LAST UPDATED: January 23, 2021
Please note that this Policy does not apply to your use of third-party sites, services, or applications you may access through the Services. We encourage you to review the privacy policies of those third parties for more information regarding their privacy practices.
INFORMATION WE MAY COLLECT
· Information You Provide to Us
We collect information you provide directly to us when using the Services. For example, we collect information when you sign up for an account, complete a form, place an order, participate in any interactive features of the Services, request customer support, or otherwise communicate with us. The types of information we may collect include your name, email address, mailing and billing address and payment information, and any other information you choose to provide. For purposes of registering and using the Services, we collect certain information that can identify you, such as your name and contact information (email, address and phone number) (“Personal Information”) We will never sell, rent, or trade Personal Information and will only use it, as needed, to provide the Services and/or fulfill the orders requested by you. OFLC discloses Personal Information only to those of its employees, contractors and affiliated organizations that (i) need to know the information in order to process it on yours and our behalf, and (ii) that have agreed in writing to non-disclosure restrictions at least as strong as those herein. We also may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). We may associate your device identifiers or phone number with your account. Depending on the nature of your inquiry or activities on the Services, we may also ask for other information relevant to your use of the Services.
· Information We Collect Automatically When You Use the Services
When you access or use the Services, we automatically collect information about you, which may include the following:
- Log Information: We log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to the Services. Publicly available tools can sometimes provide the approximate location for IP addresses.
- Device Information: We collect information about the computer or mobile device you use to access the Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
- Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored in device memory that help us to improve the Services and your experience, see which areas and features of the Services are popular, and count visits. We may also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in the Services or emails and help deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.
We also may collect other types of information in the following ways when you use the Services:
- Details of how you used and interacted with the Services, such as your search queries and how you responded to certain questions.
- Device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- Our server logs automatically collect information, such as your IP address, your browser type and language, and the date and time of your visit, which helps us track your movements around the Services and understand trends.
· Information We Collect From Other Sources
We may also obtain information from other sources and combine that with information we collect through the Services. For example, we may collect information about you from third parties who provide services on our behalf, such as maintaining and monitoring usage of the Services and processing payment transactions. We also may receive information about you from the third parties with whom you interact through the Services.
· Text Marketing and Notifications:
By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed 30 a month. You acknowledge that consent is not a condition for any purchase.
If you wish to unsubscribe from receiving text marketing messages and notifications reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply.
For any questions please text HELP to the number you received the messages from. You can also contact us for more information. If you wish to opt out please follow the procedures above.
USE OF INFORMATION
We may use information about you for various purposes, including the following:
- Provide and deliver the products and services you request, process transactions, and send you related information;
- Verify your identity and, if applicable, authorization for you to use the Services;
- Process payment for Services;
- Facilitate use of the Services;
- Manage your account and your preferences;
- To prevent or address service, security, technical issues at your request in connection with customer support matters
- Respond to your comments, questions, and requests;
- Send you technical notices and other administrative messages;
- Communicate with you about products, services, offers, promotions, rewards, and events offered by us or others, and provide news and information we think will be of interest to you;
- Monitor and analyze trends, usage, and activities in connection with the Services;
- Conduct research, analysis, and surveys;
- Personalize and improve the Services and provide content or features that match user profiles or interests;
- Enforce our Terms;
- Link or combine with information we get from others in connection with the Services; and
- Carry out any other purpose for which the information was collected.
This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable user of the Services.
SHARING OF INFORMATION
- With third party affiliates, contractors, and other service providers in connection with providing the Services;
- In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process, or as otherwise required by any applicable law, rule, or regulation;
- If we believe your actions are inconsistent with the spirit or language of our Terms of Service or policies, or to protect the rights, property, and safety of you, us, or others;
- In connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company;
- With your consent or at your direction, including if we notify you through the Services that certain information you provide will be shared in a particular manner and you provide this information.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
We work hard to protect your information and take appropriate commercially reasonable physical, electronic, and other security measures to help safeguard personal information from loss, unauthorized access, alteration, or disclosure. Our security practices include: encrypting many of our services using SSL; verification for account access; and frequent review of information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. However, and unfortunately, no internet or e-mail transmission is ever fully secure or error free. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Therefore, you should take special care in deciding what information you provide to us.
OFLC does not seek to collect sensitive Personal Information (also known as special categories of data as defined in Article 9 of the GDPR). If we do so we will always collect the data in accordance with applicable data privacy requirements. If you choose to provide us with unsolicited sensitive Personal Information, you will be asked to consent to our processing of such data on a case-by-case basis by using a specific express consent form.
CALIFORNIA PRIVACY RIGHTS AND NOTICES
California Consumer Privacy Act of 2018, Cal. Civil Code § 1798.100 et seq., (“CCPA”)
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties.
OFLC shall comply with the California Consumer Privacy Act of 2018, Cal. Civil Code § 1798.100 et seq., (“CCPA”), which may be amended from time to time. Per the terms of the CCPA, OFLC is a Service Provider and not a Third Party as described in the CCPA. Therefore, OFLC shall not:
- Sell the Personal Information.
- Retain, use, or disclose the Personal Information for any purpose other than providing the Services or for a Business Purpose. Specifically, OFLC shall not retain, use, or disclose the Personal Information for a Commercial Purpose.
- Retain, use, or disclose the Personal Information outside of the direct business relationship between OFLC and its Users.
Notwithstanding anything in the Terms of Service or any related order form or other document, the parties acknowledge and agree that a User’s provision of Personal Information is not part of and explicitly excluded from the exchange of consideration, or any other thing of value, between the parties.
You have the right to request that we delete any Personal Information that we have collected from you. However, we are not required to comply with a request to delete, if it is necessary for us to retain the personal information in order to:
- Complete the transaction for which we collected the personal information, provide a product that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with legal obligations.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
If you are a California resident and would like to request information or exercise your rights under the CCPA, please submit your request in an email to firstname.lastname@example.org.
California Do Not Track (“DNT”) Notice
Under California law, website and online service operators are required to disclose how they respond to web browser DNT signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about a consumer’s online activities over time and across third-party websites, to the extent the operator engages in that collection. At this time, we do not track our customers’ personal information over time and across third-party websites and therefore this requirement does not apply to us.
California law also requires website and online service operators to disclose whether third parties may collect personal information about their users’ online activities over time and across different sites when the users use the operator’s website or service. Third parties that have content or services on our site such as a social feature, analytics service, or an advertising network partner, may obtain information about your browsing or usage habits but this information does not include personal information. We do not knowingly permit such third parties to collect any personal information from our Services unless you directly provide it to us and we provide it to them with your consent.
CHILDREN UNDER THE AGE OF 18
The Services are intended for users who are eighteen (18) years of age and older. If you are under the age of 18, you are not permitted to submit any Personal Information to us. If you believe we might have any information from or about a child under 18, please contact us at email@example.com.
We will retain your Personal Information for the period of time that is necessary to fulfil the original purposes for which it has been collected. Please keep in mind that, in certain cases, a longer retention period may be required or permitted by law or to allow us to pursue our business interests, conduct audits, comply with our legal obligations, enforce our agreements or resolve any dispute.
The criteria used to determine our retention periods include:
- Time needed to provide you with our Services or to operate our business.
- Whether your account with us is active. You may contact us to make your account inactive at any time.
- Legal, contractual, or similar obligations to retain your data, such as mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of contract or litigation.
Please note that we are not responsible for storing any information that you provide to us or for any content or information that we provide to you. You are solely responsible for retaining backup files of any information and content that you provide or receive in connection with the website or Services.
TRANSFER OF PERSONAL INFORMATION; INTERNATIONAL VISITORS
The data that we collect from you may be transferred to, and stored at, a destination outside of the country in which it was originally collected. This may include transfers outside of the European Union and into the United States. It will most likely be processed by staff in the United States who work for us or for one of our third-party providers. Such staff maybe engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
For all non-US customers
By using our Services or providing your Personal Information to us, you expressly consent to the processing of your Personal Information by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Sometimes we’ll need to transfer your Personal Information between countries to enable us to supply the Services you’ve requested. In the ordinary course of business, we may transfer your Personal Information from your country of residence to ourselves and to third parties located in and outside the United States.
By ordering a product from us, you are giving your consent to this overseas use, transfer and disclosure of your Personal Information outside your country of residence for our ordinary business purposes.
This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your Personal Information on servers in the United States or in other countries.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your Personal Information in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your Personal Information.
YOUR RIGHTS / OPTIONS
Access and Control of Your Personal Information
You may request updates, corrections or deletions of Personal Information at any time by contacting us at firstname.lastname@example.org. Whenever you have given us consent to use your Personal Information, you have the right to change your mind at any time and withdraw that consent.
- Access to personal information: you have the right to request what Personal Information we hold about you subject to our right to identity verification. If you request a copy of your data, we may charge you a fee, except where this is not permissible under applicable law.
- Correction and deletion: in some jurisdictions, including the EU (according to data protection laws for data subjects in the EU), you have the right to correct or amend your Personal Information if it is inaccurate or needs to be updated. You may also have the right to request the deletion of your personal information, however this may not be always possible due to legal requirements and other obligations to keep such data. If we are asked to delete your data, we may keep some minimal information about you to be able to demonstrate that we have fulfilled our obligations.
- Filing a complaint: In some jurisdictions, including according to data protection laws in the EU for complaints issued from subjects in the EU, you have the right to lodge a formal complaint with a data protection authority.
- Marketing preferences: We may send you marketing communications about our services, via different channels such as email, phone, SMS, postal mailings and third-party social networks, in accordance with relevant marketing laws. When required by applicable law, we will obtain your consent before starting these activities.
You may opt out of receiving marketing communications from us by following the instructions in those communications or by emailing us at email@example.com. In such cases, we will retain minimum Personal Information to note that you opted out in order to avoid contacting you again. Please note that even if you opt out from receiving marketing communications, we may still send you administrative communications, such as technical updates for our Services, order confirmations, notifications about your account activities, and other important notices.
OFLC reserves the right to change, modify, add, or remove portions of this Policy at any time and without prior notice, and any changes will become effective immediately upon being posted unless we advise you otherwise. However, we will not use your Personal Information in a way that is materially different than the uses described in this Policy without giving you an opportunity to opt out of such differing uses. Your continued use of the Services after this Policy has been amended shall be deemed to be your continued acceptance of the terms and conditions of the Policy, as amended. We encourage you to review this Policy regularly.
HOW TO CONTACT US
If you have any questions about this Policy, or our information practices, please contact us by email at firstname.lastname@example.org.