Privacy Policy | Boll & Branch
Privacy Notice
Notice Effective: December 2, 2013
Last Updated: June 28, 2023
This Privacy Notice (the “Privacy Notice” or “Notice”) is to inform you how Boll & Branch LLC (collectively, “Boll & Branch” or “we” or “us”) will collect, transfer, store, and/or use (“process”) personal information, including personally identifiable information, that you submit or we collect through our social media channels, offline activities such as phone calls, emails, or in person, and our website located at www.bollandbranch.com (the “Site”).
This Notice is subject to our Terms of Service , which are incorporated herein by reference. Please read it carefully. By using the Site, you understand and are accepting the practices described in this Notice and accept its terms. You also give your express permission for us to process personal information in accordance with this Notice.
We reserve the right to modify or amend this Notice at any time to reflect changes in our personal information practices or applicable law. Should it be necessary to do so, will notify you and/or request your express consent, if required, of any material changes to this Notice by posting such changes at the Site or by other acceptable means. Each version of the Notice is identified at the top of the page by its Lasted Updated date. Your continued use of the Site after changes have been posted constitutes your acceptance of the Notice as amended for personal information collected going forward, unless additional consent is required under applicable law. If you do not agree to the terms of our Notice, please do not use the Site or provide us your personal information.
If you wish to download and print a copy of this Privacy Notice, please click here.
COLLECTION AND USE OF PERSONAL INFORMATION
We collect most of the personal information about you directly from you—in person, by telephone, by email, and/or via our Site.
Personal Information That You Provide To Us. You may provide us with the following personal information: name, address (shipping and/or billing), email address, telephone number, mobile telephone number, credit card number, user password, optional information during customer surveys and offers (including optional demographic information such as gender, age, marital status, and parental status for the purpose of tailored marketing communications) and any other information you provide when you communicate with us).
This includes information collected directly from you when you provide it to us, such as information that you provide by filling in forms and completing transactions on our Site. This includes the following:
Online Purchases: If you make a purchase on the Site, we collect your email address, first and last name, shipping addresses, phone number (optional in case we need to contact you about your order), any gift note you provide, and your payment information (including billing address, credit card number, expiry date and CVV/CVC code) in order to process the transaction. If you purchase a gift card, we collect the name and email address of the gift recipient in order to deliver the gift card by email on your behalf. After your transaction is completed, we may ask you to complete a post-transaction survey. If you place items in your online cart without completing your transaction, we may send you an email to remind you if you have provided consent to do so.
Returns: If you choose to make a return on the Site, we collect your order number and email address. If you are returning a product that was a gift, we collect your order number, zip code, name, and email address. If you are returning a mattress, we collect your name, email address, phone number, order number, reason for return, and whether the purchase was made online or in store. We use this information to process your return.
Create an Account: You are not required to create an account to access or use our Site. If you choose to create an account on our Site to make checkout fast and easy, we collect your email address and a password you create in order to create and administer your account. We also may collect your consent to send you marketing communications, which is optional. We also save your order history in your account, as well as any optional profile information (such as date of birth, design style, martial status, gender, annual household income, parental status, and favorite pet) you provide in our profile survey. We use this information in order to provide the best possible Site experience for you and for our legitimate interests, i.e., to be as efficient as we can to deliver the best service for you at the best price. Do not disclose your password to anyone. If you become aware of any unauthorized access to or use of your account, you must notify us immediately.
Design Consultations: If you request a complimentary design consultation, we collect your name, phone number, email address and information about your interests, style, and goals. We also collect any photos you upload of the room or bed you would like help with. We use this information to provide you with a complimentary design consultation by phone or video.
Contests and Promotions: When you enter a contest or participate in a promotion, we may collect your name, address, email address, phone number, and any additional information or content required for the contest or promotion (such as information you post on social media). We use this information to administer your participation in the contest or promotion, including prize fulfillment. As part of a contest or promotion, we may obtain your consent to share or otherwise publish the content you submit.
Trade Program: If you submit a Trade Application for our Trade Program, we collect your company name, website address, full name, email address, phone number, mailing address, a description of the business and other verifying information, tax exemption status, and social media handles. We may also obtain your consent to send you communications via email, including for marketing purposes.
Marketing Communications: If you sign up to receive our marketing emails or we otherwise have your consent, we will collect and use your email address to send you emails about new products, special offers, and other information. If you consent to behavioral advertising, as described below, these marketing emails may be of interest to you based on your purchases and interests. If you no longer wish to receive these communications, you can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of the newsletter. Alternatively, you can opt out of receiving our newsletter by contacting us at the contact information under “Contact Us” below. Please note that you may continue to receive certain transactional or account-related communications from us, such as your receipt or online order confirmation. We may also use services provided by third-party platforms (such as social networking and other websites) to serve tailored advertisements on those platforms, and we may provide a hashed version of your email address or other information to the platform provider for such purposes. From time to time, we may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business. To opt out of the sharing of your information for these purposes, please contact us at [email protected].
We may also collect your information if you contact us for customer service purposes:
Customer Service: When you contact us with a comment, question, or complaint or complete our customer service form online, you may be asked for information that identifies you, such as your name, email address, mailing address, and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment such as photos of the product. We may retain this information, including records and copies of your correspondence, to assist you in the future and to improve our customer service and service offerings.
Chat Feature: If you choose to use our chat feature to engage with our customer experience team, we may collect your name (or social media sign-in), email address, and any message that you choose to include in your communication. We may retain this information to assist you and to improve our customer service and service offerings.
We may also use automatic data collection technologies to collect certain information:
Personal Information Automatically Collected: We also use cookies and other technologies to collect personal information automatically through your use of the Site as described in the section entitled Information Automatically Collected.
INFORMATION AUTOMATICALLY COLLECTED
Cookies & Other Technologies. A cookie is a small file containing a string of characters that may be sent to your web browser when you visit a website. Cookies might be used for the following purposes: (1) to enable certain functions; (2) to provide analytics; (3) to store your preferences; and (4) to enable ad delivery and behavioral advertising.
Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves, some may expire after a few minutes while others may expire at a later time. Cookies placed by the website you’re visiting are sometimes called “first party cookies,” while cookies placed by other companies are sometimes called “third party cookies.”
The Site uses cookies that are sent by us or our third-party services. The use of cookies and other technology, described below, allows us to make our Site more responsive to your needs by delivering a better and more personalized experience to you. We use these cookies to identify you as a valid user, to ensure that no one else can sign on simultaneously with your account from another computer and to help us serve you better based on your registration preferences. We may also use cookies to help us facilitate any promotions or surveys that we provide. You can reset your browser to refuse cookies or to indicate when a cookie is being sent. By changing your preferences, you can accept all cookies, you can be notified when a cookie is set, or you can reject all cookies. If you do so and cookies are disabled, you may be required to re-enter your information more often and certain features of our Site may be unavailable.
The following information may automatically be received and/or collected from you through the Site: IP address, browser type, browser language, internet service provider (ISP), resource requested, date and time of resource request, and HTTP referring resource (if provided by the browser), operating system, and/or clickstream data. We aggregate this data, and may combine this data with other information we collect about you to better understand how visitors use our site, improving user experience, and to help manage, maintain, and report on use of our website. We also store IP addresses for fraud detection and prevention purposes.
Third-Party Service Providers: We sometimes utilize third-party service providers to help us track the activity within the Site. These third parties may use cookies and other tracking technologies. Our third-party service providers include the following:
Attentive (https://www.attentive.com/legal/privacy)
Black Crow AI (https://www.blackcrow.ai/legal/privacy-policy)
Calendly (https://calendly.com/privacy)
Delighted (https://app.delighted.com/privacy)
Dynamic Yield (https://www.dynamicyield.com/privacy-policy/)
Faraday (https://faraday.ai/privacy-options)
FullStory (https://www.fullstory.com/legal/privacy-policy/)
Google (https://policies.google.com/privacy?hl=en-US)
Google Analytics (see below)
Iterable (https://iterable.com/trust/privacy-policy/)
Jotform (https://www.jotform.com/privacy/)
Meta (https://www.facebook.com/privacy/policy)
Microsoft (https://privacy.microsoft.com/en-us/data-privacy-notice)
MNTN (https://mountain.com/privacy-policy/)
Netsuite (https://www.oracle.com/legal/privacy/)
Pebblepost (https://www.pebblepost.com/privacy-policy/)
Pepperjam (https://www.pepperjam.com/legal)
Poplar (https://heypoplar.com/legal/privacy-policy)
Segment (https://www.twilio.com/en-us/legal/privacy)
Shopify (https://www.shopify.com/legal/privacy)
TikTok (https://www.tiktok.com/legal/page/us/privacy-policy/en)
Wufoo (https://www.surveymonkey.com/mp/legal/privacy/)
Yotpo (https://www.yotpo.com/privacy-policy/)
Zendesk (https://www.zendesk.com/company/agreements-and-terms/privacy-notice/)
Analytics: We may use a third party such as Google Analytics to help us gather and analyze information about the areas visited on the Site (such as the pages most read, time spent, search terms and other engagement data) in order to evaluate and improve the user experience and the Site. For more information about Google Analytics or to prevent the storage and processing of this data (including your IP address) by Google, you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can also obtain additional information on Google Analytics’ data privacy and security at the following links:
https://policies.google.com/technologies/partner-sites
https://support.google.com/analytics/topic/2919631
More Information. You may learn more about cookies and how to opt out of them by visiting the following third-party website: http://www.allaboutcookies.org/.
INTEREST-BASED ADVERTISING / RE-TARGETING
We partner with third parties such as ad networks and other advertising companies to display advertising on our Site and manage our advertising on other sites. Our third-party partners, listed above, may use technologies such as cookies and pixel tags to gather information about your activities on our Site and other sites (such as web pages you visit and your interaction with our advertising and other communications) in order to make predictions about your preferences and provide you with tailored advertising across the Internet based upon your browsing activities and interests. This information may also be used to evaluate the effectiveness of our online advertising campaigns.
If you would like to opt out of having your personal information used for the purpose of serving you interest-based ads, you may do so by clicking here and following the instructions. Please note this does not opt you out of being served advertisements. You will continue to receive generic advertisements from us, but the ads will not be targeted based on behavioral information about you and may therefore be less relevant to you and your interests.
For more information about interest-based advertising and to understand your options, including how you can opt out of receiving behavioral ads from third-party advertising companies participating in the Digital Advertising Alliance, please visit the Digital Advertising Alliance at http://www.aboutads.info/choices/, the Network Advertising Initiative at http://www.networkadvertising.org/choices/, or the Digital Advertising Alliance of Canada website at http://youradchoices.ca/choices.
To successfully opt out, you must have cookies enabled on your web browser (see your browser’s instructions for information on cookies and how to enable them). Your opt-out only applies to the web browser and device you use, so you must opt out on each web browser on each device you use. Once you opt out, if you delete your browser’s saved cookies, you will need to opt out again.
Social Media. The Site include social media features, plug-ins and links, and may use social media application programming interfaces (“APIs”) for log-in. The social networking site may collect certain personal information about you, such as your name, username, email address, and/or profile picture, and you may allow us to have access to certain personal information associated with your social media account (e.g., name, username, email address, profile picture) for the purpose of providing the social media feature on our Site. Please see the privacy policies for the applicable social networking sites to learn more about how these social networking sites share your personal information, which practices may differ from ours.
DO NOT TRACK SIGNALS
The Site does not respond to Do-Not-Track (“DNT”) signals. To find out more about DNT, you may wish to visit the following third-party website www.allaboutdnt.com. However, we treat Global Privacy Control signals as opt-out of sale and opt-out of interest-based / targeted advertising requests under applicable state laws.
To opt out of interest-based advertising, please see the section Interest-Based Advertising / Re-Targeting.
PURPOSES OF INFORMATION COLLECTION AND PROCESSING
We use information to provide you with a superior experience and, as necessary, to administer and manage our operations. We use your personal information in the following ways:
To comply with our legal and regulatory obligations;
To provide you with information or services that you request from us;
To fulfill any other purpose for which you provide it;
To provide you with functionality of the Site;
To provide client service and/or marketing products or services;
For our legitimate interests or those of a third party;
To conduct research and perform analysis to measure, maintain, protect, develop, and improve our products or services;
To administer, enhance, and communicate with you regarding our events, marketing, and advertising;
To make communications necessary to notify you regarding order confirmations, products, services, market research, requests, marketing, security, privacy, and administrative issues; and/or
In any other way we may describe when you provide the information or for any other purpose with your consent or to comply with applicable law.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. The table below explains why we process your personal information:
How we process your personal information | Our reasons |
To provide products and/or services to you | For the performance of our contract with you or to take steps at your request before entering into a contract |
To prevent and detect fraud against you or our organization | For our legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for us and for you |
To display advertisements to our advertisers’ target audiences | For our legitimate interests or those of a third party, i.e., to efficiently and accurately advertise to you so we can deliver the best service for you at the best price |
Processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator | To comply with our legal and regulatory obligations |
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | To comply with our legal and regulatory obligations |
Ensuring business policies are adhered to, e.g. policies covering security and internet use | For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you |
Operational reasons, such as improving efficiency, training, and quality control | For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price |
Ensuring the confidentiality of commercially sensitive information | For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information To comply with our legal and regulatory obligations |
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures | For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price |
Preventing unauthorized access and modifications to systems | For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you To comply with our legal and regulatory obligations |
Updating and enhancing customer records | For the performance of our contract with you or to take steps at your request before entering into a contract To comply with our legal and regulatory obligations For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products |
Statutory returns | To comply with our legal and regulatory obligations |
Ensuring safe working practices, staff administration and assessments | To comply with our legal and regulatory obligations For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you |
Marketing our services to existing and former customers, third parties who have previously expressed an interest in our services and/or third parties with whom we have had no previous dealings. | For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers |
External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts | For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards To comply with our legal and regulatory obligations |
HOW WE DISCLOSE YOUR PERSONAL INFORMATION
We may disclose personal information that we collect or that you provide as described in this Privacy Notice to contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Site improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Privacy Notice. Whenever we engage a service provider, we require that its privacy and security standards adhere to this Privacy Notice and applicable state privacy legislation.
We may process and transfer your personal information in and to a foreign country, with different privacy laws. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country.
You are welcome to contact us to obtain further information about our policies regarding service providers. See How to Contact Us.
ADDITIONAL CALIFORNIA NOTICES
1. The personal information we collect
In accordance with the CCPA, we may collect, use, and share the following categories of personal information that identifies, relates to, describes, is reasonable capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
Category | Examples | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers | Real name, postal address, online identifier, Internet Protocol address, email address, account name |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Name, address, telephone number, credit or debit card number |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | OPTIONAL: Age, martial status, gender |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics or samples (such as breath, blood, or urine), or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement, Internet connection/browser type |
G. Geolocation data. | Physical location or movements. | NO |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information.
| NO |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | Employer, title |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes. |
L. Sensitive data. | Social security number, driver’s license number, state identification card, or passport number; account log-ins, financial accounts, debit or credit card numbers in combination with a security or access code, password, or other credentials; precise geo-location; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email or text messages; genetic or biometric data; mental or physical health diagnosis, sexual orientation; or personal data from a known child. | Account log-ins, password or other credentials |
2. How we disclose, share, and sell personal information
We disclose personal information as shown below.
The first chart shows the categories of personal information we disclose to our service providers and contractors for business or commercial purposes. Although we do not sell personal information in exchange for money, some of the ways in which we disclose personal information for advertising or to our affiliated brands and companies may be considered “sales” or “sharing” under some state consumer data privacy laws.
The second chart shows the categories of personal information we share for purposes of cross-contextual behavioral advertising or otherwise “sell” as that term is defined by law. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
Disclosures for a Business or Commercial Purpose
Category of Personal Information | Categories of Recipients | Purposes for Disclosure |
Identifiers | Service providers and affiliates to provide services on our behalf | To fulfill orders and provide you with information or other services you request from us To provide you with functionality of the website To provide customer service and/or marketing products or services To conduct research and perform analysis to measure, maintain, protect, develop, and improve our products or services To make communications necessary to notify you regarding order confirmation, products, services, market research, requests, marketing, security, privacy and administrative issues To comply with our legal and regulatory obligations To ensure our business policies are adhered to Preventing unauthorized access and modifications to systems |
Personal records | Service providers and affiliates to provide services on our behalf | To fulfill orders and provide you with information or other services you request from us To provide you with functionality of the website To provide customer service and/or marketing products or services To conduct research and perform analysis to measure, maintain, protect, develop, and improve our products or services To make communications necessary to notify you regarding order confirmation, products, services, market research, requests, marketing, security, privacy and administrative issues To comply with our legal and regulatory obligations To ensure our business policies are adhered to Preventing unauthorized access and modifications to systems |
Characteristics of protected classifications | Service providers and affiliates to provide services on our behalf | To fulfill orders and provide you with information or other services you request from us To provide you with functionality of the website To provide customer service and/or marketing products or services To conduct research and perform analysis to measure, maintain, protect, develop, and improve our products or services To make communications necessary to notify you regarding order confirmation, products, services, market research, requests, marketing, security, privacy and administrative issues To comply with our legal and regulatory obligations To ensure our business policies are adhered to Preventing unauthorized access and modifications to systems |
Commercial information | Service providers and affiliates to provide services on our behalf | To provide customer service and/or marketing products or services To conduct research and perform analysis to measure, maintain, protect, develop, and improve our products or services |
Internet or similar network activity | Service providers and affiliates to provide services on our behalf | To provide you with functionality of the website To provide customer service and/or marketing products or services To conduct research and perform analysis to measure, maintain, protect, develop, and improve our products or services To comply with our legal and regulatory obligations Preventing unauthorized access and modifications to systems |
Professional or employment-related information | Service providers and affiliates to provide services on our behalf | To fulfill orders and provide you with information or other services you request from us To comply with our legal and regulatory obligations To ensure our business policies are adhered to Preventing unauthorized access and modifications to systems |
Inferences | Service providers and affiliates to provide services on our behalf | To provide customer service and/or marketing products or services To conduct research and perform analysis to measure, maintain, protect, develop, and improve our products or services To make communications necessary to notify you regarding order confirmation, products, services, market research, requests, marketing, security, privacy and administrative issues To comply with our legal and regulatory obligations |
Geolocation | Service providers and affiliates to provide services on our behalf | To fulfill orders and provide you with information or other services you request from us To provide customer service and/or marketing products or services To conduct research and perform analysis to measure, maintain, protect, develop, and improve our products or services To comply with our legal and regulatory obligations |
Sale or Sharing of Personal Information:
Category of Personal Information | Categories of Recipients | Purposes for Selling / Sharing |
Identifiers | Service providers and affiliates to provide services on our behalf | To show you relevant advertising and other promotional content Analytics, data strategy, consultation, development or improvement of products and services, marketing, advertising, and related services |
Personal records | Service providers and affiliates to provide services on our behalf | To show you relevant advertising and other promotional content Analytics, data strategy, consultation, development or improvement of products and services, marketing, advertising, and related services |
Commercial information | Service providers and affiliates to provide services on our behalf | To show you relevant advertising and other promotional content Analytics, data strategy, consultation, development or improvement of products and services, marketing, advertising, and related services |
Inferences | Service providers and affiliates to provide services on our behalf | To show you relevant advertising and other promotional content Analytics, data strategy, consultation, development or improvement of products and services, marketing, advertising, and related services |
3. Notice of financial incentive
We are providing you with this notice to explain the material terms of a financial incentive, as defined by CCPA, which we are offering so that you may make an informed decision on whether to participate.
Specifically, from time to time, we may offer a “sign up and save” offer. This means we will provide you with a one-time percentage off coupon if you provide us your email address and agree to receive marketing emails. If you sign up, we may also share or sell your email address to our service providers and affiliates. Once you accept the “sign up and save” offer, it will be automatically applied to your shopping cart during that session unless you have also accepted a different site offer that provides a greater discount. If you do not use the “sign up and save” offer during that session you will receive a code via email instead. Offers may not be combined. The “sign up and save” offer may not be available at all times. The terms of the “sign up and save” offer (including our Privacy Notice and Terms of Service) and the amount of the one-time percentage off coupon will be presented to you at the time of the offer.
You may opt in by providing your email address in response to the “sign up and save” offer. You can withdraw from this financial incentive at any time by following the unsubscribe link in the email that you receive and submitting a Do Not Sell or Share My Personal Information request.
This offer is reasonably related to the value of your personal information that you are providing to us. Our good faith estimate of the value of your personal information is the value of the discount offered to you. We calculated the value of your personal information based on our expenses related to providing the offer.
4. Shine the Light Notice
Certain Californians are also entitled to certain other notices, as follows: This Shine the Light Notice provides information on our online practices and your California rights specific to our online services. Without limitation, Californians that visit our online Services and seek to acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights: California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or send a physical request to:
Boll & Branch LLC Attn: Privacy Officer One Prospect Street Summit, New Jersey 07901
You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights (as described in Your State Data Privacy Rights), and must be requested separately. However, a Do Not Sell or Share My Personal Information opt-out is broader and will limit our sharing with third parties for their own direct marketing purposes without the need for making a separate Shine the Light request. We will not accept Shine the Light requests by telephone or by fax, and are not responsible for requests not labeled or sent properly, or that are incomplete.
YOUR STATE DATA PRIVACY RIGHTS
If you are a resident of the states of California, Virginia, Colorado, Utah, Texas, Montana, Tennessee, Iowa, Nevada, Indiana, or Connecticut, you may have certain rights under applicable data privacy laws. If you are a resident of the state of California, you have the right under the CCPA to exercise your rights free of charge twice per year. These rights are described below:
Right to Know and Request Disclosure (California residents only) | You have the right to know and request disclose of: The categories of personal information we have collected about you, including sensitive personal information The categories of sources from which the personal information is collected Our business or commercial purpose for collecting, selling, or sharing personal information The categories of third parties to whom we disclose personal information, if any; and The specific pieces of personal information we have collected about you.
In connection with any personal information we may sell, share, or disclose to a third party for a business purpose, you have the right to know: The categories of personal information about you that we sold or shared and the categories of third parties to whom the personal information was sold or shared; and The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose.
Please note that we are not required to: Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained; Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or Provide the personal information to you more than twice in a 12-month period. |
Right to Confirm | You have the right to confirm whether or not we are processing your personal information.
Your request to confirm may be denied for any reason allowable under applicable state privacy law. For example, we may deny your request to delete if the personal information is necessary for us or a service provider to complete the transaction for which we collected the personal information, comply with a legal obligation, or make other internal or lawful uses of that information that are compatible with the context in which you provided. |
Right to Access | You have the right to access your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include: Information that is aggregated or de-identified. Information that is part of a formal dispute resolution process. Information that is about another individual that would reveal their personal information or confidential commercial information. Information that is prohibitively expensive to provide. |
Right to Delete | Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: Delete your personal information from our records; Direct any service providers or contractors to delete your personal information from their records; and Direct third parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort.
Your request to delete may be denied for any reason allowable under applicable state privacy law. For example, we may deny your request to delete if the personal information is necessary for us or a service provider to: Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes; Debug to identify and repair errors that impair existing intended functionality; Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; Comply with the California Electronic Communications Privacy Act; Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent; Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us Comply with an existing legal obligation; or Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information. |
Right of Correction | If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information. |
Right to Obtain a Copy | You also have the right to obtain a copy of the personal information you have provided to us in a portable, readily usable format that can be easily transferred to a third party. |
Right to Opt-Out | You have the right to opt out of the following uses of your personal information: Sale of your personal information; Sharing or your personal information for targeted behavioral advertising; and Profiling.
We will act upon your request to opt-out no later than 15 days from the date we received the request. Note that we may deny a request to opt-out if we have a good-faith, reasonable, and documented belief that the request is fraudulent or for any other reason allowable under applicable state privacy law. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time. To opt out of the sale or sharing of your personal information, click here. |
Right to Limit Use of Sensitive Personal Information | We may collect sensitive data about you, including your account-login ins, debit or credit card numbers, or other credentials. We do not collect or process your sensitive personal information to infer characteristics about you. We take specific business practices to limit the use and disclosure of sensitive personal information, such as: Just-in-time notices at the collection of sensitive information Requiring your express consent for the collection of sensitive information Aggregating and/or de-identifying the sensitive information
You may direct us to limit the use of this sensitive information only for purposes necessary to: Perform the services or provide the goods requested by you Help ensure the security and integrity of the use of your information Perform services on behalf of our business, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders, payments, or returns, or verifying customer information Undertaking activities to verify the quality of, maintain, or improve our services or systems
You have a right to know if your sensitive personal information is used or disclosed to a service provider or contractor, for additional, specified purposes. We will not use your sensitive information for any purpose other than those allowed under applicable law. You may limit the use of sensitive information for purposes other than necessary to perform the service that you request from us by clicking Limit the Use of My Sensitive Personal Information. |
Right to Non-Discrimination | You have the right to not be retaliated or discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things: Deny goods or services to you; Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; Provide a different level or quality of goods or services to you; or Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information. We may also offer loyalty, rewards, premium features, discounts, or club card programs consistent with these rights or payments as compensation, for the collection of personal information, the sale of personal information, or the retention of personal information. For more information, please click Notice of Financial Incentive. |
If you or an authorized representative want to review, access, correct, or withdraw consent to the use of your personal information you may send us an email at [email protected] to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification. To verify a request, you will need to provide:
Enough information to identify you;
Proof of your identity and address; and
A description of what right you want to exercise and the information to which your request relates.
If your request is submitted on your behalf by an authorized representative, you will need to provide proof of the representative’s authority to act on your behalf by writing signed by you.
If we are unable to verify your request, we may deny the request or ask you for additional information that is reasonably necessary to authenticate your identity in connection with the consumer request.
Once submitted, you will receive an email within 10 days that we will use to verify your identity and provide confirmation of your request. We will respond to your request to know or delete or correct within 30 days from the day we receive the request. If necessary, we may extend the time period to a maximum of 30 additional days from the day we receive the request. In such case, you will receive an email notifying you of the extension and explaining the reason for the extension.
Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions. For California residents, we will provide access to your personal information, subject to exceptions set out in the CCPA, such as information that is aggregated or de-identified.
You also have the right to appeal our decision if we deny your consumer request. If we deny your consumer request, you can send an email to [email protected] requesting an appeal of the denial. Within 45 days of receipt of your appeal, we will inform you of the action we took or did not take in response to your appeal. We may extend the 45-day period by an additional 15 days where reasonably necessary and inform you of the delay and the reasons for the delay. If your appeal is denied, we will provide you with an online mechanism to contact the Attorney General to submit a complaint in your respective state.
If you are concerned about our response or would like to correct the information provided, you may contact our Privacy Officer at [email protected].
The CCPA may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
YOUR CANADIAN PRIVACY RIGHTS
If you are a citizen of Canada, in addition to the rights described within this Privacy Notice, you are entitled to the following rights under the Personal Information Protection and Electronic Documents Act:
Withdrawing Your Consent. Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances, including the following:
Targeted (behavioral) advertising as described in Notice of Targeted (Behavioral) Advertising
Marketing communications as described in Promotional & Marketing Communications
Cookies, Geolocation, IP address or other tracking technology as described in Cookies & Other Tracking Technology
Retention of personal information
To withdraw your consent, if applicable, contact us as described below in How to Contact Us. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.
Accessing and Correcting Your Personal Information. By law, you have the right to request access to and to correct the personal information that we hold about you. If you want to review, verify, correct, or withdraw consent to the use of your personal information pursuant to the process described in How to Exercise Your Rights, you may also send us an email at [email protected] to request access to, correct, or delete any personal information that you have provided to us.
RETENTION OF INFORMATION
We will keep your personal information for as long as necessary to fulfill the purposes we collected it for and in accordance with our internal document retention policy and any applicable laws. We will retain and use personal information as long as you have an account with us or we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as is necessary:
To respond to any questions, complaints or claims made by you or on your behalf;
To show that we treated you fairly; or
To keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this Privacy Notice. Different retention periods apply for different types of personal information.
Under some circumstances, we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
PERSONAL INFORMATION STORAGE
All personal information, except email, credit card information, and social media log-in is stored on databases and/or servers that are operated by e-commerce vendor Shopify. Personal information stored with Shopify may be stored in the United States or other countries. Shopify’s Privacy Notice, which discloses its data practices regarding information collected from merchants and their customers, may be accessed here.
Email information is stored on databases and/or servers that are operated by our vendors:
Attentive (https://www.attentive.com/legal/privacy)
Calendly (https://calendly.com/privacy)
Delighted (https://app.delighted.com/privacy)
Dynamic Yield (https://www.dynamicyield.com/privacy-policy/)
Faraday (https://faraday.ai/privacy-options)
FullStory: (https://www.fullstory.com/legal/privacy-policy/)
Google (https://policies.google.com/privacy?hl=en-US)
Iterable (https://iterable.com/trust/privacy-policy/)
Jotform (https://www.jotform.com/privacy/)
Netsuite (https://www.oracle.com/legal/privacy/)
Pebblepost (https://www.pebblepost.com/privacy-policy/)
Poplar (https://heypoplar.com/legal/privacy-policy)
Segment (https://www.twilio.com/en-us/legal/privacy)
Shopify (https://www.shopify.com/legal/privacy)
Wufoo (https://www.surveymonkey.com/mp/legal/privacy/)
Yotpo (https://www.yotpo.com/privacy-policy/)
Zendesk (https://www.zendesk.com/company/agreements-and-terms/privacy-notice/)
Credit card information is not stored by Boll & Branch, but processed and stored by our payment processors.
Social media log-in information is not stored by Boll & Branch. It may be stored by the specific social media site for which it is intended.
NOT INTENDED FOR USE OUTSIDE U.S. AND CANADA
The Site is intended for use within Canada and the United States, and is not intended to be used in any other territory. The Site may function in countries other than Canada and the United States. If you use the Site from outside either Canada or the United States, you explicitly accept that your personal information may be transferred to, stored, and processed in the United States where laws regarding processing of personal information may differ than the laws of other countries.
SECURITY
To protect your personal information in our custody or control from theft, unauthorized access, use, modification and disclosure, and to maintain its accuracy and integrity, we have implemented reasonable technical, physical and administrative security measures. These measures include:
Stored on secure servers behind firewalls;
Encrypted payment transactions using SSL or other technology;
De-identifying or aggregating the information; and
Other measures to secure the personal information from accidental loss and from unauthorized access, use, alteration, and disclosures.
Although we have implemented reasonable safeguards, please note that no electronic transmission of information can be guaranteed to be entirely secure. You acknowledge and agree that we are not responsible for the theft, destruction, or inadvertent disclosure of your personal information. In the unfortunate event that your personal information is compromised, we may notify you by e-mail (at our sole and absolute discretion) to the last e-mail address you have provided us in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation.
Information may be held at our offices and those of our third-party agencies, service providers, representatives and agents as described above (see Who We Share Your Personal Information With). Some of these third parties may be based outside the United States. For more information, including on how we safeguard your personal information when this occurs, see NOT INTENDED FOR USE OUTSIDE U.S. AND CANADA.
CHILDREN’S INFORMATION
The Site is marketed for, and directed to, purchase by adults or with the consent of adults. Individuals under the age of 18 (or the age of majority in their jurisdiction of residence, if different) are not permitted to use the Site without the supervision of a parent or legal guardian.
We do not knowingly collect or solicit personal information from anyone who we know to be under the age of 13, or knowingly allow such persons to use the Site. Should we learn that someone under the age of 13 has personal information through the Site, we will remove that personal information as soon as possible.
If you are under the age of 13, you should use the Site only with the involvement of a parent or guardian and should not submit any personal information to us at all. To the extent possible, any personal information from anyone who we know to be under the age of 13 will be destroyed.
LINKS TO OTHER WEBSITES
The Site may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over other websites. Therefore, we will not be responsible for the protection and privacy of any information you provide whilst visiting such other websites and such sites are not governed by this Notice. You should exercise caution and look at the privacy policy applicable to the website in question.
TERMS OF USE
This Notice is expressly incorporated into our Site Terms of Service. Any dispute between you and us regarding the privacy of your personal information is subject to this Notice and our Site Terms of Service, including limitation on damages, resolution of disputes, and application of applicable law.
CONSUMERS WITH DISABILITIES
To request this Notice in an alternative format, please reach out to us at the contact information provided below.
CONTACT
Questions and requests related to this Notice or the manner in which we or our service providers (including our service providers outside of Canada) treat your personal information, or to request access to our collection of your personal information may be directed to the Privacy Officer at the postal address listed below, at the following email address: [email protected]. We will respond to such requests in accordance with applicable law.
Mailing Address:
Boll & Branch LLC
Attn: Privacy Officer
One Prospect Street
Summit, New Jersey 07901
Toll-free phone number:
800-678-3234