California Supplemental Privacy Notice Effective Date: January 1, 2020
SUMMARY OF PERSONAL INFORMATION THAT WE COLLECT ABOUT YOU
For individuals who are California residents, we have adopted this California Privacy Policy (the “CA Privacy Policy”) to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws, which require certain disclosures about the categories of personal information we collect, how we use them, the categories of sources from whom we collect personal information, and the third parties with whom we share it. This CA Privacy Policy is supplementary to the general privacy policy (“Privacy Policy”) for Paul Hobbs Imports, Inc., as well as its subsidiaries and affiliates (collectively, the “Company”). All undefined capitalized terms used herein shall have the same meaning as set forth in the Privacy Policy. By using the Sites, you consent to the collection and use of your “personal information” (as that term is defined below) as described in this CA Privacy Policy.
Depending on how you interact with the Company, we may collect the following categories of information as summarized in the table below. This CA Privacy Policy does not apply to personal information we collect from employees or job applicants in their capacity as employees or job applicants. It also does not apply to personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services. Personal information does not include:
Publicly available information from government records.
De-identified or aggregated consumer information.
Information excluded from the CCPA’s scope, such as:
health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data;
personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FRCA”), the Gramm-Leach-Bliley Act (“GLBA”) or California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994.
SOURCES OF PERSONAL INFORMATION COLLECTED
All of the categories of personal information we collect about you (as detailed below) come from the following types of sources:
From you or your representatives, including through your use of our services.
Automatically collected from you or your representatives.
Automatically through your or your representatives activity on our Sites.
From our affiliates and subsidiaries.
From third parties that interact with us in connection with the services we provide.
CATEGORIES OF PERSONAL INFORMATION COLLECTED IN THE LAST TWELVE MONTHS
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device (“personal information”). In particular, we have collected the following categories of personal information from consumers during the twelve (12) months prior to the Effective Date of this CA Privacy Policy:
A. Identifiers.
Examples: A name, signature alias, physical characteristics or description, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number or state identification card number, passport number, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, and other similar identifiers, including identifiers you volunteer.
Collected: YES
B. Protected classification characteristics under California or federal law.
Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Collected: YES
C. Commercial information.
Examples: Credit card number and payment information; records of products purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; loyalty account information.
Collected: YES
D. Biometric information.
Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
Collected: NO
E. Internet or other similar network activity.
Examples: Information on a consumer’s interaction with Company’s website, application, or advertisement.
Collected: YES
F. Geolocation data.
Examples: Physical location or movements.
Collected: YES
G. Sensory data.
Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
Collected: NO
H. Professional or employment-related information.
Examples: Current employment.
Collected: YES
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
Collected: NO
J. Inferences drawn from other personal information.
Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Collected: YES
BUSINESS/COMMERCIAL PURPOSES FOR OUR USE OF PERSONAL INFORMATION
All of the categories of personal information we collect about you (as detailed above) are used for the following purposes:
Providing our services or products to you (for example, account servicing and maintenance, customer experience, customer service, product shipping, advertising and marketing, analytics, and communication about our services).
Providing email alerts, event registrations, and other notices concerning your account, your use of the Services, our products or services, or other events or information that may be of interest to you.
For our operational purposes, and the operational purposes of our service providers and integration partners, including determining your location for shipping availability. • To administer our loyalty program.
Respond to or follow-up on your comments, inquiries or other requests.
Implement social networking features you have activated (e.g., Facebook “Like” button)
Track responses to our emails and advertisements and to measure the success of our marketing campaigns
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
Improving our existing services and developing new services (e.g., by conducting research to develop new products or features).
Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity, including determining whether you are of legal drinking age.
Bug detection, error reporting, and activities to maintain the quality or safety of our services.
Auditing consumer interactions on our site (for example, measuring page views).
Short-term, transient use, such as customizing content that we or our service providers display on the services.
Other uses that advance our commercial or economic interests, such as communicating with you about relevant offers.
Such other uses that we notify you about when collecting your personal information or otherwise.
CATEGORIES OF THIRD PARTIES WITH WHOM WE HAVE SHARED PERSONAL INFORMATION IN THE LAST TWELVE MONTHS
We may disclose your personal information to a third party for a “business purpose” (as that term is defined in the CCPA). In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
A. Identifiers.
Specific information collected: Name, signature alias, family names, postal address, email address, account name, telephone number, bank account number, credit card number, debit card number, or any other financial information, and other similar identifiers.
Categories of Third Parties with whom we share personal information:
Third parties (such as our service providers and integration partners)
Our affiliate companies
Aggregators (such as analytics services)
B. Protected classification characteristics under California or federal law.
Specific information collected: Age
Categories of Third Parties with whom we share personal information:
Third parties (such as our service providers and integration partners)
Our affiliate companies
C. Commercial information.
Specific information collected: Records of personal property, products or services purchased, obtained, or considered, time frame when purchased, or other purchasing or consuming histories or tendencies.
Categories of Third Parties with whom we share personal information:
Third parties (such as our service providers and integration partners)
Our affiliate companies
D. Biometric information.
Specific information collected: N/A
Categories of Third Parties with whom we share personal information: N/A
E. Internet or other similar network activity.
Specific information collected: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
Categories of Third Parties with whom we share personal information:
Third parties (such as our service providers and integration partners)
Our affiliate companies
Aggregators (such as analytics services)
F. Geolocation data.
Specific information collected: Physical location.
Categories of Third Parties with whom we share personal information:
Third parties (such as our service providers and integration partners)
Our affiliate companies
Aggregators (such as analytics services)
G. Sensory data.
Specific information collected: N/A
Categories of Third Parties with whom we share personal information: N/A
H. Professional or employment-related information.
Specific information collected: Current place of employment
Categories of Third Parties with whom we share personal information:
Third parties (such as our service providers and integration partners)
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Specific information collected: N/A
Categories of Third Parties with whom we share personal information: N/A
J. Inferences drawn from other personal information.
Specific information collected: Profile reflecting a person’s preferences in the type of product purchased from us.
Categories of Third Parties with whom we share personal information:
Third parties (such as our service providers and integration partners)
Our affiliate companies
YOUR RIGHTS AND CHOICES
Subject to certain restrictions, California residents have the right to request that we disclose what personal information we collect about you, to delete any personal information that we collected from or maintain about you, and to opt-out of the sale of personal information about you. As a California resident, you also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, including our means of verifying your identity. If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, please contact us either through our email at info@paulhobbs.com or call us at 833.670.0466.
Accessing and Deleting Your Personal Information
· Right to request access to your personal information
California residents have the right to request that we disclose what categories of personal information that we collect, use, disclose or sell about you. You may also request the specific pieces of personal information that we have collected about you. However, we may withhold some information where the risk to you, your personal information, or our business is too great to disclose the information.
· Right to request deletion of your personal information
You may also request that we delete any personal information that we have collected from/about you. However, we may retain personal information as authorized under applicable law, such as personal information required as necessary to provide our services, protect our business and systems from fraudulent activity, to debug and identify errors that impair existing functionality, as necessary for us, or others, to exercise their free speech or other rights, comply with law enforcement requests pursuant to lawful process, for scientific or historical research, for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. We need certain types of information so that we can provide our services. If you ask us to delete it, you may no longer be able to access or use our services.
· How to exercise your access and deletion rights
California residents may exercise their California privacy rights by submitting your request to us either through our email at info@paulhobbs.com or by calling us at 833.670.0466.
For security purposes, we may request additional information from you to verify your identity when you request to exercise your California privacy rights so we can reasonably verify you are the person about whom we collected such personal information (or that person’s authorized representative).
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and the extension period in writing. If you have an account with us, we will deliver our written response through your account. If you do not have an account with us, we will deliver our written response by mail or electronically as you so request. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. Please note that we may need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or permitted by applicable law.
Sales of Personal Information
California residents may opt out of the “sale” of their personal information. The Company does not “sell” your personal information as we understand that term to be defined by the CCPA and its implementing regulations. We may from time to time have contests in collaboration with sponsors in which personal information may be shared with a sponsor should the California resident not opt out of this option.
Non-Discrimination Rights
California residents have the right to not be discriminated against for exercising their rights as described in this section. We will not discriminate against you for exercising your CCPA rights.