Merch Cat LLC

Privacy Policy

Effective Date: April 18. 2024

Who We Are

Merch Cat LLC ("we" or the "Company") provides services through our websites www.merchcat.com and www.merchcatfan.com (the "Websites"), our Merch Cat and Merch Cat Fan mobile applications(the "Apps") and our software Merch Cat (the "Software"), which is a mobile and web based software service that facilitates the sale and tracking of inventory of musician’s merchandise at live shows. The Software is connected to the mobile and web software platform Merch Cat FAN (the “Platform”) which facilitates the sale of this same merchandise to music fans who wish to purchase this merchandise in their own app. The Websites, the Software, the Apps, and the Platform (collectively the “Services”) are all operated and performed under the umbrella of the Company and this Privacy Policy (this “Policy”) refers to all three Services collectively as "Merch Cat" for these purposes.

Applicability of Policy

This Policy applies to visitors of our Websites and users of our Apps, Software, Platform and any related apps and services. This Policy is effective as of the date above and describes the types of information we may collect from you or that you may provide to us, and our practices for collecting, using, maintaining, protecting, and disclosing that information. If you are a European Union resident and access Merch Cat while you are present in the European Union additional terms apply, which can be reviewed in the section " European Union Privacy Terms."

This Policy applies to information we collect:

  • On the Websites;
  • In email, text, and other electronic communications between you and the Software;
  • Through the Platform and the Apps;
  • When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy; and
  • Through any other means associated with or relating to our Websites, the Software, the Apps, or the Platform.

This policy does not apply to information collected by:

  • Us offline or through any other means, including on any other website operated by us or any third party (including our affiliates and subsidiaries); or
  • Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Websites.

If you decide to visit the Websites or utilize any Merch Cat Service, your visit, the Services you utilize, and any possible dispute over privacy relating to such are subject to the terms of this Policy and our General Terms and Conditions, including limitations on damages. This Privacy Notice is governed by and construed in accordance with the laws of the State of New York and any action arising out of or relating to this Privacy Notice shall be filed only in state or federal courts located in New York County, New York. By using our Services, you hereby consent and submit to the personal jurisdiction of such courts for the purpose of litigating any such action.

Changes to The Policy

We may from time to time modify the Policy. We will post any changes we make to our Policy on this page and, if we make material changes to how we treat our users' personal information we may also post a notice on a Website home page and notify customers via email. You are responsible for ensuring we have a current email address on file and for periodically visiting our Websites and this Policy to check for any changes. Your continued use of any of the Services following modification to this Policy indicates your acceptance of the amendments.

What Information We Collect and Why

In order for us to provide you with our Services, including order processing, shipment processing, and customer support, we need to collect, process, use, and store certain information obtained from and about our users, including, in some cases, personal data. In addition, as you navigate through and interact with our Websites and mobile applications, we may use automatic data collection technologies to collect certain information. All of this enables us to provide user accounts on Merch Cat, and also allows for communication with users for, among other uses, order placement, management, and shipping, as well as the facilitation of social interaction on the Platform. The Company is committed to ensuring that the information we collect and use is appropriate for the given purpose, and does not constitute an invasion of your privacy.

  1. Information We Collect From You
    • Information that you provide by filling in forms on our apps or the Websites or otherwise interacting with our Services, including your name, address, telephone number, email address, credit card details, date of birth, or other personal information
    • Information you provide to us directly or indirectly when you correspond with customer service, including records of your correspondence including emails and email addresses.
    • Any comments and information you provide to us through the "Contact" feature of our Services
    • Details of transactions you carry out on or through our Services.
    • Artist's sales information for analytics purposes.
    • Your search queries on the Websites.
    • Any other information you provide to us, or that we collect throughout your usage of or access to our Services, which we collect for a business purpose.
  2. Information We Collect Through Automatic Data Collection Technologies
    • Details of your visits to our Websites, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Websites.
    • Information about your computer or mobile device including device type, OS type, browser type, and device attributes.
    • Information about your internet connection, including your IP address.
    • Usage analytics details and browsing behavior.
    • Location data may be passed to us from our or third-party apps or services.
  3. Other Information We Collect
    • We use third party analytics providers including Google Analytics, a service provided by Google, Inc. to analyze traffic and activity patterns on our Websites. Analytics tools track various pieces of information, including what website you visited prior to our Websites, how long you stay on a particular page of our Websites, and your geographic location.
    • You may also sign up for and login to your Merch Cat Fan account through your Facebook login. In that event, we will collect certain information related to your Facebook account, including your associated email, your Profile ID, your public profile page url, and pictures or videos you may post.
    • Our Services may provide certain other social media features, widgets, and single sign on features, such as “Facebook Connect,” or “Google Sign-in” (“Social Media Features”). These Social Media Features may collect certain PII such as identifiers, including name, alias, unique personal identifier, online identifier, internet protocol address, email address, or other similar identifiers. Social Media Features are hosted either by a third party or directly on our Services. Company does not control and is not responsible for the actions or policies of any Third Party Service, and your use of any Third Party Service is at your own risk. We encourage you to review any privacy policy accompanying a Third Party Service and ask such Third Party Service for any clarifications you may need before deciding to use their services.
    • Artist's website urls are collected for communication with artist's fans through our Services.
Use of Personal Information

The personal data we collect will be used for the following purposes:

  • Transaction support: Order and shipment processing (to pick, pack, and ship customer orders) and for status and processing email notifications.
  • Customer service: Email communications from the Company to resolve service inquiries.
  • Subprocessors: We may share your PII with third-party service providers engaged by us, which may process PII on our behalf in connection with the provision of Services.
  • Payment processing: Merch Cat LLC uses but does not store credit card information. Credit card transactions are transmitted to a secure financial gateway via Stripe or SquareUp. Credit card information is stored in an encrypted form by our payment gateway provider. The Company stores only the last four digits of any credit card with a reference ID for the payment gateway.
  • Email marketing: With your permission, periodic marketing emails may be sent regarding Merch Cat. See section Email Communication - Additional Consent below.
  • To fulfill any purpose for which you provide your information.

We may use your personal information for reasons not described in this Policy where permitted by law and the reason is compatible with the purpose for which we collected it. In all events, however, we will process the information you provide in a responsible manner compatible with applicable data protection laws and regulations.

We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. Note, however, that the Company is required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.

We may share anonymous, de-identified, or aggregate information that cannot reasonably identify you with others for any purpose, as permitted by applicable law. Please note that any PII that you post to a profile, blog, comment section, or forum on our Services or social media pages may be available to other users of those forums or, in some cases, made publicly available.

One thing we will not use your personal information for is to contact you unnecessarily. Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, all information you provide will be subject to the rigorous measures and procedures described in this Policy to minimize the risk of unauthorized use, access, or disclosure.

Cookies

We also store certain information in your browser called “cookies”. We use session ID cookies to confirm that users are logged in. These cookies terminate once the user closes the browser.

Consent

Merch Cat is not intended for nor allowed to be used by anyone under the age of 18, and no one under the age of 16 may register for or use this Services. We do not knowingly collect information from persons under the age of 16, and If we learn that we have collected any information from a person under the age of 16, the Company will delete such information. In addition, we recommend that minors over the age of 16 ask their parents for permission before sending any information about themselves to anyone over the Internet. We do not knowingly collect Personal Information directly from children under the age of 16 without parental consent. If we become aware that a child under the age of 16 has provided us withPII, we will delete the information from our records.

By using any Merch Cat Service you are consenting to the practices outlined in this Policy, and you are giving us permission to collect, process, use, and store your personal data for the purposes identified.

Email Communication - Additional Consent

In addition to the transaction based communications described above, we may from time to time send you promotional and marketing emails on subjects we think may be of interest to you, but you must explicitly consent to these communications. You have the opportunity to do so upon sign up, login, and any other time using our Services. If at any time you wish to withdraw your consent to receiving these communications you may email us at optout@merchcat.com.Once we receive your request we will process it within a reasonable amount of time. We do not discriminate against any consumers who opt out of communication with us.

Notwithstanding the above, no method of transmission of information over the Internet or electronic storage is ever 100% secure. Although we endeavor to protect your personal information, we cannot guarantee the security of your personal information transmitted through or collected through the use of our Services and any transmission of personal information is at your own risk.

Push notifications

Our Services may send push notifications to our users to achieve the purposes outlined in this Policy.

Users may in most cases opt-out of receiving push notifications by visiting their device settings, such as the notification settings for mobile phones, and then change those settings for these Services, some or all of the Apps on the particular device.

Users must be aware that disabling push notifications may negatively affect the utility of the Services.

Security of Your Information

The Company takes your privacy seriously and takes reasonable precautions, following all applicable requirements and implementing generally accepted industry standard protections using industry best practices to protect your personal information from misuse or inappropriate disclosure. Information you provide through our Services is passed using secure socket layer (SSL) technology and stored using industry standard encryption technology such as Bcrypt.net, which uses the Blowfish encryption algorithm.

Notwithstanding the above, no method of transmission of information over the Internet or electronic storage is ever 100% secure. Although we endeavor to protect your personal information, we cannot guarantee the security of your personal information transmitted through or collected through the use of our Services and any transmission of personal information is at your own risk.

Disclosure

The Company will not sell your personal data and will not pass on your personal data to third parties without first obtaining your consent, except as required or allowed by law or regulation, or if you violate our Terms of Service. We may sell, transfer or otherwise share some or all of our business or assets, including your PII, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

We may pass your personal data on to third-party service providers contracted to the Company in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfill the service they provide you on our behalf. This may include order processing, shipment processing, customer support, analytics, and/or email marketing. When they no longer need your data to fulfill this service, they are obligated to dispose of the details in line with the Company’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.

Certain third-party service providers, such as payment gateways and transaction processors, have their own privacy policies which govern the information we are required to provide to them for your purchase-related transactions. The Company recommends that you read these privacy policies to understand the manner in which your personal information will be handled by these third party providers.

By signing up for an account with, logging into, or otherwise utilizing any Merch Cat Service you consent to our disclosure to, among others, the following third parties for the following purpose(s) in connection with your use of the Services.

Third Party Retrieve a copy of the safeguards in place here: Purpose Data Protection Contract in place?
SendGrid https://sendgrid.com/policies/security/ Transactional Email N/A
Facebook https://www.facebook.com/policy.php Sign up and login Between FB and User
Privacy Rights

This section applies only to residents of certain states which provide consumers with data rights. It describes how we collect, use and share PII of residents of these states in operating our business, and their rights with respect to that information. Depending on your state of residence you may have the following rights. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

  1. Information. You can request the following information about how we have collected and used your PII during the past 12 months:
    • The categories of PII that we have collected.
    • The categories of sources from which we collected PII.
    • The business or commercial purpose for collecting and/or selling PII.
    • The categories of third parties with whom we share PII.
    • Whether we have disclosed your PII for a business purpose, and if so, the categories of PII received by each category of third party recipient.
    • Whether we’ve sold your PII, and if so, the categories of PII received by each category of third party recipient.
  2. Access. You can request a copy of the PII that we have collected about you, which includes the right to: (1) confirm whether we are processing your PII; (2) confirm the categories of your PII that we process; and (3) obtain a copy of your PII in a portable format.
  3. Correct.In some cases, we may provide self-service tools that enable you to do so.
  4. Delete.You may request that we delete your PII that we have collected from you.
  5. Opt-Out.You may opt-out of Your PII being used for certain purposes, such as: (1) targeted advertising; (2) the “sale” of your Personal Information; and (3) certain profiling activities that result in legal or similarly significant effects on you.
  6. Nondiscrimination.You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
How to Exercise Your Information, Access and Deletion rights

You may submit a request to exercise your information, access, or deletion rights by emailing privacy@merchcat.com or write to us at 54 Arthur Court, Port Chester, NY, U.S. 10573. We will need to verify your identity to process your information, access, and deletion requests, and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities, and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.

Information for California Residents – California Privacy Rights

California law requires us to disclose the following information with respect to our information practices. If you are a California resident, this section applies to you in addition to the rest of the Privacy Notice.

  1. Information. You can request the following information about the PII we may have collected in the preceding 12 months, and the sources from which we obtain such information.
  2. Purposes for Collection. We collect and use PII for the business or commercial purposes described above.
  3. Categories of PII Disclosed and Categories of Recipients. We may have disclosed the following categories of PII in the preceding 12 months for our business or commercial purposes, to the categories of recipients listed below.
  4. Agreement and Changes to the Privacy Policy. . For more details on how your PII is disclosed, please see the “Use of Personal Information” section, which provides additional information about our disclosure of Personal Information to Affiliates, Service Providers, Business Partners, Advertising or Analytics Providers, and the Social Media Platforms and Networks we use.

We may also disclose any of the above categories of PII: (1) for legal, fraud prevention, or safety purposes; (2) to our professional advisors; (3) as a result of a business transfer; or (4) based on your consent or instruction.

Shine The Light Law

We do not sell your PII for direct marketing purposes.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA or CPRA rights. Unless permitted by the CCPA or CPRA, we will not:

  1. Deny you goods or services
  2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
  3. Provide you with a different level or quality of goods or services
  4. Suggest that you may receive a different price or rate for goods or services.
Contacting The Company

If you have any questions about this privacy policy, please contact us. You may also reach us by mail at Merch Cat LLC, 54 Arthur Court, Port Chester, NY 10573 or you can contact us here https://www.MerchCat.com/contact.

Use of Google Analytics

Our Websites use Google Analytics, a web analysis service by Google Inc. ("Google"). Google Analytics uses cookies, which enable an analysis of your use of the Websites. The information about your use of the Websites generated by the cookie is transmitted to Google, which will use this information in order to evaluate your use of the Websites, to compile reports about activities thereon, and to provide further services related to use and performance of our Websites and the Internet in general. The IP address transmitted from your browser within Google Analytics is not connected with any other data from Google.

You can prevent the storage of cookies by configuring your browser software accordingly; please note, however, that in this case you may not be able to use all the functions of our Websites to their full extent

We use Google Analytics in order to analyze the use of our Websites and regularly improve it. We use the statistics obtained to improve our products and make them more interesting to you as a user. For the exceptional cases in which personal data are transmitted to the USA, Google has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is that it is in the legitimate interest of the Company to do so.

As of the effective date of this Policy, information about Google Analytics can be found in its Terms of Use at https://marketingplatform.google.com/about/analytics/terms/us.

Use of Google Adwords Conversion

This website uses Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). In the context of Google AdWords, we use so-called “Conversion Tracking”. If you click on an ad served by Google, a cookie is placed for conversion tracking. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google can recognize that the user has clicked on the ad and has been redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Merch Cat will see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, we will not receive any information that personally identifies users. If you do not wish to participate in tracking, you can opt out of this use by simply deactivating the Google Conversion Tracking cookie via your Internet browser under User Settings. You are then not included in the conversion tracking statistics.

The storage of “conversion cookies” and the use of this tracking tool are based on Art. 6 (1) (f) GDPR. Merch Cat has a legitimate interest in analyzing user behavior in order to optimize the Websites and Merch Cat advertising. For more information on Google AdWords and Google Conversion Tracking, please see Google’s privacy policy: https://policies.google.com/privacy?hl=en-US/. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be restricted.

Use of Facebook Pixel

We use the "visitor action pixels" from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook")) on our website

This allows user behavior to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook's Data Usage Policy https://www.facebook.com/about/privacy/ . You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active) .

European Union Privacy Terms

This section of our Privacy Policy applies to you only if you are accessing the Websites from within the confines of the European Union.

Data Controller

The Company is the responsible data controller of the Websites pursuant to Article 4 (7) EU General Data Protection Regulation (GDPR). The Company’s address is 7 Rye Ridge Plaza,Suite 143, Port Chester, NY, U.S. 10573, Attn: Vanessa Ferrer.Email: privacy@merchcat.com.

Definitions
  1. Data Subject. An individual from whom we have collected PII.
  2. Personal Information.References to “personal information” or “PII” in this Policy are equivalent to “personal data” as governed in and defined by European data protection legislation (GDPR), and includes all information by which a living person can be identified, including when combined with other information.
  3. Processing. Processing is any operation done by us with your data after collection, including use, storage, transmission, disclosure, and disposal.
Principles of The Company

Our Company believes in and complies with the principles of GDPR. The six overall guiding principles are:

  • Lawfulness, transparency and fairness
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage limitation
  • Confidentiality and integrity

We take pride in protecting your privacy. We will only collect and process data when it is absolutely necessary, and when we do, we will make it clear why we are doing so and how it will be used, and we will use best practices and relevant industry standards to endeavor to protect and secure the information.

Legal Basis for Collecting Personal Information

The legal basis on which we process your personal information as described in this Policy will depend on the type of personal information and the specific context in which we process it. In general we process information that we have obtained with your consent, as this basis is defined in GDPR Article 6. Where there is a reason to ask you for sensitive personal data, or if we plan to use your data in a manner not contemplated by you when you gave your consent, we will always tell you why we are asking for the information and how the information will be used.

You may withdraw consent at any time by contacting us at privacy@merchcat.com .

Retention

Your personal data will not be kept for longer than is necessary to fulfill the specific purposes outlined in this Policy, and to allow us to comply with our legal requirements. Any data we do retain beyond that time will be anonymized, meaning that any PII such as your name, address, date of birth, telephone number, email address etc. will be deleted after a defined period. Any remaining anonymized data is essential for us to analyze general market trends and Website and other Service based trends but without any identifiable personal information.

Your Rights as a Data Subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you may have a right to restrict the processing of certain of your personal data.
  • Right of portability – you have the right to have the data we hold about you transferred to another organization in a generally accepted computer readable format.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review -in the event that the Company refuses your request under rights of access, we will provide you with a reason as to why. You have the right to lodge a complaint with the supervisory authority governing your place of habitual residence in the EU.

All of the above requests will be forwarded to the appropriate party should there be a third party involved in the processing of your personal data.

In addition, to the extent not outlined in this Policy, you have the right to the following information upon request:

  • Whether and what information we hold about you and how it is processed.
  • The identity and the contact details of the person or organization that has determined how and why to process your data and contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of the Company or a third party, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • If we intend to transfer the personal data to a third country or international organization, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority.
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

The Company will request and accept the following forms of ID when information on your personal data is requested: Passport, driving license, birth certificate, utility bill (from last 3 months), current vehicle registration document, bank statement (from last 3 months), rent book (from last 3 months).

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by the Company (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with the Company’s data protection representative.

Contact Name: Vanessa Ferrer
C/O Merch Cat
Address: 7 Rye Ridge Plaza
Suite 143
Port Chester, NY 10573
Email: vferrer@merchcat.com