CA Privacy rights
ITG Brands LLC California Privacy Notice
Effective Date: January 1, 2020; updated as of July 1, 2020
This notice reflects our good faith understanding of the law and our data practices as of the date posted (set forth above), but the CCPA’s implementing regulations recently became final and there remain differing interpretations of the law. Accordingly, we may from time-to-time update information in this and other notices regarding our data practices and your rights, modify our methods for responding to your requests, and/or supplement our response to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.
This California Privacy Notice (“Notice”) applies to “Consumers” as defined by the California Consumer Privacy Act (“CCPA”) as a supplement to ITG Brands LLC’s (“Company” “us” “we” “our”) other privacy policies or notices. In the event of a conflict between any other Company policy, statement or notice and this Notice, this Notice will prevail as to California Consumers and their rights under the CCPA.
This Notice covers our collection, use, disclosure, and sale of California Consumers’ “Personal Information” (“PI”) as defined by the CCPA, except to the extent such PI is exempt from the notice obligations of the CCPA for the twelve months preceding the Effective Date. This Notice also covers rights California Consumers have under the CCPA, as well other notices to Californians required by other laws. The description of our data practices in this Notice, as required by the CCPA, covers only calendar year 2019 and will be updated annually. Our practices in calendar year 2020 may differ, however, if materially different from this Notice. We will also provide pre-collection notice of the current practices, which may include reference to our general privacy policy or other applicable privacy notices, which will reflect current practices.
Consistent with the CCPA, job applicants, current and former employees and independent contractors (“Personnel”), and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, are not considered “Consumers” for purposes of this California Privacy Notice or the rights described herein. However, our Personnel may obtain a separate privacy notice that is applicable to them by contacting our Human Resources department. Publicly availableinfor mation is also not treated as PI under the CCPA, so this notice is not intended to apply to that data and your Consumer privacy rights do not apply to that data.
To aid in readability, in some places we have abbreviated or summarized CCPA terms or language, but a full copy of the CCPA is available here at Title 1.81.5 of the California Civil Code, Sections 1798.100 – .199 for your review, and in some places in this Notice we cite to specific CCPA sections for your reference. Terms defined in the CCPA that are used in this Notice shall have the same meaning as in the CCPA.
You can click on the following blue links to navigate to the different sections in this Notice.
TABLE OF CONTENTS
(A) Sources of PI
(B) Use of PI
(B) Do Not Sell
(C) Delete
(D) Non-Discrimination and Financial Incentive Programs
4. Additional California Notices
(A) Third Party Marketing and Your California Privacy Rights
(C) eCommerce
(D) Supply Chain
5. Contact Us
1.PI WE COLLECT
Based on our 2019 data practices, we give you notice that we collect the following types of PI about California Consumers, and use and share it as set forth below. This notice will be updated annually, and our current privacy notices at the point of collection, and general privacy policies, may reflect more current practices.
The chart above reflects that categories of PI required by the CCPA. There may be additional information that we collect that meets the CCPA’s definition of PI but is not reflected by a category, in which case we will treat it as PI as required by the CCPA, but will not include it when we are required to describe our practices by category of PI.
As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information, and may elect not to treat publicly availableinformation as PI. We have no obligation to re-identify information or keep it longer than we need it to respond to your requests.
A.SOURCES OF PI.
We may collect your PI directly from you or from service providers, vendors and suppliers, our affiliates, or other individuals and businesses, as well as public sources of data such as government databases.
B. USE OF PI.
Generally, we collect, retain, use, and share your PI to provide you services and as otherwise related to the operation of our business. For more detail on our disclosures and sale of PI, see the next section Sharing of PI.
We may collect, use and share the PI we collect for one or more of the following business purposes:
-
Processing Interactions and Transactions (§1798.140(d)(4))
-
Managing Interactions and Transactions (§1798.140(d)(1))
-
Performing Services (§1798.140(d)(5))
-
Research and Development (§1798.140(d)(6))
-
Quality Assurance (§1798.140(d)(7))
-
Security (§1798.140(d)(2))
-
Debugging (§1798.140(d)(3))
Additional business purposes include sharing PI with third parties for other than a sale or one of the foregoing business purposes as required or permitted by applicable law, such as to our vendors that perform services for us, to the government or private parties to comply with law or legal process, to the consumer or other parties at the consumer’s request, for the additional purposes explained in our Privacy Policy, and to assignees as part of a merger or asset sale (“Other Business Purposes”).
Subject to restrictions and obligations of the CCPA, our vendors may also use your PI for some or all of the above listed business purposes. Our vendors may hemselves engage services providers or subcontractors to enable them to perform services for us, which sub-processing is, for purposes of certainty, an additional business purpose for which we are providing you notice.
We may collect and use your PI for commercial purposes, such as for interest-based advertising.
In addition, we may collect, retain, and use PI for the purpose of sharing it as set forth in the next section.
2.SHARING OF PI
We may share PI with our service providers, other vendors (including those that facilitate interest-based and other advertising and marketing), affiliates, and/or third parties to which we sell your PI, including without limitation during calendar year 2019 as follows:
Category of PI
1.Identifiers (as defined in CCPA §1798.140(o)(1)(A))
Categories of Recipients
Business Purpose Disclosure:
-
Managing Interactions and Transactions
-
Performing Services
-
Processing Interactions and Transactions
-
Quality Assurance
-
Research and Development
-
Security
-
Other Business Purposes
Recipients:
-
Analytics Providers
-
External Marketing and Advertising Agencies
-
External Auditors
-
Public Authorities/Government Bodies
-
Service Providers
Sale: Not Sold
Category of PI
2.Personal Records (as defined in CCPA §1798.140(o)(1)(B))
Categories of Recipients
Business Purpose Disclosure:
-
Managing Interactions and Transactions
-
Performing Services
-
Processing Interactions and Transactions
-
Quality Assurance
-
Research and Development
-
Security
Recipients:
-
Analytics Providers
-
External Marketing and Advertising Agencies
-
External Auditors
-
Public Authorities/Government Bodies
-
Service Providers
Sale: Not Sold
Category of PI
3.Personal Characteristics or Traits (as defined in CCPA §1798.140(o)(1)(C))
Categories of Recipients
Business Purpose Disclosure:
-
Managing Interactions and Transactions
-
Performing Services
-
Processing Interactions and Transactions
-
Quality Assurance
-
Research and Development
-
Security
Recipients:
-
Analytics Providers
-
External Auditors
-
Public Authorities/Government Bodies
-
Service Providers
Sale: Not Sold
Category of PI
4.Customer Account Details / Commercial Information (as defined in CCPA §1798.140(o)(1)(D))
Categories of Recipients
Business Purpose Disclosure:
-
Managing Interactions and Transactions
-
Performing Services
-
Processing Interactions and Transactions
-
Quality Assurance
-
Research and Development
-
Security
Recipients:
-
Analytics Providers
-
External Marketing and Advertising Agencies
-
External Auditors
-
Public Authorities/Government Bodies
-
Service Providers
Sale: Not Sold
Category of PI
5.Internet Usage Information (as defined in CCPA §1798.140(o)(1)(F))
Categories of Recipients
Business Purpose Disclosure:
-
Managing Interactions and Transactions
-
Performing Services
-
Quality Assurance
-
Research and Development
-
Security
Recipients:
-
Analytics Providers
-
External Marketing and Advertising Agencies
-
Public Authorities/Government Bodies
-
Service Providers
Sale: Not Sold
Category of PI
6.Sensory Data (as defined in CCPA §1798.140(o)(1)(H))
Categories of Recipients
Business Purpose Disclosure:
-
Managing Interactions and Transactions
-
Processing Interactions and Transactions
-
Quality Assurance
-
Research and Development
-
Security
Recipients:
-
Service Providers
Sale: Not Sold
Category of PI
7.Professional or Employment Information (as defined in CCPA §1798.140(o)(1)(I))
Categories of Recipients
Business Purpose Disclosure:
-
Security
Recipients:
-
Analytics Providers
-
Public Authorities/Government Bodies
Sale: Not Sold
Category of PI
8.Inferences from PI Collected (as defined in CCPA §1798.140(o)(1)(K))
Categories of Recipients
Business Purpose Disclosure:
-
Managing Interactions and Transactions
-
Performing Services
-
Quality Assurance
-
Research and Development
-
Security
Recipients:
-
Analytics Providers
-
External Marketing and Advertising Agencies
-
External Auditors
-
Service Providers
Sale: Not Sold
We do not believe that in 2019 we “sold” PI. For more information on your do not sell rights, see the Do Not Sell subsection of the California Privacy Rights section of this Privacy Notice at Section 3.B below.
3.CALIFORNIA PRIVACY RIGHTS
The CCPA is a new law and there remain differing interpretations of it and the regulations that implement it. Accordingly, we may from time-to-time update information in our notices regarding our data practices and your rights, modify our methods for you to make and for us to respond to your requests, and/or supplement our response(s) to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.
We provide California Consumers the privacy rights described in this section. You have the right to exercise these rights via an authorized agent who meets the agency requirements of the CCPA and related regulations. As permitted by the CCPA, any request you submit to us is subject to an identity verification and residency verification process (“Verifiable Consumer Request”). We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. Please follow the instructions at our Consumer Rights Request page here and respond to any follow up inquires we may make.
Some PI we maintain about Consumers is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI when a Consumer request that requires verification pursuant to the CCPA’s verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA we do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. You are not required to create a password-protected account with us to make a Verifiable Consumer Request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose and otherwise use and to respond to your California Consumer privacy rights requests. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest that you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest or not. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
Consistent with the CCPA and our interest in the security of your PI, we will not deliver to you your social security number, driver’s license number or other government-issued id number, financial account number, any health or medical identification number, an account password, security questions or answers, or unique biometric data generated from measurements or technical analysis of human characteristics in response to a CCPA request.
Your California Consumer privacy rights are as follows:
-
The Right To Know
-
Categories
-
You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
-
The categories of PI we have collected about you.
-
The categories of sources from which we collected your PI.
· The business or commercial purposes for our collecting or selling your PI.
· The categories of third parties to whom we have shared your PI.
-
A list of the categories of PI disclosed for a business purpose in the prior 12 months and, for each, the categories of recipients, or that no disclosure occurred.
-
A list of the categories of PI sold about you in the prior 12 months and, for each, the categories of recipients, or that no sale occurred.
To make a request, follow the instructions at our Consumer Rights Request page here or call us at (888) 342-6567.
In order for us to look into your request, we first need to verify your identity, meaning that we need to make sure that you are the consumer we may have collected personal information about or a person who has been duly authorized to make the request on behalf of the consumer. You are not required to create a password-protected account with us to make a Verifiable Consumer Request, but you may use your password-protected account to do so. If you do not have a password-protected account, we are required to verify a consumer’s request to know categories of PI to a reasonable degree of certainty, which may include matching at least two data points provided by the consumer with data points maintained by us, which we have determined to be reliable for the purpose of verifying the consumer. If you fail to do so we will be unable to verify you sufficiently to honor your request. The information you send for us to verify your identity will be used for this purpose only.
For your specific pieces of information, as required by the CCPA, we will apply the heightened verification standards set forth in subsection (ii) below. Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
-
Specific Pieces
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date[1] and are maintaining. To make a request, follow the instructions at our Consumer Rights Request page here or call us at (888) 342-6567.
In order for us to look into your request, we first need to verify your identity, meaning that we need to make sure that you are the consumer we may have collected personal information about or a person who has been duly authorized to make the request on behalf of the consumer. You are not required to create a password-protected account with us to make a Verifiable Consumer Request, but you may use your password-protected account to do so. If you do not have a password-protected account, we are required to verify a consumer’s request to know specific pieces of PI to a reasonably high degree of certainty, which may include matching at least three data points provided by the consumer with data points maintained by us, which we have determined to be reliable for the purpose of verifying the consumer together with a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request. If you fail to provide the data points we will be unable to verify you sufficiently to honor your request. The information you send for us to verify your identity will be used for this purpose only.
Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
-
Do Not Sell
There may be cookies and other tracking technologies associated with our online services that may provide data, which may be treated as PI under the CCPA, to other parties that may use it for their own purposes, which in turn may provide that data to other parties for their own purposes. While there is not yet a consensus, we do not believe that data practices of third-party cookies and tracking devices associated with our online services constitute a sale of PI by us and therefore we do not currently treat these activities as a “sale. Currently, a do not sell request to us will not affect these third-party activities. However, you can exercise control over browser-based cookies by adjusting the settings on your browser, and mobile devices may offer ad and data limitation choices. In addition, third party tools may enable you to search for and opt-out of some of these trackers, such as the Ghostery browser plug-in available at https://www.ghostery.com/. For more information on cookies and your choices regarding them, including how to opt-out of certain interest-based advertising, see our Online Privacy Policy. . You can also learn more about how to exercise certain choices regarding cookies and interest-based advertising at http://www.aboutads.info/choices/, http://www.aboutads.info/appchoices, and http://www.networkadvertising.org/choices/.
For easy access, here are links on how to manage cookies from some of the more popular browsers:
· Firefox
· Edge
· Safari
We do not represent that these third-party tools, programs or statements are complete or accurate. Clearing cookies or changing settings may affect your choices and you may have to opt-out separately via each browser and other device you use. Cookie-enabled opt-outs signals may no longer be effective if you delete, block or clear cookies. We are not responsible for the completeness, accuracy or effectiveness of any third-party notices or choices.
For more information on how to exercise your do not sell rights, click here.
Some browsers have signals that may be characterized as “Do Not Track” signals, but we do not understand them to operate in that manner or to indicate a “Do Not Sell” expression by you so we currently do not recognize these as a do not sell request. Further, there is not currently a consensus as to how various user-enabled privacy or “Do Not Track” signals or settings should be treated or what they mean, so we will not look for or respond to any that are not expressly listed here as programs in which we participate or otherwise accept, which may change as programs evolve. We understand that various parties are developing “Do Not Sell” signals and we may recognize certain such signals if we conclude such a program is appropriate.
We do not knowingly sell the PI of Consumers twenty-one (21) years or older.
We may disclose your PI for the following purposes, which are not a sale: (i) if you direct us to share PI; (ii) to comply with your requests under the CCPA; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.
-
Delete
Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and services you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your PI that we did not collect directly from you.
To make a request, visit here or call us at (888) 342-6567.
In order for us to look into your request, we first need to verify your identity, meaning that we need to make sure that you are the consumer we may have collected personal information about or a person who has been duly authorized to make the request on behalf of the consumer. You are not required to create a password-protected account with us to make a Verifiable Consumer Request, but you may use your password-protected account to do so. If you do not have a password-protected account, we are required to verify a consumer’s request to delete to a reasonable degree of certainty, which may include matching at least two data points provided by the consumer with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by the consumer with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the consumer posted by unauthorized deletion. If you fail to provide the data points we will be unable to verify you sufficiently to honor your request. The information you send for us to verify your identity will be used for this purpose only.
-
Non-Discrimination and Financial Incentive Programs
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale, retention and use of your PI as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.
-
Authorized Agents
Authorized agents of Consumers may make a request by visiting here or calling (888) 342-6567. As permitted by the CCPA, any request you submit to us is subject to an identification and verification process, and confirmation of the agent’s authority, which may include attestation under penalty of perjury. Absent a power of attorney, we will also require the Consumer to verify their own identity. We may verify identity based on matching information you provided with data we have maintained on you in our systems. This data could include, but is not limited to, email address, mailing address, or phone number.
-
Limitation of Rights
Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.
4.ADDITIONAL CALIFORNIA NOTICES
In addition to CCPA rights, certain Californians are entitled to certain other notices, including:
-
Third Party Marketing and Your California Privacy Rights
Separate from your CCPA “Do Not Sell” rights you have the following additional rights regarding disclosure of your information to third parties for their own direct marketing purposes:
We provide California residents with the option to opt-out to sharing of “personal information” as defined by California’s “Shine the Light” law with third parties, other than with our affiliates, for such third parties’ own direct marketing purposes. California residents may exercise that opt-out, and/or request information about our compliance with the Shine the Light law, and obtain a disclosure of third parties we have shared information with in accordance with the law for their direct marketing purposes absent your choice (i.e., Company) and the categories of information shared, by emailing us here or by sending a letter to us at 714 Green Valley
Road, Greensboro, NC 27408-7018 (Attn: Legal Department). Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through the provided e–mail address or mail address.
As these rights and your CCPA rights are not the same and exist under different laws, you must exercise your rights under each law separately.
-
Online Privacy Practices
For more information on our online practices and your California rights specific to our online services see our online Privacy Policy . Without limitation, Californians that visit our online services and seek or acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights:
-
Tracking and Targeting:
-
When you visit our online services, we and third parties may use tracking technologies to collect usage information based on your device for a variety of purposes, including serving you advertising, based on your having visited our services or your activities across time and third-party locations. Some browsers may enable you to turn on or off a so-called “Do Not Track” signal. Because there is no industry consensus on what these signals should mean and how they should operate, we do not look for or respond to “Do Not Track” signals. For more information on tracking and targeting and your choices regarding these practices, see our online Privacy Policy
-
-
California Minors:
-
Although our online service(s) are intended for an audience twenty-one (21) and over, any California residents under the age of eighteen (18) who have registered to use our online services, and who posted content or information on the service, can request removal by contacting us here,detailing where the content or information is posted and attesting that you posted it. We will then make reasonably good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.
-
-
eCommerce
Residents of California are also entitled to the following specific Consumer rights information: you may contact the Complaint Assistance Unit of the Division of Consumer Services of the Department of Consumer Affairs by mail at: 1625 North Market Blvd., Suite N 112, Sacramento, California, 95834, or by telephone at (916) 445-1254. Hearing-impaired users can reach the Complaint Assistance Unit at TDD (800) 326-2297 or TDD (916) 322-1700. Their website is located at: http://www.dca.ca.gov.
5.CONTACT US
For more information on your California privacy rights contact us by email here. You may also use our California Consumer Rights Portal found here, or call us at (888) 342-6567. Or, write to us at: 714 Green Valley Road, Greensboro, NC 27408-7018 (Attn: Legal Department).
[1] Cal. Civ. Code § 1798.100(d) does not have a look back period regarding the data portability right, but § 1798.130(a)(2) applies the 12-month look back to “disclosures” in response to a request, one of which is disclosure of the “specific pieces” of PI collected. Thus, data portability is likely included as a disclosure, subject to the 12-month look back limitation. Note, AB 25 clarifies that businesses do not have the obligation to collect or retain PI it would not normally collect or retain in the ordinary course of business just to comply with consumer rights requests. As indicated in note 61, this bill was passed by the California legislature and signed into law by the Governor.
