Effective Date: September 8, 2020
Updated On: September 29, 2021
PERSONAL INFORMATION COLLECTION, USE, SOURCES AND SHARING
Draper James collects and stores information from visitors to this Site, including those who register their information or who use the online store. To serve you better, we may combine information you give us with other information which is publicly available.
Identifiers, which may include name, address, online identifier or username, Internet Protocol address, or email address. These are sourced directly from you or indirectly from you (e.g., from observing your actions on the Site). They are used to fulfill or meet the reason you provided the information, to contact you in relation to our Site, to respond to an inquiry, for product and service improvement, to screen for potential risk or fraud, to provide the products and services that you have ordered or requested, to process and ship orders, to send order and shipping confirmations, to provide customer service, or marketing. For example, when you create an account, you provide your first and last name, email address, and other identifying information. We disclose this information for business purposes to internet service providers, administrative service providers, and payment processors.
Personal information categories contained in customer records, which may include name, address, telephone number, bank account number, credit card number, debit card number, or any other payment and financial information. We source this information directly from you. We use this information to fulfill or meet the reason you provided the information, to contact you in relation to our Site, to respond to an inquiry, to screen for potential risk or fraud, to provide the products and services that you have ordered or requested, to process and ship orders, to send order and shipping confirmations, to provide customer service, or marketing. For example, we need your payment information when you purchase products from us. We disclose this information for business purposes to internet service providers, administrative service providers, and payment processors.
Characteristics of protected classifications, such as age or gender. We source this information directly from you. We use this information to fulfill or meet the reason you provided the information, marketing, or to provide relevant services. For example, we may use this information for targeted advertising. We do not disclose this information to third parties.
Commercial information, which may include records of services purchased, obtained, considered, or other purchasing or consuming histories or tendencies. We source this information directly from you. We use this information to fulfill or meet the reason you provided the information, to contact you in relation to our Site, to screen for potential risk or fraud, to respond to inquiries, to provide the products and services that you have ordered or requested, to process and ship orders, to send order and shipping confirmations, to provide customer service, or marketing. For example, we keep track of your purchases to create a purchase history. We disclose this information for business purposes to internet service providers, administrative service providers, and payment processors.
Professional or employment-related information, such as employment history or professional certifications. We source this information directly from you. We use this information to fulfill or meet the reason you provided the information or to process an employment application. For example, when you apply for a job with us, we ask for your relevant employment history. We disclose this information for business purposes to service providers, such as background check providers and human resource administrative service providers.
Education information, such as level of education completed or academic performance. We source this information directly from you. We use this information to fulfill or meet the reason you provided the information or to process an employment application. For example, when you apply for a job with us, we ask for your education information. We do not disclose this information to third parties.
Inferences drawn from other personal information, which may include a profile reflecting a person’s preferences, interests, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. We source this information directly or indirectly from you, (e.g., from observing your actions on our Site). We use this information to fulfill or meet the reason you provided the information or for marketing. We do not disclose this information to third parties.
INDIVIDUAL DATA RIGHTSLAWFUL BASES UPON WHICH WE PROCESS YOUR PERSONAL INFORMATION
We collect and use personal information when we have a lawful basis to do so, as follows:
- At your direction and with your consent.
- To fulfill contracts we might have with you.
- For other legitimate business purposes.
- To comply with a legal obligation.
INDIVIDUAL DATA RIGHTS
Right of access
- You may have the right to get confirmation about whether or not your personal information is being processed. If so, you have the right to access the personal information and other information, such as the purposes, the categories of personal information, the recipients (or categories of recipients) to whom the personal information have been or will be disclosed – our list of service providers who may receive your personal information can be found here, for particular recipients in third countries or international organizations, where possible, the predicted period that the personal information will be stored, or, if not possible, the criteria used to determine that period, your rights, etc.
- Where feasible and permitted by law, we will provide a copy of the personal information we are processing. For any further copies, we may charge a reasonable fee based on administrative costs. If you make the request by electronic means, and unless otherwise requested, the information shall be provided in electronic form.
Right to rectification
- You may have the right to rectify or complete your personal information if inaccurate or incomplete.
Right to erasure (‘right to be forgotten’)
- You may have the right to the erasure of your personal information in certain circumstances. For examples, see below:
- Your personal information is no longer necessary for the purposes for which it was processed
- You withdraw your consent on which the processing is based, and we have no other legal ground for the processing
- You object to the processing and there are no overriding legitimate grounds for the processing
- Your personal information has been unlawfully processed
- Your personal information has to be erased for compliance with a legal obligation to which we are subject
- This right shall not apply to the extent that processing is necessary for the below purposes.
- For exercising the right of freedom of expression and information
- For compliance with a legal obligation which requires processing by a law to which we are subject
- For the performance of a task carried out in the public interest
- For the establishment, exercise or defense of our legal claims
Right to restriction of processing
- You may have the right to restrict the processing for the below reasons:
- You contest the accuracy of your personal information, for a period enabling us to verify the accuracy of the personal information
- The processing is unlawful and you oppose the erasure of the personal information and request the restriction of their use
- We no longer need the personal information for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims
- You exercised your right to object to processing pending the verification whether our legitimate grounds override yours
Right to data portability
- You may have the right to receive the personal information that you have given us, in a structured, commonly used and machine-readable format. You have the right to send that personal information to another controller, if the processing is based on consent pursuant or on a contract and is carried out by automated means.
Right to object
- You may have the right to object, on grounds relating to your particular situation, to processing of your personal information which is based on our legitimate purposes. We will stop processing the personal information unless we have compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If personal information is processed for direct marketing purposes, including profiling, you may object at any time.
Automated individual decision-making, including profiling
- You may have the right not to be subject to a decision based solely on automated processing, including profiling, except under certain exceptions under local law.
Right to withdraw consent
- Where the processing of personal information is based on your consent, you may have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
Right to anonymity
- You may also have a right to request anonymity. This means that your personal information would not be collected or processed. If you choose to exercise this right, we may not be able to provide you with your requested goods or services.
Right to lodge a complaint with a supervisory authority
YOUR CALIFORNIA RIGHTS
If you are a California resident, you may be entitled to the below rights:
the right to know.You may request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such information is collected, the purpose for collecting such information, and the sale or disclosure for business purposes of your personal information to third parties, and the categories of third parties with whom this information was shared. You may also request a copy of the personal information we have collected, and upon request, we will provide this information to you in electronic form;
the right to opt out of the saleof your personal information to third parties. We do not sell your personal information at this time, we do not share your personal information with third parties for their direct marketing purposes, and we do not sell the personal information of children under 16 years old;
the right to request deletionof your personal information, subject to certain legal exceptions; and
the right to not be discriminated againstfor exercising any of the rights mentioned above. This includes not being discriminated against in connection with financial incentives, which we may offer from time to time. The terms of the financial incentive will be provided at the time you sign up for the financial incentive. You may withdraw from any of the financial incentives. We have calculated the value of the financial incentive by using the expense related to the offer, and the value of your data is the value of the offer presented to you.
You can exercise your rights by contacting us using the details set out in the Contact Us section below. Whenever feasible for verification, we will match the identifying information provided by you to the personal information already maintained by us. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information. You may designate an authorized agent to make a request on your behalf. Such authorized agent must have permission to submit requests on your behalf. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
HOW WE RESPOND TO DO NOT TRACK SIGNALS
The “Do Not Track” (“DNT”) privacy preference is an option that may be made in some web browsers allowing you to opt-out of tracking by websites and online services. At this time, global standard DNT technology is not yet finalized and not all browsers support DNT. We therefore do not recognize DNT signals and do not respond to them.
IS INFORMATION COLLECTED FROM CHILDREN?
This Site is not intended for or directed to anyone under the age of 16. We do not sell or ship any items ordered through this Site directly to anyone who we know to be under the age of 16, nor do we collect any personal information from anyone who we know to be under the age of 16. If you are under the age of 16, you should use this Site only with the involvement of a parent or guardian and should not submit any personal information to us. In the event that we learn that a person under the age of 16 has provided us with personal information, we will delete such personal information.
DOES DRAPER JAMES SHARE YOUR INFORMATION WITH OTHERS?
We may engage third party service providers to perform services in connection with the operation of our business. Examples of these services include payment processing and authorization, fraud protection and credit risk reduction, product customization, order fulfillment and shipping, marketing and promotional material distribution, Site evaluation, data analysis and, where applicable, data cleansing. We provide personal information to these third party service providers, but we authorize them to use this information only in connection with the services they perform.
You should also be aware that we may disclose specific information about you if required to do so by law, governmental request, process or court order or based on our good faith belief that it is necessary to conform or comply with such law, request or court order or to protect the users of our Site or the public.
The security of your information is very important to us and we will only collect personal information to the extent deemed reasonably necessary to serve you in view of our legitimate business purposes as set out above. We use Secure Socket Layer (SSL) encryption technology to protect the security of your online order information. Because your password permits access to your personal information, please keep your password secret and do not disclose it to others.
While we implement these and other security measures on our Site, please note that no data transmissions over the Internet can be guaranteed to be 100% secure. You play a role in protecting your information as well. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to us is done at your own risk. If we learn of a security systems breach we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Site or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Site. We may post a notice via our Site if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
CONSENT TO TRANSFER
ACCURACY AND RETENTION
When you place an order or otherwise provide personal information through the Site, we will maintain your personal information for our records only for as long as necessary to fulfill the purpose for which it is collected and in accordance with legal obligations.
If you are registered with Draper James on our Site and would like us to remove you from our list, please contact us at 1(800) 396-7703 or reach us via email at firstname.lastname@example.org.
Draper James, LLC
33 East 33rd Street, Suite 402
New York, NY 10016