When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
- These “pixels” gather information and “identifiers” like device identifiers, unique online identifiers, email addresses and other similar information which is used to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes.
Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information.”
HOW WE USE YOUR PERSONAL INFORMATION
We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at email@example.com.
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful requests for information we receive, or to otherwise protect our rights.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by heading to these links:
- Facebook - https://www.facebook.com/settings/?tab=ads
- Google - https://www.google.com/settings/ads/anonymous
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
We do not offer our services or promote our Site to, nor does it intentionally collect or retain personal information from, children who are younger than 18 years of age. Site users are cautioned, however, that the collection of personal information submitted in an e-mail or through the Site will be treated as though it was submitted by an adult, and may, unless exempted from access by Federal or State law, be subject to public access. If you believe your child may have submitted personal information to us without indicating their actual age and would like it removed, please contact us at firstname.lastname@example.org and we will delete it immediately.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
For California residents:
This section applies only to Personal Information that we collect online and offline about California residents when we act as a “business” as defined under the California Consumer Privacy Act of 2018 (“CCPA”). For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA.
California’s California Consumer Privacy Act (“CCPA”) has redefined privacy in the U.S. and created many new rights for California consumers, including the right to opt of the “sale” of their personal information. California’s California Consumer Privacy Act (“CCPA”) has redefined privacy in the U.S. and created many new rights for California consumers, including the right to opt out of the “sale” of their personal information.
At Thuma, we value privacy and support laws that increase transparency and promote privacy. We want to emphasize that we do not monetize your information, and we do not “sell” information in the traditional sense. “Sale” is defined broadly in CCPA to include any transfer of personal information for “valuable consideration”, which also includes transfers that are not considered a “sale” in the traditional sense, such as certain types of advertising.
California ‘Do Not Sell My Info’ notice.
Like many companies online, we work with Google, Facebook and other companies that use information collected from cookies and similar technologies to try to make the ads you see online more relevant to your interests. This is called interest-based or Behavioral advertising. See the Behavioral Advertising section above, for details. Our use of these services may constitute a “sale” of Personal Information as defined under the CCPA. You have several choices with respect to the use of your information for interest-based advertising by:
- Browser settings. Blocking third party cookies in your browser settings.
- Privacy browsers/plug-ins. Using privacy browsers or ad-blocking browser plug-ins that let you block advertising trackers.
- Platform settings. Using the opt-out settings offered by some of the advertising companies that we work with. See above Personal Information section for details.
- Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:
- Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
- Digital Advertising Alliance
- optout.aboutads.info, which will allow you to opt-out of interest based ads served by on websites by participating members
- AppChoices mobile app, available at https://www.youradchoices.com/appchoices, which will allow you to opt-out of interest-based ads in mobile apps served by participating members.
- Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Opting out of cookie consent, which you can do by clicking here.
You will need to apply these opt-out settings on each device from which you wish to opt-out. Not all companies that serve interest-based ads participate in these opt-out programs, so even after opting-out, you may still receive some cookies and interest-based ads from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.
Our sharing of information with Data Providers described above may also constitute “sales” as defined under the CCPA. If you are a California resident you may submit a request to opt-out of this information sharing by submitting your request as outlined below.
Your CCPA rights. As a California resident, you have the following rights as of January 1, 2020:
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information disclosed to each category of third party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out. You can opt-out of any “sale” of your Personal Information as defined in the CCPA.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
- Several of your CCPA rights can be exercised upon request, as further outlined below:
- Disclosure Request. Upon request and when possible, we will disclose the categories and specific pieces of personal information we have collected about you. Additionally, you may also obtain the categories of information about you that we have sold, the categories of third parties to whom the information was sold, and the categories of personal information that we disclosed about you for a business purpose. You may submit these requests via email to email@example.com; or by visiting our opt out form. When such a request cannot be honored, we will advise you accordingly.
- Deletion. If you should wish to cease use of our Site and have your personal data deleted from our Site, then you may submit a request by emailing us at our firstname.lastname@example.org; or by visiting opt out form. When such a request cannot be honored, we will advise you accordingly. Upon receipt of a verifiable request for deletion, we will confirm receipt and will confirm once your personal data has been deleted. To exercise this right via email, simply type the words “Personal Data Deletion” in the subject line of your email.
- Do Not “Sell”. Under CCPA, you have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer's personal information. Certain transfers of personal information in relation to Behavioral Advertising as outlined above may be deemed a “Sale” under CCPA. If you wish to exercise your right to opt out, you may submit a request by emailing us at email@example.com; by visiting our opt out form. Upon receipt of a verifiable opt out request, we will confirm receipt and limit the transfers of your data accordingly. To exercise this right via email, simply type the words “Sales Opt-Out” in the subject line of your email.
We reserve the right to confirm your California residency to process these requests and will need to confirm your identity. Government-issued identification may be required. You may designate an authorized agent to make a request on your behalf by providing a valid power of attorney or other proof of authority acceptable to us in our reasonable discretion, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification. You can submit a request to opt-out of sales of your Personal Information as described above. We cannot process your request if you do not provide us with sufficient information to allow us to understand and respond to it. In certain cases we may decline your request as permitted by law.
‘Shine the Light’ requests. Under California’s ‘Shine the Light’ law, Thuma’s customers who are California residents can request and obtain from us once a year and free of charge a list of all third parties to which Thuma has disclosed certain Personal Information covered by the law during the preceding calendar year for the third parties' direct marketing purposes. If you are a California resident and want such a list, please contact us at firstname.lastname@example.org. For all such requests, you must put the statement "Your California Privacy Rights" in the message field of your request, as well as your name, street address, city, state, and zip code. Please note that we will not accept these requests by telephone, mail or fax, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information. We reserve the right to confirm your California residency before processing these requests.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email@example.com