Caroo is committed to protecting your Personal Information.
As a reminder, Caroo does not request Personal Information via e-mail or telemarketing. If someone contacts you in this manner and requests Personal Information on behalf of Caroo, DO NOT RESPOND! Delete, disregard or hang-up. These questions are not from us. We want your Personal Information to remain private. If you have questions about Caroo’s privacy practices, contact firstname.lastname@example.org or call us at (310) 845-7750.
OUR PRIVACY COMMITMENT TO OUR CUSTOMERS
Effective Date: 5/1/20
California Consumer Privacy Act (“CCPA”) means the California statute intended to enhance privacy rights and consumer protection for residents of California, United States.
General Data Protection Regulation (“GDPR”) means the European Union (“EU”) law on data protection and privacy applicable to individuals within the EU.
Personal Data under the GDPR means any information relating to an identified or identifiable natural person, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
COLLECTION OF INFORMATION
Information You Provide
As part of your use of our Service, we may ask you to provide information directly to us. For example, we collect information when you register an account, communicate or transact with us, or submit feedback on certain products, by way of surveys, testimonials, ratings and reviews or other format through the Service.
When you register for an account with us, we collect information that identifies you personally (whether alone or in combination), such as your name, address, phone number, email address, age, and gender (“Personal Information”). In addition, we may ask you to provide other types of information, such as your relationship status, household information, pet information, product preferences, and shopping habits. You may also choose to voluntarily submit certain other information to us through the Service, including Personal Information, but you are solely responsible for your own Personal Information in instances where we have not requested that you submit such information to us.
When you order products through our Service, we will collect all information necessary to complete the transaction, including your name, credit card information, billing information and shipping information. In some cases, we may collect information that you provide about others, including Personal Information, such as when you refer a friend or a representative at your or another company. We will use the information you provide to fulfill your requests, such as sending information about our Service to your referred email and/or physical address. By using this functionality, you acknowledge and agree that you have the consent from whom you referred, for us to use their information to fulfill your request.
“Anonymous Data” means data that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons. We may create Anonymous Data records from Personal Information by excluding information (such as your name) that makes the data personally identifiable to you. We use this Anonymous Data to analyze request and usage patterns so that we may improve or enhance our Services. We reserve the right to use Anonymous Data for any purpose and disclose Anonymous Data to third parties in our sole discretion. We may also aggregate data and reserve the same rights as we do with all other data we retain.
Information Collected Automatically
When you access our Service, we and our third-party service providers may use a variety of technologies, now and hereafter devised, that automatically record certain usage information about you (“Usage Information”). Usage Information may include your Internet Protocol address (and other unique identifiers for the particular device you use to access the Internet), browser type, your web or application request, your interaction with our Service, the webpage or other feature you were using before you came to our Service, pages of our websites that you visit, information you search for via our Service, access times and dates, and other similar information. We use this information for a variety of purposes, including analyzing and enhancing our products and services, and to help personalize our Service for you. We do not treat this information as Personal Information (except to the extent required by law), although if we combine it with the Personal Information you provide, we will treat the combined information as Personal Information.
The methods that may be used on the Service to collect Usage Information include, but are not limited to:
- Log Information: Log information is data about your use of the Service, such as IP address, browser type, internet service provider, referring/exit pages, operating system, date/time stamps, and related data, which is stored in log files.
- Information Collected by Tracking Technologies: We and our third-party service providers may automatically collect information about your interactions with the Service or emails using various tracking technologies, including cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, device fingerprinting, in-app tracking methods, and other tracking technologies now and hereafter developed (“Tracking Technologies” ).
- Cookies A cookie is a small data file transferred to your computer (or other device) when it is used to access our Service. Cookies may be used for many purposes, including to enable certain features of our Service, to better understand how you interact with our Service and to monitor aggregate usage by visitors and online traffic routing. Cookies may remain on your device for extended periods of time.
- Web Beacons (“Tracking Pixels”) Web beacons are small graphic images, also known as “internet tags” or “clear gifs,” embedded in web pages and email messages. Web beacons may be used to count the number of visitors to the Service, to monitor how users navigate the Service, and to count content views.
- Embedded Scripts An embedded script is programming code designed to collect information about your interactions with the Service. It is temporarily downloaded onto your device from our web server or a third party with whom we work, is active only while you are connected to the Service, and deleted or deactivated thereafter.
- Location-identifying Technologies GPS (global positioning systems) software, geo-filtering, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting relevant content based on your location.
In particular, we have collected the following categories of Personal Information from Caroo consumers within the last twelve (12) months:
|Identifiers – e.g. name, email address, physical address, phone number, online identifiers (such as username or social handle), etc.||Yes|
|Personal characteristics – e.g. self-identified gender, age, etc.||Yes|
|Commercial information – e.g. payment information, purchasing history, product or service interests, product reviews, estimated income, etc.||Yes|
|Internet and network activity – e.g. IP address and location data, device ID, browse history, etc.||Yes|
|Education, professional, or employment related information||Yes|
|Communications with you, e.g. email, chat logs, etc.||Yes|
|Inferences drawn from other information||Yes|
Some information about your use of the Service and certain Third Party Services (defined below) may be collected using Tracking Technologies across time and services and used by us and third parties for purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the Service and certain Third Party Services.
For further information on Tracking Technologies and your choices regarding them, please see “Third Party Services, Features, and Devices” and “Your Choices”, which follow.
Information from Other Sources
USE OF INFORMATION
- to manage our Service, identify you as a user of the Service, and help authenticate any account you create with us;
- to provide our third-party brand partners and other third parties with Anonymous Data regarding aggregate consumer insights such as brand awareness, purchase intent, product ratings, trends, etc.;
- to process your orders and deliver to you the products you order through the Site;
- to communicate with you regarding campaigns, the Service, updates, offers, promotions or events and to deliver third-party product samples we believe may be of interest to you (“Third Party Product Samples”);
- to help us develop, customize, deliver, support and improve our Service, products, Third Party Product Sample offerings, and advertising and to provide you with the best user experience possible;
- to administer promotions, contests, sweepstakes or other offerings;
- to protect the rights or property or security of Caroo or our users, and prevent fraud and other prohibited or illegal activities;
- to respond to your comments, questions, and requests, and provide customer service;
- to send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages;
- for our internal purposes (such as auditing, data analysis, and research to improve our services, and communications);
- as may be disclosed to you at the point of collection;
- to provide gifting or support referrals; and
- to assist in our marketing efforts to attract and retain customers.
SHARING OF INFORMATION
We normally do not share your Personal Information with third parties, but there are certain instances where we might, including but not limited to the following instances.
- With Our Service Providers
We may engage third parties to perform services on our behalf, such as hosting and storage services, software maintenance services, email notifications, database management, analytics, fulfilment services, and other services. These third parties may have access to your Personal Information to perform certain tasks on our behalf but they are not authorized by us to otherwise use or disclose your Personal Information.
We and our third-party service providers, including analytics providers and third-party content providers or advertising partners, may automatically collect certain information whenever you access and use the Services (“Usage Information”).
We may share your Personal Information or your non-personally identifying information with ad
networks for online behavioral advertising purposes.
- With Our Brand Partners
If you choose to submit any information or materials to us including, without limitation, testimonials, ratings and reviews, product feedback, data files, written text, computer software, music, audio files or other sounds, photographs, videos, and other images) (collectively, “Content”), we may share the Personal Information you include in that Content, if any, with our Brand Partners.
- With Our Third Party Payment Processors
For online payments, we use the payment services of [Stripe (https://stripe.com)]; [Braintree Payments (https://www.braintreepayments.com/)]; [PayPal (https://www.paypal.com/us/home)]; and [Pay with Amazon (https://pay.amazon.com/us)]. We also accept or may in the future accept and process other credit cards for payments, including but not limited to; American Express, Visa, Mastercard, and others. For more information on how payments are handled by these payment processors, or to understand the data security and privacy afforded such information, please refer to their privacy policies.
- To Comply with Laws, Legal Process and Authorities and Protect Rights
We may disclose Personal Information or other information about you to government or law enforcement officials, in connection with subpoenas or judicial process, or to any other third party to protect the property and rights of us or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable.
- For Business Transfers
- With Our Affiliates for Internal Business Purposes
We may disclose information about you, including Personal Information, with our affiliates for internal business purposes.
- For Marketing Purposes
We may disclose information about you, including Personal Information, with our affiliates, business partners, and other third parties including, Brand Partners, for their own business purposes, including direct marketing purposes (California residents have certain rights set forth in “Your California Privacy Rights” below).
- With Sponsors and Other Third Parties for Sweepstakes, Contests, Promotions
In addition, if you voluntarily participate in a sweepstakes, contest, rewards program or other promotion through our Site or Service, we may share your information, including Personal Information, with the participating sponsors or with third parties who assist us in using the content or other information you have posted or shared with us. By participating, you agree to the official rules that govern that promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.
- With your Consent
We may disclose information about you, including Personal Information, with your consent or at your direction, or for purposes disclosed at the time you provide the information.
Without limiting the foregoing, in our sole discretion, we may share Anonymous Data (including information collected for purposes of selecting relevant Third Party Product Samples) which does not identify you or de-identified information about you with third parties or affiliates for any purpose.
THIRD PARTY SERVICES, FEATURES, AND DEVICES
Our Service contains content from and hyperlinks to websites, locations, platforms, and services operated and owned by third parties (“Third Party Services”). In addition, our Service contains features that allow you interact with, connect to, or access our Service through certain Third Party Services and third party devices (“Third Party Features”). For example, our service may contain information about you, if you interact with a Third Party Service and you “like” or “share” content over social media through our Service or log into an account that you already have with a third party social networking platform (“SNP”), such as Facebook, Google, Snap, or others via our Service. If you log into an SNP via the Service, you are allowing Caroo to access the Personal Information in your SNP account, as well as other information associated with your SNP account, pursuant to the SNP’s applicable terms and conditions. The information we receive from an SNP may depend on the privacy settings you have with the SNP, which may be accessed through their respective services. Remember that the SNP and other third parties may also have access to your data and use Tracking Technologies to independently collect information about you and solicit Personal Information from you. We are at no obligation to monitor other third parties practices and policies and are not liable for any breach, actions, inactions, policies and practices of any kind.
Our Service also contains Tracking Technologies operated by third parties. For example, analytics services, such as Google Analytics, may use Tracking Technologies on our Service to help us analyze your use of the Service, compile statistic reports on the Service’s activity, and provide other services relating to Service activity and internet usage. Similarly, ad serving services, advertisers, and other third parties may use Tracking Technologies on our Service and Third Party Services to track your activities across time and services, and tailor ads to you based on your activities, which may include sending you an ad on a Third Party Service or third party device after you have left the Service (“Interest-based Advertising”).
For further information on Tracking Technologies and your choices regarding them, please see “Information Collected Automatically” above and “Your Choices” below.
Accessing or Changing Your Information
To view and change Personal Information that you have directly provided to Caroo via the Service, you can contact Caroo by sending an email email@example.com. We may require additional information from you to allow us to confirm your identity. Please note we may retain server/backup copies of all such data, and that we may decline to process change or deletion requests that we deem to be unreasonable, or require disproportionate technical effort, or jeopardize the privacy of others.
Tracking Technologies Generally
You may be able to instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the online services you visit. Browsers offer different functionalities and options so you may need to set them separately. If you do not accept cookies or disable these technologies, however, you may not be able to use all portions of our Site or Service, or all functionality of our Site or Service.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
Analytics and Advertising Tracking Technologies
You may choose whether to receive Interest-based Advertising by submitting opt outs. Some of the advertisers and Service Providers that perform advertising-related services for us and our partners may participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, visithttp://www.aboutads.info/choices and http://www.aboutads.info/appchoices for information on the DAA’s opt out program for mobile apps. Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt out options for their members, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Caroo is not responsible for effectiveness of, or compliance with, any third-parties’ opt out options or programs or the accuracy of their statements regarding their programs.
EU USER’S RIGHTS UNDER THE GDPR.
The GDPR provides users located in the EU under its protection certain rights with respect to their Personal Data collected by us on the Website. Accordingly, Caroo recognizes and will comply with the GDPR and those rights, except as limited by applicable law. The rights under the GDPR include:
- Right of Access: This includes the right to obtain from us your Personal Data and whether it is being processed, along with the purposes of the processing; categories of Personal Data concerned; recipients to whom your Personal Data has been disclosed; the period for which your Personal Data is being stored; and the right to lodge a complaint.
- Right of Rectification: This includes the right to correct inaccurate Personal Data collected and/or stored by us.
- Right of Erasure (“Right to be Forgotten”): This includes the right to have your Personal Data deleted. However, if applicable law requires us to comply with your request to delete information, fulfilment of your request may prevent you from using our services and may result in closing your account.
- Right to Restriction of Processing: This includes the right to request restriction of how and why your Personal Data is used or processed by us.
- Right to Data Portability: This includes the right to receive your Personal Data in a structure, readable format and the right to have your Personal Data transferred.
- Right to Object: This includes the right to object to us processing your Personal Data for reasons such as direct marketing purposes and for scientific or historical research or statistical purposes.
- Right to not be Subject to Automated Decision-Making: This includes the right to not be subject to a decision based solely on automated processing, including profiling, that could have a legal, or similarly significant, effect on you from being made solely based on automated processes.
YOUR CALIFORNIA PRIVACY RIGHTS
Sales of Personal Information
In the preceding twelve (12) months, Caroo has sold Personal Information as defined under the CCPA.
|Identifiers – e.g. name, email address, physical address, phone number, online identifiers (such as username or social handle), etc.|
|Personal characteristics – e.g. self-identified gender, age, etc.|
|Commercial information – e.g. payment information, purchasing history, product or service interests, product reviews, estimated income, etc.|
|Internet and network activity – e.g. IP address and location data, device ID, browse history, etc.|
|Education, professional, or employment related information|
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you
- Our business or commercial purpose for collecting or selling that Personal Information
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
We do not provide these access and data portability rights for B2B Personal Information.
Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these deletion rights for business to business Personal Information.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Emailing us at: firstname.lastname@example.org
- Calling us at: (310) 845-7750
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information at any time (the “right to opt-out”). We do not sell the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.
You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Information provided in an opt-out request to review and comply with the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.
We may share Personal Information as defined by California’s “Shine the Light” law with third parties and/or affiliates for such third parties’ and affiliates’ own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please email us email@example.com or send us a letter to Caroo, 3415 S Sepulveda Blvd Ste 1100 Los Angeles, CA 90034 (Attention: B2C Legal). Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are not required to respond to requests made by means other than through the provided email address or mail address.
We employ reasonable security measures designed to protect your information, including Personal Information, from unauthorized access and disclosure. Please be advised that we cannot guarantee or warrant the security of any information you disclose or transmit to us online and are not responsible for the theft, destruction, unauthorized access by third parties or inadvertent disclosure of your Personal Information.
OTHER GENERAL INFORMATION
Public Posts on the Service
Our Policy Towards Children
We do not knowingly collect Personal Information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) from children under 13 in a manner that is not permitted by COPPA, and do not target our online services to children under 13. If we discover that someone under the age of 13 has provided Personal Information, we will delete such information from our Site and Service to the extent required by COPPA. We encourage parents and guardians to prevent children from submitting information or data on our Service, and to contact us at firstname.lastname@example.org if they believe we have collected Personal Information from children under 13.