Information you provide us:

If you choose to use or access our Services, you must provide Personal Information in order to do so, this includes: your first & last name, your email address, billing address, mailing address, phone number, and you may provide any food allergies and dietary restrictions you may have; we automatically collect your IP address and the web address of the website you were referred from (if any). If you choose to use or access any of our Services on behalf of your employer, you must also provide your employer’s name and your professional title. This information is used to: (i) register an account and provide login information to the Services, (ii) carry out processing functions including the Services Caroo has been contracted to provide by you or its Client, (iii) enable your purchase of Boxes through completion of the checkout process, (iv) communicate with you by responding to your requests, comments and questions, (v) improve and personalize the Website and Services, (vi) provide you with marketing information regarding our Services, (vii) enable you to submit feedback on certain products via surveys, testimonials, ratings, reviews and various other methods through the Services, and (viii) perform various account functions provided by Caroo. Caroo collects certain Personal Information automatically – to read more about the information we collect automatically, the methods it is collected and how we use it, click here. 

Information we collect from others: 

Whether our Clients (typically your employer, a client of your employer, an event organizer, a vendor sending a client gift, etc.) or another individual sends you a Box, we collect some or all of the following categories of Personal Information: your first & last name, email address, mailing address, and employer name. This information is used to dispatch one or more Boxes to you.

Information shared with our service providers: 

We disclose your email address and mailing address to our logistics and shipping providers for the purposes of dispatching Boxes to you. We may disclose your Personal Information to other third-party service providers to perform services on our behalf, including: email, customer support, hosting and storage, database management, analytics, marketing and advertising, fulfillment and logistics, and payment processing. These sites may have access to your Personal Information to perform certain tasks on our behalf and are not authorized by us to use or disclose your Personal Information for any other purpose. By accessing and using the Services you consent to our sharing of your Personal Information with our service providers. To read more about how we share your information with our advertising partners, click here. 

Email communications with us: 

As part of the Services, we may send you promotional, commercial and informational emails. You may opt out from receipt of these emails and unsubscribe by clicking “unsubscribe” at the bottom of the emails you receive from us. 

Information disclosed pursuant to business transfers: 

If our assets are merged with or purchased by a third party, your Personal Information will be transferred to that third party. 

Information disclosed for our protection and the protection of others:

We may also release your information when we believe release is required to comply with the law, enforce our privacy policy, detect or prevent fraud, security or technical issues, or protect our or others’ rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention. Because our servers that store your information are located in the U.S.A., your information may be available to U.S. government entities or agencies under a lawful court order or other legal process in the U.S. 

Information we share with your consent: 

Except as set forth above, you will be notified when your Personal Information may be shared with third parties and will be able to prevent the sharing of this information. We will share your Personal Information only in the ways that are described in this privacy policy. 

Do we sell your Personal Information? 

We share your Personal Information solely to provide the Services. We do not sell your Personal Information. Any information that we may share outside of providing the Services is anonymized. When we say anonymized, we mean it has been wiped of all information that may be used to identify an individual person. 

Our Services may contain links to other websites that are independent, are not owned or operated by us, and which may incorporate third party information. These third-party websites have separate and independent privacy policies. If you access other websites using links we provide, the operators of these sites may collect information from you; the information they collect will be used by them in accordance with their privacy policies and terms of service, which differ from ours. We therefore have no responsibility or liability for the content and activities of other websites, even if they are linked to our Services. This privacy policy does not cover information collected on third party websites. We encourage you to carefully review the privacy policies of any third-party websites you access. 

Caroo respects your Personal Information and the control you may retain over it. Upon request, we will confirm whether we hold or are processing any of your Personal Information. You may change your personal information (except your username) by logging into your account. You may delete your Personal Information by contacting us and requesting deletion of your account. Please note that Caroo may retain some of your Personal Information for a period in order to comply with our internal record keeping policy. If you are located in the European Union or domiciled in California, click here to read about specific rights related to your location or domicile.

How we protect your information:

We will take reasonable precautions to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. 

How to contact us with questions: 

If you have any questions about this privacy policy, feel free to email us at privacy@caroo.com.

Information Collected Automatically 

When you use or access our Services, we and our third-party service providers may use a variety of technologies that automatically record certain usage information about you (“Usage Information”), some of which may be Personal Information. Usage Information may include your Internet Protocol address (and other unique identifiers for the particular device you use to access the Internet), browser type, your web or application request, your interaction with our Website, the webpage or other feature you were using before you came to our Website, pages of our Website that you visit, information you search for via our Website, access times and dates, and other similar information. We use this information for a variety of purposes, including analyzing and enhancing our products and services, and to help personalize our Services for you. We do not treat this information as Personal Information (except to the extent required by law); although if we combine it with the Personal Information you provide, we will treat the combined information as Personal Information. 

The methods that may be used on the Service to collect Usage Information include, but are not limited to: 

Log Information: Log information is data about your use of the Service, such as IP address, browser type, internet service provider, referring/exit pages, operating system, date/time stamps, and related data, which is stored in log files. 

Information Collected by Tracking Technologies: We and our third-party service providers may automatically collect information about your interactions with the Service or emails using various tracking technologies, including cookies, web beacons (also known as tracking pixels), embedded scripts, location-identifying technologies, device fingerprinting, in-app tracking methods, and other tracking technologies now and hereafter developed (“Tracking Technologies”). 

Cookies: A cookie is a small data file transferred to your computer (or other device) when it is used to access our Service. Cookies may be used for many purposes, including to enable certain

features of our Service, to better understand how you interact with our Service and to monitor aggregate usage and online traffic routing. Cookies may remain on your device for extended periods of time. 

Web Beacons/Tracking Pixels: Web beacons are small graphic images, also known as “internet tags” or “clear gifs,” embedded in web pages and email messages. Web beacons may be used to count the number of users of the Service, to monitor how users navigate the Service, and to count content views. 

Embedded Scripts: An embedded script is programming code designed to collect information about your interactions with the Service. It is temporarily downloaded onto your device from our web server or a third party with whom we work, is active only while you are connected to the Service, and deleted or deactivated thereafter. 

Location-identifying Technologies: GPS (global positioning systems) software, geo-filtering, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting relevant content based on your location. 

Device Fingerprinting: Device fingerprinting is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your device and applications. 

How we respond to Do Not Track signals: 

Do Not Track is a privacy preference that users can set in some web browsers to signal their preference regarding potential tracking by third-party websites. While the United States Federal Trade Commission has endorsed Do Not Track, our Website does not currently support Do Not Track codes. However, except as otherwise stated in this privacy policy, our Website limits tracking to the uses described in this privacy policy. Our Sites do not track your use across multiple websites, however, other websites to which we link may. Please review their privacy policies to understand how you may be tracked. For more information on “Do Not Track,” visit http://www.allaboutdnt.com. 

Do we share your Personal Information for advertising purposes? 

We and our third-party service providers, including analytics providers, third-party content providers and advertising partners, may automatically collect Personal Information whenever you access and use the Services. Additionally, these third-party marketing services (including Google, Facebook, LinkedIn and Bing) use cookies and device identifiers to serve ads based on your previous visits to our Website. You may opt-out of Google’s use of cookies and device identifiers by visiting Google’s Ad Settings at http://www.google.com/settings/ads and you may opt-out of Google Marketing Platform’s use of cookies by visiting the Google Marketing Platform opt-out page here https://www.google.com/settings/ads/onweb#display_optout. You may opt-out of additional third-party providers’ use of cookies by visiting the Network Advertising Initiative opt-out page at http://www.networkadvertising.org/managing/opt_out.asp or control the use of device identifiers by changing your device’s settings. You may also visit each advertising partner’s website to learn how opt-out.

California privacy rights: 

California residents have certain privacy rights as specified under California law, including the California Consumer Privacy Act of 2018 (“CCPA”). Caroo collects various categories of Personal Information when you or your employer use the Services. The applicable sections above state the Personal Information we 

have collected and disclosed to third parties within the past 12 months. If you are a resident of California, you have the right to know what Personal Information has been collected about you, and to access that information. You have the right to request deletion of your Personal Information, though exceptions under the CCPA may allow Caroo to retain and use certain personal information notwithstanding your deletion request. 

In addition to our collection of your Personal Information, we may engage certain third parties to perform a function or provide services our behalf; this has been detailed above in the “How, and with whom, your information is shared” section. Caroo may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. Caroo requires these third parties to maintain the privacy and security of the Personal Information they process on our behalf. 

Caroo does not sell your Personal Information when you use the Services and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. 

Caroo will not discriminate against you for exercising any of your CCPA rights; however, please note we will not be able to provide our Services to you without certain Personal Information. 

In certain cases, Caroo collects and processes your personal information at the contractual obligation of one of our Clients. To respond to a verified request Caroo may be required to provide notice of your request to the applicable Client, and to follow the Client’s instructions as they relate to carrying out your request. Caroo cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you; to this end, we may request certain Personal Information so that we may verify your identity. We will only use Personal Information provided by a verifiable consumer request to verify the requestor’s identity or authority to make the request. 

To exercise your rights under the CCPA please submit a verifiable consumer request to Caroo by either filling out an online call back form here (we will call you back toll-free) or emailing us at privacy@caroo.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access to your data twice within a twelve (12) month period. Your verifiable consumer request must: (i) be made by a natural person, (ii) provide sufficient information to allow Caroo to reasonably verify your identity and that you are the person about whom we collected personal information, or you are an authorized representative, and (iii)

describe your request with sufficient detail that allows Caroo to properly understand, evaluate, and respond to your request. 

European transfer of your Personal Information and privacy rights: 

Given that the internet operates in a global environment and that, if you are outside of the United States, transfer of your data is necessary for you to use any of our Services or request information from us, using the Internet to collect and process Personal Information necessarily involves the transmission of data on an international, or cross-border, basis. By accessing any of the Services, and/or communicating with us by email, you acknowledge and voluntarily provide your express consent to our collection, processing and disclosure of your Personal Information in this way, including our disclosure to Sub-Processors and third parties located in the US and other locations outside the EU. 

For users who are located outside the United States, Personal Information will be transferred outside of each user’s country to the United States where our servers are located and where it will be processed and stored. According to EU data protection authorities, the U.S. does not provide an adequate level of protection for the purpose of providing the Services. We will take all steps reasonably necessary to ensure that Personal Information is treated securely and in accordance with this Privacy Policy in respect of such transfer. By registering for any of the Services you voluntarily and expressly agree to such transfer and disclosure. 

How to contact us with questions: 

Thank you for visiting our Website and reviewing this privacy policy. Once again, if you have any questions about this privacy policy, feel free to email us at privacy@caroo.com.