make use of log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet service provider (ISP), date/time stamp, referring/exit pages, clicked pages, and any other information that your browser may send to us.
- We may (directly or through third parties) use such information to analyze trends, administer our Sites and/or Site Offerings, track users’ movement around our Sites, and gather information.
- Cookies and Other Tracking Technologies.
- Our Sites utilize “cookies,” anonymous identifiers and other tracking technologies which enable us to provide you with information that is customized for you.
- Analytics Services.
- Our Sites may use the tools described below (the “Analytics Services”) to collect information about the use of our Sites, such as how often users visit our Sites, what pages they visit when they do so, and what other sites they used prior to visiting our Sites. We use the information we collect from the Analytics Services to maintain and improve our Sites and our products and services.
- The Analytics Services we use include, but are not limited to:
Facebook® is a registered trademark of Facebook, Inc. (“Facebook”). BigQuery®, Google® and Google Analytics® are registered trademarks of Google, Inc. (“Google”). Hotjar® is a registered trademark of Hotjar Ltd. (“Hotjar”). Klaviyo® is a registered trademark of Klaviyo Inc. (“Klaviyo”). Please be advised that SPOILEDCHILD® is not in any way affiliated with Facebook, Google, Hotjar or Klaviyo, nor are the Site Offerings endorsed, administered or sponsored by any of the foregoing entities.
- Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers with the ability to exercise choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services, as set forth above.
HOW AND WHY WE MAY CONTACT YOUR MOBILE DEVICE
- EU/UK Residents.
For EU and UK residents, we will only contact you via your mobile device (including artificial voice calls, pre-recorded messages, calls, and/or SMS text messages delivered via automated technology, to the telephone number(s) that you provided) regarding your use of the Site Offerings and/or for marketing purposes (including cart reminders) where you provide your consent as required under the GDPR and UK-GDPR, respectively, or we have another valid legal basis under the GDPR and UK-GDPR, respectively, to do so.
- Canadian Residents.
For Canadian residents, we will only contact you via your mobile device via SMS text messages to the telephone number(s) that you provided regarding your use of the Site Offerings and/or for marketing purposes (including cart reminders) where you provide your consent as required under CASL, or there is an exemption under CASL enabling us to do so.
- U.S. Residents
For US residents, where you provide “prior express consent” within the meaning of the Telephone Consumer Protection Act (47 USC § 227), and its implementing regulations adopted by the Federal Communications Commission (47 CFR § 64.1200), as amended from time-to-time (“TCPA”), you consent to receive telephone calls, including artificial voice calls, pre-recorded messages, calls, and/or SMS text messages delivered via automated technology, to the telephone number(s) that you provided.
- Please note that you are not required to provide this consent in order to obtain access to the Site Offerings, and your consent simply allows SPOILEDCHILD® to contact you via these means.
- The frequency of SMS text messages that you receive from us may vary. Standard message and data rates may apply. Carriers are not liable for delayed or undelivered messages.
- Our legal basis for processing this Personal Data is our legitimate business interests, specifically our ability to provide you with the requested Site Offerings, to offer you our products and services, and to promote our Site Offerings (including cart reminders) and the content of our Sites.
- We will retain this Personal Data for as long as we continue to have a business purpose for doing so (which will be at least as long as you continue to maintain an Account), unless a longer period is required by law. Such business purposes may include legal, taxation, accounting, risk management, and other purposes.
- To stop receiving text messages from SPOILEDCHILD®, please reply “STOP” to the text message that you received from us. Please note this preference will only apply to the phone number that received the text message. Please reply “HELP” to receive help information.
- Please promptly notify SPOILEDCHILD® of any change to the mobile telephone number provided to us via e-mail at:[email protected], or by using one of the methods set forth in the “Contact Us” section below.
HOW AND WHY WE SHARE PERSONAL INFORMATION
Please see our Provisions for California Residents below for additional details regarding how we share Personal Data that we collect.
- Sharing Personal Data with Affiliates.
- Sharing Personal Data with Third Parties.
- We may share your Personal Data with our third party media partners in an anonymous, encrypted, or hashed format (primarily SHA256 encryption) or in standard format that is hashed or encrypted by the third party upon receipt in order to track and optimize performance of our marketing efforts (including tracking across multiple devices) and to provide you with relevant content across the web, such as banner ads including products you may have shown interest in, or sales offers for our site.
- We may share your Personal Data with our third party analytics service providers in order to help to improve the functionality and features of the Sites and Site Offerings.
- We may share your Personal Data with our Email Service Provider(s) that help us to send you our marketing and/or transactional text messages.
- We may share your Personal Data with our SMS Service Provider(s) that help us to send you our marketing and/or transactional text messages.
- We may share Personal Data or any information you submitted via our Sites where we are the subject of bankruptcy proceedings, in connection with, during negotiations of, or as a part of the closing of, any merger, sale of company assets, or acquisition of all or a portion of our business to another company in which Personal Data about our Sites users is among the assets transferred; provided, however, that if we are involved in a bankruptcy proceeding, merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on the Sites of any change in ownership or uses of your Personal Data, as well as any choices that you may have regarding your Personal Data.
- We will only use, share, and otherwise process Derived Data where permitted by law.
- We will store, transmit, and protect your Photo Data using a reasonable standard of care at least as protective as used to protect other confidential and sensitive information from disclosure. We disclose your Photo Data (i) to our service providers whom we prohibit from using the Photo Data for any purpose other than performing services for us; (ii) in connection with any proposed or actual type of acquisition, business combination or transfer of all or any portion of our assets; and (iii) to comply with the law or defend our rights.
Notwithstanding the above, we do not share text messaging originator opt-in data and consent with any third parties.
Please see our Provisions for California Residents below for additional details regarding how we collect and share your non-personally identifiable information.
- Non-personally identifiable information refers to information that is not and cannot be used to identify a specific individual. While this information may define how you fit into a particular group of people, it is not unique to you, and it cannot be used (without being combined with other information) to specifically identify you. Some jurisdictions may consider some of the following categories of information to be personally identifiable information, in which case, we will collect and use such information as personally identifiable information.
- “Anonymous Information” refers to information that does not enable identification of an individual user, such as aggregated or demographic information about users of our Sites. We may use Anonymous Information or disclose it to third party service providers in order to improve our Sites and enhance your experience with our Sites. We may also disclose Anonymous Information (with or without compensation) to third parties, including advertisers and partners.
- What are cookies?
- Cookies are small amounts of data that are stored on your browser, device, or the page you are viewing when you visit a website. Some cookies are deleted once you close your browser or application (session cookies), while other cookies are retained even after you exit so that you can be recognized when you return (persistent cookies).
- Cookies used on our Sites are generally divided into the following categories:
- Essential cookies: These are cookies that are required for the operation of our Sites, such as cookies that enable you to log into secure areas.
- Analytics cookies: These are cookies that automatically collect information about your use of the Sites. These help us understand how our visitors are using our Sites and how they navigate through the Sites. These cookies record only hashed statistical data, not Personal Data. As mentioned above, we use Google® Analytics and HotJar® to analyze user behavior, so these third parties will place these types of cookies on our Sites.
- Functional cookies: These are cookies that remember choices that you make when you visit our Sites, such as language options. They help us to personalize your visit to the Sites.
- Targeting cookies: These are cookies that record your visit to our Sites, the pages of the Sites that you visit, and the links you followed. They will recognize you as a previous visitor to the Sites and track your activity on our Sites and other websites that you visit after you leave the Site. To opt out of our use of targeting cookies in connection with your visit(s) to the Sites, please adjust the settings in your browser to block cookies.
- We may combine data collected via cookies with Personal Data about you, e.g., tracking items you put into your shopping cart (including when you have abandoned your cart) combined with mobile device numbers you have consented for our use to send SMS cart reminder texts.
- What are your choices regarding cookies?
- Most web browsers automatically accept cookies, but you can usually change your settings to prevent that, such as by having your device warn you each time a cookie is being sent or choosing to turn off all cookies. This can be done through your web browser settings, and because each browser is different, you should look at your browser’s “Help” menu to learn how to modify your cookie settings. You can also learn more about how to opt out of targeted behavioral advertising from many major third party network advertisers by reviewing the information here and here. To opt out of cookie usage on our Sites, please adjust the settings in your browser to block cookies.
- If you do disable cookies from your browser, you may not be able to access certain sections of the Sites that use essential cookies, and this may make your experiences on the Sites less efficient.
YOUR RIGHTS REGARDING YOUR INFORMATION
Please see our Provisions for California Residents below for additional details regarding how California State residents can delete and/or access their Personal Data.
- Opting Out.
- You may choose not to receive future promotional, advertising, or other Sites-related emails from us by sending us an email to: [email protected], or selecting an unsubscribe link at the bottom of each email that we send. Please note that even if you opt out of receiving the foregoing emails, we may still send you a response to any “Contact Us” request as well as administrative emails (for example, in connection with a password reset request) that are necessary to facilitate your use of our Sites and notifications regarding your orders.
- Correcting and Updating Information.
- If you are a registered user of our Sites, you can access and edit your Account Information online by clicking the “My Account” button on the Sites. You may also have any Personal Data you have provided revised by sending us an email to [email protected].
- Removing Information.
- As noted above, we have standard retention practices with respect to the Personal Data we collect. If you would like to request any earlier removal of your Personal Data, you can email us at: [email protected].
- Please note that we may not be able to completely remove Personal Data from our systems in certain circumstances. This will be true if the data is not in searchable format, if it is retained in backup systems or cached or archived pages, if we need it in order to prevent fraud or future abuse, or if we are required by law to keep it.
- Any deletion request will not impact our ownership rights or continued processing of Derived Data to the extent permitted by law.
HOSTING OF OUR SITES
We do not ourselves host any of our Sites – all hosting is done by third party service providers that we engage. This means that data you provide us or that we collect from you (including any Personal Data) is hosted with such third party service providers on servers that they own or control. Regardless of where such third party service providers are located (and some are located in the US), their servers may be located anywhere in the world (including the US). Your data may even be replicated across multiple servers located in multiple countries. By using any of our Sites, you are consenting to your data being transferred to various third party service providers, possibly around the world (including the US).
OUR SECURITY MEASURES.
We endeavor to safeguard and protect our users’ Personal Data. When users make Personal Data available to us, their Personal Data is protected both online and offline (to the extent that we maintain any Personal Data offline). Where our registration/application process prompts users to enter Sensitive Data (such as credit card information) and when we store and transmit such Sensitive Data, that Personal Data is encrypted with advanced TLS (Transport Layer Security).
Access to your Personal Data is strictly limited, and we take reasonable measures to ensure that your Personal Data is not accessible to unauthorized parties. All our users’ Personal Data is restricted in our offices, as well as the offices of our third-party service providers. Only employees or third-party agents who need user Personal Data to perform a specific job are granted access to user Personal Data. Our employees are dedicated to ensuring the security and privacy of all user Personal Data. Employees not adhering to our firm policies are subject to disciplinary action. The servers that we store user Personal Data on are kept in a secure physical environment. We also have security measures in place to protect the loss, misuse and alteration of Personal Data under our control.
Please be advised, however, that while we take every reasonable precaution available to protect your data, no storage facility, technology, software, security protocols or data transmission over the Internet or via wireless networks can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your Personal Data, and technological bugs, errors and glitches may cause inadvertent disclosures of your Personal Data, and any attempt to breach the security of the network, our servers, databases or other hardware or software may constitute a crime punishable by law. For the reasons mentioned above, we cannot warrant that your Personal Data will be absolutely secure. Any transmission of data at or through the Sites, other Site Offerings or otherwise via the Internet or wireless networks, is done at your own risk.
In compliance with applicable laws, we shall notify you and any applicable regulatory agencies in the event that we learn of an information security breach with respect to your Personal Data. You will be notified via e-mail in the event of such a breach. Please be advised that notice may be delayed in order to address the needs of law enforcement, confirm and determine the scope of network damage, and to engage in remedial measures.
LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS.
Please see our Provisions for California Residents below or additional details regarding our practices related to the collection and use of the Personal Data of California State residents who are under sixteen (16) years of age.
QUESTIONS REGARDING OUR PRIVACY PRACTICES
FILING A COMPLAINT WITH THE FEDERAL TRADE COMMISSION
To file a complaint regarding our privacy practices, please Click Here.
VISITING OUR SITES FROM OUTSIDE THE U.S.; INTERNATIONAL TRANSFERS OF PERSONAL DATA
If you are from Australia, the EU, UK or are otherwise located in the European Economic Area (EEA), we are required to give you information about the transfer of your information outside Australia, the EEA or UK, respectively. If this applies to you, whenever you voluntarily give us your Personal Data, you should understand that your information will be sent by you to the United States and/or the applicable Server Locations. These jurisdictions may not provide the same framework for the protection of Personal Data as Australia, the EEA and UK. By sending us your Personal Data, you are expressly consenting to the transfer of information from your location within Australia, the EEA and UK to our servers in the United States and/or the applicable Server Locations.
In addition, if we send any of your Personal Data to servers located within the EEA and/or UK, if we then transfer your Personal Data from those servers to areas located outside of the EEA and/or UK, we will adopt adequate measures as required by the GDPR and UK-GDPR, respectively (for example, the adoption of standard, approved contractual clauses between us and the recipient).
PRIVACY RIGHTS APPLICABLE TO THE EUROPEAN UNION AND UNITED KINGDOM RESIDENTS
- Right to Access – this is the right to request copies, in a machine readable format, of those portions of your Personal Data that we have collected.
- Right to Correct – this is the right to have Personal Data in our possession or control corrected if it is accurate or incomplete.
- Right to Erasure – this is the right to ask us to delete or remove your Personal Data from our systems.
- Right to Restrict Use – this is your right to block us from using, or to limit the ways we can use, your Personal Data.
- Right to Data Portability – this is your right to request that certain of your Personal Data be transferred to a different provider.
- Right to Object – this is your right to object to our use of your Personal Data, including when we use it for our legitimate interests, including for marketing purposes.
- Questions or Comments Regarding Your Privacy Rights.
- If you have questions relating to the above rights, you can contact us at: [email protected]
- If you are a resident of the EU and are not satisfied with how we have responded to any request that you submit to us regarding the above rights, you may be able to raise your complaint with the Data Protection Authority in your jurisdiction. You can find your national Data Protection Authority here
- For purposes of the GDPR and UK-GDPR, if you are located in the EU or UK, the Data Controller of the information you provide is SpoiledChild Inc., 110 Greene St., Second Floor, New York, NY USA 10012. Our Data Protection Officer may be contacted at [email protected]
- If you are located in the EU, for purposes of the GDPR, you may contact Achieved Compliance Advocacy, our appointed representative in the EU, at the following addresses: [email protected]; or Achieved Compliance Advocacy, Ltd. C/o Renata Kloss, Singel 250, 1016 AB Amsterdam, Netherlands.
- If you are located in the UK, for purposes of the UK-GDPR, you may contact Achieved Compliance Advocacy, our appointed representative in the UK at [email protected]; or Achieved Compliance Advocacy, Ltd. C/o Robert Cain, 40 Oxford Road, High Wycombe, Buckinghamshire, UK HP11 2EE.
- UK residents may also send complaints regarding how we responded to the above requests/how we use your data to the Information Commissioner’s Office (“ICO”) at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Alternatively, the ICO helpline number is: 0303 123 1113 and website is located at: https://www.ico.org.uk
PRIVACY RIGHTS APPLICABLE TO CALIFORNIA RESIDENTS
- Shine the Light.
California Civil Code Section 1798.83 permits our customers who are California State residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. SPOILEDCHILD® will never share, sell, rent, exchange or barter your Personal Data to or with any third-party for financial gain or marketing purposes. Nevertheless, we may, in certain limited instances, share your Personal Data with third parties who perform administrative functions on our behalf. California State residents may request the following information regarding our disclosure of your Personal Data to third parties:
- How your Personal Data was disclosed to third parties;
- A list of certain categories of Personal Data that we have disclosed to certain third parties during the immediately preceding calendar year; and
- A list of certain categories of third parties that received Personal Data from us during that calendar year.
To make such a request, please send an email to [email protected] Please note that we are only required to respond to one request per customer each year.
- California Consumer Privacy Act of 2018 (“CCPA”)..
In addition to the foregoing, if you are a resident of the State of California certain other privacy-related rights may apply to you in accordance with the CCPA, including the right to opt-out of our sale of your personal information, as well as the right to know what personal information about you we have collected, whether your personal information was shared with third-parties in the preceding year and, if so, what categories of personal information were shared, as well as the categories of third parties with whom we shared that personal information.
- Privacy Rights for California Minors in the Digital World.
In addition, if you are a California State resident under eighteen (18) years of age and a registered user, California Business and Professions Code Section 22581 permits you to remove content or Personal Data that you have publicly posted on the Sites. If you wish to remove such content or Personal Data and you specify which content or Personal Data you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal, you will not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or Personal Data you have posted and, as such, there may be circumstances in which the law does not require us to enable removal of content.
- Categories of Information We Collect.
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular CA User or device (“personal information”). In particular, we have collected the following categories of personal information from CA Users within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, telephone number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, postal address, telephone number, passport number, driver's license or State identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|F. Internet or other similar network activity.||Browsing history, search history, information on a CA User's interaction with a website, application or advertisement.||YES|
We obtain the categories of personal information listed above from the following categories of sources (with the specific categories of personal information indicated in parenthesis):
- Directly from our CA Users. For example, from online registration forms that our CA Users submit to us in connection with the products and/or services that we offer by and through the Sites. (Category A, B, C and D)
- Indirectly from our CA Users. For example, through information we collect from our CA Users in the course of providing our products and/or services to them. (Category A, B, C, D and F)
- Directly and indirectly from activity on the Sites. This includes the type of browser that you use (e.g., Safari, Chrome, Internet Explorer), your IP address, the type of operating system that you use (e.g., Windows or iOS) and the domain name of your Internet Service Provider. In addition, we obtain certain Sites-related usage details and analytics as same are collected automatically by us and our third party partners. (Category F)
- When our CA Users interact with us on our social media accounts, including commenting on and/or liking our posts. (Category F)
- From third-parties that interact with us in connection with the products and/or services that we offer to our CA Users. For example, third party entities that assist us in sending direct and electronic mail, removing duplicate information from CA User lists, analyzing data and providing marketing analysis. (Category A, B, C and D)
Use of Personal Information
We may use or disclose the personal information that we collect for one or more of the following business purposes (with the specific categories of personal information indicated in parenthesis):
- To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in connection with your purchase of products and/or services, we will use that information to process your order. (Category A, B, C and D)
- To provide you with information, products or services that you request from us. (Category A, B, C and D)
- To create, maintain, customize and secure your account with us. (Category A, B, C, D and F)
- To provide you with e-mail, direct mail and telemarketing messages concerning certain SPOILEDCHILD® products and/or services, as well as third-party products and/or services, that we believe may be of interest to you. (Category A, B, C, D and F)
- To deliver relevant Sites-related content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. (Category A, B, C, D and F)
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including the Sites’ respective Terms and Conditions. (Category A, B, C, D and F)
- To improve the Sites and better present their respective contents to you. (Category A, B, C, D and F)
- For customer service purposes and to respond to inquiries from you. (Category A, B, C and D)
- For testing, research, analysis and product development. (Category A, B, C, D and F)
- As necessary or appropriate to protect our rights, property or safety, and that of our clients or others. (Category A, B, C, D and F)
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. (Category A, B, C, D and F)
- As described to you when collecting your personal information or as otherwise set forth in the CCPA. (Category A, B, C, D and F)
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us is among the assets transferred. (Category A, B, C, D and F)
We will not collect additional categories of personal information or use the personal information that we collected for materially different, unrelated or incompatible purposes without providing you with notice.
Disclosure of Personal Information
We disclose your personal information for the business purposes set forth above.When we disclose personal information to a service provider, we enter into a contractual relationship that describes the purpose for which such service provider may use the personal information and requires that service provider to both keep the personal information confidential and not use it for any purpose other than the performance of its services under the applicable contract. We may share or sell your personal information to third-parties for marketing purposes, including cross-context behavioral advertising. Please note, we have not shared or sold the personal information of CA Users that we actually know are less than sixteen (16) years of age in the preceding twelve (12) months.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
- Category A Identifiers.
- Category B California Customer Records personal information categories.
- Category C Protected classification characteristics under California or federal law.
- Category D Commercial Information.
- Category F Internet or other similar network activity.
- Category H Sensory data.
We disclose your personal information for a business purpose to the following categories of third parties (with the specific categories of personal information indicated in parenthesis):
- Our affiliates (Category A, B, C, D and F)
- Service providers (Category A, B, C, D and F)
- Third parties who provide certain of the products and/or services featured on the Sites (Category A, B, C, D and F)
- Third parties to whom you authorize us to disclose your personal information in connection with the products and/or services that we provide to you (Category A, B, C, D and F)
Your Rights and Choices
The CCPA provides CA Users (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Opt-Out from the Sale of Your Personal Information
Under these CA Privacy Provisions, you have the right to opt-out of our sale of your personal information with third parties. To exercise your right to opt-out of our selling or sharing your personal information with third parties, please submit a verifiable CA User request to us by either:
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable CA User request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we have shared that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable CA User request, we will delete (and direct our service providers to delete) your personal information from our (their) records, unless an exception applies; provided, however, that in some cases, strictly for regulatory compliance purposes and to better evidence/honor opt-out/unsubscribe requests (and for no other purposes), we may retain certain items of your personal information on a de-identified and aggregated basis in such a manner that the data no longer identifies you.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our obligations in connection with our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech rights, ensure the right of another CA User to exercise her/his free speech rights or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, but only if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with CA User expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Exercising Access, Data Portability and Deletion Rights
To exercise your access, data portability and/or deletion rights described above, please submit a verifiable CA User request to us by either:
- Clicking here
- Emailing us at:[email protected]; or
- Sending us U.S. Mail to: SpoiledChild Inc., 110 Greene St., Second Floor, New York, NY 10012.
We endeavor to act on all opt-out requests as soon as practicable, but in all cases within fifteen (15) business days of the receipt of your request.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable CA User request related to your personal information.You may only make a verifiable CA User request for access or data portability twice within a 12-month period. The verifiable CA User request must:
- Provide sufficient information that allows us to reasonably verify that you are: (1) the person about whom we collected personal information; or (2) an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable CA User request does not require you to create an account with us. We will only use personal information provided in a verifiable CA User request to: (i) verify the requestor's identity or authority to make the request, and (ii) fulfill the request.
- Response Timing and Format
We endeavor to respond to all verifiable CA User requests within forty-five (45) days of the receipt thereof. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding the receipt of your verifiable request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable CA User request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; and/or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Changes to these CA Privacy Provisions
We reserve the right to amend these CA Privacy Provisions in our discretion and at any time. When we make changes to these CA Privacy Provisions, we will notify you by email or through a notice on the Sites’ respective homepages.
- Clicking here
- Emailing us at:[email protected]; or
- Sending us U.S. Mail to: SpoiledChild Inc., 110 Greene St., Second Floor, New York, NY 10012.
We endeavor to act on all opt-out requests as soon as practicable, but in all cases within fifteen (15) business days of the receipt of your request.
PRIVACY RIGHTS APPLICABLE TO NEVADA RESIDENTS
If you are a resident of the State of Nevada and would like to opt-out from the sale of your personal information to any third party data broker, please e-mail us at: [email protected];
PRIVACY RIGHTS APPLICABLE TO CANADIAN RESIDENTS
We are committed to providing transparency to outside parties (which we may electronically communicate with) with respect to our compliance practices associated with Canada’s Anti-Spam Legislation, and its implementing rules and regulations (“CASL”). The types of commercial electronic messages (“CEM”) that we may send from time to time may include: (a) email and/or text messages sent to our current or potential end-users; (b) messages sent to our users’ social media profiles; and (c) CEM sent in connection with your use of the Site Offerings and/or SPOILEDCHILD® products and/or services that we think might be of interest to you.
If you have received a CEM from us, it is because either: (i) you have previously provided your express consent, as required by CASL; (ii) we have your implied consent, strictly as permitted under CASL; or (iii) the type of CEM sent is exempt under CASL. Without limiting the foregoing, a CEM sent by us would be exempt if the CEM or the relationship between you and SPOILEDCHILD® includes any of the following: (A) you have a personal relationship or a family relationship with the SPOILEDCHILD® employee who contacted you; (B) the CEM was sent by SPOILEDCHILD® to you in order to respond to your request or inquiry (including, without limitation, your request for Site Offerings and/or other SPOILEDCHILD® products and/or services); (C) the CEM was sent by SPOILEDCHILD® to you, in order to enforce a legal right or obligation (for instance, if you have an outstanding debt, breached the Terms, etc.); (D) the CEM only facilitates or confirms a transaction; (E) the CEM only provides SPOILEDCHILD® data security information; and/or (F) the CEM only provides information about your ongoing use of the Site Offerings if you have made a purchase during the prior two (2) year period.
If you have received a CEM, and you believe that you should not have, please contact us immediately at:[email protected]; in order to unsubscribe and we will remove your electronic address from our database within ten (10) business days.
PRIVACY RIGHTS APPLICABLE TO AUSTRALIAN USERS
If you have any questions, concerns or complaints in relation to our handling of your Personal Data, you can contact us at: [email protected] you are unhappy with, or have further questions concerning, our handling of your question, concern, or complaint, you may contact the Office of the Australian Information Commissioner (telephone +61 1300 363 992 or email [email protected]).