Effective Date: October 29, 2020
Your privacy is our most important goal. ShelfFlip, Inc., and its subsidiaries and affiliates, (collectively, "ShelfFlip," "we," or "us;") is committed to protecting the privacy of individuals who visit our websites, and who use our social media analytics platform commercially known as "UserGems" (available online at www.usergems.com) and related applications and services (collectively, the "Services"), who register to attend our events, and from whom we collect personal information through other means. This Privacy Statement describes ShelfFlip’s privacy practices in relation to the use of our websites and Services, and personal information we collect through the other means described below.
We regularly review our compliance with our Privacy Statement and adhere to several self regulatory frameworks, including the EU-US and the Swiss-US Privacy Shield Frameworks. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly. To learn more about how we adhere to certain self-regulatory frameworks, please see Sections X and XI below.
When you visit our websites, or provide personal information to us through other means, you consent to the use of your information as described in this Privacy Statement.
This Privacy Statement covers handling of non-public, personally identifiable information received through our websites or in relation to the Services. Our websites may contain links to other websites. The information practices or the content of such other websites is governed by the privacy statements of such other websites. We encourage you to review the privacy statements of other websites to understand their information practices.
We receive the following types of information:
Registration Information. We may receive information about you when you register for the Services or one of our events such as your first and last name, e-mail and mailing addresses, professional title, company name, and, in the event you create an account on the Services, your password.
Billing information. When you purchase Services, we may require you to provide us with financial qualification and billing information, such as billing name and address, credit card number, and the number of your employees who you expect to use our Services.
Email, communications, and messaging information. If you email us or contact us via a messaging service (such as, for example, Twitter), we may keep your message, email address or user name, and contact information. If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page or you can contact us at firstname.lastname@example.org. You cannot opt out of receiving transactional emails related to your account or use of the Services.
Session Cookies. Session Cookies disappear from your computer when you close your browser software or turn off your computer. If you have chosen to identify yourself to us, we use session Cookies containing encrypted information to uniquely identify you. Each time you log into the Services, a session Cookie containing an encrypted, unique identifier tied to your account is placed in your browser. These session Cookies allow us to uniquely identify you when you are logged into the Services and to process your online transactions and requests.
Persistent Cookies. Persistent Cookies remain on your computer after you close your browser or turn off your computer. We use persistent Cookies that only we can read and use to identify browsers that have previously accessed our websites and Services. When you visit our websites, purchase Services or provide us with personal information, a unique identifier is assigned you. This unique identifier is associated with a persistent Cookie that we place on your web browser. We are especially careful about the security and confidentiality of the information stored in persistent Cookies. For example, we do not store account numbers or passwords in persistent Cookies.
Information about your customers. In order to provide you with the Services, we also receive and store any information about your customers that you choose to provide to us. Typically this information includes names and email addresses of your customers, but will consist of any information you choose to provide to us.
Third parties and publicly available information. We may obtain non-public and/or public information, meaning information from publicly available sources like the Internet and social platforms (“Public Information”), including through the use of application programming interfaces (APIs) about an individual from third-party data sources. Given the non-private nature of such Public Information, we may share or disclose this public information, such as public social media user profile information, public likes or posts, or the people a user follows or that follow a user, with anyone for any purpose. Section IV, below, describes how we disclose the non-public information we receive.
Do Not Track. Currently, various browsers – including Chrome, Internet Explorer, Firefox, and Safari – offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to websites' visited by the user about the user's browser DNT preference setting. Because we want to provide you with a personalized experience, we do not change our behavior based on a web browser’s DNT signal.
We may use this personal information to administer, monitor, provide, personalize, analyze, and improve our website and the Services, to communicate with you, to provide information to you about our Services and partners, to provide demonstrations of our Services to you, to provide information to you about our events, to market our Services and events to you, and to provide information to you about our partners and their services and events. We use credit card information solely to check the financial qualifications of prospective customers and to collect payment for the Services and events.
The information that we collect from you may be transferred to, and stored and processed at, a destination in the United States. If you reside outside of the United States, by submitting information to us, you agree to this transfer, storing or processing. ShelfFlip uses Microsoft’s Azure Web Services to host our Services, including parts of the Service we use to store and process information we receive from website visitors, third parties, and individuals with whom we interact through email, other messaging systems, or telephone. This means that information submitted to our Services, and some other information ShelfFlip receives from you, is stored and maintained in accordance with Azure Web Services’s Privacy Statement, which can be viewed here: https://go.microsoft.com/fwLink/p/?LinkID=131004&clcid=0x409. Our Privacy Statement does not create any obligation on the part of Microsoft.
We share the non-public personally identifiable information we receive with third parties as described below:
A. Trusted Third Parties: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide the Services to you. Unless we tell you differently, such third parties do not have any right to use the personal information we share with them beyond what is necessary to assist us. This includes third party companies and individuals employed by us to facilitate our Services, including the provision of maintenance services, database management, analytics and general improvement of the Services ("Service Providers"). For more information on the specific privacy practices of these Service Providers, please contact us at email@example.com. Also, as part of our provision of the Services, we may send requests using the email address of your customers to common social media platform providers ("Social Providers") so that we can receive the publicly available contact and social information, such as addresses, gender, company, job titles, photos, website URLs, social network handles and physical addresses, related to the email address of your customer that you provide to us. We only share the information necessary for these Social Providers to be able to assist us in providing you with our Services and will never share your company name with them, making it impossible for a third party to associate you with your customers.
B. Business Transfers: We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. However, we will never sell the association between you and your customers for any other purpose than to continue the provision of Services to you. Also, if we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, the personal information we have received would be one of the assets transferred to or acquired by a third party. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
C. Protection of ShelfFlip and Others: We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or a court order; comply with lawful requests, investigations, or enforcement from regulatory agencies, law enforcement, national security organizations, or other authorized statutory bodies like the Federal Trade Commission; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of ShelfFlip, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
D. Events: We do not share with our business partners information we receive about you through your registration for or attendance of events unless you specifically opt in to such sharing via an event registration form. If you do not wish for your information to be shared in this manner, you may choose not to opt in via event registration forms. If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners’ respective privacy statements.
E. With Your Consent: Except as set forth above, you will be notified when your non-public personal information may be shared with third parties, and will be able to prevent the sharing of this information. We post customer testimonials/comments/reviews on our web site which may contain personally identifiable information. We obtain the consent of each customer prior to posting any information on such a list or posting testimonials.
F. Public and Non-personal Information: Our Services may offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We may share or disclose your non-private, aggregated or otherwise non-personal information, such as your comments or posts to our public forums, including our blogs and bulletin boards or your chat messages in our chat rooms, as well as any publicly available information we receive about an individual.
We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but we cannot guarantee complete security. When you enter your information on our website we encrypt the transmission of that information using transport layer security (TLS). However, the transmission of information via the Internet is not completely secure. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Through your account settings, you may access, and, in some cases, edit or delete the following information you've provided to us:
• name and password
• email address
• company name
• credit card information
• your customer’s email addresses
The information you can view, update, and delete may change as the website changes. If you have any questions about viewing or updating information we have on file about you, or your right to access such information, please contact us at firstname.lastname@example.org. We will respond to your request to access within thirty (30) days. Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: email@example.com.
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features. You may be able to add, update, or delete information as explained in Section VI above. When you update information, however, we may maintain a copy of the unrevised information in our records. We will retain your information for as long as your account is active or as needed to provide you Services. You may request deletion of your account by contacting us at firstname.lastname@example.org. Please note that some information may remain in our private records after your deletion of such information from your account as required by law or our own business needs. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may use any aggregated data derived from or incorporating your personal information after you update or delete it, but not in a manner that would identify you personally.
Exercising Your Privacy Rights: We have listed the privacy rights for several jurisdictions below, but we understand you may have additional rights in your jurisdiction. You may contact us directly at any time about exercising your data protection rights. We will consider your request in accordance with applicable laws, and may remove or update your information within a reasonable time and after providing notice to the Brand of your request. If you authenticated into the Services via Instagram, we will remove any "User Content" (as defined in the Instagram Platform Policy) or other information that you request within a reasonable time (please write to email@example.com). We may ask you to verify your identity in order to help us respond efficiently to your request.
b. California Residents
Third Party Marketing. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us at the Contact Information below.
California Consumer Privacy Act. If you are a California consumer, you have the following rights beginning on January 1, 2020:
· The right to know what Personal Information is being collected about you.
· The right to know whether your Personal Information is sold or disclosed and to whom.
· The right to say no to the sale of Personal Information.
· The right to access your Personal Information.
· The right, in certain circumstances, to delete the information you have provided to us.
· The right to equal service and price, even if you exercise your privacy rights, unless the difference in service and/or price is reasonably related to the value provided to the you by your Personal Information.
Requests for Deletion and Information. In certain circumstances, California consumers have the right to request that we delete their information. In addition, California consumers have the right to request, up to twice in a 12-month period, that a business that collects Personal Information about the consumer disclose to the consumer the information listed below for the preceding 12 months. We have the right to request verification of your identity for all requests for information.
(1) The categories of Personal Information it has collected about that consumer.
(2) The categories of sources from which the Personal Information is collected.
(3) The business or commercial purpose for collecting or selling Personal Information.
(4) The categories of third parties with whom the business shares Personal Information.
(5) The categories of Personal Information that the business sold about the consumer and the categories of third parties to whom the Personal Information was sold, by category or categories of Personal Information for each third party to whom the Personal Information was sold.
(6) The categories of Personal Information that the business disclosed about the consumer for a business purpose.
(7) The specific pieces of Personal Information it has collected about that consumer.
To make such a request, please contact us at the contact information below.
Do Not Sell My Personal Information. We are not data brokers and we do not sell your data on the open market. However, under California’s new privacy law, the California Consumer Privacy Act, some of the ways we share information may constitute a “sale.”
· If you are an Influencer, we may share public information about you with Brands that you already follow or buy from. You may also opt-in with us directly to discover new Brands. To remove your profile from UserGems, or to make a privacy request, please contact us at the contact information below or submit a request online.
c. EEA Residents
EEA Privacy Rights. If you are from the European Economic Area, you have the right, under certain circumstances, to:
· Access your Personal Information;
· Correct inaccurate Personal Information;
· Request erasure of your Personal Information without undue delay;
· Request the restricted processing of your Personal Information;
· Request portability of the Personal Information that you have given us; and
· To object to the processing of your Personal Information, including the ability to object to automated processing and/or profiling.
If you are from the European Economic Area, you also have the right to lodge a complaint with a supervisory authority, under certain circumstances.
You may contact us at the contact information below for more information, or to exercise your rights.
Our Services are not directed to persons under age 13, and we do not knowingly collect personal information from children under the age of 13. If we become aware that a child under age 13 has provided us with personal information, we take steps to remove such information and terminate the child's account. If you become aware that your child has provided us with personal information without your consent, please contact us at firstname.lastname@example.org.
Any data that you provide to us may be accessed, shared or processed by our offices, located in the United States, and service providers located in the United States and abroad, if such data transfer is necessary for the specific purpose for which you submitted your data (such as the provision of goods or services under a written contract). This may entail a transfer of your Personal Information across international borders, including, but not limited to, transfers from within the European Economic Area (the “EEA”) to the United States. The data protections standards may differ and be lower than the standards enforced in your jurisdiction. We maintain appropriate safeguards as required by applicable law for any Personal Information transferred internationally, and as required by applicable law, will seek your consent prior to such transfers.
In compliance with the Privacy Shield Principles, ShelfFlip commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ShelfFlip at the address stated in the "QUESTIONS OR CONCERNS" section below, we have designated our Privacy Officer to oversee our data privacy program, including our compliance with the EU Privacy Shield program and Swiss Privacy Shield. Our Privacy Officer shall review and approve any material changes to this program as necessary.
If you have any questions or complaints about the use or disclosure of your EU or Swiss Personal Data, please contact the Privacy Officer at email@example.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EU or Swiss Personal Data within 45 days of receiving your complaint. ShelfFlip has further committed to refer unresolved Privacy Shield complaints to JAMS, as our independent resolution body. If you remain unsatisfied with the resolution of your complaint after attempting to resolve the matter with us, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield, an alternative dispute resolution provider located in the United States for further assistance. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you. Under certain circumstances, either party may request binding alternative dispute resolution, provided you have taken the following steps: (1) raised your complaint directly with us and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Privacy Shield Framework: Annex I (Binding Arbitration).
If you have any questions or concerns regarding our privacy policies, please send us a detailed message by email to firstname.lastname@example.org or by mail to:
Attn: Privacy Officer
2443 Fillmore Street #380-3416
San Francisco, CA 94115
We will make every effort to resolve your concerns.