LAST UPDATED: 15 DEC 2020
Your privacy is important to us. This privacy statement explains our collection, use, and disclosure of personal data. This privacy statement applies to FAB ORIGINALS, Inc. (“FAB”). References to our “products” in this statement include our websites, apps, software, services, and devices.
Personal data we collect
The personal data we collect depends on how you interact with us, the products you use, and the choices you make.
We collect information about you from different sources and in various ways when you use our products, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.
Information you provide directly. We collect personal data you provide to us. For example:
- Contact information. We collect name, username or alias, email address, postal address, phone number, fax number.
- Demographic data. We may request that you provide age, gender, marital status, and similar demographic details, for example when we send out surveys.
- Payment information. If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.
- Content and files. We collect the photos, documents, or other files you upload to our services; and if you send us email messages or other communications, we will collect and retain those communications.
Information we collect automatically. When you use our products, we collect some information automatically. For example:
- Identifiers and device information. When you visit our websites, our web servers automatically log your Internet Protocol (IP) address, and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in the Cookies, Mobile IDs, and Similar Technologies section below, our websites and online services store and retrieve cookie identifiers, mobile IDs, and other data.
- Usage data. We automatically log your activity on our websites, apps and connected products, including the URL of the website from which you came to our sites. For example, we use Inspectlet to record real-time activity during your sessions including keystrokes as you type them on our site (not including contents of password fields).
Information we create or generate. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your city, state, and country location based on your IP address.
Information we obtain from third-party sources. We also obtain information from third parties. These third-party sources and the categories of personal data we obtain from these third parties include, for example:
Third Party Sources | Categories of Personal Data |
---|---|
Data brokers. Data brokers and aggregators from which we obtain data to supplement the data we collect. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Third party partners. Third party applications and services, including social networks you choose to connect with or interact with through our services. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Co-Branding/Joint Partners. Partners with which we offer co-branded services or engage in joint marketing activities. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Service providers. Third parties that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Publicly available sources. Public sources of information such as open government databases. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
When you are asked to provide personal data, you may decline. And you may use app or device controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain products or features, those products or features may not be available or function correctly.
Cookies, Mobile IDs and similar technoligies (California “Do not sell my info”)
We use cookies, web beacons, mobile analytics and advertising IDs, and similar technologies to operate our websites and online services and to help collect data, including other identifiers and device information and usage data.
Cookies are small text files placed on your device to store data that can be recalled by a web server in the same domain that placed the cookie. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your device, but it can contain other information as well.
Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website. When your browser opens a webpage that contains a web beacon, it automatically connects to the web server that hosts the image (typically hosted by a third-party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also include web beacons in our promotional email messages or newsletters to tell us if you open and act on them.
Mobile analytics and advertising IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies.
We, and our analytics and advertising partners, use these technologies in our websites and online services to collect personal information (such as the cookies stored on your browser, the advertising identifier on your mobile device, or the IP address of your device) when you visit our site. We and our partners also use these technologies to collect personal information about your online activities over time and across different websites or online services. This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, deliver and tailor interest-based advertising, combat fraud, and fulfill other legitimate purposes. We and/or our partners also share the information we collect or infer with third parties for these purposes.
The third-party analytics and advertising providers we use on our websites include:
Company/Service | Purpose(s) | Privacy Notices | Manage Settings (opt-out) |
---|---|---|---|
Adobe Typekit | Analytics | ||
Criteo | Advertising | See association links below. | |
Pinterest Conversion Tracker | Advertising, analytics | See association links below. | |
Google Analytics | Analytics | ||
Inspectlet | [No opt out] | ||
Facebook Custom Audience | Advertising | https://www.facebook.com/settings?tab=ads | |
Facebook Connect | See association links below. | ||
Zendesk | |||
Tapfiliate | Analytics | [No opt out] | |
Segment | Analytics | See association links below. |
To learn about their privacy practices and how to opt-out from their use of cookie data for targeted advertising purposes, click on the links above.
Many of these companies are also members of associations, which provide a simple way to opt out of analytics and ad targeting, which you can access at:
- United States: NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/)
- Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/)
- Europe: European Digital Advertising Alliance (http://www.youronlinechoices.com/)
California “Do Not Sell My Info”
The California Consumer Protection Act (“CCPA”) requires us to disclose categories of personal data sold to third parties and how to opt-out of future sales. The CCPA defines personal information to include online identifiers, including IP address, cookies IDs, and mobile IDs. The law also defines a “sale” to include simply making data available to third parties in some cases. We let advertising and analytics providers collect IP addresses, cookie IDs, mobile IDs through our sites and apps when you use our online services, but do not “sell” any other types of personal information.
If you do not wish for us or our partners to “sell” your personal data to third parties for advertising purposes, you can make your Do Not Sell Request by visiting the opt-out links above.
Note that although we will not “sell” your personal data after you click that link, we will continue to share some personal information with our partners (acting as our service providers) to help us perform advertising-related functions such as, but not limited to, measuring the effectiveness of our ads, managing how many times you may see an ad, reporting on the performance of our ads, ensuring services are working correctly and securely, providing aggregate statistics and analytics, improving when and where you may see ads, and/or reducing ad fraud. Further, clicking the link will not necessarily opt you out of the use of previously sold personal information or stop all interest-based advertising. If you access this site (or app) from other devices or browsers, visit the link below from those devices or browsers to ensure your choice applies to the data collected when you use those devices or browsers.
Other information related to your right to opt-out from sales of personal data is contained in the California Privacy Rights section of this statement.
Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
Email web beacons. Most email clients have settings which allow you prevent the automatic downloading of images, which will disable web beacons in the email messages you read.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
Out use of personal data
We use the personal data we collect for purposes described in this privacy statement or otherwise disclosed to you. For example, we use personal data for the following purposes:
Purposes of Use | Categories of Personal Data |
---|---|
Product and Service Delivery. To provide and deliver our products, including securing, troubleshooting, improving, and personalizing those products. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Business Operations. To operate our business, such as billing, accounting, improving our internal operations, securing our systems, and detecting fraudulent or illegal activity. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Product Improvement, Development, and Research. To improve our products, develop new products or features, and conduct research. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Personalization. To understand you and your preferences to enhance your experience and enjoyment using our products. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Customer Support. To provide customer support and respond to your questions. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Communications. To send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages. | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Marketing. To communicate with you about new products, offers, promotions, rewards, contests, upcoming events, and other information about our products and those of our selected partners (see the Choice and Control section of this privacy statement for how to change your preferences for promotional communications). | Contact information, demographic data, payment information, content and files, identifiers and device information, usage data, inferences |
Advertising. To display advertising to you (see the Cookies section of this privacy statement for information about personalized advertising and your advertising choices). | Contact information, demographic data, payment information, content and files, identifiers and device information usage data, inferences |
We combine data we collect from different sources to achieve these purposes and to give you a more seamless, consistent, and personalized experience.
Our sharing of personal data
We share personal data with your consent or as necessary to complete your transactions or provide the products you have requested or authorized. For example, when you provide payment data to make a purchase, we will share that data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
In addition, we share each of the categories of personal data described above as follows:
- We share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions.
- We may also disclose personal data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
We will also access, transfer, disclose, and preserve personal data when we believe that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
Third party analytics and advertising companies also collect personal data through our website and apps including, transaction details, account information, marketing and communications data, demographic data, content and files, geolocation data, usage data, and inferences associated with identifiers and device information (such as cookie IDs, device IDs, and IP address) as described in the Cookies section of this statement.
Finally, we may share de-identified information in accordance with applicable law.
Please note that some of our products include references or links to products provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or consent to our sharing personal data with them, that data is governed by their privacy statements.
Choice and control of personal data
Access, correction, and deletion. If you wish to request access to, or correction or deletion of, personal data about you that we hold, please contact us as described at the bottom of this privacy statement. However, to the extent permitted by applicable law, we reserve the right to [charge a fee or] decline requests that are unreasonable or excessive, where providing the data would be prohibited by law or could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the data relates.
Communications preferences. You can choose whether to receive promotional communications from us by email, SMS, physical mail, and telephone. If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in that message. [DESCRIBE ANY OTHER MEANS FOR EXERCISING CHOICE WITH REGARD TO PROMOTIONAL COMMUNICATIONS]. These choices do not apply to mandatory service communications that are part of certain of our products, or to surveys or other informational communications that may have their own unsubscribe method.
Choices for Cookies and Similar Technologies. See the Cookies section for choices about cookies and other analytics and advertising controls.
European data protection rights
If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:
- You can request access to, and rectification or erasure of, personal data;
- If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format;
- If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing;
- You can to object to, or obtain a restriction of, the processing of personal data under certain circumstances; and
- For residents of France, you can send us specific instructions regarding the use of your data after your death.
To make such requests, contact us at [INSERT EMAIL ADDRESS OR LINK TO WEB FORM]. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests.
California privacy rights
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
Right to Know. You have a right to request that companies provide you with the following information:
- The categories and specific pieces of personal information we have collected about you.
- The categories of sources from which we collect personal information.
- The purposes for collecting, using, or selling personal information.
- The categories of third parties with which we share personal information.
- The categories of personal information we have disclosed about you for a business purpose. Note that the CCPA defines “business purpose” broadly; and because we use service providers for a number of business purposes that require access to our systems that hold personal information (such as supplying cloud data storage, maintaining the security of our systems, and providing customer support), in the past 12 months we have disclosed for a business purpose data from each of the categories of personal information we maintain.
- The categories of personal information we have sold about you (if any), for each category of third parties to which the personal information was sold. Note that the CCPA defines “sell” and “personal information” very broadly, and some of our data sharing described in this privacy statement may be considered a “sale” under those definitions. In particular, we let advertising and analytics providers collect IP addresses, cookie IDs, and mobile IDs through our sites and apps when you use our online services, but do not “sell” any other types of personal information. We provide our “Do Not Sell My Info” disclosures in the Cookies section of this statement. We do not knowingly sell the personal information of minors under 16 years of age without affirmative authorization.
You may make such a “request to know” by contacting us at [INSERT EMAIL ADDRESS OR LINK TO WEB FORM]. Note that we have provided much of this information in this privacy statement.
Right to Request Deletion. You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to delete, contact us at [INSERT EMAIL ADDRESS OR LINK TO WEB FORM].
Right to Opt-Out. You have a right to opt-out from future “sales” of personal information. To do so, please follow the instructions in the “Do Not Sell My Info” disclosures in the Cookies and Other Technologies section of this statement.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. Finally, you have a right to not be discriminated against for exercising rights set out in the CCPA.
Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed. California Customers may request further information about our compliance with this law by e-mailing [INSERT EMAIL ADDRESS]. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated e-mail address.
Retention of personal data
We retain personal data for as long as necessary to provide the products and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, [ADD DETAILS AND SPECIFIC EXAMPLES, AS APPROPRIATE].
Location of personal data
The personal data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States. The storage location(s) are chosen to operate efficiently and improve performance. We take steps designed to ensure that the data we collect under this statement is processed according to the provisions of this statement and applicable law wherever the data is located.
Location of Processing European Personal Data. We transfer personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
Security of personal data
We take reasonable and appropriate steps to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction.
To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
Changes to this privacy statement
We will update this privacy statement when necessary to reflect changes in our products, how we use personal data, or the applicable law. When we post changes to the statement, we will change the “Last Updated” date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.
How to contact us
If you have a privacy concern, complaint, or a question for FAB, please contact us at our contact page ______________________.