PRIVACY POLICY

 

Gringo Bandito Store Privacy Policy

Effective Date:  August 23, 2021

Introduction

The website, www.gringobanditostore.com (the “Website”), is operated by Ceremony of Roses.  Ceremony of Roses is referred to in this policy as “us” or “we.”  This Privacy Policy explains how we collect, use, share, and process personal data through the Website’s properties, communications, processes, and operations (the “Services”).

Scope of this Policy

This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to third-party websites, mobile applications, or services that may link to the Services or be linked to from the Services.  Please review the privacy policies on those websites and applications directly to understand their privacy practices.

Information We Collect

We collect information from you directly, from the devices you use to interact with us, and from third parties.  We may combine information from the Services together and with other information we obtain from our business records.

Information you give us

You may provide the following information to us directly:

  • Contact information: including name, email address, telephone number, and shipping address.
  • Payment Card Information: including credit card information and billing address.
  • Content of communications: information contained in your communications to us, including emails.
  • Other information: any other information you submit to us.

Information we collect automatically

We and partners working on our behalf may collect the following information from the device you use to interact with our Services using log files, cookies, or other digital tracking technologies.  We also create records when you make purchases or otherwise interact with the Services.

  • Device information: including IP address, device identifiers, and details about your web browser.
  • Analytical information: including details about your interaction with our website, app, and electronic newsletters.
  • Diagnostic information: including web traffic logs.
  • Business record information: including records of your purchases of event-related products and services.

How We Use Your Information

We may use any of the information we collect for the following purposes.

  • Service functionality: To provide you with our products and services, including to take steps to enter a contract for sale or for services, process payments, fulfill orders, send service communications, and conduct general business operations such as accounting, recordkeeping, and audits.
  • Service improvement: To improve and grow our Services, including to develop new products and services and understand how our Services are being used, our customer base and purchasing trends, and the effectiveness of our marketing.
  • Security: To protect and secure our Services, assets, network, and business operations, and to detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal.
  • Legal compliance: To comply with legal process, such as warrants, subpoenas, court orders, and lawful regulatory or law enforcement requests and to comply with applicable legal requirements.

How We Share Your Information

We may share any of the information we collect with the following recipients.

  • Licensor: We share information with the company authorizing us to run this Website.
  • Affiliates: We share information with other members of our group of companies.
  • Service providers: We engage vendors to perform specific business functions on our behalf, and they may receive information about you from us or collect it directly. These vendors are obligated by contract to use information that we share only for the purpose of providing these business function, which include:
    • Supporting Service functionality, such as vendors that support event registration, customer service and customer relationship management, subscription fulfillment, freight services, application development, list cleansing, postal mailings, and communications (email, fax).
    • Auditing and accounting firms, such as firms that assist us in the creation of our financial records.
    • Professional services consultants, such as firms that perform analytics, assist with improving our business, provide legal services, or supply project-based resources and assistance.
    • Analytics and marketing services, including entities that analyze traffic on our online properties and assist with identifying and communicating with potential customers.
    • Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.
    • Information technology vendors, such as entities that assist with website design, hosting and maintenance; data and software storage; and network operation.
  • Government entities: We may share information when we believe in good faith that we are lawfully authorized or required to do so to respond to lawful subpoenas, warrants, court orders, or other regulatory or law enforcement requests, or where necessary to protect our property or rights or the safety of our employees, our customers, or other individuals.
  • Other businesses in the context of a commercial transaction: We may change our ownership or corporate organization while providing the Services. We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction.  We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this policy.

Security

We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services.  While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.

Your Options and Rights Regarding Your Information

Your Account: Please visit your account page to update your account information.

Email Unsubscribe:  We may send you administrative emails in connection with our Services; for example, when you place an order, you will receive an order confirmation email and an email notifying you that your order has shipped. We may also send advertising emails with information about products which may be of interest to you.    If you do not wish to receive these communications, please use the unsubscribe link provided within the email.

Ad Choices: You have options to limit the information that we and our partners collect for online advertising purposes.

If you exercise these options, please be aware that you may still see advertising, but it will not be personalized. Nor will exercising these options prevent other companies from displaying personalized ads to you.

If you delete your cookies, you may also delete your opt-out preferences.

Do Not Track: Your browser or device may include “Do Not Track” functionality.  The information collection and disclosure practices and the choices that we provide to you will continue to operate as described in this privacy policy, whether a Do Not Track signal is received.

Jurisdiction-specific rights: You may have certain rights with respect to your personal information depending on your location or residency.  Please see “privacy disclosures for specific jurisdictions” below.  Please contact us to exercise your rights.

Other Important Information

Data retention

We may store information about you for as long as we have a legitimate business need for it.

Cross-border data transfer

We may collect, process, and store your information in the United States and other countries.  The laws in the United States regarding information may be different from the laws of your country.  Any such transfers will comply with safeguards as required by relevant law.

Information about children

The Services are intended for users age thirteen and older.  We do not knowingly collect information from children. If we discover that we have inadvertently collected information from anyone younger than the age of 13, we will delete that information.  Please contact us with any concerns.

Privacy Disclosures for Specific Jurisdictions

European Economic Area, United Kingdom, and Switzerland

We process “personal data,” as that term is defined in the European Union’s General Data Protection Regulation (“GDPR”).

Legal bases of processing: We may process any of the personal data we collect for the purposes described in “how we use information” (1) with your consent, which you may withdraw at any time; (2) as necessary to perform our agreement with you to provide Services; and (3) as necessary for our legitimate interests, so long as those interests do not override your fundamental rights and freedoms related to data privacy.

Your rights under the GDPR: Users that reside in the European Economic Area (“EEA”), U.K., or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned.  Contact details for data protection authorities are available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident of the EEA, U.K., or Switzerland, you have the following rights.

  • Access and Portability: Obtain access to personal data we hold about you or request transmission of your data to a third party.
  • Correction: Request that we rectify inaccurate or incomplete personal data we store about you.
  • Erasure: Request that we erase personal data when such data is no longer necessary for the purpose for which it was collected, when you withdraw consent and no other legal basis for processing exists, or when you believe that your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
  • Restriction of processing: Request that we restrict our processing of personal data if there is a dispute about the accuracy of the data, if the processing is unlawful, if the processing is no longer necessary for the purposes for which it was collected but is needed by you for the establishment, exercise or defense of legal claims, or if your request to object to processing is pending evaluation.
  • Objection to processing: Object to processing of your personal data based on our legitimate interests or for direct marketing (including profiling). We will no longer process the data unless there are compelling legitimate grounds for our processing that override your interests, rights, and freedoms, or for the purpose of asserting, exercising, or defending legal claims.

Please contact us to exercise these rights.

California

Your California Privacy Rights; “Shine the Light” Law

California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their own direct marketing purposes in the preceding calendar year. Please contact us to obtain this information.  We do not share your personal information with third parties for those third parties’ direct marketing purposes.

California Consumer Privacy Act

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of information about them, as well as rights to know/access, delete, and limit sharing of personal information. You have the right to be free from discrimination based on your exercise of your CCPA rights. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.

Notice at Collection Regarding the Categories of Personal Information Collected

You have the right to receive notice of the categories of personal information we collect and the purposes for which we use personal information.  The following table summarizes the categories of personal information we collect, the categories of sources of that information, and whether we disclose or sell that information to service providers or third parties, respectively.  The categories we use to describe personal information are those enumerated in the CCPA.  We collect this personal information for the purposes described in “how we use information.”

Category

Information Type

Source

We disclose to:

We sell to:

Identifiers

 

·Contact information or personal characteristics (name; email address; postal address; telephone number)

You; our social media pages; third party subscription service providers

Service Providers

Not sold

 

Financial Information

· Payment card data

You

Service Providers

Not sold

Commercial Information

 

·Transaction information

·Billing and payment records

·Order history

You

Service Providers

Not sold

Internet or Electronic Network Activity Information

·IP address

·Device identifier (e.g., MAC)

·Advertising identifier (e.g., IDFA, AAID)

·Information provided in URL string (e.g., search keywords)

·Cookie or tracking pixel information

·Information about your interaction with our website, app, email correspondence, or products

·Browsing history

·Search history

·Diagnostic information (e.g., crash logs, performance data)

You; our analytics and advertising partners

Service Providers

Advertising Partners

Geolocation Information

·Coarse (information that describes location at ZIP code-level or less precision)

Our analytics and advertising partners

Service Providers

Advertising Partners

Content of Communications

·Contents of phone calls, emails, or text messages

·Photos

You

Service Providers

Not sold

 

Entities to whom we disclose information for business purposes are service providers, which are companies that we engage to conduct activities on our behalf.  We restrict service providers from using personal information for any purpose that is not related to our engagement.

Entities to whom we “sell” information are third parties. Under the CCPA, a business “sells” personal information when it discloses personal information to a company for monetary or other benefit.  A company may be considered a third party either because the purpose for its sharing of personal information is not for an enumerated business purpose under California law, or because its contract does not restrict it from using personal information for other purposes.

Your rights under the CCPA

  • Opt out of sale of personal information: You have the right to opt out of our sale of your personal information to third parties. To exercise this right, please contact us.  Please be aware that your right to opt out does not apply to our sharing of personal information with service providers.
  • Know and request access to and deletion of personal information: You have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers with whom we share it. You also have the right to request in certain circumstances that we delete personal information that we have collected directly from you.  Please contact us to exercise these rights.

Nevada

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others.  Currently, we do not engage in such sales. If you are a Nevada resident and would like more information about our data sharing practices, please contact us.

Contact information, submitting requests, and our response procedures

Contact

Please contact us if you have questions or wish to take any action with respect to information to which this privacy policy applies.

Email: roxy.angha@ceremonyofroses.com

Mail:  Ceremony of Roses, 3603 Hayden Ave. Culver City, CA 90232; Attn: Privacy

Making a request to exercise your rights

Submitting requests: You may submit a request to exercise your rights by making a request using the contact information above.

If you are a California resident, you may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf.

We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Verification: We must verify your identity before responding to your request.  We verify your identity by asking you to provide personal identifiers that we can match against information we may have collected from you previously.  We may need to follow up with you to request more information to verify identity.

We will not use personal information we collect in connection with verifying or responding to your request for any purpose other than responding to your request.