Last Updated: April 1, 2023
1. Keeping your information safe
We encourage you to read this Policy carefully. If you have questions, please contact us.
2. About us and this Policy
- If you are a current or former employee or contractor of ours, this Policy does not apply to you. You may contact us about your privacy practices and rights at firstname.lastname@example.org.
- If we receive your information in our role as a service provider to another business, our agreement with that business governs our use of your information. We will refer any questions or concerns of yours to that business.
Because the Platform changes often, this Policy may change over time. Anytime we modify the Policy, we will post a revised version on the Platform and update the Last Updated date above. If you have given us your contact information, we will notify you before any material changes take effect so you have time to review them. (c) Location-specific sections - The Platform operates from the United States, but this Policy applies worldwide. Our practices generally do not differ based on your location, but your rights and choices depend in part on the law where you live. For example, you may have rights under: (1) “GDPR”: implementations of the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679; or (2) “CCPA”: the California Consumer Privacy Act, as amended. As a result, certain sections of this Policy apply to you only if you reside in a particular location:
- California residents should consult the Rights under California law section. If you reside in a U.S. jurisdiction that has enacted a data privacy law similar to CCPA or GDPR, we extend the same rights CCPA grants to California residents to you, except where we specify otherwise.
- Residents of jurisdictions where GDPR applies – such as U.K., EU and Swiss residents – should consult the Rights under GDPR and International Data Transfers sections.
If those sections apply to you, those sections override any contrary descriptions elsewhere in the Policy as they relate to you. If you have questions about your rights under other data privacy laws, please contact us.
3. Information we collect
(a) Information you provide - You may use much of the Platform without providing any information about yourself. However, to use some aspects of the Platform, we will need information about you, such as if you:
- Establish an account
- Purchase products or services
- Contact or communicate with us
- Subscribe or opt-in to our newsletters, alerts, or other communications
- Participate in a contest or promotion or redeem a prize
When you submit information through the Platform, whether provided to enable a service or through product reviews, you are consenting to its collection, use and disclosure in accordance with this Policy. Information you provide us may include personal identifiers. Please note that if you provide sensitive personal information to us, we use it only for our operational business purposes, and we do not disclose it to others for any other purpose. We attempt to limit the amount of sensitive personal information we collect. For instance, make a purchase through our Platform, your payment information, like your full credit card number and any payment-related security information, is only collected and processed our payment processing partners. (b) Information collected when you use the Platform - As you use the Platform, cookies and other technology we use will generate technical data about which features you use, how you use them and the devices you use to access our services. This information may include:
- “Commercial Information” about your orders of products or services from us and interactions with store products.
- “Device Information” related to the device you use to interact with the Platform, such as your IP address, its advertising IDs (which are randomly generated numbers that can be reset through your device’s settings, such as the device’s Apple IDFA or Android Advertising ID), its browser and operating system, its internet service provider, and its settings.
- “Internet Activity” related to your use of the Platform, such as the pages you visit, the sites you use before or after visiting ours, your actions within the Platform, the content or advertisements you interact with, general geolocation information, time stamps and performance logs and reports.
(i) Cookies and other technology - We and third party partners collect personal information on the Platform using cookies, pixel tags or similar technologies. Our third party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services. We may use both session cookies (which are deleted from your device when you exit the Platform) and persistent cookies (which remain on your device for longer or until you delete them manually). A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. If you opt in to email or text messaging from us, cookies may be used to personalize your experience (e.g. send you personalized text messages such as shopping cart reminders).
4. How we use information
Here is detailed explanation of the various reasons for which we use your information, together with practical examples:
To provide our content, services and products to you
- Create and manage your account
- Provide you with customer support and respond to your requests
- Complete your orders
- Communicate with you about our services
To manage your account or fulfill product orders
- Register you on the services to allow you to purchase goods or services
- Administer your account on new features and apps
To improve our services and develop new ones
- Administer focus groups, market studies and surveys
- Review interactions with customer teams to improve our quality of service
- Develop new content and services
To operate advertising and marketing campaigns
- Administer sweepstakes, contests, discounts or other offers
- Text you, after you have given your consent and only until you withdraw it, about offers, including on a personalized basis.
- Customize advertising to you based on technical data and information about you in deidentified or hashed, non-human readable form
- Perform and measure the effectiveness of advertising campaigns on our services and marketing campaigns off of the Platform
- Communicate with you about products or services that we believe may interest you
To prevent, detect and fight fraud and other illegal or unauthorized activities
- Find and address ongoing, suspected or alleged violations of our Terms
- Better understand and design countermeasures against violations of our Terms
- Retain data related to violations of our Terms to prevent against recurrences
- Enforce or exercise our rights; for example, those in our Terms
To ensure legal compliance
- Verify copyright or IP claims
- Comply with legal requirements
- Assist law enforcement
(a) Purposes - We rely on the following purposes to collect and use your information as described in this Policy:
- Commercial purposes: The reason we process your information for purposes 1, 2, 3 and 4 above is to advance your economic interests or our economic interests. These purposes include performing the contract that you have with us, as embodied by our Terms and your orders, which advance our economic interests and yours. For instance, if you order products from us, we use your information to complete your payment and provide your product to you.
- Business purposes: We process your information for purposes 1, 2, 5 and 6 above for operational reasons, in a reasonably necessary and proportionate manner (i.e., for business purposes under CCPA). For instance, we analyze users’ behavior on our services to continuously improve our offerings, we suggest offers we think might interest you and promote our own services, we process information to help keep our members safe and we process data where necessary to enforce our rights, assist law enforcement and enable us to defend ourselves in the event of a legal action.
- Comply with applicable laws and regulations: We process your information for purpose 6 above where it is necessary for us to comply with applicable laws and regulations and evidence our compliance with applicable laws and regulations. For example, we retain traffic data and data about transactions in line with our accounting, tax and other statutory data retention obligations and to be able to respond to valid access requests from law enforcement.
- Consent: From time to time, we may ask for your consent to collect specific information, such as your precise geolocation, or use your information for certain specific reasons, like providing your email address or phone number for direct marketing purposes. In general, you may withdraw your consent by changing your settings (such as browser or device settings) or following instructions provided with information we send you based on the consent you gave us (such as texting ‘stop’ in response to text messages). You may always withdraw your consent at any time – just contact us.
5. Disclosures of information to other
Since our goal is to help you discover great products and services, the principal reason we disclose your information is to maintain and improve your experience of the Platform. This section describes how and why we exchange personal information with contractors and third parties. It also describes exchanges made for certain purposes, like legal reasons and consensual direct marketing. We also disclose deidentified and/or anonymized data for these purposes. (a) Functional disclosures - In addition to the use of trackers described above, we contract with companies or individuals to provide certain services related to the functionality and features of the Platform, including payment processing, email and hosting services, software development, shipping and fulfillment, data management, and administration of contests and other promotions. We refer to them as “contractors.” We may disclose information about you, such as Personal Identifiers, Commercial Information, Internet Activity and Device Information, to contractors as necessary for them to perform their services. Contractors are not permitted to use information about you for any other purpose. In the past twelve (12) months, we have disclosed these types of information to the following types of contractors:
- Analytics providers, namely Google Analytics, to tell us how the Platform is doing, such as which parts interest visitors and how long they visit before leaving. Among other data, they may receive your IP address.
- Various hosting services and data processors to provide the infrastructure of the Platform, such as Cloudflare, which ensures that traffic is from real people, not computers. Among other data, they may receive your IP address.
- Payment providers, namely ShopPay, Amazon Pay, PayPal and Catch, as applicable, to process payments between you and us, such as for subscriptions or products. These providers receive information about your order in order to tie your payment process to your order. We don’t receive all of the information you may provide to them as part of that process (for instance, we don’t receive full payment-account numbers).
- Support providers, namely Gorgeous and AwesomeOS, to provide assistance to you when you request it. They are able to retrieve information about you that is relevant and necessary to your requests, such as account information and order details.
(b) For personalized ads - We share information with advertising partners to make the advertising presented to you more relevant to you. In the past twelve months, we have shared these categories of personal information to personalize advertising:
- Device Information (including Personal Identifiers)
- Commercial Information
- Internet Activity
We have some or all of these categories of personal information with these third parties:
- Attentive Mobile Inc.
- Google LLC
- Microsoft Corporation
- Snap, Inc.
- Meta Platforms, Inc.
- Yahoo Inc.
- Zemanta, Inc.
- Twilio, Inc.
- Taboola, Inc.
- Reddit, Inc.
(c) For legal reasons - Finally, we may disclose personal information:
- In response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us;
- When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company, our users, or others; and in connection with the enforcement of our Terms and other agreements; or
- In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
(d) With your consent or at your request - We may periodically ask for your consent to disclose your information to third parties. Whenever we ask your consent for this reason, we will summarize the purpose and scope of the disclosure. For example, we may offer discounts to you if you consent to join our mailing list or participate in a promotion involving direct marketing communications. In that case, the Platform will display a checkbox near an email submission button explaining that by clicking the button, you agree to share your email with the content provider.
6. How long we retain your information
We retain your information only as long as we need it for the purposes described under How we use information, except when longer retention is required by our compliance policies and efforts toward applicable legal, tax, accounting and regulatory requirements. How long we need information for those purposes varies by category, and even within categories. These retention determinations always consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from its unauthorized use or disclosure, whether we can achieve those purposes without using the personal information. For example, we delete some Internet Activity at some soon as you exit the Platform, whereas we may retain records of your orders for services and products for several years as required by law or contract, such as agreements with our payment processors or under our accounting standards.
7. Your rights
(a) In General - We want you to be in control of your information, so we want to remind you of the following options and tools available to you:
Disallowing Location Data Collection - When you access certain Platform services, like our store locator, or use our Platform on a mobile device, you may consent to share your precise (GPS level) geolocation with us so we can customize your experience and the content you receive. For example, our store locator relies on your location to identify the retail stores nearest you. You may change your location sharing settings at the browser or device level at any time.
Opting Out of Personalized Advertising - You have a choice about participating in personalized advertising. If you wish to opt out, in addition to any location-specific rights that may apply, you have a few options:
- On your mobile device, you can visit https://youradchoices.com/appchoices to learn about and download the Digital Advertising Alliance’s opt-out app, which allows you to opt your mobile device out of personalized advertising from participating companies.
- Your mobile device settings may allow you to limit the use of information from your device; check your operating system documentation for details.
- You can learn more about advertising networks and personalized advertising, and your ability to opt out, by visiting the Digital Advertising Alliance at www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/choices.
In providing you with transparency and access to choice regarding personalized advertising, we are acting in accordance with our commitment to the Digital Advertising Alliance’s Self-Regulatory Principles. You can learn more about these Principles here.(b) Rights under GDPR - This section applies to you only if you reside in a jurisdiction where GDPR applies. For GDPR purposes, the data controller is Good American, LLC. Parties to which we disclose personal data are data processors to us. The purposes and the legal bases for our collecting and processing of personal data under GDPR are generally described under How we use information. The Purposes above generally correspond to a legal basis under GDPR; for example, the basis for our commercial purpose is our legitimate interest. Depending on your jurisdiction’s enactment of GDPR, you may have these rights:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we might not always be able to comply with your request of erasure for specific legal reasons that will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
- Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we might not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You may exercise rights under GDPR as described under Requesting information. If you do not provide personal data to us or withdraw consent for processing personal data, we may not be able to provide you with certain aspects of the Platform. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
(c) International Data Transfers - If you reside outside the United States, we transfer information about you for processing in the United States. By providing information about you to enable Platform services, you consent to the processing of such data in the United States. The transfer of this information to the United States is necessary for the performance of our contract for use of the Platform. When we transfer personal data subject to GDPR outside of Good American, we use standard contract clauses approved by the EU for this purpose, or another appropriate transfer mechanism. Note that U.S. law is not equivalent to GDPR. As of the Last Updated date above, the U.S. has not been deemed an “adequate” jurisdiction under GDPR for the purposes of international data transfers. However, the EU and the U.S. are negotiating the terms of an adequacy determination that may go into effect in the years to come.
(d) Rights under California law - This section applies to you only if you reside in California or another U.S. state where applicable law provides for some or all of these rights, including any analogous rights. Except as noted in this section, we extend these California rights to residents of those states regardless of whether applicable law in those states includes all of these rights. (i) Rights under CCPA - The California Consumer Privacy Act (“CCPA”) provides California consumers with additional rights regarding their personal information (as defined in CCPA). The categories of personal information we collect are generally described in Section 3 above, and depend on how you use the Platform. The categories of third parties to whom we disclose and sell or share personal information are under for personalized ads and with your consent or at your request above. The disclosures under Purposes describe with business purpose or commercial purpose for those disclosures of information. Under CCPA, California consumers have the following rights: (1) Rights to Know, Access, Correct and Delete. You have the right to request that we disclose, correct and delete personal information about you that we have collected. Your right to know includes the personal information we have sold or shared or disclosed for a business purpose or a commercial purpose. Finally, we may deny deletion requests, in whole or in part, with respect to information we reasonably need to:
- comply with legal obligations;
- allow you, other consumers, or us to exercise free-speech rights or other legal rights;
- complete an obligation that you have requested (for instance, if a product you purchased carries a warranty or could reasonably be subject to recall under applicable law); or
- if we use the information only for internal purposes reasonably aligned with consumer expectations.
(2) Rights to Limit and Opt-Out of Sharing/Sale - You also have the right to direct us (1) not to share or sell your personal information and (2) limit our disclosure and use of your sensitive personal information to purposes necessary to provide the Platform to you. To opt out of the sharing of your information, please click or tap [link]. As of the Last Updated date, we have no knowledge of any use of personal information we collect from individuals under the age of 16 for ‘sale’ or ‘sharing’ purposes. (3)Right of No Retaliation - CCPA prohibits us from discriminating against you if you exercise rights under CCPA, except when you opted in to a financial incentive involving certain of your personal information, and subsequently restrict our use of that personal information through a CCPA rights request.
- For example, if we offer you a discount code for consenting to receive marketing emails, and you then require us to delete your email address, we may not honor that discount code.
Your right of no retaliation doesn’t need to be exercised. We never retaliate against anyone exercising their rights under this Policy or CCPA. (4) Preference signals - We are in the process of updating the Platform to honor any global Opt-out preference signal sent from California IP addresses to the Platform through browser or device-level settings, provided the signal complies with CCPA’s requirements. Our goal is for the Platform to automatically respond to compliant signals by opting California residents out of any sharing or sale of their data in a frictionless manner. Please contact us if you believe the Platform collected or processed your information in a manner inconsistent with your opt-out preference signal.(5) Request process for CCPA rights - To submit a CCPA request relating to the foregoing rights, please contact us as described under Requesting information. That section generally applies to requests to exercise CCPA rights. However, in addition:
A California resident's authorized agent may submit CCPA rights request.
- Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described below. We will also ask for proof that the person who is the subject of the request authorized an agent to submit a privacy request on their behalf.
- An authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but consumer verification is not required.
We will acknowledge your request within 10 days, and our goal is to fulfill your request within 45 days. However, we may you that we will require up to 45 further days to fulfill your request, along with an explanation of why our response is delayed. We provide responses in the manner we receive your request (i.e., with an email response to an email request).(ii)Other California law - Because we only give your information to third parties for direct marketing purposes with your consent, and always allow you to opt out of direct marketing communications after opting in, we believe we are not currently required to comply with California Civil Code Section 1798.83. (e) Requesting information - (i) Submitting requests - To exercise a right under this Section 7, please click or tap here or contact us. Your request must:
- provide sufficient information to identify you and the law that applies to you, such as your name, e-mail address, home or work address, or other information we maintain.
- not include social security numbers, driver’s license numbers, third-party account numbers, credit or debit card numbers, or health information.
(ii) Verifying requests- We verify requests by first confirming the source of the request and then by matching the information submitted to the information we maintain. If your request is unclear or we are unable to authenticate your identity, we will respond with direction on how to remedy the deficiencies, in accordance with law that applies to you. If we cannot verify the identity of the individual making the request, we may deny it, in full or in part.(iii) Responses to requests - We will respond to your request as quickly as we can, taking into account the nature of your request and the volume of pending requests. The content of our response will vary with the nature of your request, but will always respond in accordance with any deadlines or requirements specified by the laws that applies to you. Under certain circumstances, we may be unable to provide responsive personal information, such as when disclosure would create a substantial, articulable and unreasonable risk to the security of the information, customers’ account with us, or the security of our systems or networks. We do not disclose account passwords or any other non-personal information that enables access to an account. Please understand, however, that we reserve the right to retain an archive of any deleted information, to the extent permitted by law. We may also retain deidentified or aggregate data derived from information about you.
8. Use by minors
The Platform is intended for adult users. We do not knowingly collect information from anyone under the age of 16, and we do not share or sell information about anyone under 16 without affirmative authorization. If we learn that we have collected information from a child under age 16, we will delete that information as quickly as possible.
- If you are under 16: sorry, but please leave the Platform. If you’ve already sent us information, please contact us us first so we can delete it.
- If you are a parent or guardian of a child under 16 years of age and you believe your child has provided us with information, please contact us
9. Contact us
If you have questions or comments about this Policy, please contact us at email@example.com, PO Box 888 Culver City, CA 90232, or call us at 1-833-229-6099.
Notice of Financial Incentive
From time to time, we may offer you promotional pricing or discounts in exchange for enrolling in our SMS or email marketing messages. By confirming enrollment, you consent to receive our SMS or email messages until you opt out, including any discount codes we offered you. The specific terms of any offer are disclosed at the time the offer is extended. To opt in to emails, a consumer must enter their email address into the form and submit it. To opt in to SMS messages, a consumer must enter their phone number and reply Y to the auto-generated message. To opt out of future email, unsubscribe from our marketing emails by using the unsubscribe link in the email footer at any time. To opt out of future SMS, reply "STOP" to any of our SMS.