Effective Date: Effective Date: 3/14/2022
Overview and Scope
This Policy was drafted to comply with the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act (“CPRA”)) and applies to the Services, which includes allowing access to <https://www.aftermath.com/> , its subdomains, and all of the websites and internet properties owned or operated by us (collectively, “Site”), regardless of the medium by which the website is accessed by Users (e.g., via a web or mobile browser).
Information We Collect
We are the sole owner of information collected on the Services. We collect several types of information from and about Users of the Services, including:
Personal Information: We may collect PII from you when you complete forms, navigate web pages, and in connection with other activities, services, features, or resources we make available on or through your use of the Services. PII means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. PII does not include publicly available information from government records, deidentified or aggregate information, or information excluded from the scope of the CCPA.
The types of PII we have collected, used, stored, and disclosed in the last twelve (12) months include the following categories of information:
|Type(s) of Information
|First Name, Last Name, Address, Email, Phone Number, Postal Address, IP Address, etc.
|Credit/Debit Card Number, Expiration Date, Security Code
|Categories of PII listed in the CA Consumer Customer Records law
|First Name, Last Name, Address, Phone Number
|Internet or Other Similar Network Activities
|Interactions with the Site
Sensitive PII: We may collect financial account, debit card, or credit card numbers (“Sensitive PII”). We shall seek explicit consent from Users to process Sensitive PII.
Deidentified Information: We may collect deidentified information from you that may not by itself reasonably identify you as the source during your use of the Services (“Deidentified Information”). Deidentified Information may include: (i) device type, (ii) device operating system, (iii) internet browser type, (iv) internet service provider, (v) referring/exit pages, (vi) date/time stamp, and (vii) clickstream information. We will take reasonable measures to ensure that Deidentified Information we collect is not personally identifiable and may not later be easily used to identify you as required by applicable law.
Children’s Information: We do not offer our services or promote the Services to, nor do we intentionally collect or retain PII from, children who are younger than 18 years of age. If we discover that we have inadvertently collected information from a child under 18 years of age, we will promptly take all reasonable measures to delete such information from our systems.
How We Collect Information
The information we collect depends on what Users do when they use our Services. We collect PII and Deidentified Information in various ways, including:
Directly from You: We collect PII when you voluntarily submit PII to us while completing forms on the Site or in connection with other Services we provide you. The PII we collect depends on what you do when you visit or utilize the Services or how you choose to communicate with us.
Through Your Use of the Services: We may collect PII and Deidentified Information about you through your use of the Services. When you visit or use the Site, we may collect PII and Deidentified Information that your browser transmits when you visit the Site. We may also collect Deidentified Information about how you access and interact with the Site through the use of automated tracking technologies, such as session cookies, persistent cookies, and web beacons.
A cookie is a small data file that is transferred to an internet browser, which enables the Site to remember and customize your subsequent visits. We may use session cookies to make it easier for you to navigate the Site. In particular, we may use session cookies to record session information, such as which web pages you visited and to track your activity on the Site. Session cookies expire when you close your browser. We may also use persistent cookies to track and target your interests to enhance your experience on the Site. Persistent cookies remain on your device for an extended period of time.
Most internet browsers automatically accept cookies. However, you can instruct your internet browser to block cookies or to provide you with a warning prompt before you accept cookies from the Site. Please refer to your internet browser’s instructions to learn more about these functions. If you reject cookies, the functionality of the Site may be limited and you may not be able to participate in several of the Site’s features.
Additionally, we may use web beacons, which are single-pixel, electronic images embedded in the Site that allow us to gather information about your browsing activities on the Site.
From Third Party Services: We may collect PII about you from third parties whose privacy practices may differ from the practices described in this Policy. We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third parties’ services and/or third party websites is governed by and subject to the terms and conditions of those third parties and/or third party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third party websites.
How We Use Information
We may use Users’ PII for lawful business purposes to help enhance their experience. These purposes include:
Direct Marketing: We may use your PII to send you promotional materials. You have the right to opt-out of receiving direct marketing.
Customer Service and User Communications: We may use your PII to help us respond to your inquiries, questions, requests, and support needs more efficiently.
User Experience Personalization: We may use Users’ PII and/or Deidentified Information in the aggregate to analyze Users’ browsing and usage activities and patterns in order to understand Users’ interests and preferences with respect to our Services. This will help us optimize your experience using our Services.
Business Optimization: We may use your PII and/or Deidentified Information to improve the content on our web pages, to customize the content and layout of our web pages, and in managing our everyday business needs. We may also use your feedback to improve our Services. All of this is done with the intention of making the Services more useful for you.
Safety and Security: We may use your PII and/or Deidentified Information to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
We will not collect additional categories of PII or use PII we collected for materially different, unrelated, or incompatible purposes without providing you notice.
How We Disclose Information
We may disclose Users’ PII to third parties for a business purpose as described below. Otherwise, we do not sell, rent, lease, or share PII, and will not disclose Users’ PII to third parties without your permission. The CCPA defines “sharing” as the disclosure of PII for cross-context behavioral advertising.
To Our Affiliates: We may disclose your PII to affiliates, including companies within the Aftermath group.
To Service Providers: We may disclose your PII to third party service providers that assist us in providing user support, communicating with Users, and promoting our Services, as well as third party service providers that provide other services to us relating to our Services.
Law Enforcement, Safety, and Legal Processes: We may disclose your PII to law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also disclose your PII: (i) if required or permitted to do so by law; (ii) for fraud protection and credit risk reduction purposes; (iii) in the good-faith belief that such action is necessary to protect our rights, interests, or property; (iv) in the good-faith belief that such action is necessary to protect your safety or the safety of others; or (v) to comply with a judicial proceeding, court order, subpoena, or other similar legal or administrative process.
Sale or Acquisition of Assets: If we become involved in a transaction involving the sale of our assets, such as a merger or acquisition, or if we are transferred to another company, we may disclose and/or transfer your PII as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use your PII pursuant to its own privacy policies, and those policies may be different from this Policy.
Type of Information Disclosed
In the last twelve (12) months, we have disclosed the following categories of PII to third parties for a business purpose:
- Financial Information
- Categories of PII listed in the CA Consumer Customer Records law
The security and confidentiality of your PII is very important to us. We use commercially reasonable security measures to protect PII collected through your use of the Services. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your PII, we cannot guarantee or warrant that your PII will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or a telecommunications networks.
We will retain Users’ PII (including Sensitive PII, where applicable) while they maintain an account with us or to the extent necessary to provide the Services. Thereafter, we will keep PII for as long as reasonably necessary: (i) to respond to any queries from Users; (ii) to demonstrate we treated Users fairly; (iii) for ordinary business continuity procedures; or (iv) to comply with any applicable laws. We delete PII within a reasonable period after we no longer need the information for the purposes set out in this Policy.
CCPA California Resident Rights
If you are a California resident, the CCPA grants you certain data privacy rights. Your rights include the:
- Right to Access: You have the right to request a copy of the specific pieces of PII that we have collected about you in the previous twelve (12) months. The information will be delivered by mail or electronically. Upon receipt of a Verifiable Consumer Request, we will disclose:
- The categories of PII we have collected about you;
- The categories of sources from which PII is collected;
- Our business purpose for collecting PII;
- The categories of third parties with whom we share PII, if any; and
- The specific pieces of PII we have collected about you.
- Right to Data Portability: You have the right to receive your PII in a portable, readily usable format that allows you to transmit your information to another entity without hindrance.
- Right to Correct Inaccurate Information: You have the right to request that we correct inaccurate information about you that we maintain.
- Right to Deletion: You have the right request that we delete your PII.
- Right to Be Free from Discrimination: You have the right to not be discriminated against by us for exercising any of your rights under the CCPA. Unless permitted by the CCPA, we will not:
- Deny goods or services to you;
- Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Provide a different level or quality of goods or services to you; or
- Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are limited to the extent permitted by the CCPA.
Right to Limit the Use of Sensitive PII
You have the right to direct us to limit our use of your Sensitive PII to that use which is necessary to perform the services. To exercise your right to limit our use of your Sensitive PII, you may submit a request to us by clicking the “Limit the Use of My Sensitive Personal Information” link on our homepage or by visiting the following link:
You do not need to create an account with us to exercise this right. We will only use PII provided in a rights request to review and comply with your request.
Additional California Privacy Rights
California’s “Shine the Light” law permits Users that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us at the Contact Information provided below.
Verifiable Consumer Requests
If you are a California resident, you can exercise your legal rights by submitting a Verifiable Consumer Request to us by:
- Emailing us at firstname.lastname@example.org
- Toll Free: 877-872-4339
- Visiting us at https://www.aftermath.com/data-privacy-request-web-form/
Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your PII. Making a Verifiable Consumer Request does not require you to create an account with us. California residents may only make a Verifiable Consumer Request for access to PII twice in a 12-month period.
The Verifiable Consumer Request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm the PII relates to you. We will only use PII provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We will acknowledge receipt of a Verifiable Consumer Request within ten (10) days. We endeavor to respond to Verifiable Consumer Requests within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the Verifiable Consumer Request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to Verifiable Consumer Requests, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Do Not Track Disclosure
Some internet browsers may transmit “do-not-track” signals to websites with which the browser communicates. The Site does not currently respond to these “do-not-track” signals.
We do not participate in bulk email solicitations that you have not consented to receiving (i.e., “Spam”). We do not sell or disclose customer lists or email address lists to unrelated third parties. Except as otherwise provided herein, we do not share PII with any third party advertisers.
Third Party Links
The Site may contain links to other websites or applications (“Linked Sites”) that are not owned by the Company. We do not control the collection or use of any information, including PII, which occurs while you visit Linked Sites. Therefore, we make no representations or warranties for —and will not in any way be liable for—any content, products, services, software, or other materials available on Linked Sites, even if one or more pages of the Linked Site are framed within a page of the Site.
Furthermore, we make no representations or warranties about the privacy policies or practices of the Linked Sites, and the Company is not responsible for the privacy practices of those Linked Sites. We encourage you to be aware of when you leave the Site and read the privacy policies of Linked Sites.
Accessing, Updating, and Controlling Information
If you ever wish to access, update, change, or delete your PII, you may do so by contacting us at the Contact Information provided below. To help us process your request, please provide sufficient information to allow us to identify you in our records. We reserve the right to ask for additional information verifying your identity prior to disclosing any PII to you. Should we ask for verification, the information you provide will be used only for verification purposes, and all copies of the information will be destroyed when the process is complete.
If you do not wish to receive update messages and/or direct marketing communications from us, you may opt-out by following any instructions included in the communication or by contacting us at the Contact Information provided below. Please be aware that although you may opt-out of update messages and/or direct marketing communications, we reserve the right to email you administrative notices regarding the Site, as permitted under the CAN-SPAM Act.
We will make commercially reasonable efforts to respond to opt-out requests and handle requests to access, update, change, or delete PII as quickly as possible.
If you have questions about this Policy or wish to contact us with questions or comments, please contact us at:
Attn: Customer Service
Aftermath Services LLC
75 Executive Drive, 200
Effective Date: 3/14/2022