- The data we collect and why we collect it;
- How we use that data;
- How we share data; and
- The rights to your data.
Personal Data That We Collect:
We collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes your email which you submit to us through the registration process at the Site.
Non-Personal Or Aggregate Data That We Collect:
When you access our Service, we may automatically collect non-personal data from you, such as IP host address, web pages viewed, browser type, operating system, referring service, search data, device type, page views, usage and browsing habits on the Service and similar data. We may also aggregate demographic data collected from our users (such as the number of users in a particular geographical location) in a manner which does not identify any one individual. We may also aggregate data collected offline in connection with the Service, obtain non-personal data from third party sources and develop aggregate data by anonymizing previously collected personal data.
It is possible at times when collecting non-personal data through automatic means that we may unintentionally collect or receive personal data that is mixed in with the non-personal data. While we will make reasonable efforts to prevent such incidental data collection, the possibility still exists. If you believe that we have inadvertently collected your personal data, please notify us at firstname.lastname@example.org.
We will only use your personal data as described below, unless you have specifically consented to another type of use, either at the time the personal data is collected from you or through some other form of consent from you or notification to you:
- We may share your personal data collected in connection with providing the Service.
- We may use your personal data to respond to your inquires or requests.
- We may share your personal data with third parties to further the purpose for which you provided such data to us (collectively, the “Third Party Vendors”). We urge you to read the privacy practices of all of our Third Party Vendors, as listed below, before submitting any personal data through the Service.
Currently, we share your data with the following third parties:
- We may disclose personal data as required by law or legal process.
- We may disclose personal data to investigate suspected fraud, harassment or other violations of any law, rule or regulation, or the terms or policies for our services or our sponsors.
- We may transfer your personal data in connection with the sale or merger or change of control of Sunhill LLC or the division responsible for the services with which your personal data is associated.
- We may share your personal data with an affiliate of Sunhill LLC who is in the same corporate family as us as long as their privacy practices are substantially similar to ours.
Non-personal data or aggregate data may be used by us for any purposes permitted by law and may be shared with any number of parties, provided that such data shall not specifically identify you.
Cookies and Similar Technologies:
You should be able to control how and whether cookies will be accepted by your web browser. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. Please note if you reject our cookies, many functions and conveniences of our Services may not work properly.
Automatically Collected Data:
When you access the Service or open one of our HTML emails, we may automatically record certain data from your system by using cookies and other types of tracking technologies. This “automatically collected” data may include a unique user ID, device type, device identifiers, browser types and language, referring and exit pages, platform type, version of software installed, system type, the content and pages that you access on the Service, the number of clicks, the amount of time spent on pages, the dates and times that you visit the Service, and other similar data.
Analytics and Conversion Tracking:
We may collect data about your computer, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect data about how visitors use our site. We then use the data to compile reports and to help us improve our site.
Google Analytics collects data anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit https://tools.google.com/dlpage/gaoptout.
We also use Google conversion tracking and/or similar services to help us understand your and other users’ use of the Service.
Please see https://support.google.com/adwords/answer/1722022?hl=en for more information about conversion tracking provided by Google.
The security of your personal data is very important to us. When we collect your personal data online, we use reasonable efforts to protect it from unauthorized access. However, due to the inherent open nature of the Internet, we cannot guarantee that your personal data will be completely free from unauthorized access by third parties such as hackers and your use of our Service demonstrates your assumption of this risk. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the data we collect. Only those personnel who need access to your data in order to perform their duties are authorized to have access to your personal data.
We shall investigate and report data breaches within 72 hours of becoming aware of such breach. When a breach of personal data is likely to result in a high risk to the rights and freedoms of individuals then Sunhill, as Controller, will notify the affected individuals without undue delay.
Your Disclosures In Blogs And Other Social Media:
You should be aware that personal data which you voluntarily include and transmit online on the Service or in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without any restrictions. We are unable to control such uses of your personal data, and by using the Service or any other online services you assume the risk that the personal data provided by you may be viewed and used by third parties for any number of purposes.
Protection for Children:
We generally do not collect personal data from children under the age of 13. If at any time in the future we plan to collect personal data from children under 13, such collection and use, to the extent applicable, shall, when required, be done in compliance with the Children’s Online Privacy Protection Act (“COPPA”) and appropriate consent from the child’s parent or guardian will be sought where required by COPPA. When we become aware that personal data from a child under 13 has been collected without such child’s parent or guardian’s consent, we will use all reasonable efforts to delete such data from our database.
User Access to Personal Data:
You have the right to request access to the personal data we have stored on you. You can do this by contacting us at email@example.com. We will make sure to provide you with a copy of the saved personal data particular to you. In order to comply with your request, we may ask you to verify your identity. We will fulfill your request by sending an electronic copy unless you expressly specify a different method of receipt.
Communications with Sunhill:
Any phone calls and/or text messages delivered to your phone or device may cause you to incur extra data, text messaging, or other charges from your wireless carrier. MESSAGE AND DATA RATES MAY APPLY. You are solely responsible for any carrier charges incurred as a result of phone and/or text communications from ShopperCaddie/ShopperCaddie+.
By using the Service, you expressly consent to receive in-product communications from us (including, without limitation, push notifications on the App).
No Rights of Third Parties:
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
- Users can visit our Website anonymously.
Can change your personal data:
- By emailing us
How does our Website handle Do Not Track signals?
CalOPPA requires us to let you know how we respond to “Do Not Track” (“DNT”) signals. At the moment, there is no uniform industry or legal standard for recognizing or honoring DNT signals; therefore, we do not honor DNT requests at this time.
Does our Website allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking.
Storage and Processing:
If you are using our Services from outside the United States, please be aware that you are sending information (including Personal Data) to the United States where our servers are located. We may transfer data that we collect about you, including personal data, to affiliate entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the EU or other regions with laws governing data collection and use that may differ from United States law, please note that we will not transfer information, including personal data, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.
For EU Users:
We comply with the General Data Protection Regulation as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Sunhill has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.
Disclosures for California Residents
These additional disclosures for California residents apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise those rights. The words used in this section have the meanings given to them in the CCPA, which may be broader than their common meaning. For example, the definition of “personal information” under the CCPA includes your name, but also more general information like age.
Notice of Collection.
The information we collect is described in greater detail above, under the headings Personal Data That We Collect and Non-Personal Or Aggregate Data That We Collect, the categories of personal information that we may have collected as available/disclosed—as described by the CCPA—including in the past 12 months are:
- Identifiers—including name, email address, and IP address;
- Other customer records—address, telephone number, loyalty card information, gift card information, and receipts;
- Demographics—including your age;
- Commercial information—including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- Internet activity—including browsing history, search history, information on your interactions with our Service;
- Geolocation data—including location enabled services such as WiFi and GPS;
- Sensory information—including audio, electronic, visual or similar information; and
- Inferences—including information about your interest, preferences, and favorites.
We obtain the categories of personal information listed above directly from you. For example, when you create an account through the Service, you provide us with personal information like your email address. We also obtain the categories of personal information listed above indirectly from you from observing your actions on our Website. We may use or disclose the personal information we collect for the business purposes described above, under the heading Data Usage, including to provide and manage our Service.
We may disclose the following categories of personal information to third parties for our commercial purposes: Third Party Integration for services. We partner with different types of entities to assist with our daily operations and manage our Services. Please review Data Usage for more detail about third parties we have shared information. OR We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.
Right to Know and Delete.
California residents have the right to request we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies.
To exercise your rights to know or delete described above, please submit a request by email us at firstname.lastname@example.org. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. We will require written proof of the agent’s permission to do so and verify your identity directly.
You may only submit a request to know twice within a 12-month period. If we are unable to verify your identity, we may deny your requests to know or delete. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include your name, email, and other relevant information; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will confirm receipt of your request within 10 business days. We endeavor to substantively respond to verifiable consumer request within forty-five (45) calendar days of receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Right to Opt-Out.
We do not generally sell information as the term “sell” is traditionally understood. However, if and to the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those implemented specifically for interest-based advertising, we will comply with applicable law as to such activity.
Right to Non-Discrimination.
You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.
Shine the Light.
If you are a California resident, you may ask for a notice describing what categories of personal information we share with third parties or affiliates for those third parties or affiliates’ direct marketing purposes and identify the name and address of the third parties that received such personal information. Please submit a written request to email@example.com and specify you want a copy of your California Shine the Light Notice. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
For questions or concerns relating to privacy, we can be contacted at firstname.lastname@example.org.
This policy was last updated on 03/23/2021.