Effective: October 27, 2021
- 3.1 What is Personal Data?
- 3.2 Personal Data We Collect and How We Collect it
- 3.3 Our Purposes in Collecting Personal Data
- 3.4 Types of Third Parties that May Receive Your Personal Data
2. Purpose and Scope
We are committed to maintaining the accuracy, confidentiality, and security of your Personal Data. This Privacy Statement includes a description of the purposes for which we collect and use Personal Data, the types of Personal Data we collect, the types of third parties to which we may disclose your Personal Data and the purposes for doing so, the rights and choices you have for limiting the use and disclosure of your Personal Data, and how to contact us about our practices concerning Personal Data.
When we refer to “Company” “we” or ‘us” in this Privacy Statement, we are referring to Spiritual Gangster Holdings, Inc.
2.1 Revisions to this Privacy Statement.
2.2 Children Under the Age of 16
Our Website is not intended for children under 16 years of age. No one under age 16 may provide Personal Data in the Website. We do not knowingly collect Personal Data from children under 16. If we learn we have collected Personal Data from a child under 16 without parent consent, we will delete that information. If you believe we might have information from or about a child under 16, please contact us at email@example.com.
California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see the California Residents section for more information.
2.3 Inquiries or Concerns?
We are committed to resolving complaints about our collection or use of your Personal Data. Individuals with inquiries or complaints regarding our Privacy Statement policy should first contact us at firstname.lastname@example.org. We will endeavor to answer your questions and advise you of any steps taken to address the issues raised by you.
3. Our Personal Data Collection and Use
3.1 What is Personal Data?
3.2 Personal Data We Collect and How We Collect It
We may collect and maintain Personal Data regarding Site Visitors and Customers, including information:
- By which you may be personally identified, such as your name, postal address, e-mail address, gender, telephone number, or credit card or other payment information;
- That is about you but individually does not identify you, such as your Internet Protocol (“IP”) address, referring URL, web pages visited, time spent on web pages, cookies, Flash cookies, pixel tags, and server logs; and
- About your internet connection, the equipment you use to access our Website and usage details, and the actions you take on our website.
We collect this information:
- Directly from you when you provide it to us, including when you place an order on our Website, subscribe to our email newsletter, enter a contest or promotion sponsored by us, and contact us;
- Automatically as you navigate the Website (details below); and
- From third parties who process data on our behalf.
- Information We Collect Through Automatic Data Collection Technologies.
As you navigate through and interact with our Website and other content, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including details of your visits to our Website, including location data; logs; the resources that you use access the Website, including your operating system and browser type; and other communication data.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). We do honor Do Not Track signals. Please email us at email@example.com for information on how you can opt out of behavioral tracking on this website and how we respond to specific web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.
The information we collect automatically may include personal information, or we may tie this information to personal information about you that we collect from other sources. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to: Estimate our audience size and usage patterns;
- Store information about your preferences, allowing us to customize our Website according to your individual interests;
- Speed up your searches; or
- Recognize you when you return to our Website.
The technologies we use for this automatic data collection may include:
- Flash Cookies: Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons: Webpages and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We use the following types of cookies to collect information about your browsing activities over time and across different websites following your use of our Services:
- Strictly necessary cookies: These cookies are necessary for our site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
- Performance cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
- Functional cookies: These cookies enable our website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
- Targeting cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
- Social Media cookies: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
3.3 Our Purposes in Collecting Personal Data
The Personal Data we collect is used and disclosed as is necessary to provide services to you and as reasonably required for our business purposes, including:
- To present our Website and its content to you;
- To provide you with information, products, or services that you request from us;
- To fulfill any other purpose for which you provide it;
- To provide you with notices about your orders and subscription;
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- To notify you about changes to our Website or any products or services we offer or provide through it;
- To offer you services and promotions you may be interested in;
- In any other way we may describe when you provide the information; and
- For any other purpose with your consent as required by applicable law.
3.4 Types of Third Parties That May Receive Your Personal Data
We may disclose aggregated information about our Site Visitors or Customers without restriction. Such information does not identify an individual person. We may disclose Personal Data to the following types of third parties:
- Subsidiaries and Affiliates: We may share Personal Data with other members of our corporate group, including affiliates, in order to work with them. For example, we may need to share Customer Information for customer relationship management purposes. We may also transfer Personal Data in the event of an audit or if we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, or liquidation).
- Partners and Affiliated Businesses Not Controlled by Us: We may partner with other companies to market or jointly offer our products or services. We contractually require these third parties to keep Personal Data confidential and use only for the purposes for which we disclose it to them. If you do not wish for your information to be shared in this manner, you may choose not to purchase or specifically express interest in a jointly offered product or service.
- Third Party Marketing Partners: We may share personal information with third party marketing partners for commercial purposes.
- Compelled Disclosure: It may be necessary for us to disclose your Personal Data, either by law, legal process, litigation, or requests from public and governmental authorities. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose Personal Data if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.
4. Rights and Choices
We offer Site Visitors and Customers who provide Personal Data the means to choose how we use the information we collect. To the extent required by applicable law, we obtain opt-in consent for certain uses and disclosures of Personal Data. You have a right to withdraw such consent at any time. We shall make reasonable efforts to accommodate individual privacy preferences.
- Account Profile: To update your account information or have your account deleted, please email firstname.lastname@example.org. Requests to access, change, or delete your information will be handled within 30 days.
- Promotional Offers: If you do not wish to have your information used by the Company to promote our own or third parties’ products or services, you can opt-out by checking the relevant box located on the form on which we collect your data. You can also always opt-out of third party sharing by sending us an email stating your request to email@example.com. You may manage your receipt of marketing and non-transactional communications by clicking the “unsubscribe” link located on the bottom of our newsletter or marketing emails. Additionally, you may send a request specifying your communications preferences to firstname.lastname@example.org. Customers cannot opt out of receiving transactional emails related to orders placed through the Website.
- Targeted Advertising: If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to target-audience preferences, you can contact us for information about how to opt-out at email@example.com. You can prevent the use of Google Analytics relating to your use of our Website by downloading and installing the browser plugin available here. For certain opt-outs to function, you may need to have your browser set to accept browser cookies.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (”NAI”) on the NAI’s website.
Exceptions: We may disclose your Personal Data without offering an opportunity to opt out, when (a) we retain third-party processors to perform services on our behalf and pursuant to our instructions, (b) required by law or legal process, or (c) responding to lawful requests from public authorities, including to meet national security, public interest, or law enforcement requirements.
4.2 EU Persons
- Limited Processing: In accordance with the GDPR (Global Data Protection Regulation), we limit the processing of Personal Data of persons in the EU (“EU Personal Data”) to that which is relevant for the purposes of the particular processing. We do not process EU Personal Data in ways that are inconsistent with the purposes for which the information was collected or subsequently authorized by you. In addition, to the extent necessary for these purposes, we take reasonable steps to ensure that the EU Personal Data we process is (a) reliable for its intended use, and (b) accurate, complete and current. In this regard, we rely on you to update and correct EU Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized. You may contact us at firstname.lastname@example.org to request that we update or correct relevant EU Personal Data. Subject to applicable law, we retain EU Personal Data in a form that identifies or renders you identifiable only for as long as it serves a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by you.
Notice and Consent: If we decide to process EU Personal Data for purposes other than what is necessary to provide services to you or where we believe that your interests may override ours, persons in the EU will receive a notice detailing:
- The type of Personal Data to be processed;
- The purpose for the processing and a description of how the processing is based on legitimate interests;
- The categories of recipients of disclosures of the Personal Data;
- The period for which the Personal Data will be stored or the criteria for determining the period;
- How Customers and Site Visitors can exercise the rights of access, correction, erasure, objection, and the right to withdraw consent;
- The right to file a complaint with an EU Data Protection Authority; and
- Whether the Personal Data will be subject to automated processing and, if so, the logic and the consequences of the processing for the data subject.
Such notices will be clear, conspicuous, and readily available to affected EU Persons. A notice will require an unambiguous, affirmative, opt-in consent to the particular use or processing of the EU Personal Data.
Transfers of Personal Data: With respect to transfers of your Personal Data to third-party data processors, we will:
- Enter into a contract with each relevant data processor,
- Transfer Personal Data to each such data processor only for limited and specified purposes,
- Ascertain that the data processor is obligated to provide the Personal Data with at least the same level of privacy protection as is required by applicable law,
- Take reasonable and appropriate steps to ensure that the data processor effectively processes the Personal Data in a manner consistent with the Company’s obligations under applicable law,
- Require the data processor to notify the Company if the data processor determines that it can no longer meet its obligation to provide the same level of protection as is required by our contract or applicable law,
- Upon notice, including under (e) above, take reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Data by the data processor.
- Access: You generally have the right to access your Personal Data. Accordingly, where appropriate, we provide you with reasonable access to the Personal Data we maintain about you. We also provide you a reasonable opportunity to correct, amend, or delete your information. We may limit these opportunities where the burden or expense of honoring a request would be disproportionate to the risks to your privacy, or where the rights of persons other than you would be violated. Other reasons for denying requests or limiting access include (a) interference with the execution or enforcement of the law or with private causes of action, including the prevention, investigation, or detection of offenses; (b) breaching a legal or other professional privilege or obligation; (c) prejudicing security investigations or grievance proceedings or in connection with succession planning and corporate re-organizations. Please contact email@example.com to request access to your Personal Data. If access cannot be granted, we will respond with a reason for denying your request.
5. Control and Security
5.1 Integrity and Confidentiality
We take reasonable and appropriate measures to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
5.2 Data Breach
If a breach of Personal Data occurs, we will notify the relevant authorities within 72 hours, or as otherwise required by applicable law, subject to likelihood of risk to the Customer or Site Visitor. Affected Customers or Site Visitors will also be notified regarding the breach.
6. Record Keeping
As required by applicable law, we will maintain relevant records of:
- The purposes of Personal Data processing;
- The categories of data subjects and of Personal Data processed;
- The categories of recipients, including those in third countries;
- The countries to which Personal Data will be transferred and the instrument used to provide an adequate level of protection;
- Where possible, the envisaged retention periods for different categories of Personal Data; and
- A general description of the security measures used to protect Personal Data.
These records shall be provided to data protection authorities upon request.
7. Privacy Notice for California Residents
7.1 Information We CollectWe collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
- Identifiers (for example, name, postal address, date of birth, email address, IP address, and online identifiers);
- Categories of personal information as defined by Cal. Civ. Code § 1798.80 (for example, name, signature, Taxpayer Identification Number, telephone number, passport number, driver’s license number, insurance policy number, account numbers);
- Protected classifications under California or federal law (for example, age, citizenship status, national origin or ancestry);
- Commercial information (for example, transaction history);
- Internet or other electronic network activity information, including information on your usage of our Sites;
- Geolocation data;
- Sensory data (for example, audio from call recordings);
- Inferences drawn from any information identified above to create a profile
- Directly from you. For example, from forms you complete or products and services you purchase
- Indirectly from you. For example, from observing your actions on our Website.
7.2 Use of Personal InformationWe may use or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information: We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
7.3 Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
We do not provide these deletion rights for B2B personal information.
7.4 Exercising Your Rights to Know or DeleteTo exercise your rights to know or delete described above, please submit a request emailing us at firstname.lastname@example.org. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to submit a request to know or delete. We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
We will confirm receipt of your request within 10 business days. If you do not receive confirmation within the 10-day timeframe, please contact email@example.com. We endeavor to substantively respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
If you are age 16 or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 15 years old, or the parent or guardian of a consumer less than 13 years old. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing us at: firstname.lastname@example.org
Once you make an opt-out request, we will wait at least 12 months before asking you to reauthorize personal information sales. However, you may change your mind and opt back into personal information sales at any time by emailing us at: email@example.com
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
7.5 Non-DiscriminationWe will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
7.6 Other California Privacy RightsCalifornia’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org
7.8 Contact Information
If you need to access this Policy in an alternative format due to having a disability, please contact email@example.com