Last Updated: Jun 14, 2024
We collect the personal information you provide to us when you purchase our products or visit our website. The categories of information we may collect include:
We do not retain data for any longer than is necessary for the purposes described in this Policy.
We process personal information for the following business and commercial purposes:
We may disclose personal information about you for business and commercial purposes when you purchase our products or visit our website:
Personal Information Category | Categories of Service Providers | Categories of Third Parties |
---|---|---|
Personal Identifiers | Business Operations Tool, Payment Processors, and Sales & Marketing Tools | Shipping Services |
Internet Activity | Sales & Marketing Tools | None |
Commercial Information | Payment Processors | Payment Processors |
Financial Information | Payment Processors | Payment Processors |
Location Information | None | None |
This section provides additional information for people in the European Economic Area (EEA) or United Kingdom (UK). The terms used in this section have the same meaning as in the General Data Protection Regulation and the UK Data Protection Act (GDPR). The term “personal information” as used in this notice has the same meaning as “personal data” in the GDPR.
The personal data we collect and how we share it is described above in our Privacy Policy.
We process personal data on the following lawful bases:
We may send the personal data of individuals in the EEA/UK to third countries, including the United States, where it may be stored or processed, for example on our service providers’ cloud servers. When we transfer personal data, we rely either on Adequacy Decisions as adopted by the European Commission (EC) or the UK Information Commissioner's Office (ICO) on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR), the EU-US Data Privacy Framework and UK-US Data Bridge agreements, Standard Contractual Clauses (SCCs) issued by the EC or International Data Transfer Agreements (IDTAs) approved by the ICO. Data protection authorities have determined that the SCCs and IDTAs provide sufficient safeguards to protect personal data transferred outside the EEA/UK. You may read more about international data transfer mechanisms at the following links:
Individuals in the EEA/UK have the following rights regarding their personal data.Make a Privacy Request by clicking here. Once you submit a request, we will verify your identity and process your request in most cases within 30 days.
Right to access. You have the right to request a copy of the personal data we hold about you.
Right of portability. You have the right to ask us to transfer your data to another party.
Right to rectification. You have the right to request that we rectify any incorrect information we have about you.
Right of erasure. You have the right to request that we erase (delete) any personal information we hold about you.
Right to withdraw consent. You have the right to withdraw your consent at any time when we rely on your permission to process your personal data.
Right to object. You have the right to object to our use of data about you.
Right to lodge a complaint with a supervisory authority. You have a right to lodge a complaint with a supervisory authority. For more information, you can visit theInformation Commissioner’s Office website at https://ico.org.uk/, or see a list of EU Data Protection Authorities athttps://www.gdprregister.eu/gdpr/dpa-gdpr/.
Ghost LLC