Effective Date: August 2, 2019
If you have any questions or comments concerning this policy, please feel free to contact us.
I. THE PERSONAL DATA WE COLLECT
Personal data means any information about an individual user from which that person can be identified. The Shelf will only collect personal data about you with your consent. The only information collected by us is what has been provided by you, collected by us, or provided to us lawfully by third parties including social media platforms such as LinkedIn, Facebook, Instagram and Google.
The personal data we collect fall into the following categories:
Account Information includes first name, last name, username, password, and location. If you interact with us through social media, this may include your social media username.
Contact Information includes billing address, delivery address, email address and telephone number.
Profile Information includes details your username, your business name, your social media handles, as well as any additional profile data which has been added by you or us.
Financial Information includes payment details.
Transaction Information includes details about payments to and from you, and other details of the products/services purchased.
Your Content includes any information, material or content obtained by The Shelf from publicly available sources or third-party content providers and made available through your profile on the Shelf Platform. This includes your social media posts and blog posts across the channels that you include in your Shelf Platform profile as well as the information that you choose to post directly to the Shelf Platform.
Communications includes any communications that you make with us (via email, phone or through the Shelf Platform, or otherwise) or communications you make with other users.
Technical Information includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.
Usage Information includes information about how you use the Services.
Tracking Information includes information we or other parties collect about you from cookies and similar tracking technologies, such as web beacons, pixels and other identifiers.
Aggregated Information such as statistical or demographic data for any purpose. Aggregate Information may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
Marketing Information, which includes your preferences in receiving marketing from us.
We do not collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic biometric data). Nor do we collect any information about criminal convictions or offenses.
II. HOW WE COLLECT PERSONAL DATA
There are different methods in which we collect personal data from you.
Automated Technologies or Interactions. When you use the Services, we may automatically collect Technical and Transactional Information, Communications, and Your Content, that may, in certain circumstances, constitute personal data. We may also collect Tracking Information when you use our Services. Some of the ways in which we or the Shelf Platform may collect are as follows:
- Cookies and other technologies. We may place a “cookie” on the hard drive of the device that you use to access the Services. Cookies are text files that are saved on the hard drive of your device by means of your browser, enabling us to recognize your browser for purposes of automatically authenticating and logging you into the Services, saving your preferences and directing information to you.
- Web Beacon. A “Web beacon,” also sometimes called a pixel tag or transparent GIF, is an object that is embedded in a web page. It is usually invisible to you, but allows website operators to check whether you have viewed a particular web page or email communication. We may place web beacons on our website, and in the emails we send to you.
- Analytics Tools. By using cookies and web beacons, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the website, the Internet Protocol address, and the type of operating system used in the devices used access the Service. You can opt out of Google Analytics by using a browser plugin provided by Google (http://www.google.com/ads/preferences/plugin/).
- Clickstream Data. When you use the Services, a trail of electronic information is left at each website you visit. This information is referred to as “Clickstream Data”, and can be collected and stored by a website’s server. All clicks and pages that our users click are collected to determine how much time a visitor spends on each page on the Shelf Platform, how users navigate the Shelf Platform and how we can tailor the Shelf Platform to meet the needs of our users. This information can be used to improve the Shelf Platform and our Services. Any collection or use of Clickstream Data will be anonymously aggregated, and will not intentionally contain any personal data.
- Location Data. The Shelf Platform, when given permission, will estimate the latitude and longitude coordinates of your IP address. We use this information to help us improve the relevance of search results.
Third Parties or Publicly Available Sources. We may also receive personal data about you from various third parties, including:
- Technical and/or Tracking Information from analytics providers, advertising networks and search information providers;
- Contact, Financial and Transaction Information from providers of payment and fraud prevention services;
- Account and Contact Information from data partners; and
- Data from third parties who are permitted by law or have your permission to share your personal data with us, such as via social media or review sites. We will only use your personal data when the law allows us to.
III. HOW WE USE YOUR PERSONAL DATA
We will never sell your personal data to third parties for their use or marketing purposes. The Shelf uses the personal data that we collect for the following purposes:
- To provide you with our Services. To provide you with the Services, communicate with you about your use of the Services, respond to inquiries, provide troubleshooting, and for customer service purposes.
- To Personalize the Services. To provide you with personalized content through the Services, to suggest partnerships between you and a brand and/or influencer, to personalize help and instructions, and to otherwise personalize your experience on the Services.
- Marketing and Promotional Use. For marketing and promotional purposes, such as to send you news and newsletters, special offers, and promotions, or to otherwise contact you about information we think may interest you.
- Analytics. To gather metrics to better understand how users access and use the Services, to evaluate and improve the Services, and to develop new product features.
- To Comply with Law. If required to do so by law, court order or other government or law enforcement authority or regulatory agency; or, if we believe in good faith that disclosing this information is necessary or advisable, including, for example, to protect the rights, property, or safety of The Shelf, you, users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
IV. DISCLOSURE OF PERSONAL DATA
We may share personal data with the following categories of third parties:
- Service providers (such as technology service providers, hosting providers, payment processing, auditors, advisors, consultants, customer service and support providers, and fraud prevention providers);
- Subsidiaries and affiliates of The Shelf;
- Business Transfers (such as in the case of any merger, sale, and transfer of assets, acquisition or restructuring of all or part of our business, bankruptcy or similar events);
- Legally required (to public authorities, such as law enforcement, if we are legally required to or if we need to protect our rights or the rights of third parties);
- Protection of rights (where we believe it is necessary to respond to claims asserted against us, or comply with legal process, enforce or administer our agreements and terms, fraud prevention, risk assessment, investigation, and protect the rights, property and safety of our users).
We may also share data with third parties connected to advertising, retargeting and analytics (see Cookies Policy below for more information).
We require all third parties to respect the security of your personal data and to treat it in accordance with law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specific purposes in accordance with our instructions.
V. COOKIES POLICY
Cookies may be placed on your computer or device, which will allow us and other trusted partners (see below) to receive information stored in cookies when you visit the Shelf Platform and use the Services.
Different types of cookies are used when using the Services. These include:
- Authentication. When signing into the Services, cookies help us recognize you.
- Research, Analytics and Fraud Prevention. Cookies may be used to understand how our users use the Services so we can improve them.
- Feature and Services. Cookies can be used to personalize the features on the Services based on your preference and history.
- Google Analytics
- LinkedIn Ads
- Facebook Ads
You can remove or block certain cooking using the settings in your browser. If you choose to remove or block certain cookies, you may still use our Services however your access to some functionality and areas may be restricted.
VI. PAYMENT INFORMATION
The Shelf uses third party payment processor Stripe.com to process transactions made via the Services. All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information is encrypted before being communicated to them. Subject to the below exceptions, your credit card details are communicated directly from your browser to these payment processors. The Shelf never sees your payment information. This means the payment form is either off-site or displayed in a frame on the payment page.
VII. INTERNATIONAL TRANSFER OF PERSONAL DATA
VIII. HOW WE STORE INFORMATION
The security of personal data is important to us. The Shelf will take reasonable steps to protect all personal data, and to keep this information accurate, up to date, complete and relevant.
Our standard procedures call for us to retain information submitted by users for an indefinite length of time. The Shelf understands your submissions as consent to store all your information in one place for this indefinite length of time, if we so wish. If required by law, as is the case to comply with the Children’s Online Privacy Protection Act (COPPA), we will nullify user information by erasing it from our database. We will also respond to written user requests to nullify account information.
Your profile is password-protected so that only you have access to your account information. If you have registered for a Shelf Platform account using the single-sign on or account synchronization applications of Facebook, Twitter, or other social network services, then your login and password shall be the same as your social network login and password. In order to maintain this protection, do not give your password to anyone. The Shelf staff will never proactively reach out to you and ask for any personal account information, including your password. For our web application, you should sign out of Your account and the browser window before someone else obtains access. You should never share devices. This will help protect your information entered on public terminals from disclosure to third parties.
IX. CHOICES YOU HAVE
You may check your information to verify, update or correct it, and to have any obsolete information removed. If you created an account on the Shelf Platform, you can access and change your online account profile yourself. You can also review any of the information that we have retained, how we have used it, and to whom we have disclosed it at any time by contacting us as indicated in the Contact Us section below. Subject to certain exceptions prescribed by law, and provided we can authenticate your identity, you will be given reasonable access to your personal information, and will be entitled to challenge the accuracy and completeness of the information and to have it amended as appropriate. You may also ask us to change your preferences regarding how we use or disclose your information, or let us know that you do not wish to receive any further communication from us.
X. OUR POLICY ON CHILDREN’S INFORMATION
The collection of personal data is neither intended for, nor direct to, persons who are under the age of thirteen (13) years old. Personal data will not be collected by any person who is known by The Shelf to be under the age of thirteen (13) without the consent of a parent or legal guardian. Persons under age thirteen (13) may only use the Services with the involvement and consent of a parent or legal guardian.
XI. LINKS TO OTHER WEBSITES
The Shelf Platform may contain links to third party sites or online services. We are not responsible for the practices of such third parties, whose information practices are subject to their own policies and procedures.
XII. Your California Privacy Rights
This Section applies to California residents. Under California Law, California residents have the right to request in writing from a business where a business relationship exists:
- A list of categories of personally identifiable information, such as name, email address and mailing address and the type of service provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the preceding calendar year for the third parties’ direct marketing purposes; and
- The names and addresses of all such third parties.
To request the above information or opt out of the use of your personally identifiable information, please contact us.
XIII. CHANGES TO THIS POLICY
XIV. QUESTIONS OR CONCERNS
Whether you live in or outside the United States, you may contact The Shelf, Inc. at email@example.com.
XV. GDPR Disclosures
Pursuant to the GDPR, The Shelf, Inc. generally acts as the data controller of the information you submit through the Shelf Platform. In limited cases, such as where a client may provide non-public personal data regarding an influencer, we act as a processor for such non-public personal data.
Legal Bases of Processing
Below are the lawful basis that we rely on to process your personal data:
- Legitimate Interest. The Shelf processes personal data in order to conduct and manage our business and to enable us to give you the best service/product with the best and most secure experience.
- Comply with Legal or Regulatory Obligations. The Shelf may process your personal data to comply with legal or regulatory obligations that we are subject to.
Purposes for processing of personal data
Recipients or categories of recipients of personal data
The recipients of the personal data are The Shelf and the entities as set forth in Section IV.
Your rights under the GDPR
You have a number of rights under the GDPR. These include the right to:
- Request access to your personal data from us;
- Request that we correct or erase your personal data:
- Withdraw your consent for us to use your personal data;
- In some circumstances, to object to the use of your personal data by us and request that we restrict our use of your personal information;
- Receive your personal data held by us, in a commonly used electronic format, or to have us transfer such personal information to another service provider of your choosing;
- Lodge a complaint in relation to our processing of your personal information with a data protection supervisory authority under the GDPR; and
- Be informed generally about the collection and use of your personal information, including where we intend to further process your personal information for additional purposes other than as discussed above.
- You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en
Important Notice to All Non-US Residents
Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. Except in the case of data transfers under the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, your decision to provide such data to us, or allow us to collect such data through our Websites, constitutes your consent to this data transfer.
E.U.-U.S. and Swiss-U.S. Privacy Shield Notice
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, The Shelf is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In compliance with the Privacy Shield Principles, The Shelf commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Economic Area, Swiss, and United Kingdom individuals with Privacy Shield inquiries or complaints should first contact us at firstname.lastname@example.org with the subject line “Privacy Shield.”
The Shelf has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Our accountability for personal data that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Opt-In and Opt-Out under the Privacy Shield: We provide an individual with the opportunity to opt-out before we share your personal data with third parties other than our agents, or before we use it for a purpose that is materially different from which it was originally collected or subsequently authorized. To request to limit the disclosure of such personal data, please submit a written request to email@example.com, with the subject line, “Privacy Shield.”
We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent, and shall also obtain your opt-in consent before we use sensitive data for a purpose other than which it was originally collected or subsequently authorized, unless an exception applies pursuant to the “Sensitive Data” Privacy Shield Supplemental Principal. You may provide your consent by sending us an email at firstname.lastname@example.org with the subject line “Privacy Shield.” In each instance, please allow us a reasonable time to process your response.
To the extent that we may serve as a Processor, The Shelf will need to consult and coordinate with its customers (which act as controller) to properly effectuate your opt-out/opt-in rights described herein.
Your Privacy Shield Rights: Upon request to email@example.com with the subject line “Privacy Shield,” we will provide you with confirmation as to whether we are processing your personal data pursuant to the Privacy Shield, and will communicate such data to you within a reasonable time. You have the right to access your personal information processed pursuant to the Privacy Shield and the right to correct, amend, or delete your personal information processed pursuant to the Privacy Shield where it is inaccurate or has been processed in violation of the Privacy Shield Principles. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests.
To the extent that we may serve as a Processor, The Shelf will need to consult and coordinate with its customers (which act as controller) to properly effectuate your rights described herein.
How We Protect Your Personal Information under the Privacy Shield: The Shelf takes very seriously the security and privacy of the personal information that it collects pursuant to the Privacy Shield. Accordingly, we will implement reasonable and appropriate security measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations.