Last Updated: December 16, 2019
This policy describes our practices for collecting, using, maintaining, protecting, and disclosing the personal data we may collect from you or that you may provide when you visit our website located at www.Grannylovesblack.com (our “Website”). This policy applies to the personal data collected through our Website, regardless of the country where you are located.
Data we may collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes username or similar identifier and zip code.
Contact Data includes email address and telephone numbers.
Transaction Data includes details about payments from you and other details of services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, ISP name, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website.
Profile Data includes your username and password, purchases made by you, your interests, preferences, feedback, and survey responses.
Usage Data includes information about how you use our Website, products, and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
How we collect data about you
We use different methods to collect data from and about you including through:
Direct interactions. You may give us information about you by filling in forms or by corresponding with us by email. This includes information you provide when you create an account on our Website; purchase a membership; request marketing to be sent to you; request information about our products or services; enter a competition, promotion, or survey; give us feedback; and when you report a problem with the Website.
Automated technologies or interactions. As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns as specified above. We collect this information by using cookies, server logs, and other similar technologies (see Cookies and automatic data collection technologies).
Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
Technical Data from the following parties:
analytics providers such as Google; and
search information providers such as Google.
Cookies and automatic data collection technologies
Estimate our audience size and usage patterns.
Store your preferences so we may customize our Website according to your individual interests.
Speed up your searches.
Recognize you when you return to our Website.
We do not control how these third-party tracking technologies operate or how they may use the collected data. If you have any questions about an application or other targeted content, you should contact the responsible provider directly.
How we use your personal data
We use your personal data to provide you products, offer you services, communicate with you, deliver marketing, or to conduct other business operations, such as using data to improve and personalize your experiences. Examples of how we may use the personal data we collect include to:
Present our Website and provide you with the information, products, services, and support that you request from us.
Meet our obligations and enforce our rights arising from any contracts with you, including for billing and payment processing purposes or complying with legal requirements.
Fulfill the purposes for which you provided the data or that were described when it was collected.
Notify you about changes to our Website, products, or services.
Ensure that we present our Website content in the most effective manner for you and for your computer.
Administer our Website and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes.
Improve our Website, products or services, marketing, or customer relationships and experiences.
Protect our Website, employees, or operations.
Make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.
We may also use personal data to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your data in this way, please adjust your user preferences in your account profile. For more information, see Your personal data use choices.
We may use nonpersonal data for any business purpose.
Disclosure of your personal data
We may share your personal data with:
Any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, and affiliates.
Business partners, suppliers, service providers, subcontractors, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization, third-party payment gateways and fraud prevention services to process purchases, and third-party identity verification services to verify your identity and age if you are an affiliate). For example, we use Google Analytics to help us understand how our customers use our Website (you can read more about how Google uses your personal data here). You can also optout of Google Analytics here. We contractually require these third parties to keep that personal data confidential and use it only for the contracted purposes.
We may also disclose your personal data to third parties:
If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of that business or those assets.
To a buyer or other successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.
To comply with any court order, law, or legal process, including responding to any government or regulatory request.
To enforce or apply our Terms-of-Service Agreement and other agreements, including for billing and collection purposes.
To protect the rights, property, or safety of our business, our employees, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of cybersecurity, fraud protection, and credit risk reduction.
We may share nonpersonal data without restriction.
Cross-border data transfers
We are based in the United States of America. For operational reasons we may process, store, and transfer the personal data we collect, in and to a country outside your own, with different privacy laws that may or may not be as comprehensive as your own. Where we do so, and where we are required to under local law, we will put in place appropriate mechanisms to ensure that your personal data receives an adequate level of protection where it is processed.
Residents of Canada are notified that the personal data they provide to us is stored in our databases outside of Canada, including in the United States, and may be subject to disclosure to authorized law enforcement or government agencies in response to a lawful demand under the laws of that country. You have the right to complain about our personal data handling practices. You may visit www.priv.gc.ca for more information about your privacy rights.
If you reside in the European Economic Area (EEA) or the United Kingdom (UK), your personal data may be processed outside of the EEA or UK, including, for example, in the United States, so processing of your personal data will involve a transfer of data outside the EEA or UK.
Please note that we have elected to not participate in the EU–U.S. or the Swiss—U.S. Privacy Shield Frameworks. Nevertheless, whenever we transfer your personal data out of the EEA or UK, we will use reasonable efforts to ensure a similar degree of protection is afforded to it by ensuring that the recipient third party agrees to contractual clauses or other appropriate safeguards.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or UK.
If you are not located in the EEA or the UK, by submitting your personal data or engaging with our platform, you consent to this transfer, storing, or processing.
Your personal data use choices
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from the Company. If you do not want us to use your Contact Data to promote our own products and services you can opt out by logging into the Website and checking or unchecking the relevant boxes to adjust your account profile’s user preferences or by sending us an email with your request to Contact Email. You may also opt out of further marketing communications by replying to any promotional email we have sent you or following the opt out links on that message. This opt out does not apply to information provided to the Company as a result of a product purchase, product service experience, or other transactions.
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates, or plug-ins enabling third-party features. If you follow a link to any third-party website or engage a third-party plug-in, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.
Accessing and correcting your personal data
You can access, review, and change your personal data by logging into the Website and visiting your account profile page.
You may also send us an email at Contact Email to request access to, correct, or delete any personal data that you have provided to us. In some cases, we cannot delete your personal data except by also deleting your user account. We may not accommodate a request to change data if we believe the change would violate any law or legal requirement or negatively affect the data’s accuracy.
The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorized access, use, alteration, or disclosure. We store all personal data you provide to use behind firewalls on servers employing security protections. We encrypt all personal data that we collect from you.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to take care when providing information in public areas of the Website like live chats, which any Website visitor can view.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website.
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for seven years after they stop being customers for tax purposes.
In some circumstances you can ask us to delete your data: see Accessing and correcting your personal data.
In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Children’s online privacy
We do not direct our Website to minors and we do not knowingly collect personal data from individuals under 18-years old. If we learn we have mistakenly or unintentionally collected or received personal data from an individual under 18-years old, we will delete it. If you believe we mistakenly or unintentionally collected data from or about an individual under 18-years old, please contact us at Contact Email.
Do Not Track policy
Do Not Track (“DNT”) is a privacy preference that you can set in your browser. DNT is a way for you to inform websites and services that you do not want certain information about your webpage visits collected over time and across websites or online services. We are committed to providing you with meaningful choices about the information it collects and that is why we provide you the ability to opt out. But we do not recognize or respond to any DNT signals as the Internet industry works toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT. For more information about DNT, visit www.allaboutdnt.com.
Your California privacy rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal data. To learn more about your California privacy rights, visit Notice for California Residents.
California’s “Shine the Light” law (Civil Code Section 1798.83) permits our users who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make that request, please send an email to Contact Email.
Further, if you are a California resident and would like to opt out from the disclosure of your personal data to any third party for direct marketing purposes, please send an email to Contact Email. If you opt out from permitting your personal data to be shared, you may still receive selected offers directly from us in accordance with California law.
Your Nevada privacy rights
Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: Contact Email. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Special terms related to the European Economic Area/United Kingdom
If you are in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the following terms apply to you.
Legal Basis for Processing
We may process your personal data because you have given it permission to do so (e.g., by sending data through the Website’s contact or order forms), because the processing is in our legitimate interests and it is not overridden by your rights, or because the Company needs to process your personal data to comply with the law.
Your Rights Under the General Data Protection Regulation (“GDPR”)
If you want to know what personal data we hold about you, to have us remove it, or otherwise to exercise your rights, please contact us at Contact Email. In some cases, you also have the following rights related to your personal data:
The right to access, update, or delete your personal data.
The right to rectification—to have your information altered if it is inaccurate or incomplete.
The right to object to our processing of your personal data.
The right of restriction—to request that we restrict how it processes your personal data.
The right to data portability—to receive a copy of the information we have on you in a structured, machine-readable, and commonly used format.
The right to withdraw consent to our processing of your personal data.
The right to complain to an EEA or a UK data protection authority (a government agency) about our management of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.