Last update: November 1, 2022
2. Information We Collect
a) Information you provide to us
We collect information from and about you directly when you provide it to us. This information may be collected when you contact us, fill out a form, access or participate on our Website, respond to surveys, or otherwise interact with us, such as through social media or networking sites. This information may include:
- Contact information, such as your name, title, phone number, organization or employer, job title, work sector, physical address, and e-mail address;
- Comments, questions, and requests you may make;
- Information about your preferences, such as your preferred methods of communication and the types of information in which you are interested;
- Details of downloads from our Website;
- Records and copies of your correspondence (including email addresses and phone numbers), if you contact us; and
- Any other information you voluntarily provide.
b) Information we collect automatically
Like most online services, we automatically receive standard technical information when you use the Website. We collect this information through browser cookies, pixel tags, web server logs, web beacons, embedded scripts, and similar technologies. These features enable us to personalize your experience on the Website, understand how you use it, maintain a persistent session, and improve and further develop the Website. We collect this information as follows:
- Pixel Tags: Certain websites contain electronic images known as pixel tags (also called web beacons or gifs) that we use to help deliver and recognize cookies on our Website, count users who have visited those sites, and gather usage and performance data. We also include pixels in our emails to tell if you open and act on them.
- Embedded Scripts: An embedded script is programming code that is designed to collect information about your interactions with the Website, such as the links you click on. The code is temporarily downloaded onto your device from our web server or a third-party service provider, is active only while you are connected to the Website, and is deactivated or deleted thereafter.
- Log files: Like most standard website servers we use log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses etc. are tied to personally identifiable information to enable our web-based service.
- Device information: We collect information about the device you use to access or use the Website, including the hardware model, operating system and version, unique device identifiers, network information, and information about your use of our applications.
- Geolocation information: We may automatically collect geolocation information from your device, your wireless carrier, or certain third-party service providers (“Geolocation Information”). You may control the collection of Geolocation Information through the user settings on your device. You may decline to allow us to collect such Geolocation Information, in which case we may not be able to provide certain services to you.
c) Information we collect from other sources, including our social media pages
d) Information we collect through third-party data and analytics providers
For more information on Google Analytics, including how to opt out from certain data collection, please visit https://www.google.com/analytics. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Website.
e) Tracking data
We collect tracking data using first and third-party cookies, pixels, web server logs, web beacons, and similar data collection and tracking technologies on the Website, third party websites, apps and online services, and across your devices (such as IP address, browser, type, ISP, platform type, device type). Third parties such as advertising networks and analytics providers may also collect information about your online activities over time and across different websites and devices when you access or use the Website.
3. How We Use Your Data
We use Your Data to provide the Website to you, and to operate our business. This includes:
- Service-related usage: We use Your Data to provide and support the Website, such as communicating with you and other users, providing our services, informing you about our work, processing your requests, and maintaining our systems.
- Analyzing and improving our services: We may run calculations, aggregate, normalize, clean, enhance, and make derivative works of the information obtained about you in order to:
- Understand and analyze usage trends and preferences;
- Monitor and analyze the effectiveness of the Website;
- Improve the Website and develop new products, services, features, and functionalities; and
- Test the Website and our infrastructure to make sure the Website is working correctly.
- Marketing: If you enter your contact information on the Website and opt-in to receive electronic marketing communications from us, we may provide you with materials that could be useful, relevant, valuable, or otherwise of interest to you, such as our newsletter, and updates about services and products offered by us. We will not send you marketing emails if you have not signed up for this, and you can unsubscribe from receiving such emails at any time by clicking on the “unsubscribe” link at the bottom of all our marketing emails. You will continue to receive other correspondence that relates to requests for downloads or other orders you have placed with CTrees.
- Advertising: CTrees, its business partners, and advertising/marketing companies may use Your Data to tailor, analyze, manage, report and optimize advertising you see on the Website, and on other sites and apps that you access and/or use through your devices. By accessing and using the Website, you consent to the processing of Your Data for these purposes.
4. How We Share Your Data
a) To assist us in running our business and providing services to you
We may employ other companies and individuals to perform functions on our behalf, such as website hosting, data analysis and enhancement, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, and email delivery. CTrees thus may reveal user data to third parties including third-party affiliates, our sales representatives, and business partners that may require information to invoice for a product purchased through our Website. Additionally, we may use third-party credit card processing companies to bill users for goods and services. These other companies will have access to Your Data only as necessary to perform their functions and to the extent permitted by law.
b) To better understand and serve our users
In an ongoing effort to better understand our users, we might analyze Your Data in aggregate form in order to operate, maintain, manage, and improve the Website. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products and services to current and prospective business partners and to other third parties for other lawful purposes.
c) For advertising and marketing purposes
We may also work with third-party social media sites, such as Facebook, Google, and other media platforms, to serve ads to you as part of a customized campaign, unless you notify us that you prefer not to have information about you used in this way. For more information about how you can opt out of customized campaigns, please see “Your Choices” below.
d) As part of a change of our organization
As we grow and develop our organization, we might share Your Data with other organizations we join, merge with, or in other forms cooperate with.
e) For legal purposes
To the extent permitted by law, we may also disclose Your Data when required by law, court order, or other government or law enforcement authority or regulatory agency, or whenever we believe that disclosing such information is necessary or advisable, for example, to protect the rights, property, or safety of CTrees or others.
5. Children’s Privacy
6. External Websites and Payment Service Providers
Please be advised that your use of third-party payment processors is subject to the terms and conditions, including the privacy policies, of those companies. By using these services, you accept the their terms of service, which can be found here:
- Google Pay: https://payments.developers.google.com/terms/sellertos
- PayPal: https://www.paypal.com/us/webapps/mpp/ua/legalhub-full
- Shop Pay: https://shop.app/terms-of-service
- Meta Pay: https://www.metapay.com/terms-of-use/
We take commercially reasonable steps to protect Your Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
8. Your Choices
a) Deletion of Information
If you would like us to delete any or all information, please email us at firstname.lastname@example.org. To the extent compatible with our legal or regulatory record keeping requirements, we will use commercially reasonable efforts to process such requests in a timely manner.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Website.
c) Promotional Communications
You may opt out of receiving promotional communications from us by following the instructions in those communications or by emailing us at email@example.com. Please note that you cannot opt out of receiving transactional e-mails related to your orders.
9. Do Not Track
As discussed above, third parties such as advertising networks and analytics providers may collect information about your online activities over time and across different websites when you access or use the Website. Currently, various browsers offer a “Do Not Track” option, but there is no standard for commercial websites. At this time, we do not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.
10. Notice to California Residents
Pursuant to California’s “Shine the Light” law (Civil Code Section § 1798.83), California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties.
To make such a request, please send an email to firstname.lastname@example.org. Please note, however, that we have never shared any personal information for a third party’s direct marketing purposes.
11. Notice to Nevada Residents
If you are a resident of Nevada, you have the right to opt-out of the sale of personal information to third parties. You can exercise this right by contacting us at email@example.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note, however, that we do not sell personal information to third parties.
12. Notice to Individuals Located in the European Economic Area, the United Kingdom, or Switzerland
If you are an individual located in the European Economic Area, the United Kingdom or Switzerland, please review our GDPR Privacy Notice (below) for further information regarding the processing of your personal data and your rights under the General Data Protection Regulation (2016/679).
13. Notice to All Non-U.S. Residents
15. How to Contact Us
CTrees GDPR Privacy Notice
Last Update: November 1, 2022
If you are located in the European Union (EU), United Kingdom, Lichtenstein, Norway, or Iceland (“European Individuals”), you may have additional rights with respect to your Personal Data under the General Data Protection Regulation (“EU GDPR”), and/or the EU GDPR as saved into United Kingdom law by the United Kingdom's European Union (Withdrawal) Act 2018 (“UK GDPR”) (collectively with the EU GDPR, the “GDPR”), as set forth in this GDPR Notice (the “GDPR Notice”).
In this GDPR Notice, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to identify a person, and “processing” generally refers to actions that can be performed on data such as its collection, use, storage or disclosure. CTrees will usually be the controller of your Personal Data processed in connection with the Services.
1. Types of Personal Data we Collect
2. How we Obtain the Personal Data
3. Why we Collect the Personal Data
a) Your Consent
In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. You can remove your consent at any time. You can do this by contacting us via email at firstname.lastname@example.org with the subject line “GDPR Request.”
b) We Have a Contractual Obligation
- Contact information; and
- Any other information you voluntarily provide to us to request our services or communicate with us.
c) We Have a Legitimate Interest
We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:
- Contact information;
- Any other information you voluntarily provide; and
- Automatically collected information about your use of our Website and other interactions with us (including log files, device information, geolocation, tracking data, performance metrics, etc.).
Our legitimate interests are:
- Information Security: We process contact information and automatically collected information in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking usage, combating DDOS or other attacks, and removing or defending against malicious individuals or programs.
- Operation and Improvement of our Website and Services: We process automatically collected information pursuant to our legitimate interest in operating and improving our Website and services.
- Audience Measurement and Marketing: Pursuant to a user’s consent, we use analytics and targeting cookies, and collect identifiers through such cookies, for purposes of audience measurement, analytics, audience reaction to our Website, creating relevant user experiences, and targeted marketing by us and other third parties.
- General Business Development and Management: We process contact information and other information you voluntarily provide pursuant to our legitimate interest in creating and managing our relationships with European Individuals, including without limitation:
- To respond to inquiries from European Individuals;
- To provide European Individuals with information about our products and services; and
- To assist European Individuals with any issues while using the Website or our services.
- Direct Marketing: Generally, we send email marketing to European Individuals pursuant to their consent. When you use the Website, email marketing may be sent to you pursuant to our legitimate interest in sending marketing communications to you in the context of such engagement.
- Protection of Rights: We may disclose any categories of Personal Data to respond to claims of violation of third party rights or to enforce and protect our rights.
d) We Have a Legal Obligation
We may be required to disclose Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose Personal Data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
4. How we Share Your Personal Data
5. How we Store and Protect Your Personal Data
We use commercially reasonable administrative, technical, and physical safeguards to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, for which we take into account the nature of the Personal Data, its processing, and the threats posed to it. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us via email at email@example.com with the subject line “GDPR Request.”
6. Your Data Protection Rights
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at firstname.lastname@example.org with the subject line “GDPR Request.” You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
- Right of access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
- Right to rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
- Right to erasure: You can request that we erase some or all of your Personal Data from our systems.
- Right to restriction of processing: You have the right to ask us to restrict the processing of your Personal Data.
- Right to object to processing: You have the the right to object to the processing of your Personal Data in certain circumstances.
- Right to data portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Right to withdraw consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Objecting to Legitimate Interest/Direct Marketing: You may object to Personal Data processed pursuant to our legitimate interest. In such case, we will no longer process your Personal Data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your Personal Data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to email@example.com with the subject line “GDPR Request.” In such case, your Personal Data will no longer be used for that purpose.
We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolve disputes and enforce our agreements. Please note that all of these rights are subject to applicable exemptions and restrictions, and are not absolute rights. If we need to rely on these exemptions or restrictions, we will provide this information to you in our response.
7. How to Complain
If you have any concerns about our use of your Personal Data, you can make a complaint to us at firstname.lastname@example.org with the subject line “GDPR Request.”
You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged infringement of data protection laws occurred. A list of most of the supervisory authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
8. Changes to Our Organization
As we grow and develop our organization, as well as in the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, the information that we have collected, including Personal Data, may be transferred to the organization we join, merge with, or in other forms cooperate with, or the surviving or acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such Personal Data as set forth in this GDPR Notice.
9. Updates to this GDPR Notice
If, in the future, we intend to process your Personal Data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Last Update” at the top of this page will be updated accordingly.
10. Our Contact Information
Please reach out to email@example.com for any questions, complaints, or requests regarding this GDPR Notice, and include in the subject line “GDPR Request.”