Effective Date: June 2, 2022
We collect, use, and/or otherwise process certain personal information about you. When we do so we are subject to various U.S. laws, including the CCPA. The following chart summarizes how we may be referred to concerning our personal information practices under various privacy laws:
Regulation Short-Hand Our Title
California Consumer Privacy Act of 2018 (Cal. Civ. Code § 1798.100) “CCPA” “Business”
Virginia Consumer Data Protection Act (Va. Code § 59.1-575) “VCDPA” “Controller”
Colorado Privacy Act (Colo. Rev. Stat. § 6-1-1301) “CPA” “Controller”
Nevada Security and Privacy of Personal Information (NRS § 603A.010) “Nevada Privacy Law” “Operator”
Connecticut Act Concerning Personal Data Privacy and Online Monitoring (Connecticut General Statutes 743dd) “CPDPA” “Controller”
Utah Consumer Privacy Act (S.B. 227) “UCPA” “Controller”
1. Key Terms.
We, us, or Hang Loose Bands, LLC
Contact details email@example.com
Personal information Any information that identifies, relates to, describes, is linked or could be reasonably linked, directly or indirectly, to an identified or identifiable natural person or household.
Sensitive data A category of personal information that includes Social security number, driver’s license number, state identification card, or passport number; account log-ins, financial accounts, debit or credit card numbers in combination with a security or access code, password, or other credentials; precise geo-location; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email or text messages; genetic or biometric data; mental or physical health diagnosis, sexual orientation; or personal data from a known child.
2. Personal Information We Collect About You.
We may collect, use, and share in accordance with applicable privacy law the following categories of personal information that identifies, relates to, describes, is reasonable capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics or samples (such as breath, blood, or urine), or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. YES
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information. Current or past job history or performance evaluations. NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES
This personal information is required to provide products and/or services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing provide products and/or services to you.
3. Notice Concerning Sensitive Data.
We may collect sensitive data about you or your household. We take specific business practices to limit the use and disclosure of sensitive personal data, such as:
• Just-in-time notices at the collection of sensitive data
• Requiring your express consent for the collection of sensitive data
• Aggregating and/or de-identifying the sensitive data.
You may direct us to use this sensitive data only for purposes necessary to perform the service or provide the goods that you request from us, with the exception of the following:
• Collection or processing of sensitive personal data for security purposes;
• Maintaining/servicing accounts; and
• Undertaking activities to verify/maintain the quality of a service
You may also opt out of the use of sensitive data by emailing us at firstname.lastname@example.org.
4. Children Under the Age of 13.
This Website is marketed for, and directed to, purchase by individuals over the age of 13. Individuals under the age of 13 (or the age of majority in their jurisdiction of residence, if different) are not permitted to use the Website without the supervision of a parent or legal guardian.
We do not knowingly collect or solicit personal information from anyone who we know to be under the age of 13, or knowingly allow such persons to use the Website. Should we learn that someone under the age of 18 has personal information through the Website without the verified supervision of a parent or guardian, we will remove that personal information as soon as possible.
If you are under the age of 13, you should not use our Website, register on our Website, make any purchases through our Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use without the verified supervision of a parent or legal guardian. To the extent possible, any personal information from anyone who we know to be under the age of 13 will be destroyed.
If you believe we might have any information from or about a child under 13, please contact us at email@example.com.
We do not knowingly sell the personal information of children under the age of 18.
5. How Personal Information is Collected.
We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website. However, we may also collect information:
• Directly from you when you provide it to us, such as:
o Information that you provide by filling in forms.
• Information provided at the time of registering for services or programs on our Website,
• Creating an account on the Website,
• Entering a contest or promotion,
• Subscribing to our mailing list or other services,
• Providing financial information when placing an order,
• Posting material to one of our social media accounts, and/or
• Requesting further services.
o Records and copies of your correspondence (including email addresses), if you contact us.
o Information collected through email, text, or other electronic messages.
• Through your online activity, such as:
o Browsing our Website,
o Interacting with Website features such as forms, and/or
o Clicking on our advertisements.
• We may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
o Information from tracking technologies, such as browser cookies, flash cookies, or web beacons.
o Details of website visits, such as traffic data, location data, logs, resources used to access the website.
o Information about the user’s computer and internet connection, such as IP address, operating system, or browser type.
• From third parties, such as advertisers, ad networks and servers, content providers, application providers or data brokers.
• Via our IT systems.
6. Cookies & Other Tracking Technology.
A cookie is a small file containing a string of characters that may be sent to your web browser when you visit a website. Cookies might be used for the following purposes: (1) to enable certain functions; (2) to provide analytics; (3) to store your preferences; and (4) to enable ad delivery and behavioral advertising.
Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire at a later time. Cookies placed by the website you’re visiting are sometimes called “first party cookies,” while cookies placed by other companies are sometimes called “third party cookies.”
B. Third-Party Service Providers and Additional Technology
We sometimes utilize third-party service providers to help us track the activity within the Website.
• Remarketing with Google Analytics
• Google Display Network Impression Reporting
• DoubleClick Campaign Manager integration Google Analytics Demographics and Interest Reporting
Third-party vendors, including Google, show our ads across the internet. We use ad-tracking along with third-party vendors. These use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie). Together, these cookies report if you have seen our ads (ad impressions) and how you have interacted with our ads and ad services. We want this information so we can make sure our advertising that you see is relevant to you.
We may also use additional technologies to help track user activities and preferences. The following Information may automatically be received and/or collected from you through the Site: IP address, browser type, browser language, internet service provider (ISP), resource requested, date and time of resource request, and HTTP referring resource (if provided by the browser), operating system, and/or clickstream data. We aggregate this data, and may combine this data with other information we collect about you to better understand how visitors use our site, improving user experience, and to help manage, maintain, and report on use of our website. We also store IP addresses for fraud detection and prevention purposes.
7. Notice Regarding Targeted (Behavioral) Advertising
We partner with third parties such as ad networks and other advertising companies to display advertising on our Website and manage our advertising on other websites. As described above, our third party partners may use technologies such as cookies to gather information about your activities on our Website and other websites (such as web pages you visit and your interaction with our advertising and other communications) in order to make predictions about your preferences and provide you with tailored advertising across the Internet based upon your browsing activities and interests. This information may also be used to evaluate the effectiveness of our online advertising campaigns. Our use of personal information for cross-contextual behavioral advertising purposes constitutes the “sharing” of personal information under the CCPA.
Some of the advertisers and service providers that perform advertising-related services for us and third parties may participate in the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioural Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, visit http://www.aboutads.info/choices, http://www.aboutads.info/appchoices for information on the DAA’s opt-out program for mobile apps.
Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices.
If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, you have the right to opt out of our use of your personal information for the purpose of serving you interest-based ads. Residents of these states may opt-out by emailing us at firstname.lastname@example.org.
To successfully opt out, you must have cookies enabled in your web browser (see your browser’s instructions for information on cookies and how to enable them). Your opt-out only applies to the web browser you use so you must opt-out of each web browser on each computer you use. Once you opt out, if you delete your browser’s saved cookies, you will need to opt-out again. Please note this does not opt you out of being served advertisements. You will continue to receive generic advertisements from us, but the ads will not be targeted based on behavioral information about you and may therefore be less relevant to you and your interests.
We may also partner with third-party service providers to engage in “profiling” which is defined in the VCPA, CPA, and CPDPA as “any form of automated processing performed on personal data to evaluate, analyze, or predict personal aspects related to an identified or identifiable natural person’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.” Residents of Virginia, Colorado, and Connecticut may opt out of processing of your personal information for purposes of profiling by emailing us at email@example.com.
8. Social Media and Third-Party Links
9. Why We Use Personal Information
We use your personal information for a number of reasons, including the following:
• To comply with our legal and regulatory obligations;
• To present the Website and its contents to you;
• To provide you with information or services that you request from us;
• To fulfill any other purpose for which you provide it;
• To take steps at your request before entering into a contract;
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
• For our legitimate interests or those of a third party; or
• In any other way we may describe when you provide the information or for any other purpose with your consent or to comply with applicable law.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal information for and our reasons for doing so:
What we use your personal information for Our reasons
To provide products and/or services to you For the performance of our contract with you or to take steps at your request before entering into a contract
To prevent and detect fraud against you or our organization For our legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for us and for you
To display advertisements to our advertisers’ target audiences. For our legitimate interests or those of a third party, i.e., to efficiently and accurately advertise to you so we can deliver the best service for you at the best price.
Processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator To comply with our legal and regulatory obligations
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies To comply with our legal and regulatory obligations
Ensuring business policies are adhered to, e.g. policies covering security and internet use For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price
Ensuring the confidentiality of commercially sensitive information For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information
To comply with our legal and regulatory obligations
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price
Preventing unauthorized access and modifications to systems For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you
To comply with our legal and regulatory obligations
Updating and enhancing customer records For the performance of our contract with you or to take steps at your request before entering into a contract
To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products
Statutory returns To comply with our legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
Marketing our services to existing and former customers, third parties who have previously expressed an interest in our services and/or third parties with whom we have had no previous dealings. For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers
External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards
To comply with our legal and regulatory obligations
10. Who We Share Your Personal Information With
We routinely share personal information with:
• Contractors, vendors, service providers, and financial service providers we use to help deliver our products and/or services to you;
• Other third parties we use to help us run our business, such as our website host;
• Third parties approved by you, including social media sites you choose to link your account to or third-party payment providers;
• Our attorneys and financial advisors.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors.
We may also disclose your personal information:
• To comply with any court order, law, or legal process, including to respond to any government or regulatory request
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We may provide aggregated, de-identified or other information that is not personally identifiable to third parties for any purpose that complies with applicable law with or without your consent.
11. Notice Regarding the Sale of Your Personal Information or Use for a Business Purpose
In the preceding 12 months, we have not sold your personal information to third parties.
12. Promotional & Marketing Communications
We may use your personal information to send you updates (by email, text message, telephone and/or social media post) about our products and services, including exclusive offers, promotions or new products and services.
We have a legitimate interest in processing your personal information for promotional purposes (see above “Why We Use Your Personal Information”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, such as for Canadian residents, we will ask for this consent separately and clearly.
You have the right to opt out of receiving promotional communications at any time by contacting us at firstname.lastname@example.org or using the “unsubscribe” link in emails.
From time to time, we may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.
13. How Long Your Personal Information Will Be Kept
We will keep your personal information for as long as necessary to fulfill the purposes we collected it for and in accordance with any applicable laws. We will retain and use personal information as long as you have an account with us or we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as is necessary:
• To respond to any questions, complaints or claims made by you or on your behalf;
• To show that we treated you fairly; or
• To keep records required by law.
Under some circumstances, we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
14. Keeping Your Personal Information Secure.
To protect your personal information in our custody or control from theft, unauthorized access, use, modification and disclosure, and to maintain its accuracy and integrity, we have implemented reasonable technical, physical and administrative security measures. These measures include:
• Encrypted payment transactions using SSL or other technology;
• Other measures to secure the personal information from accidental loss and from unauthorized access, use, alteration, and disclosures
Although we have implemented reasonable safeguards, please note that no electronic transmission of information can be guaranteed to be entirely secure. You acknowledge and agree that we are not responsible for the theft, destruction, or inadvertent disclosure of your personal information. In the unfortunate event that your personal information is compromised, we may notify you by e-mail (at our sole and absolute discretion) to the last e-mail address you have provided us in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation.
Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: “Who We Share Your Personal Information with”).
15. Transferring Your Personal Information.
We may transfer personal information that we collect or that you provide as described in this policy to contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this police.
This Website is hosted in the United States. This Website may function in countries other than the United States. If you use the Website from outside the United States and submit your personal information or engage with the Website, you explicitly consent to the transfer, storage, or processing of your personal information in a country other than the United States where laws regarding processing of personal information may differ from the laws of other countries. You are responsible for compliance with the laws of the jurisdiction in which you choose to use the Website.
By submitting your personal information or engaging with the Website, you consent to this transfer, storage, or processing.
16. Certain Rights Under United States State Data Privacy Laws
If you are a resident of the states of California, Virginia, Colorado, Utah, Connecticut, or Nevada, you have certain rights under applicable data privacy laws. Such rights include the following:
A. The Right to Know / Confirm & Right to Access
You have the right to know/confirm whether we are processing your personal data and access any personal data we have processed, including:
• The categories of personal information we have collected about you
• The categories of sources from which the personal information was collected
• Our business or commercial purpose for collecting, selling, or sharing personal information
• The categories of third parties with whom we sell or share personal information, if any; and
• The specific pieces of information we have collected about you
You also have the right to obtain a copy of the personal information you have provided to us in a portable, readily usable format that can be easily transferred to a third party.
Please note that we are not required to:
• Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
• Re-identify, de-aggregate, or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
• Provide the personal information to you more than twice in a 12-month period.
B. The Right to Delete or Correct
You have the right to delete or correct the information we have retained about you. Subject to certain exceptions, on receipt of a verifiable request from you, we will:
• Delete your personal information from our records;
• Direct any service providers to delete your personal information from their records; and
• Correct any inaccuracies in your personal information.
Your request to know or delete may be denied for any reason allowable under applicable state privacy law. For example, we may deny your request to delete if the personal information is necessary for us or a service provider to complete the transaction for which we collected the personal information, comply with a legal obligation, or make other internal or lawful uses of that information that are compatible with the context in which you provided.
C. The Right to Opt-Out
You have the right to opt-out of the following uses of your personal information:
• Targeted (behavioral) advertising, or sharing of personal data, as described above at “Notice Regarding Targeted (Behavioral) Advertising”
• Sale of personal data, as described above at “Notice Regarding the Sale of Your Personal Information or Use for a Business Purpose.”
Additionally, residents of Virginia, Connecticut, and Colorado may opt out of our processing of personal information for the purposes of profiling, as described above at “Notice Regarding Targeted (Behavioral) Advertising.”
We will act upon your request to opt-out no later than 15 days from the date we received the request. Note that we may deny a request to opt-out if we have a good-faith, reasonable, and documented belief that the request is fraudulent or for any other reason allowable under applicable state privacy law. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by contacting us at email@example.com.
D. The Right to Non-Discriminatory Treatment
You have the right to not be discriminated against by us because you exercised any of your rights under the applicable state privacy law. This means we cannot, among other things:
• Deny goods or services to you;
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Provide a different level or quality of goods or services to you; or
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that we may charge a different price or rate or provide a different level or quality of goods and services to you if that difference is reasonably related to the value provided to our business by your personal information, as described above in “Notice Regarding Loyalty Programs and Financial Incentives.”
17. How to Exercise Your Rights
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. If you are a resident of California, Virginia, Colorado, Utah, Connecticut, or Nevada, you may exercise the rights described above, subject to limited exceptions under applicable law.
If you or an authorized representative want to review, verify, correct, or withdraw consent to the use of your personal information you may send us an email at firstname.lastname@example.org to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification. To verify a request, you will need to provide:
• Enough information to identify you;
• Proof of your identity and address; and
• A description of what right you want to exercise and the information to which your request relates.
• If your request is submitted on your behalf by an authorized representative, you may also have to provide a copy of the written authorization contract.
If we are unable to verify your request, we may deny the request or ask you for additional information that is reasonably necessary to authenticate your identity in connection with the consumer request.
Once submitted, you will receive an email within 10 days that we will use to verify your identity and provide confirmation of your request. We will respond to your request to know or delete or correct within 30 days from the day we receive the request. If necessary, we may extend the time period to a maximum of 30 additional days from the day we receive the request. In such case, you will receive an email notifying you of the extension and explaining the reason for the extension. Any disclosure in response to a request to know will cover the 12 month period preceding the business’s receipt of the request and will be delivered in a readily useable format, by mail or electronically at the consumer’s option.
Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
If you are a resident of Virginia, Colorado, or Connecticut, you also have the right to appeal our decision if we deny your consumer request. If we deny your consumer request, you can send an email to email@example.com requesting an appeal of the denial. Within 45 days of receipt of your appeal, we will inform you of the action we took or did not take in response to your appeal. If your appeal is denied, we will provide you with an online mechanism to contact the Attorney General to submit a complaint in your respective state.
We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
• Information that is aggregated or de-identified.
• Information that is part of a formal dispute resolution process.
• Information that is about another individual that would reveal their personal information or confidential commercial information.
• Information that is prohibitively expensive to provide.
If you are concerned about our response or would like to correct the information provided, you may contact our Privacy Officer at firstname.lastname@example.org.
19. How to Contact Us.
• Calling us at: (904) 580-6950
• Emailing us at: email@example.com
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy, please contact our Privacy Officer using the contact information listed above.
20. Do You Need Extra Help?
If you would like this notice in another format (for example, audio, large print, or braille) please contact us via the methods above in “How to Contact Us.”