Privacy Statement

Last update: June 24, 2020

Current version: February 4, 2022

This Privacy Statement gives you an overview of how your personal data is processed when you surf the website available at timz.io, or timz.flowers (the “Website”), use the timz app (app.timz.flowers or other domains) or use the services offered within either of these offerings (collectively the “Services”). This Privacy Statement also informs you about your rights according to the EU General Data Protection Regulation (“GDPR”) and your options to manage your personal data and protect your privacy.

The data controller for the Website as well as for the Services is timz UG, Schwedterstraße 266, 10119 Berlin, (“we”, “us” or “timz”). If you have questions regarding the processing of your data, you can contact us by e-mail at [email protected]

In the event our app contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our app.

Please note:

You are neither legally nor contractually obliged to provide us with the personal data specified in this Privacy Statement. However, if you do not provide us with certain personal data, we may not be able to enter into a contract with you and you may not be able to use our Services, or only to a limited extent.

Data that we process on the Website and the connected Applications:

When we make our Website and Applications available, we process personal data from various sources. On the one hand, this is data that we automatically process for each visitor when they access the Website. On the other hand, we only process certain data if you decide to contact us or use certain functions of the Website.

Data that we collect automatically when you visit our Website:

When you visit the Website, you send technical information to our web servers, which we store in server log files. This happens regardless of whether you subsequently contact us (e.g. via the contact form). In any case we collect the following usage and web access data (which we call “usage data”):

  • the date and time of the visit and the duration of the use of the Website;
  • the IP address of your device;
  • the referral URL (the Website from which you may have been redirected);
  • the subpages of the Website visited; and
  • further information about your device (device type, browser type and version, settings, installed plug-ins, operating system).

We process the usage data to enable you to use the Website and to ensure the functionality of the Website. In addition, we process usage data to analyse the performance of the Website, to continuously improve the Website and correct errors or to personalise the content of the Website for you. We also process the usage data to ensure IT security and the operation of our systems and to prevent or detect misuse, especially fraud. These server log files are deleted after a maximum of 7 days. Our legal basis for processing this data is Art. 6 (1) lit. f) GDPR.

Cookies and other tracking tools: We use cookies for the automatic processing of usage data. Cookies are small text files that you upload to your device when you visit our Websites and store the above information about you. For more information about the use of cookies on the Website, please click here.

Data that you yourself transmit to us:

In addition to the data we process on all Website visitors, we also process other data when you use our contact form. You can see the details in the contact form. We process this data exclusively for the purpose of processing your request.

The legal basis in each case is Art. 6 (1) lit. a) GDPR (your consent).

Information We Collect

Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.

“Voluntarily provided” information refers to any information you knowingly and actively provide us when using our app and its associated services.

“Automatically collected” information refers to any information automatically sent by your device in the course of accessing our app and its associated services.

Data that we process in the course of providing our Services:

In addition, we only process further personal data if you use our Services. This is the case here:

  • your credentials
  • the content data uploaded by you to our Services
  • usage data and in-app events such as the time and duration of your log-in
  • social media data for marketing reasons

We process this data to provide you with the Services and to enable you to communicate with other users of the Services. We also process this data in order to detect and correct errors, to improve the service (for example, by means of pseudonymous A/B tests to optimise the user interface) or, in individual cases, to prevent use in breach of the contract or the law.

Please note that we do not encrypt your content data when you use our Services.

The legal basis for the processing of usage data within the scope of our Services is Art. 6 (1) lit. b) GDPR with regard to the provision of Services, and Art. 6 (1) lit. f) GDPR with regard to other purposes.

Log Data

When you access our servers via our app, we may automatically log the standard data provided by your device. It may include your device’s Internet Protocol (IP) address, your device type and version, your activity within the app, time and date, and other details about your usage.

Additionally, when you encounter certain errors while using the app, we automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Device Data

Our app may access and collect data via your device’s in-built tools, such as:

  • Your identity
  • Location data
  • Camera
  • Microphone
  • Calendar
  • Notifications
  • Device/app history

When you install the app, use it in a webbrowser or use your device’s tools within the app, we request permission to access this information. The specific data we collect can depend on the individual settings of your device and the permissions you grant when you install and use the app.

Personal Information

We may ask for personal information — for example, when you submit content to us or when you contact us — which may include one or more of the following:

  • Name
  • Email
  • Social media profiles

User-Generated Content

We consider “user-generated content” to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of publication on our platform, website or re-publishing on our social media channels. All user-generated content is associated with the account or email address used to submit the materials.

Please be aware that any content you submit for the purpose of publication will be public after posting (and subsequent review or vetting process). Once published, it may be accessible to third parties not covered under this privacy policy.

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

Collection and Use of Information

We may collect personal information from you when you do any of the following on our website:

Register for an account

Sign up to receive updates from us via email or social media channels

Use a mobile device or web browser to access our content

Contact us via email, social media, or on any similar technologies

When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

  • to provide you with our app and platform’s core features and services
  • to enable you to customize or personalize your experience of our website
  • to deliver products and/or services to you
  • to contact and communicate with you
  • for analytics, market research, and business development, including to operate and improve our app, associated applications, and associated social media platforms
  • for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you
  • to enable you to access and use our app, associated platforms, and associated social media channels
  • for internal record keeping and administrative purposes
  • to comply with our legal obligations and resolve any disputes that we may have
  • to attribute any content (e.g. posts and comments) you submit that we publish on our website
  • for security and fraud prevention, and to ensure that our sites and apps are safe, secure, and used in line with our terms of use
  • for technical assessment, including to operate and improve our app, associated applications, and associated social media platforms

We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, If you consent to us accessing your social media profiles, we may combine information sourced from those profiles with information received from you directly to provide you with an enhanced experience of our app and services.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.

How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

Children’s Privacy

We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13. Our service is aimed at working people at least 18 years old or with full legal capacity.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:


  • a parent, subsidiary, or affiliate of our company
  • third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing providers, professional advisors, and payment systems operators
  • our employees, contractors, and/or related entities
  • our existing or potential agents or business partners
  • credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
  • courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you
  • third parties to collect and process data
  • an entity that buys, or to which we transfer all or substantially all of our assets and business


Third parties we currently use include:


  • Google Analytics
  • Open Web Analytics
  • Mixpanel
  • MonsterInsights
  • MailChimp
  • Hubspot
  • Sendgird
  • Paypal
  • Stripe
  • Google Payments
  • Apple Pay

International Transfers of Personal Information

The personal information we collect is stored and/or processed in , or where we or our partners, affiliates, and third-party providers maintain facilities.

The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.

The purposes for which we process your data:

We have already informed you above for which purposes we process your data in individual cases. Furthermore, we may also process your data for other purposes. These include, for example, the transfer of your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal disputes. In these cases, the legal basis is either a legal obligation (Art. 6 para. 1 lit. c) GDPR) or our legitimate interests.

To whom we transfer your data:

Your personal data will only be disclosed to third parties if this is necessary for the provision of the Website or Services. Our Website is hosted on Hetzner.de (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany). Our Services run on DigitalOcean.com (101 Avenue of the Americas, New York, NY 10013, USA) cloud servers. All these data recipients have made strict contractual agreements with us to process data exclusively within the scope of our instructions (so-called order processing agreements).

The data recipients also include the third-party providers listed in our overview of cookies and analysis tools. Detailed information about the third-party providers we use in this context, e.g. to process customer inquiries or web analytics, can be found in the information about cookies, web analytics and other tracking technologies at the end of this Privacy Statement.

Please be informed: If you distribute a link (copy-link function) to a “Flower” or a “Petal”, the recipient of the link will be able to preview the “Flower” and all its contents, even if the recipient is not a user of the Platform or a member of your “Garden”. Make sure that you send these links only to trusted people and that they are not forwarded. At a later date, we may provide a selection option for hidden links where the “Flower” is not immediately viewable.  

Data processing outside the EEA:

We do not transfer your personal data to countries outside the EEA without implementing appropriate safeguards.

We host your content-data on AWS (Amazon Web Services, Inc. 410 Terry Avenue North Seattle WA 98109, USA) powered by Cloudinary (Cloudinary Ltd., 38 Chancery Lane, The Cursitor Building, London WC2A 1EN, United Kingdom). Although AWS’s servers are located in Frankfurt, Germany, your content-data will still be transferred legally to the United States, a country outside the EEA (a so-called “Third Country”). However, we will ensure that an adequate level of data protection is maintained at all times. We will ensure that the content-data recipients are either certified according to the so-called “EU-US Privacy Shield” (as is currently the case with AWS) or that the so-called EU standard contractual clauses are included in our contracts with these providers in order to guarantee security of processing and an adequate level of data protection at all times.

Duration of the storage:

We process and store your personal data as far as this is necessary to fulfil our contractual or legal obligations. Therefore, we store the data for the duration of the contractual relationship with you and after termination only to the extent and for as long as required by law. If the data is no longer required to fulfill legal obligations (e.g. under tax or commercial law), it will be deleted unless further processing is necessary to preserve evidence or to defend against legal claims against us.

Your legal rights under the GDPR:

Within the scope of the GDPR you can assert the following rights against us:


  • Your right of access to information under Art. 15 GDPR,
  • your right of rectification under Art. 16 GDPR,
  • your right to erasure in accordance with Art. 17 GDPR,
  • your right to restriction of processing in accordance with Art. 18 GDPR and
  • your right to data portability according to Art. 20 GDPR.


You further have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR).

In addition, you can also revoke a given consent at any time. However, this revocation is only valid for the future. Any processing that may have taken place before the revocation remains unaffected. If you wish to exercise your rights as a data subject, you can do so by e-mail to [email protected]

Information about your right of objection under Art. 21 GDPR

In addition to the rights already mentioned, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that such processing is carried out on the basis of Art. 6 (1) lit. f) GDPR (data processing based on a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate that your interests, rights and freedoms outweigh the processing and therefore justify the processing.

You also have the right to object, at any time, to the processing of your personal data for the purpose of direct marketing (including the subscription to our newsletter), at no cost other than the transmission costs according to the basic tariffs; this also applies to the creation of a user profile (so-called “profiling”), insofar as this is connected with direct marketing. If you object to this, we will not process your personal data in the future.

Please note that if you do not provide us with certain data or if you object to the use of such data, you may not be able to use the Website or may only be able to use it to a limited extent.

The objection may be lodged informally and must be addressed to the competent authority: should be submitted to: [email protected]

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our app or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example serving particular content to your device), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.

Downloading of Personal Information: We provide a means for you to download the personal information you have shared through our app. Please contact us for more information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

The use of cookies, web analytics and other tracking tools on our Website and Services

When using our Website as well as our Services, usage data is generated within the scope of so-called “web tracking”. This means that the behaviour of certain users can be tracked pseudonymously in order to improve and personalise our Services and to optimise the display of advertising. We also use cookies for this purpose.

What are cookies? Cookies are small text files with information that are stored on your access device. They are usually used to associate a user with a particular action or preference on a Website, but without identifying the user as a person or revealing their identity.

Cookies are not automatically good or bad, but it is worth understanding what you can do about it and making your own decision about your data.

We use the following types of cookies, whose scope and functionality are explained below: Session cookies and persistent cookies.

Session cookies are automatically deleted when you close your browser. This applies in particular to session cookies. They store a so-called session ID with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our Website. Session cookies are deleted when you log out or close your browser.

By default, the setting of cookies can be managed by the browser program of your browser, also in such a way that no cookies can be set at all or that cookies are deleted again. Your browser may also have a function for anonymous surfing. You can use these functions of your browser yourself at any time. However, if you have deactivated the setting of cookies in your browser by default, it is possible that our Website or our Services will not function properly.

 

In addition to cookies, we also use other technologies for tracking users. These include so-called pixel tags (also known as “web beacons”, “GIFs” or “bugs”). These pixel tags are transparent one-pixel images that are located on the Website. They track, for example, whether a certain area of the Website has been clicked on. When triggered, the pixel tag logs a user interaction and can read or set cookies. Because pixels often rely on cookies to function, turning off cookies may affect them. But even if you turn off cookies, Pixel can still recognize a Website visit.

We also use so-called Software Developer Kits (SDKs) for our Services. SDKs are pieces of code provided by our vendors (e.g., third-party advertising providers, ad networks and analytics providers) in our mobile applications to collect and analyze certain device and user data.

We also use so-called device IDs. These are user-resettable identifiers consisting of numbers and letters. They are uniquely assigned to a specific terminal device. They are stored directly on the device. These include Google’s Apple Advertiser ID (IDFA) and Android Ad ID (AAID). They are used to identify you and/or your device(s) to, from and across different apps and devices for marketing and advertising purposes.

The legal basis for the processing of personal data using cookies and other technologies is Art. 6 (1) lit. a) GDPR, unless otherwise stated below.

Comprehensive information about every single cookie we use is available in our Consent Manager.

Google Analytics and Google Tag Manager

Our Website uses Google Analytics, a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”). Google Analytics uses cookies and helps us analyze the number of users and general behavior of visitors to our Website.

The information generated by the cookie about your use of our Website (identification, browser type/version, operating system used, referrer URL, abbreviated IP address, time of server inquiry) is usually transferred to a Google server in the USA and stored there. However, in the member states of the European Union or in other signatory states to the Agreement on the European Economic Area, your IP address will first be shortened by Google on our Website. For this purpose, we have implemented the code “gat._anonymizeIp() ;” to ensure anonymous collection of IP addresses (so-called IP masking).

Only in exceptional cases will the complete IP address be transferred to a Google server in the USA and abbreviated there. If, in exceptional cases, personal data is transferred to the USA, Google’s certification under the so-called “Privacy Shield Agreement” between the EU and the USA (https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAItatus=Active) guarantees a level of data protection that corresponds to the level of data protection in the EU.

Google will use the information about your use of the Website on our behalf in the context of Google Analytics to evaluate your use of the Website, to compile reports on Website activity and to provide other Services relating to Website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics and Google Tag Manager is not combined by us with other data from Google.

In addition to the general deactivation of cookies, you can prevent Google from collecting and processing data about your use of our Website (including your abbreviated IP address) by downloading and installing the browser plugin under the following link: http://tools.google.com/dlpage/gaoptout.

For more information on the terms of use and Privacy Statement, please visit http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/privacy/.

Mixpanel

Our Services use the analysis tool Mixpanel, a service of Mixpanel Inc. One Front Street, 28th Floor, San Francisco, CA 94111, USA. The Mixpanel service logs page views and page activity. To enable this, log data is transmitted to Mixpanel (and Mixpanel Inc.) using a cipher in an anonymous form. You can find more information about the use of your data on the privacy page of the Mixpanel service (http://mixpanel.com/privacy). If you do not wish to transmit log data from your activities on this website to Mixpanel (and Mixpanel Inc.), you can stop the recording of logs of your activity with the so-called “opt out cookie”, which you can activate at http://mixpanel.com/optout/. Please note, however, that this cookie, and thus the ban on recording, is deleted as soon as you delete your cookies in the settings of your browser.

Hotjar

Our Services may use Hotjar, a service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta, to gain insights into our customers’ needs and to optimize our Services continuously. Hotjar is a technology service that helps us to better understand our users’ experiences, for example, the time they spend in which areas of the Services or the links they click. We use Hotjar’s services including heat maps, visitor recordings, funnels and form analysis. Hotjar uses a tracking code and a cookie to receive Usage Data (as defined above). Hotjar saves all information in a pseudonymous user profile. Hotjar does not associate this information with individual identified persons. Instead, Hotjar shows the general, aggregated behaviour of users. Hotjar or timz will not use this information to identify individual users or match it with other data concerning individual users. For details, please go to Hotjar’s privacy statement available at https://www.hotjar.com/legal/policies/privacy. You can object to Hotjar’s creating a user profile, saving data concerning your use of this Website and using tracking cookies on other websites by clicking https://www.hotjar.com/legal/compliance/opt-out.

Hubspot

Our Services may use Hubspot, a service provided by Hubspot, 25 First Street, 2nd Floor, Cambridge, MA 02141, United States and 1 Sir John Rogerson’s Quay, Dublin 2, in order to support our online marketing efforts. Please go to Hubspot’s privacy statement available at: https://legal.hubspot.com/privacy-policy for details. Email communication will only be sent to those who have opted in for communication through this channel.

Sendgrid / Twilio Inc.

We are using Sendgrid, a service provided by Twilio Inc. 101 Spear Street, 1st Floor, San Francisco, California 94105. As a user of our applications we need to inform you about different activities in your account, feature updates or warnings. You can find the Sendgrid / Twilio privacy policy here: https://api.sendgrid.com/privacy.html. Email communication will only be sent to those who have opted in for communication through this channel.

MonsterInsights

We are using MonsterInsights, 7732 Maywood Crest Dr, West Palm Beach, Florida, 33412, United States, for the traffic analysis on our webpage. You can find the privacy policy of Monster Insights here: https://www.monsterinsights.com/privacy-policy/.

Limits of Our Policy

Our app may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here and on our website.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

Additional Disclosures for Australian Privacy Act Compliance (AU)

International Transfers of Personal Information

Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

CCPA-permitted financial incentives

In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for the goods or services we provide.

Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:

Identifiers, such as name, email address, phone number account name, IP address, and an ID or number assigned to your account.

  • Customer records, such as billing and shipping address, and credit or debit card data.
  • Commercial information, such as products or services history and purchases.
  • Internet activity, such as your interactions with our service.
  • Audio or visual data, such as photos or videos you share with us or post on the service.
  • Inferences, such as information about your interests, preferences and favorites.

For more information on information we collect, including the sources we receive information from, review the “Information We Collect” section. We collect and use these categories of personal information for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our Service.

Right to Know and Delete

If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

To exercise any of these rights, please contact us using the details provided in this privacy policy.

Shine the Light

If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California’s “Shine the Light” with third parties and affiliates for their own direct marketing purposes.

To receive this information, send us a request using the contact details provided in this privacy policy. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code.