Merch Cat LLC
Effective Date: April 19. 2022
Who We Are
Applicability of Policy
This Policy applies to visitors of our Websites and users of our Apps, Software, Platform and any related apps and services. This Policy is effective as of the date above and describes the types of information we may collect from you or that you may provide to us, and our practices for collecting, using, maintaining, protecting, and disclosing that information. If you are a European Union resident and access Merch Cat while you are present in the European Union additional terms apply, which can be reviewed in the section " European Union Privacy Terms."
This Policy applies to information we collect:
- On the Websites;
- In email, text, and other electronic communications between you and the Software;
- Through the Platform and the Apps;
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy; and
- Through any other means associated with or relating to our Websites, the Software, the Apps, or the Platform.
This policy does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by us or any third party (including our affiliates and subsidiaries); or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Websites.
If you decide to visit the Websites or utilize any Merch Cat Service, your visit, the Services you utilize, and any possible dispute over privacy relating to such are subject to the terms of this Policy and our General Terms and Conditions, including limitations on damages, and jurisdiction.
Changes to The Policy
We may from time to time modify the Policy. We will post any changes we make to our Policy on this page and, if we make material changes to how we treat our user's personal information we may also post a notice on a Website home page and notify customers via email. You are responsible for ensuring we have a current email address on file and for periodically visiting our Websites and this Policy to check for any changes. Your continued use of any of the Services following modification to this Policy indicates your acceptance of the amendments.
What Information We Collect and Why
In order for us to provide you with our Services, including order processing, shipment processing, and customer support, we need to collect, process, use, and store certain information obtained from and about our users, including, in some cases, personal data. In addition, as you navigate through and interact with our Websites and mobile applications, we may use automatic data collection technologies to collect certain information. All of this enables us to provide user accounts on Merch Cat, and also allows for communication with users for, among other uses, order placement, management, and shipping, as well as the facilitation of social interaction on the Platform. The Company is committed to ensuring that the information we collect and use is appropriate for the given purpose, and does not constitute an invasion of your privacy.
Information We Collect From You
- Information that you provide by filling in forms on our apps or the Websites or otherwise interacting with our Services, including your name, address, telephone number, email address, credit card details, date of birth, or other personal information.
- Information you provide to us directly or indirectly when you correspond with customer service, including records of your correspondence including emails and email addresses.
- Any comments and information you provide to us through the "Contact" feature of our Services.
- Details of transactions you carry out on or through our Services.
- Artist's sales information for analytics purposes.
- Your search queries on the Websites.
- Any other information you provide to us, or that we collect throughout your usage of or access to our Services, which we collect for a business purpose.
Information We Collect Through Automatic Data Collection Technologies
- Details of your visits to our Websites, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Websites.
- Information about your computer or mobile device including device type, OS type, browser type, and device attributes.
- Information about your internet connection, including your IP address.
- Usage analytics details and browsing behavior.
- Location data may be passed to us from our or third-party apps or services.
Other Information We Collect
- We use third party analytics providers including Google Analytics, a service provided by Google, Inc. to analyze traffic and activity patterns on our Websites. Analytics tools track various pieces of information, including what website you visited prior to our Websites, how long you stay on a particular page of our Websites, and your geographic location.
- You may also sign up for and login to your Merch Cat Fan account through your Facebook login. In that event, we will collect certain information related to your Facebook account, including your associated email, your Profile ID, your public profile page url, and pictures or videos you may post.
- Artist's website urls are collected for communication with artist's fans through our Services.
Use of Personal Information
The personal data we collect will be used for the following purposes:
- Transaction support: Order and shipment processing (to pick, pack, and ship customer orders) and for status and processing email notifications.
- Customer service: Email communications from the Company to resolve service inquiries.
- Payment processing: Merch Cat LLC uses but does not store credit card information. Credit card transactions are transmitted to a secure financial gateway via Stripe or SquareUp. Credit card information is stored in an encrypted form by our payment gateway provider. The Company stores only the last four digits of any credit card with a reference ID for the payment gateway.
- Email marketing: With your permission, periodic marketing emails may be sent regarding Merch Cat. See section Email Communication - Additional Consent below.
- To fulfill any purpose for which you provide your information.
We may use your personal information for reasons not described in this Policy where permitted by law and the reason is compatible with the purpose for which we collected it. In all events, however, we will process the information you provide in a responsible manner compatible with applicable data protection laws and regulations.
We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. Note, however, that the Company is required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
One thing we will not use your personal information for is to contact you unnecessarily. Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, all information you provide will be subject to the rigorous measures and procedures described in this Policy to minimize the risk of unauthorized use, access, or disclosure.
We also store certain information in your browser called "cookies". We use session ID cookies to confirm that users are logged in. These cookies terminate once the user closes the browser.
By using any Merch Cat Service you are consenting to the practices outlined in this Policy, and you are giving us permission to collect, process, use, and store your personal data for the purposes identified.
Merch Cat is not intended for use by anyone under the age of 18, and no one under the age of 13 may register for or use this Services. We do not knowingly collect information from persons under the age of 13, and If we learn that we have collected any information from a person under the age of 13, the Company will delete such information. In addition, we recommend that minors over the age of 13 ask their parents for permission before sending any information about themselves to anyone over the Internet.
Email Communication - Additional Consent
In addition to the transaction based communications described above, with your permission we may from time to time send you promotional and marketing emails on subjects we think may be of interest to you, but you must explicitly consent to these communications. You have the opportunity to do so upon sign up, login, and any other time using our Services. If at any time you wish to withdraw your consent to receiving these communications you may email us at firstname.lastname@example.org. Once we receive your request we will process it within a reasonable amount of time.
Security of Your Information
The Company takes your privacy seriously and takes reasonable precautions, following all applicable requirements and implementing generally accepted industry standard protections using industry best practices to protect your personal information from misuse or inappropriate disclosure. Information you provide through our Services is passed using secure socket layer (SSL) technology and stored using Bcrypt.net, which uses the Blowfish encryption algorithm.
Notwithstanding the above, no method of transmission of information over the Internet or electronic storage is ever 100% secure. Although we endeavor to protect your personal information, we cannot guarantee the security of your personal information transmitted through or collected through the use of our Services and any transmission of personal information is at your own risk.
The Company will not sell your personal data and will not pass on your personal data to third parties without first obtaining your consent, except as required or allowed by law or regulation, or if you violate our Terms of Service.
We may pass your personal data on to third-party service providers contracted to the Company in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfill the service they provide you on our behalf. This may include order processing, shipment processing, customer support, analytics, and/or email marketing. When they no longer need your data to fulfill this service, they are obligated to dispose of the details in line with the Company’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.
Certain third-party service providers, such as payment gateways and transaction processors, have their own privacy policies which govern the information we are required to provide to them for your purchase-related transactions. The Company recommends that you read these privacy policies to understand the manner in which your personal information will be handled by these third party providers.
By signing up for an account with, logging into, or otherwise utilizing any Merch Cat Service you consent to our disclosure to, among others, the following third parties for the following purpose(s) in connection with your use of the Services.
|Third Party||Retrieve a copy of the safeguards in place here:||Purpose||Data Protection Contract in place?|
|https://www.facebook.com/policy.php||Sign up and login||Between FB and User|
Important Information for California Residents
This section applies only to California residents. It describes how we collect, use and share personally identifiable information ("PII") of California residents in operating our business, and their rights with respect to that information. For purposes of this section, PII has the meaning given to “Personal Information” in the California Consumer Privacy Act of 2018 ("CCPA") but does not include information exempted from the scope of the CCPA.
Your California Privacy Rights
You have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
Information. You can request the following information about how we have collected and used your PII during the past 12 months:
- The categories of PII that we have collected.
- The categories of sources from which we collected PII.
- The business or commercial purpose for collecting and/or selling PII.
- The categories of third parties with whom we share PII.
- Whether we have disclosed your PII for a business purpose, and if so, the categories of PII received by each category of third party recipient.
- Whether we’ve sold your PII, and if so, the categories of PII received by each category of third party recipient.
- Access. You can request a copy of the PII that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the PII that we have collected from you.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
How to Exercise Your Information, Access and Deletion rights
You may submit a request to exercise your information, access, or deletion rights by emailing email@example.com or write to us at 54 Arthur Court, Port Chester, NY, U.S. 10573. We will need to verify your identity to process your information, access, and deletion requests, and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities, and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.
Shine The Light Law
We do not sell your PII for direct marketing purposes.
Contacting The Company
Use of Google Analytics
You can prevent the storage of cookies by configuring your browser software accordingly; please note, however, that in this case you may not be able to use all the functions of our Websites to their full extent.
We use Google Analytics in order to analyze the use of our Websites and regularly improve it. We use the statistics obtained to improve our products and make them more interesting to you as a user. For the exceptional cases in which personal data are transmitted to the USA, Google has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is that it is in the legitimate interest of the Company to do so.
Use of Google Adwords Conversion
This website uses Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). In the context of Google AdWords, we use so-called “Conversion Tracking”. If you click on an ad served by Google, a cookie is placed for conversion tracking. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google can recognize that the user has clicked on the ad and has been redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Merch Cat will see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, we will not receive any information that personally identifies users. If you do not wish to participate in tracking, you can opt out of this use by simply deactivating the Google Conversion Tracking cookie via your Internet browser under User Settings. You are then not included in the conversion tracking statistics.
Use of Facebook Pixel
We use the "visitor action pixels" from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook")) on our website.
This allows user behavior to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook's Data Usage Policy https://www.facebook.com/about/privacy/ . You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active) .
European Union Privacy Terms
The Company is the responsible data controller of the Websites pursuant to Article 4 (7) EU General Data Protection Regulation (GDPR). The Company's address is 54 Arthur Court, Port Chester, NY, U.S. 10573, Attn: Vanessa Ferrer. Email: firstname.lastname@example.org.
- Data Subject. An individual from whom we have collected PII.
- Personal Information. References to “personal information” or “PII” in this Policy are equivalent to “personal data” as governed in and defined by European data protection legislation (GDPR), and includes all information by which a living person can be identified, including when combined with other information.
- Processing. Processing is any operation done by us with your data after collection, including use, storage, transmission, disclosure, and disposal.
Principles of The Company
Our Company believes in and complies with the principles of GDPR. The six overall guiding principles are:
- Lawfulness, transparency and fairness
- Purpose Limitation
- Data Minimisation
- Storage limitation
- Confidentiality and integrity
We take pride in protecting your privacy. We will only collect and process data when it is absolutely necessary, and when we do, we will make it clear why we are doing so and how it will be used, and we will use best practices and relevant industry standards to endeavor to protect and secure the information.
Legal Basis for Collecting Personal Information
The legal basis on which we process your personal information as described in this Policy will depend on the type of personal information and the specific context in which we process it. In general we process information that we have obtained with your consent, as this basis is defined in GDPR Article 6. Where there is a reason to ask you for sensitive personal data, or if we plan to use your data in a manner not contemplated by you when you gave your consent, we will always tell you why we are asking for the information and how the information will be used.
You may withdraw consent at any time by contacting us at email@example.com .
Your personal data will not be kept for longer than is necessary to fulfill the specific purposes outlined in this Policy, and to allow us to comply with our legal requirements. Any data we do retain beyond that time will be anonymized, meaning that any PII such as your name, address, date of birth, telephone number, email address etc. will be deleted after a defined period. Any remaining anonymized data is essential for us to analyze general market trends and Website and other Service based trends but without any identifiable personal information.
Your Rights as a Data Subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you may have a right to restrict the processing of certain of your personal data.
- Right of portability – you have the right to have the data we hold about you transferred to another organization in a generally accepted computer readable format.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review - in the event that the Company refuses your request under rights of access, we will provide you with a reason as to why. You have the right to lodge a complaint with the supervisory authority governing your place of habitual residence in the EU.
All of the above requests will be forwarded to the appropriate party should there be a third party involved in the processing of your personal data.
In addition, to the extent not outlined in this Policy, you have the right to the following information upon request:
- Whether and what information we hold about you and how it is processed.
- The identity and the contact details of the person or organization that has determined how and why to process your data and contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of the Company or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organization, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
The Company will request and accept the following forms of ID when information on your personal data is requested: Passport, driving license, birth certificate, utility bill (from last 3 months), current vehicle registration document, bank statement (from last 3 months), rent book (from last 3 months).
In the event that you wish to make a complaint about how your personal data is being processed by the Company (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with the Company's data protection representative.
|Contact Name:||Vanessa Ferrer|
|Address:||54 Arthur Court Port Chester, NY 10573|