EFFECTIVE DATE: April 20, 2021
LAST UPDATED ON: April 20, 2021
- Californian consumers should also refer to our privacy statement https://papaandbarkley.com/privacy-policy/#ccpa under the California Consumer Privacy Act (“CCPA”); and
- European Union residents should also refer to our privacy statement https://papaandbarkley.com/privacy-policy/#gdpr under the General Data Protection Regulation (“GDPR”) and the Privacy and Electronic Communications Directive.
- When we say “we”, “us” and “our”, or “Papa and Barkley” we are referring to Papa and Barkley Essentials, LLC because:
- We determine the manner of and purposes for processing your personal information;
- We are responsible for ensuring we do so in compliance with applicable regulations; and
- Under GDPR, we are a “controller” and under CCPA, we are a “business”.
- When we say “you”, “user” or “individual(s)”, we are referring to the person accessing our websites, purchasing our products and services, and the person whose personal information we are collecting, using and disclosing.
- When we say “processing”, we are referring to the collection, use or disclosure of your personal information.
- When we say “processor” of your personal information, we are referring to organizations that process your personal information on our behalf (service providers).
- What personal information we are collecting and in what circumstances we collect it;
- The purposes for which we collect and use your personal information;
- The organizations with whom we may disclose your personal information and the purpose of such disclosure;
- How long we will retain your personal information;
- How we safeguard your personal information;
- What are your rights and how you can exercise them;
- How we deal with children’s privacy;
1. What personal information do we collect and in what circumstances do we collect it?
We collect your personal information under the following circumstances:
- You provide it to us directly; or
- We collect it by using automated means.
1.1. The personal information you provide us directly
During the various interactions we have with you, you may be required to provide us with personal information. For example, we collect personal information when you create an account, place an order for our products, and subscribe to our email updates. The personal information we collect vary whether you purchase products and services from us or are only a simple user of our website.
The personal information you provide to us directly are the following:
- Identifiers and profile information, i.e., real name, alias, online identifier, IP address, email address;
- Demographic information, i.e., postal address, country of residence, telephone number;
- Payment details, i.e., credit or debit card number, card expiration date, CVV code, check payment information, and billing/payment account address
- Engagement information, i.e., on products and services that you purchase, or the promotional offers that you participate in; information relating to your purchase history; your commercial relationship with us;
- User Content, i.e., content of communications, suggestions, questions, comments, feedback, and other information you send to us, that you provide to us when you contact us, or that you post on our website.
1.2. The personal information we collect automatically when you use our services
During each of your visits to our sites, we collect information about your connection and your browsing activity.
2. For what purposes do we collect, use or disclose your personal information?
We collect personal information for specific purposes, and we limit the processing of your personal information to what is necessary. Unless required by law or for exceptions set out in applicable legislation, we will not process your personal information for a purpose that was not previously-identified without informing you, and without collecting your prior consent when we are required to do so.
We process your personal information for the following purposes:
- Business purposes:
- Auditing our interactions with you (counting ad impressions to unique visitors, verifying positioning and quality of ad impressions);
- Security (detecting security incidents, protecting against malicious or fraudulent activity, and prosecuting offenders);
- To debug and repair our system;
- Performing our services (either by us or by our service provider, e.g., maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payment);
- Internal Research for tech development, e.g., carrying out consumer satisfaction surveys;
- Carrying out satisfaction surveys;
- Management of unpaid bills and disputes.
- Commercial purposes: advancing our commercial or economic interests, to convince you to purchase our products or subscribe to our services, by:
- Sending of information on our activity, on our publications;
- Sending of marketing, advertising and promotional offers relating to our products and services by post, e-mail, mobile notifications, on social networks or any other medium;
- Personalized customer loyalty or prospecting actions;
- Setting up of contests or other promotional operations;
- Collection of customer opinions;
- Development of trade statistics;
- Sharing, exchanging your personal information with business partners so that they may contact you with offers they think might be of interest to you;
- Sending of marketing, advertising and promotional messages relating to the products and services of our partners by postal mail, e-mails, mobile notifications, on social networks or any other medium;
- Setting up of contests or other promotional or event operations with commercial partners.
- Other purposes:
- To verify your identity and for fraud detection;
- To meet our legal obligations;
- To transfer any personal information, we have about you in connection with a merger or sale involving all or part of our business.
3. To whom do we disclose your personal information?
Disclosure happens if we make personal information available within or outside of our organization.
3.1. Disclosure of personal information within our organization
We commit to disclose your personal information to a limited number of individuals within our organization.
The following categories of individuals within our organization may have access to some of your data: our e-commerce team and developers.
Access to your information is based on individual and limited access permissions. Staff who can access personal information are subject to an obligation of confidentiality and are specifically trained in privacy regulations.
3.2. Disclosure of your personal information outside of our organization
In certain circumstances, we may disclose your personal information to external organizations (e.g., our service providers) or public authorities. We do not sell any personal information to third parties for marketing or commercial purposes.
The following entities have access to your personal information:
- Our service providers
Our service providers have access to your personal information for business purposes, for commercial purposes, for managing your subscription, for securing your online payments, for fraud detection, for shipping your orders, and for collecting customer reviews. Your information will be treated with the same level of privacy and security as we are committed to providing, and will not be used for other purposes than that which we authorize.
- Public authorities, judicial or administrative authorities
We may disclose your personal information when we are required or authorized by law to cooperate with local, national or international law enforcement or other authorities for the reporting of and/or investigation of improper or unlawful activities, or if we need to comply with court orders.
For CCPA purposes, we have disclosed your personal information to the categories of recipients listed below in the past 12 months:
- Service providers
4. How long do we keep your personal information?
We will not retain your personal information indefinitely. Our retention periods vary depending on whether we have an ongoing contractual relationship with you (you are an active customer), whether we had a contractual relationship with you in the past (you are an inactive customer) or whether we never have had such a relationship with you (you are a prospective customer).
When retention of your personal information is no longer justified by legal, commercial or customer account management requirements, or if you have made use of a right of erasure, we will securely delete your personal information.
We will retain your personal information long as it is necessary to meet our legal obligations according to the main retention periods for EU Member State law or Union law, we are subject to. Your personal information will be deleted as soon as the purpose for which they were collected is achieved.
As such, we will retain the personal information we collect from you:
- Up to four months after your last visit on our website(s);
- For 1 year after our last contact with you if you are a prospect (e.g. someone who subscribes to the newsletter); and
- For 3 years after you have closed your account.
5. How about children's privacy?
We do not provide services directly to children and proactively collect their personal information.
We do not knowingly collect personal information from anyone under the age of 13.
If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.
6. How do we safeguard your personal information?
Your personal information is important to us, and we take all useful precautions, with regards to the risks created by the processing that we carry out, to preserve the security of your personal information and, to prevent their alteration and damage, or any access by non-authorized third parties. These safeguards include physical, organizational and technical measures.
As we are responsible for your personal information, we implement appropriate technical and organizational measures in accordance with applicable legal provisions, to protect your personal information against alteration, accidental or unlawful loss, use, disclosure or unauthorized access. Safeguards include physical, organizational and technical measures including but not limited to:
- The creation of a unit dedicated to the security of information systems;
- Raising awareness of the confidentiality requirements of our employees who have access to your personal information;
- Securing access to our premises and to our IT platforms;
- The implementation of a general IT security policy for the company;
- Firewalls, anti-virus, strong passwords and software solutions for technical security.
7. What are your rights on your personal information?
Your rights with respect to your personal information depend on the data protection laws applicable to you as a resident of a country, state, or territory. General rights that may apply to you include the right to:
- access your personal information;
- rectify inaccurate personal information;
- erase some or all of the personal information related to you;
- receive a copy of your personal information in a structured, commonly used format or have us transmit it to another business / controller;
- withdraw your consent.
If you are a California resident, your rights and information on how to exercise them are outlined here
If you are a resident of the EU, your rights and information on how to exercise them are outlined here
8. Where is your personal information located?
While you use your services, your personal information may be transferred to multiple locations.
Depending on and as permitted by applicable data protection laws, we will transfer and store your personal information according to the applicable privacy statement which you may find below.
9. What happens if we make changes to this Policy?
If you have any questions or concerns about this Policy, please feel free to contact us at:
Mailing address: Papa and Barkley Essentials, 1190 N. Lake Avenue, Pasadena, CA 91104
Email: [email protected]
ADDITIONAL PRIVACY STATEMENT FOR EU RESIDENTS
1. On what basis do we collect your information?
In short: We must have a valid reason to use your information. One of the reasons we need to collect your personal information is that it is necessary for us to perform our contract with you. Another reason is the fact that we have a legitimate interest that justify the processing, or that we have a legal obligation to process the data. In all other cases, we will process your personal information because we have your consent.
- For some processing activities, we require your prior consent
- You will always be prompted to take clear, affirmative action so that we can ensure that you agree with the processing of your personal information. This action may, for example, take the form of a checkbox or a link that you can click on. For example, we will ask for your consent when you subscribe to our newsletter.
- Before obtaining your consent, we will systematically inform you of the purposes of the processing, and you can choose to consent to certain uses that we will make of your information and to refuse others.
- If you have given us your consent, you may always change your mind, and withdraw your consent at any time and easily; all you need to do is to send us an email at the following address [email protected] or click on the “unsubscribe link” at the bottom of our marketing e-mail communications.
- If you refuse to give us your consent, or decide to withdraw it, you will not suffer any negative consequences and will be able to continue to use the rest of our service, however some functionality or features may be limited.
- If you have given us your consent, and the processing we carry out on your personal information changes significantly, we will collect your consent again.
- When we justify our processing operations on the basis of a contract that we have with you
- Certain processing of your personal information is necessary so that we can perform the service you have asked us to perform.
- We also use this justification if you ask us to take certain actions even before we enter into a contract with you (for example, you want to know if we deliver our products to your country of residence).
- We justify our processing on our contract with you to process all the personal information that is necessary to ship your products, to respond to any queries you may have, and to prepare your customs documents for product exportations where applicable.
- Processing operations that are necessary to meet our legitimate interests
- Legitimate interest is a set of commercial or business reasons that justify that we process personal information about you.
- Our legitimate interests are to comply with our obligations of detection of fraudulent payments and ensuring network and information security.
- We will use legitimate interest only when we have carried out an assessment on the impact that this processing may have on you, and concluded that the processing does not unduly infringe your rights and freedoms. For example, we do not use this justification if we process sensitive data, or when the processing would be unexpected for you, or if we consider it to be too intrusive.
2. What are your rights?
2.1 Your general rights under the GDPR
You have the right to ask us what information we process about you, and ask us to correct it, erase it, restrict it, and ask us to transfer your personal information to another controller in certain circumstances. You can also object to certain processing operations of your personal information, and withdraw your consent at any time.
You have the right to access your personal information and request that it be rectified, supplemented or updated. You can also request the erasure of your data, withdraw your consent, or object to their processing, provided you can justify a legitimate reason. In addition, you can ask to exercise your right to the portability of your data, that is to say the right to ask us to transfer the personal information that you have provided to us to another organization, in a structured, commonly used format.
You can exercise your rights at the following address: Papa and Barkley Essentials, LLC, ATTN: Legal Dept., 1190 N. Lake Avenue, Pasadena, CA 91104.
Before responding to your request, we will verify your identity and / or ask you to provide us with more information to respond to your request, if we have any doubts about your identity. We will do our best to respond to your request within one month, unless your request is particularly complex (for example if your request concerns a large amount of sensitive data). In such a case, we will inform you of our eventual need to extend this response time by two additional months.
2.2 Your right to object to marketing communications
When we use your personal information to contact you for marketing communications, you can object to these communications at any time at the following address: Papa and Barkley Essentials, LLC, ATTN: Legal Dept., 1190 N. Lake Avenue, Pasadena, CA 91104.
In any case, you always have the option to object to the sending of these marketing communications by clicking on the unsubscribe link provided in each e-mail, by going to your online account or by writing to us at the following address: Papa and Barkley Essentials, LLC, ATTN: Legal Dept., 1190 N. Lake Avenue, Pasadena, CA 91104.
2.3 Your right to lodge a complaint
If you think that we are doing something wrong, you can complain to us about it, by contacting our General Counsel/Chief Data Protection Officer. In the event of an unsatisfactory response, you can lodge a complaint with Osano International Compliance Services Limited ATTN: EVWF 25/28 North Wall Quay Dublin 1, D01 H104 Ireland.
3. Is your information transferred outside of the European Union?
The personal information we collect when you use our website as part of our services may be transferred to processor located in other countries, some of which may have legislation on the protection of personal information that is less protective than the GDPR.
ADDITIONAL INFORMATION FOR CALIFORNIAN RESIDENTS
It does not apply to personal information that we collect from you in the course of providing our services when you are an employee, owner, director, manager or entrepreneur of a company, a partnership, a sole proprietorship, a non-profit organization or a public body.
1. What categories of personal information do we collect?
CCPA requires listing categories of personal information we collect. As defined by CCPA, we collect, or have collected in the past 12 months, the following categories of personal information listed below.
The categories of personal information we collect under CCPA are the following:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- Any categories of personal information described in subdivision (e) of Section 1798.80
- Characteristics of protected classifications under California or federal law.
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
- Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
2. How can you exercise your rights of access and deletion?
Subject to certain exceptions and restrictions, you have the right to ask us to delete your personal information or to provide you with information on the personal information that we have collected, our sources of collection, the business and commercial purposes for which this information was collected, and the categories of third parties with whom this information has been shared.
If you are a California resident and wish to exercise these rights, please follow the instructions below:
Mailing address: Papa and Barkley Essentials, LLC 1190 N. Lake Avenue, Pasadena, CA 91104.
Email: [email protected]
If we cannot initially verify your identity, we may request additional information to complete the verification process, such as, for example, a copy of your driver’s license and/or a recent utility or credit card bill. You may designate an authorized agent to exercise your rights on your behalf. We may ask you or the agent to provide proof that the agent has received your authorization to act on your behalf, such as a written and duly signed certificate stating you authorize the agent to act on your behalf.
3. How can you ask us not to sell your personal information?