Effective Date: November 22, 2020 (11/22/2020)
Please be aware that Gypsy Boots and all associated Services and systems are housed on servers in the United States. If you are located outside of the United States, information we collect (including cookies) are processed and stored in the United States, which may not offer the same level of privacy protection as the country where you reside or are a citizen. By using the Services and providing information to us, you consent to the transfer to and processing of the information in the United States.
INFORMATION WE COLLECT
“Personal Data” is information that directly or indirectly identifies you. Below are some examples of the Personal Data we may collect through the Services:
Identifiers. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Such as name, signature, physical characteristics or description, address, telephone number education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.
Commercial information. Such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other similar network activity. Such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
Inferences drawn from other personal information. Such as profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, abilities, and aptitudes.
We may link together different types of information or link information to Personal Data. If linked information directly or indirectly identifies an individual person, we treat the linked information as Personal Data.
Where we need to collect Personal Data by law, or under the terms of the contract between us and you, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
HOW WE COLLECT INFORMATION
We collect information:
When you register for the Services: When you register for the Services, we may collect your name, organization, email address, phone number, billing address, shipping address, country, and/or password.
When you use the Services: We may ask for contact information such as your name, address, telephone number, email address, contact preferences, employer/organization, and information related to our products and services. We collect this information so that we may keep you informed about Gypsy Boots, respond to your inquiries, provide you with information about our products and services, and offer you promotions.
When you make a payment to Gypsy Boots: If you make a payment directly to Gypsy Boots, we will ask for Payment Information and other information requested for processing your payment.
We use third party payment processors (“Payment Processors”) to assist in securely processing your Payment Information. If you pay with a credit card the Payment Information that you provide through the Services is encrypted and transmitted directly to the Payment Processors. We do not store your Payment Information and do not control and are not responsible for Payment Processors or their collection or use of your information.
Through Server Logs: A server log is a list of the activities that a server performs. Gypsy Boots’ servers automatically collect and store in server logs your search queries, Internet Protocol (IP) address, hardware settings, browser type, browser language, the date and time of your request and referral URL and certain cookies that identify your browser or Gypsy Boots account.
From Your Computer, Tablet or Mobile Telephone: We collect information about your computer, tablet or mobile telephone (“Device”), such as model, operating system version, mobile network information, and similar identifiers. Gypsy Boots may associate your Device information with your Gypsy Boots account. We may collect and store information (including Personal Data) on your Device through browser web and web application data caches.
We may collect information from sensors that provide us with information on nearby devices, Bluetooth address, Wi-Fi access points and information made available by you or others that indicates the current or prior location of the user. We also may collect IP address and MAC address. How we collect this data depends on how you access the Services. Certain Services may collect this data even when you are not actively using the Services.
DATA COLLECTION TECHNOLOGY
Data Collection Technology collects all sorts of information, such as how long you spend on various webpages in the Services, which webpages you view, your search queries, error and performance reports, as well as Device identifier or IP address, browser type, time zone and language settings and operating system.
Data Collection Technology deployed through the Services includes cookies and web beacons.
Web Beacons: A web beacon (also called a pixel tag or clear GIF) is computer code that communicates information from your device to a server. Some of our content and emails may contain embedded web beacons that allow a server to read certain types of information from your Device, allow us to count the number of people who have viewed content, to know when you opened an email message and the IP address of your Device. Web beacons help us develop statistical information to provide better and more personalized content.
Cookies: Cookies are small text files that are sent to or accessed from your web browser or your computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer, such as user settings, browsing history and activities conducted while using the Services.
The Services use the following cookies:
Strictly necessary cookies, which are required for the operation of the Services. Without them, for example, you would not be able to register or log in for the Services that we offer.
Analytical/performance cookies, which allow us to recognize and count the number of visitors, learn how visitors navigate the Services and improve the Services.
Functionality cookies, which we use to recognize you when you return to the Services.
To learn more about cookies and web beacons, visit http://.allaboutcookies.org.
We also use analytics services, such as Google Analytics, to collect Other Information. Generally, analytics services do not identify individual users. Many analytics services allow you to opt out of data collection. For example, to learn more about Google Analytics practices and to opt out, visit http://.google.com/settings/ads or by downloading the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.
How Gypsy Boots Uses Data Collection Technology: Some Data Collection Technology is deployed by Gypsy Boots when you visit the Services. Other Data Collection Technology is deployed by third parties with which we partner to deliver the Services.
Data Collection Technology helps us improve your experience of the Services by, measuring the success of marketing campaigns, compiling statistics about use of the Services and helping us analyze technical and navigational information about the Services.
We also may use Data Collection Technology to collect information from the device that you use to access the Services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your computer or device is located.
Your Control of Cookies: Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your device. Although you are not required to accept cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.
Do Not Track: Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Gypsy Boots, do not respond to DNT signals.
HOW WE PROCESS PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data for the following lawful purposes:
Where we need to perform the contract we are about to enter into or have entered into with you (“performance of a contract”).
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“legitimate business interest”).
Where we need to comply with a legal or regulatory obligation (“legal obligation”).
Where you have provided consent (“consent”)
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Gypsy Boots uses information that we collect from customers and visitors for the purposes of:
providing our Services (performance of a contract);
tailoring our services to your needs (consent);
providing ongoing support (performance of a contract);
communicating with you, including promotional communications and customer relationship management (“CRM”) (legitimate business interest);
providing information about other Services (legitimate business interest);
helping us run our company, for example to improve our Services or our security, train staff or perform marketing activities, including CRM (legitimate business interest);
complying with our legal obligations (legal obligation); and
accounting and other administrative purposes (legitimate business interest).
Examples of the uses of information include:
Providing the Services. We use data to carry out your transactions with us and to provide Services to you. Often, this includes personal data such as email, name and address.
We use data to diagnose and address problems and provide other customer and support services.
We use data, including device and application type, location, and unique device, application, network and subscription identifiers to activate software and devices that require activation.
Improving the Services. We use data to continually improve our Services, including adding new features or capabilities. Data is collected throughout your interactions with our Services that enable us to understand customer usage and tailor future capabilities.
We track general, non-personalized information (e.g., operating system, browser version and type of device being used) to know how many people visit specific pages of our Sites or utilize specific areas of our Services so that we may improve those Services. We may use your IP address to customize services to your location, such as the language displayed on our Sites.
Marketing and event communication: We use personal data to deliver marketing and event communications to you across various platforms, such as email, direct mail, social media, and online via our Sites. We also may send you invitations to trade shows or trainings relating to our Services that occur nearby you, based on your address.
If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. Please remember that even if you opt out of receiving marketing emails, we may still send you important service information related to your accounts and subscriptions.
Processing Payments: If you make a payment to Gypsy Boots, we will ask for Payment Information and other information requested for processing your payment.
HOW WE SHARE INFORMATION
We may aggregate information collected though the Services and remove identifiers so that the information no longer identifies or can be used to identify an individual (“Anonymized Information”). We share Anonymized Information with third parties and does not limit third parties' use of the Anonymized Information because it is no longer Personal Data.
Applicable law may require us to disclose your Personal Data if: (i) reasonably necessary to comply with legal process (such as a court order, subpoena or search warrant) or other legal requirements; (ii) disclosure would mitigate our liability in an actual or threatened lawsuit; (iii) necessary to protect legal rights of Gypsy Boots, users, customers, business partners or other interested parties; or (iv) necessary for the prevention or detection of crime (subject in each case to applicable law). For residents of the European Economic Area (“EEA”), we will disclose Personal Data only when permitted to do so under applicable European and EU Member States’ national data protection laws and regulations.
California Shine the Light Law: California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to [Privacy@GypsyBoots.com or write us at: [1920 HILLHURST AVE STE 405, LA CA 90027].
The Services are not directed to or intended for use by minors under the age of 13. Consistent with the requirements of applicable law, if we learn that we have received any information directly from a minor without his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the minor that he or she cannot use the Services and subsequently will delete that information.
California Minors: The Service is not intended for anyone under the age of 13. If you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: [privacy@GypsyBoots.com]. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the Content or information. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
SECURITY OF PERSONAL DATA
Gypsy Boots takes precautions intended to help protect information that we process but no system or electronic data transmission is completely secure. Any transmission of your Personal Data is at your own risk and we expect that you will use appropriate security measures to protect your Personal Data.
You are responsible for maintaining the security of your account credentials for the Services. We will treat access to the Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below.
If we become aware of a breach that affects the security of your Personal Data, we will provide you with notice as required by applicable law. To the extent permitted by applicable law, we will provide any such notice that we must provide to you at your account’s email address. By using the Services, you agree to accept notice electronically.
All payments received via credit card are processed securely by Gypsy Boots' Payment Processors using measures that comply with the Payment Card Industry Data Security Standard ("PCI DSS").
We retain Personal Data in identifiable form only for as long as necessary to fulfill the purposes for which the Personal Data was provided to us or, if longer to comply with law legal obligations, to resolve disputes, to enforce agreements and similar essential purposes.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
UPDATING YOUR PERSONAL INFORMATION
CALIFORNIA CONSUMER PRIVACY ACT PRIVACY Notice
This Privacy Notice addresses California consumers’ rights under the California Consumer Privacy Act of 2018 (the “CCPA”). Any terms defined in the CCPA have the same meaning when used in this Privacy Notice.
Personal information does not include:
Publicly available information from government records.
Deidentified or aggregated consumer information.
Information excluded from the CCPA’s scope, including without limitation: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
California Customer Records personal information categories
Internet or other similar network activity
Inferences drawn from other personal information
Your Rights and Choices: The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Access Specific Information and Data Portability Right
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
If we disclosed your personal information for a business purpose, the business purpose for which personal information was disclosed, and the personal information categories that each category of recipient obtained.
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or service provider(s) to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Your Rights
To exercise the access, data portability and deletion rights described above, please submit a completed Verifiable Consumer Request Form to us by either:
Emailing us at: [Privacy@GypsyBoots.com]; or
Mailing us at: [1920 HILLHURST AVE STE 405, LA CA 90027]
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make such a request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Mail: [1920 HILLHURST AVE STE 405, LA CA 90027]
THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
Residents of the EEA may be entitled to other rights under the GDPR. These rights are summarized below. We may require you to verify your identity before we respond to your requests to exercise your rights. If you are entitled to these rights, you may exercise these rights with respect to your Personal Data that we collect and store:
the right to withdraw your consent to data processing at any time (please note that this might prevent you from using certain aspects of the Portal, the Services, or the Portal or Services altogether);
the right of access your Personal Data;
the right to request a copy of your Personal Data;
the right to correct any inaccuracies in your Personal Data;
the right to erase your Personal Data;
the right to data portability, meaning to request a transfer of your Personal Data from us to any other person or entity as chosen by you;
the right to request restriction of the processing of your Personal Data; and
the right to object to processing of your Personal Data.
You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above listed rights may be made to: [Privacy@GypsyBoots.com].
If you are an EEA resident, you have the right to lodge a complaint with a Data Protection Authority about how we process your Personal Data at the following website: https://edpb.europa.eu/about-edpb/board/members_en
International Transfers of Personal Data
Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by using a solution that enables lawful transfer of personal data to a third country in accordance with Article 45 or 46 of the GDPR (including the European Commission Standard Contractual Clauses).
For additional information on the mechanisms used to protect your Personal Data, please contact us at [Privacy@GypsyBoots.com].
HOW TO CONTACT US
If you have any questions, comments, or concerns about how we handle your Personal Data, then you may contact us at [Privacy@GypsyBoots.com] or write to us at: [1920 HILLHURST AVE STE 405, LA CA 90027].