Effective Date: June 19, 2020
Our mission is to fuel authentic self-expression. In pursuit of authenticity, it’s important that we are transparent about how we collect, store and use your data (detailed in great length below). We believe trust is something companies have to earn, and protecting your privacy is one of many steps we are taking to do just that. If you have any questions about anything regarding your data or your privacy, feel free to reach out to us at firstname.lastname@example.org.
1. What Information Does the Site Collect?
(a) Information You Provide to Us
On the Site, we or our service providers may ask you to provide certain types of information such as: (1) personally identifiable information, which is information that identifies you personally, such as your first and last name, email address, home address, credit card number and phone number (“Personal Information”); and (2) demographic information, such as information about your gender and age (“Demographic Information”). We may collect this information through various forms and in various places on the Site, including through “contact us” forms, when you purchase products or services from us or if you request to receive our electronic newsletter or when you otherwise interact with the Site. In addition, Personal Information once “De-identified” (i.e., the removal or modification of the personally identifiable elements, or the extraction non-personally identifiable elements including through anonymization, pseudonymization and/or hashing) is not considered Personal Information and may be used and shared by us or other third parties without obligation to you, except as prohibited by applicable law.
(b) Information We Collect and Store As You Access and Use the Site
In addition to any Personal Information or other information that you choose to submit to us via our Site, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect and store certain information whenever you visit or interact with the Site (“Usage Information”). This Usage Information may be stored or accessed using a variety of technologies that may be downloaded to your personal computer, browser, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Site. Usage Information may be nonidentifying or may be associated with you. Whenever we associate Usage Information with your Personal Information, we will treat it as Personal Information. This Usage Information may include:
We may use various methods and technologies to collect and store Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies include, without limitation, the following (and subsequent technology and methods later developed):
We may use Tracking Technologies for a variety of purposes, including:
(c) Information Third Parties Provide About You
(d) Interactions with Third-Party Services
(e) Information You Provide About a Third Party
You may send someone else a communication from the Site, such as sending an invitation to a friend. If so, the information you provide (names, email addresses, mobile number, etc.) is used to facilitate the communication and is not used by us for any other marketing purpose unless we obtain consent from that person or we explicitly say otherwise. Please be aware that when you use any send-to-a-friend functionality on our Site, your email address, mobile number, name or user name and message may be included in the communication sent to your addressee(s).
(f) California / Delaware Do Not Track Disclosures
Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party web sites or online services (e.g., browser do not track signals). Currently, we do not monitor or take any action with respect to these signals or other mechanisms.
2. How Do We Use the Information Collected?
We may use your Personal Information, Demographic Information or Usage Information for various purposes, including the following business purposes:
Where you have provided us with Personal Information or Demographic Information as part of an online application for employment or internship, we may use that information in order to allow us to make an informed decision about whether to proceed with your application. We may, as part of this recruitment process, collect information about your education, employment history and similar matters. Where this Personal Information or Demographic Information is considered to be sensitive, you expressly consent to our processing of this information for recruitment purposes by submitting it to us.
3. How and When Do We Disclose Information to Third Parties?
(a) When You Request Information From or Provide Information to Third Parties. You may be presented with an option on our Site to receive certain information and/or marketing offers directly from third parties or to have us send certain information to third parties or give them access to it. If you choose to do so, your Personal Information and other information may be disclosed to such third parties and all information you disclose will be subject to the third-party privacy policies and practices of such third parties. In addition, third parties may store, collect or otherwise have access to your information when you interact with their Tracking Technologies, content, tools apps or ads on our Site or link to them from our Site. This may include using third party tools such as Facebook, Twitter, Pinterest or other third-party posting or content sharing tools and by so interacting you consent to such third party practices. It may also include ordering or purchasing products from third parties through us where we indicate that the third party rather than us is the seller. We are not responsible for the privacy policies and practices of such third parties and, therefore, you should review such third party privacy policies and practices of such third parties prior to requesting information from or otherwise interacting with them.
(b) Third Parties Providing Services on our Behalf. We may use third-party vendors to perform certain services on behalf of us or the Site, such as: (i) to assist us in Site operations; (ii) to manage a database of customer information; (iii) hosting the Site; (iv) designing and/or operating the Site’s features; (v) tracking the Site’s activities and analytics; (vi) enabling us to send you special offers or perform other administrative services; and (vii) other services designed to assist us in maximizing our business potential. We may provide these vendors with access to user information, including Device Identifiers and Personal Information, to carry out the services they are performing for you or for us. Third-party analytics and other service providers may set and access their own Tracking Technologies on your Device and they may otherwise collect or have access to information about you, potentially including Personal Information, about you. We are not responsible for those third party technologies or activities arising out of them. However, some may offer you certain choices regarding their practices, and information we have been informed of regarding such choices is available in Section 6 below. We are not responsible for the effectiveness of or compliance with any third parties’ opt-out options.
For online payments using credit, debit, Apple Pay, Amazon Pay, PayPal, Venmo and/or Automated Clearing House (ACH) payouts, we use the third party payment services of Stripe (https://stripe.com) and Braintree Payments (https://www.braintreepayments.com). To simplify the ordering process for you on your next order, we save the last four digits of your credit card, the expiration date of your credit card, the credit card type, your first and last name, your shipping and billing address, and a token identifier to match your information to your full credit card number, which is stored by our payment services. We do not store your full credit card number or your CVV2 number (the 3 to 4 digit security code on your card). We do not have access to your full credit card number, PayPal, Venmo or Apple Pay data stored by Stripe or Braintree Payments. For more information on how payments are handled, and to understand the data security and privacy protections afforded to such information, please refer to https://stripe.com/us/privacy and https://www.braintreepayments.com/legal.
(c) Administrative and Legal Reasons. We may access, use, preserve, transfer and disclose your information (including Device Identifiers and Personal Information) to third parties: (i) to satisfy any applicable law, regulation, subpoenas, governmental requests or legal process if in our good faith opinion such is required or permitted by law; (ii) to protect and/or defend the Site’s Terms of Service or other policies applicable to the Site, including investigation of potential violations thereof; (iii) to protect the safety, rights, property or security of the Site or any third party; and/or (iv) to detect, prevent or otherwise address fraud, security or technical issues. Further, we may use IP address or other Device Identifiers, to identify users, and may do so in cooperation with third parties such as copyright owners, internet service providers, wireless service providers and/or law enforcement agencies, including disclosing such information to third parties, all in our discretion, subject to applicable law. Such disclosures may be carried out without notice to you.
(d) Affiliates and Business Transfer. We may share your information, including your Device Identifiers and Personal Information, Demographic Information and Usage Information with our parent, subsidiaries and affiliates. We also reserve the right to disclose and transfer all such information: (i) to a subsequent owner, co-owner or operator of the Site or applicable database; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including, during the course of any due diligence process.
(e) Sweepstakes, Contests and Promotions. We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) through the Site that may require registration. By participating in a Promotion, you are agreeing to official rules that govern that Promotion, which may contain specific requirements of you, including, allowing the sponsor of the Promotion to use your name, voice and/or likeness in advertising or marketing associated with the Promotion. If you choose to enter a Promotion, Personal Information may be disclosed to third parties or the public in connection with the administration of such Promotion, including, in connection with winner selection, prize fulfillment, and as required by law or permitted by the Promotion’s official rules, such as on a winners list.
4. Your California Privacy Rights
This Section applies to any California residents about whom we have collected personal information from any source, including through your use of our Site or by communicating with us electronically, in paper correspondence, or in person. Any terms defined in the CCPA have the same meaning when used in this Section 4. This Section only applies to non-California residents as may be required by applicable state law in your state of residence.
(a) Categories of Personal Information We Collect. We have collected the following categories of personal information from consumers within the last twelve (12) months:
Categories of Personal Information We Collect
Examples of Personal Information We May Collect In Each Category
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, telephone number, account number, name and password, and/or other similar identifiers.
Personal information categories listed in the California Customer Records statute
(Cal. Civ. Code § 1798.80(e)) (i.e., Financial Information):
A name, signature physical characteristics or description, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information,. Some personal information included in this category may overlap with other categories.
Protected classification characteristics
under California or federal law:
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Internet or other similar network activity:
Cookie identifiers, clear gifs (a.k.a. web beacons/web bugs), browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version, and/or other device characteristics including your choice of settings.
GPS data; locational information based upon your IP address; cell network data; and/or other similar locational data; and which may be collected from various devices including your mobile device(s).
Professional or employment-related information:
Current or past job history or performance evaluations.
Inferences drawn from other personal information:
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal information does not include:
(b) Sources of Collected Personal Information and Purposes of Collection and Disclosure. This section describes the sources we collect personal information from and why we collect and, if applicable, share personal information.
Sources of Personal Information
Categories of Personal Information We Collect
Purposes of Collecting and Sharing Personal Information
You, including via our websites, mobile applications, telephone, text message, postal mail, social media, forums, message boards, chatbot, or other means;
Service Providers, which includes customer relationship management providers, analytics providers, hosting providers, systems administrators, and communications delivery services
Nonaffiliated companies, with which we have a business relationship, which includes promotional and joint marketing partners
Other third parties, which includes analytics service providers and other websites and mobile applications, online advertising partners, and other data suppliers;
Categories of Third Parties with Whom We Share Personal Information
Categories of Personal Information We Share
Advertising and Marketing Companies
Social Media Companies
Non-Affiliated Companies, with which we have a business relationship such as in connection with the proposed or actual financing, insuring, sale, securitization, assignment, or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and performing the proposed transaction
(d) Your Privacy Rights. If you are a California resident, subject to certain exceptions set forth under applicable law, you have the following rights under California law with respect to your personal information:
Right to Access.You may have the right to request what personal information we collect, use, disclose, and/or sell, as applicable, and request the information be provided to you in a portable format.
Right to Delete.You have the right to request the deletion of your personal information that is collected or maintained by us.
Right to Opt-Out of Sale.You have the right to request to be opted out from any sales of your personal information by us. This opt-out will not change your preferences with respect to the receipt of marketing and other communications from MeUndies. Information about modifying your communication preferences is set forth in Section 9 below.
Right to Non-Discrimination.You have the right not to be denied goods or services, charged different prices or rates for goods or services, or receive a differing level of quality of goods or services as a result of exercising the above rights.
Right to request information regarding third party direct marketing.
We may elect to share information about you with third parties for those third parties’ direct marketing purposes. California Civil Code § 1798.83 permits California residents who have supplied personal information (as defined in the law) to us to, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of personal information to third parties for their direct marketing purposes. If this law applies to you, you may obtain the categories of personal information shared by us and the names and addresses of all third parties that received personal information for their direct marketing purposes from us during the immediately prior calendar year (e.g., requests made in 2020 will receive information about 2019 sharing activities). To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. To make such a request (limit one request per year), please send an email to: email@example.com with “California Privacy Rights” as the subject line or mail us a letter to: MeUndies Inc., 3650 Holdrege Ave, Los Angeles, CA 90016 (Attn: Privacy). You must include your full name, email address, and postal address in your request.
The rights described above do not apply to certain categories of personal information. The personal information excluded from coverage under the CCPA includes, among other things:
(e) Exercising Your Rights. If you are a California resident and wish to seek to exercise any of the rights in above, please reach us in one (1) of the following ways:
You may also authorize someone to exercise the above rights on your behalf provided we can verify that individual is authorized to act on your behalf. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child. The above rights are subject to our being able to reasonably verify your identity and authority to make these requests. These rights are also subject to various exclusions and exceptions under applicable laws. You may only make a verifiable consumer request for access or data portability twice within a twelve (12)-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. If you are a customer, you may verify your identity through account login. If you are not a customer, you may verify your identity by submitting certain non-sensitive identifiers. To help protect the security of your personal information, we may use a third-party service provider to verify your information, which may include receiving a one-time password via text message. By submitting your mobile phone number for identity verification, you consent to receiving text messages for this purpose. If you are an authorized agent, you may verify your own identity by submitting certain non-sensitive identifiers. To help protect the security of your personal information and the personal information you are requesting, we may use a third-party service provider to verify your information, which may include receiving a one-time password via text message. By submitting your mobile phone number for identity verification, you consent to receiving text messages for this purpose. As an authorized agent, you also may be required to submit a legally sufficient Power of Attorney appointing you to act on behalf of the owner of the personal information you are requesting. Once we receive and confirm your verifiable consumer request, we will disclose to you:
We will not provide financial account numbers, account passwords or security questions and answers, or other specific pieces of personal information if the disclosure presents an unreasonable risk to the security of personal information, customer accounts or our systems and network security.
We may deny your deletion request if retaining the personal information is necessary for us or our service providers to:
We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
(f) Non-Discrimination. We will not discriminate against you for exercising any of your rights. Unless permitted under applicable law, we will not:
5. Your Nevada Privacy Rights
While we don’t sell your personal information now as defined by Nevada law, MeUndies reserves the right to sell personal information to third parties in the future. Nevada S.B.220 allows Nevada residents to opt-out of the sale of their personal information now in the event if we change our policy in the future. If you are a Nevada resident we want you to know that you have choices and can opt-out of MeUndies selling your personal information by contacting us at firstname.lastname@example.org. This may prevent or restrict your use of the Site in the future.
6. Ads and Information About You
7. What About Information I Disclose Publicly?
(a) User Content and Public Information. The Site may permit you to share or otherwise submit ideas, photographs, user profiles, writings, music, video, audio recordings, computer graphics, pictures, data, information about your location, questions, comments, suggestions or other content including Personal Information (collectively, “User Content”). We or others may store, display, reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. Others may have access to this User Content and may have the ability to share it with third parties. Please think carefully before deciding what information you share, including Personal Information, in connection with your User Content. Please note that MeUndies does not control who will have access to the information that you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on the Site or what others do with information you share with them on the Site. We are not responsible for the accuracy, use or misuse of any User Content that you disclose or receive from third parties through the Site.
(b) Name and Likeness. We may also publish your name, voice, likeness and other Personal Information that is part of your User Content, and we may use the content, or any portion of the content, for advertising, marketing, publicity and promotional activities. For full terms and conditions regarding User Content you submit to the Site, please review our Site’s Terms of Service.
(c) User Testimonials. We often receive testimonials and comments from users who have had positive experiences with our products and services. We occasionally publish such content. When we publish this content, we may identify our users by their social media account usernames and publish their social media account profile pictures.
8. Do Third-Party Content, Links to Third-Party Sites and/or Third-Party Apps Appear on the Site?
The Site may contain content, links or apps that are supplied by a third party, and those third parties may collect Usage Information and your Device Identifier when pages from the Site are served to you for their own commercial purposes. In addition, when you are on the Site you may be directed to other sites and apps that are operated and controlled by third parties that we do not control. We are not responsible for the data collection and privacy practices employed by any of these third parties or their sites or apps and they may be tracking you across multiple online services and may be sharing the results of that tracking with us and/or others. These third parties may have their own terms of service, privacy policies or other policies and ask you to agree to the same. For example, if you “click” on a link, the “click” may take you off the Site onto a different location. These other online services may associate their Tracking Technologies with you, independently collect information about you, including Personal Information, and may or may not have their own published privacy policies. We are not responsible for these third-party privacy policies or the practices of Third-Party Owners. Be sure to review any available policies before submitting any personally identifiable information to a third-party application or otherwise interacting with it and exercise caution in connection with these applications. We also encourage you to note when you leave our Site and to review the third-party privacy policies of all third-party locations and exercise caution in connection with them.
9. How Do I Change My Information and Communications Preferences?
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. The Site may allow you to review, correct or update Personal Information you have provided through the Site’s forms, and you may provide updates and changes by contacting us via email at email@example.com. If so, we will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records). Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons.
You may cancel or modify our email marketing communications you receive from us by following the instructions contained within our promotional emails or in some cases by logging into your Site account and changing your communication preferences. This will not affect subsequent subscriptions and if your opt-out is limited to certain types of emails the opt-out will be so limited. Subsequent or different subscriptions will be unaffected. Please note that we reserve the right to send you certain communications relating to your account or use of our Site, such as administrative and Site announcements and these transactional account messages may be unaffected if you choose to opt-out from receiving our marketing communications.
You may agree to receive text messages regarding product offers and promotions (including cart reminders) by MeUndies via automated technology. You are not required to agree to receive text messages to make a purchase. You may, at any time, decide to stop receiving text messages regarding product offers and promotions by MeUndies by replying STOP to any text message you receive from MeUndies. If you need help or assistance with the messages, you may text HELP or call (888) 552-6775. So long as you agree to receive text messages, you will receive messages periodically and generally around four (4) messages per month. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.
10. What About Transfer of Information to the United States?
11. What Should Parents Know About Children?
The Site is a general audience web site and we do not knowingly collect any personal information from children younger than the age of thirteen (13) as required by U.S. law. We will delete any personal information collected that we later determine to be from a user younger than the age of thirteen (13). If you are a parent or guardian of a child under the age of thirteen (13) and believe he or she has disclosed personal information to us, please contact us via email at firstname.lastname@example.org.
12. What About Security?
We endeavor to incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Site and provide us with your information at your own risk.
14. Supplemental Privacy Notice for Residents of the EU and EEA
This Supplemental Privacy Notice provides additional information on how we process personal data (as such term is defined by the GDPR) that we collect or receive from residents of the EU and EEA and provides information as relates to EU users’ rights, and MeUndies’ responsibilities, under the EU General Data Protection Regulation (“GDPR”).
(a) Data Controller and Local Representative. MeUndies is the data controller of your personal data and we are based in the United States and located at MeUndies Inc., 3650 Holdrege Ave., Los Angeles, CA 90016 (Attn: Privacy). If you are located or a resident of the EU and believe that your data protection rights under the GDPR have been infringed, please contact our Privacy Officer who can be reached at email@example.com. If you feel that your request or concern has not been satisfactorily resolved by us, you may also contact your local data protection authority, see: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.
(b) Legal Basis for Processing EU personal data. MeUndies may processes the personal data of EU users based on one (1) or more of the legal bases below:
(c) Data Retention Period. We retain transaction data and other personal data for a period of time that is necessary to fulfill a legitimate business purpose and deleting or de-identifying the information thereafter, except where longer retention periods are required by law. We retain unsubscribe requests permanently to comply with our obligation to refrain from sending marketing emails after receipt of an opt-out request.
(e) Your Rights under the GDPR. You have the following rights under certain circumstances:
These rights may be limited in some situations where we can demonstrate that MeUndies has a legal obligation or legitimate interest to process your personal data.
To exercise your rights explained above, please contact us by email with the details of your request..
15. Supplemental Privacy Notice For Residents of Canada
This Supplemental Privacy Notice provides additional or modifying information on how we manage personal data (as such term defined by PIEPDA) that we receive from residents of Canada. These rights may be limited in some circumstances by local law requirements.
(b) Right to Withdraw Consent. We would like your consent to collect, use and share your personal data for the purposes and in the manner described herein, including in order to contact you and provide you with promotional communications. Nonetheless, we want you to know that you have choices and can refuse or withdraw your consent. In the event that you have already consented to the collection, use and/or disclosure of your personal data, you may subsequently “opt out” at any time, subject to legal or contractual restrictions and reasonable notice, by contacting our Privacy Officer at firstname.lastname@example.org. Our Privacy Officer will also be able to provide you with more information regarding the implications of withdrawing consent. You may also choose to limit how we use your personal data by not allowing us to share such information with third parties by e-mailing us at email@example.com. This may prevent or restrict your use of the Service.
(d) Additional Information. For residents of Canada, you may only use send-to-a-friend functionality to send an invitation to people with whom you have had direct voluntary two way communications, and with whom it is reasonable to conclude you have a personal relationship considering shared interests, experiences, opinions and other relevant factors, or who are family members to whom you are related by marriage, a common-law partnership, or parent-child relationship.