Thomas Toffee Privacy Policy
Please watch the video below, which quickly explains what cookies are, and why we use them. Please note that our site, like every other shopping website, will not work with cookies disabled.
Privacy Policy Effective Date: May 4th, 2023Thomas Toffee respects and is committed to protecting your privacy! We're a family business, and we take privacy VERY seriously, and protect our customers data like we would our own. We apologize for the lengthy privacy policy, but we have to have one this long to adhere to Europe's GDPR (General Data Protection Regulation) and to make our policy very clear. This privacy protection section communicates how, when, and why we gather information about our customers and what we do with it.
This Privacy Policy (“Privacy Policy”) applies to the website located at ThomasToffee.com, the Thomas Toffee mobile applications, and any other websites or applications associated with Thomas Toffee brands or products that direct the viewer or user to this Privacy Policy (collectively, the “Sites“).
In this Privacy Policy, the terms “Thomas Toffee,” “we,” and “us” refers to Thomas Toffee, LLC and its respective subsidiaries and affiliated companies. The term “your device" refers to any computer, tablet, smart phone or other device you are using to access our websites or to operate the Thomas Toffee mobile applications. Websites that are owned and operated by Thomas Toffee may contain links to websites that are owned and operated by other companies. This Statement does not apply to websites and services that are owned and operated by third parties.
We understand the importance that our customers place on privacy and have designed this Privacy Policy to describe our information-gathering and dissemination practices. You agree to this Privacy Policy when you: 1) access or use any Site; and/or 2) agree to receive e-mail from us. If you do not agree to this Privacy Policy, please do not use this Site.
This Privacy Policy went into effect on the date noted above. Please note that we reserve the right to review and update this Privacy Policy from time to time. If we make any material changes to the Privacy Policy, we will notify you by means of a general notice on the Sites prior to the change taking effect. If you use a Site after the updated Privacy Policy becomes effective, you will be deemed to have agreed to the amended Privacy Policy.
Security:
We have taken many precautions to insure that shopping at Thomas Toffee is safe and secure. We use the industry-standard SSL protocol (Secure Sockets Layer) to ensure that all credit card transactions are secure. The SSL system encrypts information that you submit to us via our website when you place an order. Encryption makes it extremely difficult for anyone to intercept information about you, your order, or your credit card information.
IP Address:
To ensure a smooth shopping experience, our system logs the Internet Protocol (IP) Address of each user. An IP address is a number that is automatically assigned to your computer every time you browse the internet. Depending on your Internet Service Provider (ISP) and the type of connection, this number may change each time you log on. Information from IP addresses is used for system administration, our live help feature, troubleshooting, and the examination of traffic trends and response rates to various promotional offers. This data is used in the aggregate, and is not linked to personally identifiable information.
Order Information:
If you place an order through Thomas Toffee, we will ask you for your name, e-mail address, shipping address, telephone number and credit card information. We use this information to process and fulfill your order and to notify you of your order status. All archived credit card information is maintained in a secure and safe environment. Telephone numbers and e-mail addresses are only used to contact you regarding your order, unless you request to receive our e-mail newsletter and marketing updates.
Information Provided When You Contact Us:
We may collect Personal Information that you voluntarily provide to us when you contact us with a question or comment about our products and services. We generally collect one or more of the following types of Personal Information when you contact us with a question or comment or request information from us about our products and services: Your order number, name, email address, phone number, or address (billing, and or shipping).
Email Contact:
By providing your email to Thomas Toffee, you consent to receive communications from us electronically. Thomas Toffee may send occasional emails about changes to its services, newsletters or special offers. If you would like to opt-out of receiving such emails please click "unsubscribe" at the bottom of any email from us, or send us an email stating that you do not wish to receive promotional communications. If you do opt-out, you will continue to receive non-promotional communications regarding the status of your orders or your account. Our email contact lists are stored under the Sendlane, & Klaviyo email marketing platforms
If you do not wish to receive our emails anymore, please click the "Manage Your Subscription." or "Unsubscribe" link located at the bottom of each email for your convenience. Or you can contact us HERE and asked to be removed.
SMS/MMS MOBILE MESSAGE MARKETING PROGRAM:
Thomas Toffee, LLC (hereinafter, “We,” “Us,” “Our”) is offering a mobile messaging program (the “Program”), which you agree to use and participate in subject to these Mobile Messaging Terms and Conditions and Privacy Policy (the “Agreement”). By opting in to or participating in any of our Programs, you accept and agree to these terms and conditions, including, without limitation, your agreement to resolve any disputes with us through binding, individual-only arbitration, as detailed in the “Dispute Resolution” section below. This Agreement is limited to the Program and is not intended to modify other Terms and Conditions or Privacy Policy that may govern the relationship between you and Us in other contexts.
User Opt In:
The Program allows Users to receive SMS/MMS mobile messages by affirmatively opting into the Program, such as through online or application-based enrollment forms. Regardless of the opt-in method you utilized to join the Program, you agree that this Agreement applies to your participation in the Program. By participating in the Program, you agree to receive autodialed or prerecorded marketing mobile messages at the phone number associated with your opt-in, and you understand that consent is not required to make any purchase from Us. While you consent to receive messages sent using an autodialer, the foregoing shall not be interpreted to suggest or imply that any or all of Our mobile messages are sent using an automatic telephone dialing system (“ATDS” or “autodialer”). *Message and data rates may apply.
User Opt Out:
If you do not wish to continue participating in the Program or no longer agree to this Agreement, you agree to reply STOP, END, CANCEL, UNSUBSCRIBE, or QUIT to any mobile message from Us in order to opt out of the Program. You may receive an additional mobile message confirming your decision to opt out. You understand and agree that the foregoing options are the only reasonable methods of opting out. You also understand and agree that any other method of opting out, including, but not limited to, texting words other than those set forth above or verbally requesting one of our employees to remove you from our list, is not a reasonable means of opting out.
Duty to Notify and Indemnify:
If at any time you intend to stop using the mobile telephone number that has been used to subscribe to the Program, including canceling your service plan or selling or transferring the phone number to another party, you agree that you will complete the User Opt Out process set forth above prior to ending your use of the mobile telephone number. You understand and agree that your agreement to do so is a material part of these terms and conditions. You further agree that, if you discontinue the use of your mobile telephone number without notifying Us of such change, you agree that you will be responsible for all costs (including attorneys’ fees) and liabilities incurred by Us, or any party that assists in the delivery of the mobile messages, as a result of claims brought by individual(s) who are later assigned that mobile telephone number. This duty and agreement shall survive any cancellation or termination of your agreement to participate in any of our Programs.
YOU AGREE THAT YOU SHALL INDEMNIFY, DEFEND, AND HOLD US HARMLESS FROM ANY CLAIM OR LIABILITY RESULTING FROM YOUR FAILURE TO NOTIFY US OF A CHANGE IN THE INFORMATION YOU HAVE PROVIDED, INCLUDING ANY CLAIM OR LIABILITY UNDER THE TELEPHONE CONSUMER PROTECTION ACT, 47 U.S.C. § 227, et seq., OR SIMILAR STATE AND FEDERAL LAWS, AND ANY REGULATIONS PROMULGATED THEREUNDER RESULTING FROM US ATTEMPTING TO CONTACT YOU AT THE MOBILE TELEPHONE NUMBER YOU PROVIDED.
Program Description:
Without limiting the scope of the Program, users that opt into the Program can expect to receive messages concerning the marketing and sale of food, beverage and supplement products sold by Thomas Toffee, LLC.
Cost and Frequency:
Message and data rates may apply. The Program involves recurring mobile messages, and additional mobile messages may be sent periodically based on your interaction with Us.
Support Instructions:
For support regarding the Program, text “HELP” to the number you received messages from or email us at Info@ThomasToffee.com. Please note that the use of this email address is not an acceptable method of opting out of the program. Opt outs must be submitted in accordance with the procedures set forth above.
MMS Disclosure:
The Program will send SMS TMs (terminating messages) if your mobile device does not support MMS messaging.
Our Disclaimer of Warranty:
The Program is offered on an "as-is" basis and may not be available in all areas at all times and may not continue to work in the event of product, software, coverage or other changes made by your wireless carrier. We will not be liable for any delays or failures in the receipt of any mobile messages connected with this Program. Delivery of mobile messages is subject to effective transmission from your wireless service provider/network operator and is outside of Our control. T-Mobile is not liable for delayed or undelivered mobile messages. Participant Requirements:You must have a wireless device of your own, capable of two-way messaging, be using a participating wireless carrier, and be a wireless service subscriber with text messaging service. Not all cellular phone providers carry the necessary service to participate. Check your phone capabilities for specific text messaging instructions.
Age Restriction:
You may not use of engage with the Platform if you are under thirteen (13) years of age. If you use or engage with the Platform and are between the ages of thirteen (13) and eighteen (18) years of age, you must have your parent’s or legal guardian’s permission to do so. By using or engaging with the Platform, you acknowledge and agree that you are not under the age of thirteen (13) years, are between the ages of thirteen (13) and eighteen (18) and have your parent’s or legal guardian’s permission to use or engage with the Platform, or are of adult age in your jurisdiction. By using or engaging with the Platform, you also acknowledge and agree that you are permitted by your jurisdiction’s Applicable Law to use and/or engage with the Platform.
Prohibited Content:
You acknowledge and agree to not send any prohibited content over the Platform. Prohibited content includes:
- Any fraudulent, libelous, defamatory, scandalous, threatening, harassing, or stalking activity;
- Objectionable content, including profanity, obscenity, lasciviousness, violence, bigotry, hatred, and discrimination on the basis of race, sex, religion, nationality, disability, sexual orientation, or age;
- Pirated computer programs, viruses, worms, Trojan horses, or other harmful code;
- Any product, service, or promotion that is unlawful where such product, service, or promotion thereof is received;
- Any content that implicates and/or references personal health information that is protected by the Health Insurance Portability and Accountability Act (“HIPAA”) or the Health Information Technology for Economic and Clinical Health Act (“HITEC” Act);
- and Any other content that is prohibited by Applicable Law in the jurisdiction from which the message is sent.
Dispute Resolution:
In the event that there is a dispute, claim, or controversy between you and Us, or between you and Klaviyo, or any other third-party service provider acting on Our behalf to transmit the mobile messages within the scope of the Program, arising out of or relating to federal or state statutory claims, common law claims, this Agreement, or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, such dispute, claim, or controversy will be, to the fullest extent permitted by law, determined by arbitration in Los Angeles, CA before one arbitrator.
The parties agree to submit the dispute to binding arbitration in accordance with the Commercial Arbitration Rules of the American Arbitration Association (“AAA”) then in effect. Except as otherwise provided herein, the arbitrator shall apply the substantive laws of the Federal Judicial Circuit in which Thomas Toffee’s principle place of business is located, without regard to its conflict of laws rules. Within ten (10) calendar days after the arbitration demand is served upon a party, the parties must jointly select an arbitrator with at least five years’ experience in that capacity and who has knowledge of and experience with the subject matter of the dispute. If the parties do not agree on an arbitrator within ten (10) calendar days, a party may petition the AAA to appoint an arbitrator, who must satisfy the same experience requirement. In the event of a dispute, the arbitrator shall decide the enforceability and interpretation of this arbitration agreement in accordance with the Federal Arbitration Act (“FAA”). The parties also agree that the AAA’s rules governing Emergency Measures of Protection shall apply in lieu of seeking emergency injunctive relief from a court. The decision of the arbitrator shall be final and binding, and no party shall have rights of appeal except for those provided in section 10 of the FAA. Each party shall bear its share of the fees paid for the arbitrator and the administration of the arbitration; however, the arbitrator shall have the power to order one party to pay all or any portion of such fees as part of a well-reasoned decision. The parties agree that the arbitrator shall have the authority to award attorneys’ fees only to the extent expressly authorized by statute or contract. The arbitrator shall have no authority to award punitive damages and each party hereby waives any right to seek or recover punitive damages with respect to any dispute resolved by arbitration. The parties agree to arbitrate solely on an individual basis, and this agreement does not permit class arbitration or any claims brought as a plaintiff or class member in any class or representative arbitration proceeding. Except as may be required by law, neither a party nor the arbitrator may disclose the existence, content, or results of any arbitration without the prior written consent of both parties, unless to protect or pursue a legal right. If any term or provision of this Section is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect any other term or provision of this Section or invalidate or render unenforceable such term or provision in any other jurisdiction. If for any reason a dispute proceeds in court rather than in arbitration, the parties hereby waive any right to a jury trial. This arbitration provision shall survive any cancellation or termination of your agreement to participate in any of our Programs.
Miscellaneous:
You warrant and represent to Us that you have all necessary rights, power, and authority to agree to these Terms and perform your obligations hereunder, and nothing contained in this Agreement or in the performance of such obligations will place you in breach of any other contract or obligation. The failure of either party to exercise in any respect any right provided for herein will not be deemed a waiver of any further rights hereunder. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. Any new features, changes, updates or improvements of the Program shall be subject to this Agreement unless explicitly stated otherwise in writing. We reserve the right to change this Agreement from time to time. Any updates to this Agreement shall be communicated to you. You acknowledge your responsibility to review this Agreement from time to time and to be aware of any such changes. By continuing to participate in the Program after any such changes, you accept this Agreement, as modified.
Technologies we use, and further use of cookies
Use of Cookies:
Thomas Toffee uses "cookies" for the sole purpose of enhancing your shopping experience. In fact our site is not functional without the use of cookies. You cannot add items to your cart or use checkout without cookies enabled. This is because our website (like most shopable websites) tracks your actions through the use of cookies.
A cookie is a feature of your Internet Web browser, and most browsers are configured to automatically accept cookies. Cookies are files that your Web browser places on your computer's hard drive and which assign a unique identification code to your computer. Cookies do not enable us to retrieve from your computer any additional personal information about you other than information that you knowingly and willingly provide to Thomas Toffee through the order process or through our sign up forms.
We use cookies to let us know whether you have visited Thomas Toffee previously, to provide relevant, personalized content, and to help us continue to improve site navigation, design, and content.
You can read more about online marketing practices and the technologies that support them by visiting the Network Advertising Initiative's website.
Third-Party Advertising Services:
We partner with third parties that may use technologies such as cookies (and local stored objects as described above) to gather information about your activities on the Sites and elsewhere on the Internet in order to provide you with relevant advertising based upon your browsing activities and interests. This type of advertising is sometimes called interest-based advertising. No personally-identifiable information is collected or used in this process. If you wish to not have this information collected and used for interest-based advertising, you may opt-out by clicking here for partners that participate in the TRUSTe opt-out tool (or if located in the European Union click here). If you wish to opt-out from this type of advertising for companies that participate in the Network Advertising Initiative, please click here. If you wish to opt-out from this type of advertising for companies that participate in the Digital Advertising Alliance (“DAA”), you can do so here. Please note that this does not opt you out of being served ads. You will continue to receive generic ads. Thomas Toffee adheres to the DAA’s Self-Regulatory Principles.
Third-Party Analytics:
We may also use service providers, such as Google Analytics, that may use cookies or other technologies to collect information about your online activities across this and other sites over time for non-advertising purposes such as those described above. To learn more about how Google Analytics collects and processes data and the choices Google may offer to control these activities, you may visit them HERE.
Google Analytics:
To help facilitate the delivery of relevant content, we use Google Analytics and have implemented the following Google Advertising Features: Remarketing, Impression Reporting, and Demographics and Interest Reporting. We use Google Analytics cookies and other Google advertising cookies. You can opt out of the Google Analytics Advertising Features we use by indicating your preference using the interest-based opt-out link here. Google also provides a complete privacy policy, and instructions on opting out of Google Analytics here. Note that Google’s opt-out mechanism is specific to Google activities and does not affect the activities of other ad networks or analytics providers that we may use.
Behavioral Advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
- We use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.
- We use Klaviyo for our email/SMS marketing. Klaviyo receives purchase/contact information from Shopify during and after the checkout process. Our popup forms are also powered by Klaviyo.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.
What we do with the information we collect
As examples of how we may use Personal Information that we collect, we use Personal Information in the following ways:
Information Provided by You Upon Registration and Making a Purchase Online or at Our Stores:
We may use this Personal Information to administer your access to a Site, verify your identity, and provide our products or services to you.
Information Provided When You Contact Us:
We may use this Personal Information to understand and respond to your question or comment.
Passively Collected Information:
We use passively collected information to monitor and maintain the performance of our Sites, analyze trends, usage and activities in connection with our services, validate users and ensure their technological compatibility with users, and optimize our marketing efforts.
Aggregate data:
We may use your Personal Information to create aggregate data which does not include any Personal Information and which cannot be used to identify you. For example, aggregate data may include data that describes the general demographics, usage or other characteristics of a Site’s users. We reserve the right to transfer and/or sell aggregate or group data about a Site’s users for lawful purposes.
With whom we share the information we collect
We do not share your personal information with other companies except in the following situations:
Legal Requirements:
We may disclose Personal Information if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a subpoena or similar legal obligation, (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of users of any Site or the public, (d) protect against legal liability, or (e) or as otherwise required or permitted by law.
If an order is deemed as fraudulent, information regarding the order may be shared with associated parties (the billing contact / the shipping contact / true owner of the payment method).
Some of our pages utilize framing techniques to serve content to you from our partners while preserving the look and feel of our Sites. When you interact with content from our partners displayed on our Site, please be aware that you are providing your Personal Information to these third parties and it will be governed by their respective privacy policies.
Miscellaneous
Correcting, Updating, or Deactivating Your Account:
You may request to access, correct, update or delete your Personal Information, or deactivate your account, by contacting us here with information necessary for us to process your request.
EU Residents:
International Transfers of EU Customers’ Personal Information. The Personal Information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") in reliance on a variety of compliance mechanisms. including data processing agreements based on the EU Standard Contractual Clauses. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services. By submitting your Personal Information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. If you are from the EEA or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your personal information to the U.S. which does not have the same data protection laws as the EEA and may provide more limited recourse mechanisms, including dissimilar or, at times, weaker data protection rights. With knowledge of these risks, by providing your personal information you consent to: (i) the use of your personal information for the uses identified above in accordance with this Privacy Policy; and (ii) the transfer of your personal information to the U.S. as indicated above.
CALIFORNIA RESIDENTS:
This section provides specific information for California consumers, as required under California privacy laws, including the California Consumer Privacy Act as amended, and its implementing regulations (“CCPA”). The CCPA requires that we provide certain information to California consumers about how we handle their PI, and their rights in that regard. Under the CCPA, “PI” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device or household, including the categories identified in the chart below to the extent they identify, relate to, describe, are capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer, device or household, subject to certain exceptions (e.g., publicly available information is not PI).
Consistent with the CCPA, this notice, and the rights described, do not apply in calendar year 2022 to job applicants, current or former employees, contractors, or persons interacting with us in their capacity as a representative of a business.
This notice reflects our good faith understanding of the law and our data practices as of the Effective Date, but as of that date, the CCPA’s implementing regulations are not yet final and there remain differing interpretations of the law. Accordingly, we may from time-to-time update information in this and other notices regarding our data practices and your rights, modify our methods for responding to your requests, and/or supplement our response to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.
Categories of PI of California Consumers that We Collect, Disclose, and Sell
The CCPA requires us to disclose the categories of PI about California consumers that we collect, disclose for a business or commercial purpose, or sell. These categories are defined in the CCPA. Our PI practices for the 12 months preceding the Effective Date were as described in this Privacy Policy, and more specifically as follows:
Categories of PI | Collection Sources | Purpose(s) for Collection | Categories of Third Parties Shared |
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, e-mail address, account name, government ID or other similar identifiers. | From the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors. | Managing Cookies, sending marketing e-mails and text messages, conducting other advertising and promotional campaigns, data security, debugging, internal research and development, processing and managing customer interactions and transactions, facilitating arrangements we have with business partners, performing services requested by the consumer, and research and quality assurance. | Service providers, Corporate Transaction recipients, business partners, and as directed by the consumer or as required by applicable law. |
2. Personal Records, including signature, physical characteristics or description, written statements, telephone number, address, credit card number, or other financial information. | From the consumer, by us and from the consumer’s e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors. | Data security, debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, research and quality assurance. | Service providers, Corporate Transaction recipients, business partners, and as directed by the consumer or as required by applicable law. |
3. Characteristics such as gender and age. | From the consumer and from vendors | Providing more relevant service to consumers | Service providers, Corporate Transaction recipients, and as directed by the Consumer or as required by applicable law. |
4. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | From the consumer, by us from the consumer’s browser, device, e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors. | Data security, debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, advertising, research and quality assurance. | Service providers, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law. |
5. Biometric information. | N/A | N/A | N/A |
6. Internet or other electronic network activity information, including, but not limited to, browsing history, browsing time, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. | From the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, and our vendors. | Debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, advertising, quality assurance and research and analytics. | Service providers, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law. |
7. Geolocation data, including, but not limited to, precise physical location and movement patterns | From the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, and otherwise directly from Consumers | Managing Cookies, processing and managing consumer interactions and transactions, performing services requested by the consumer, targeted advertising, quality assurance, fraud prevention and security, and research and analytics. | Service providers, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law. |
8. Audio, electronic, visual, thermal, olfactory, or similar information, including, but not limited to, image, photograph, and voice. | Directly from consumers | Processing and managing consumer interactions and transactions, performing services requested by the consumer, quality assurance, and fraud prevention and security. | Service providers, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law. |
9. Professional or employment-related information. | N/A | N/A | N/A |
10. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99). | N/A | N/A | N/A |
11. Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, and behavior. | Consumer’s browser, device, e-mail and/or social media account, and otherwise directly from consumers or as created by us or our vendors. | Processing and managing customer interactions and transactions, performing services requested by the customer, and quality assurance and security and fraud prevention. | Service providers, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law. |
We have disclosed the following categories PI of California consumers for a business purpose, consistent with the collection purposes set forth in the chart above, within the 12 months preceding the Effective Date:
- Identifiers;
- Personal records;
- Commercial information;
- Internet or other electronic network activity information;
- Geolocation data;
- Audio, electronic, visual, thermal, olfactory of similar information; and
- Inferences drawn from PI to create a profile about a consumer.
The applicable sources, and purposes of the PI collected by us, and the categories of third parties to which we have disclosed it for business purposes, are set forth in the chart above. We do not believe that we have sold PI, except as discussed in the next section. We acknowledge that the data collection by some third party Cookies associated with our Services may be considered by some to be a “sale” under the broad language of the CCPA
Rights that California consumers have under the CCPA. California law grants consumers certain rights and imposes certain restrictions on particular business practices as set forth below.
Do Not Sell Right If you are a California consumer, you have the right to opt-out of the sale of your PI. The CCPA, however, defines “sale” in an unusual way, and with no guidance from the State of California as of the Effective Date as to how broadly the term should be interpreted, a number of differing reasonable interpretations are possible.
We do not believe that sharing your information with certain third parties as part of our normal business operations constitutes a sale within the meaning of what most people would consider a sale to be. Even under a broad understanding of “sale,” we do not typically sell your PI, but from time to time, if we were to become aware of business partners with offerings that we believe might be relevant to your interests, we might decide to share your information with them so that they can contact you with offers that you might enjoy. Because of this possibility, we are providing a way for California consumers to opt-out of any future sales of their information that might occur under such circumstances. To exercise your right, send us an email at Info@ThomasToffee.com with "Opt Out Request" in the subject line. We will need your first and last name to identify you. Alternatively, you can call us at (855) 863-3334.
We treat Do Not Sell requests based on our evolving good faith interpretation of the law, and we intend to look to direction that may in the future be provided by the State of California to guide our understanding as to how the CCPA should be interpreted in this area.
We do not knowingly sell PI of children under the age of 16 without the authorization required by the CCPA.
Requests for Deletion and Right to Know or Copy. If you are a California consumer, you have the right to make the following requests, typically at no charge, up to twice every 12 months:
- Deletion: the right to request deletion of your PI that we have collected about you, subject to certain exemptions, such as where the information is used to complete the transaction for which the PI was collected, provide a good or service that you have requested, perform a contract between you and us, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, prosecute people responsible for malicious, deceptive, fraudulent or illegal activities, debug to identify and repair errors that impair existing intended functionality, comply with a legal obligation, enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us, or otherwise use your information internally, in a lawful manner that is compatible with the context in which you provided the information.
- Right to Know (categories or specific information): the right to request that we disclose specific information about our practices with regard to your PI over the prior 12 months, including with regard to each of the categories of PI collected, the categories of sources from which the PI was collected, the business and/or commercial purpose(s) for the collection, disclosure and/or sale of your PI, and the categories of third parties with whom we have sold or disclosed for business purposes your PI. You also have the right to know what specific pieces of PI we have collected about you in the prior 12 months and the right to request a copy of that information.
Submitting Requests and What You can Expect. You (or your authorized agent) can submit a deletion, right-to-know or copy request by emailing us at Info@ThomasToffee.com. You will be contacted on what is required to be verified and to make the request. You (or your authorized agent) can also submit your request by calling (855) 863-3334. So that we do not delete the wrong person’s information, or give access to PI to the wrong person or otherwise act upon the wrong person’s instructions, we will respond to your request. We will notify you that we have received your deletion or right-to-know request within 10 days of receipt of your request. We will honor do-not-sell requests, as more fully explained above, within 15 days after we receive such a request. For right-to-know and deletion requests, we will endeavor to respond within 45 days after receiving the request, but if we believe that in order to thoroughly and accurately respond to your request we need more time, we will notify you that we need an additional 45 days to process your request.
Incentives and "Non-Discrimination." The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on financial incentives, including loyalty programs, offered to California consumers related to their PI. Accordingly, we will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI provided to us.
Shine the Light
We do not typically share PI about you with third parties for their direct marketing purposes, except where we offer you the ability to consent (either on an opt-in or opt-out basis). However, where permitted by applicable law, if we elect to share your personal information (as defined by California’s “Shine The Light” law, California Civil Code Section 1798.83) with third parties for their direct marketing purposes without giving you the ability to consent to such sharing, the law allows you to, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of PI to third parties for their direct marketing purposes without your opportunity to consent. If this applies, you may obtain the categories of PI shared and the names and addresses of all third parties that received PI for their direct marketing purposes during the immediately prior calendar year (e.g. requests made in 2022 will receive information about 2019 sharing activities). You may make one request per calendar year. To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request by sending us an e-mail at Info@ThomasToffee.com, or by writing to us at Thomas Toffee, Attn: Legal Department/Privacy, 26500 Agoura Road suite 102 345, Calabasas California 91302, United States. Any such request must include “Shine the Light Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code, and confirmation that you are a California resident. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address or mail address. Please allow up to 30 days for a response.
CA Minors Any California residents under the age of eighteen (18) who have registered to create an account to use the Services, and who post content on the Service, can request removal by contacting us as set forth in the Contact Us section, detailing where the content or information is posted and attesting that they posted it. We will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished or archived content by search engines and others that we do not control.
Links to Other Websites:
The Sites may contain links to third party owned and/or operated websites. We are not responsible for the privacy practices or the content of such websites. We suggest that you contact these third parties directly for information regarding their privacy, security and data collection and distribution policies prior to providing them with any information.
Blogs and Public Features of the Sites:
Some of our Sites offer publicly accessible blogs, community forums, or public comments sections. You should be aware that any Personal Information you submit there can be read and collected by other users of these forums and could be used to send you unsolicited messages and for other purposes. Our blog and comments section of our site is managed by a third party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. NONE OF THE INFORMATION THAT YOU PROVIDE USING THESE FEATURES IS PROTECTED BY THIS PRIVACY POLICY. WE ARE NOT RESPONSIBLE FOR THE PERSONAL INFORMATION YOU CHOOSE TO SUBMIT IN THESE FORUMS OR THE USE OF THAT INFORMATION BY ANY THIRD PARTY. You will need to contact or log into the third party application if you want the Personal Information that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy policy.
Social Media Widgets:
Our Sites may include social media features, such as the Facebook Like button and widgets such as the "Share This" button or interactive mini-programs that run on our Sites. These features may collect your IP address, which pages you are visiting on our Sites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Sites. Your interactions with these features are governed by the privacy policy of the company providing them.
Security and Retention:
We take commercially reasonable steps to help protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration and destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from a Site may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Information to us or to any other party via the Internet. The security of your Personal Information is important to us. When you enter sensitive information (such as a credit card number) on our order forms or login credentials (such as username and password) on our platform login, we encrypt the transmission of that information. Your Personal Information will be stored in the United States and will be subject to laws applicable in that country. If you have any questions about security on our Sites, you can contact us HERE. We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. If we learn of a security systems breach we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Sites or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Sites. We may post a notice on the Sites if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
Children’s Privacy:
Visitors under 13 years of age are not permitted to use and/or submit their personal information on any website (Children's Online Privacy Protection Act). We do not knowingly solicit or collect information from visitors under 13 years of age. If you are under 13 years of age, please do not submit any information to us. In the event that we learn that a person under the age of 13 has provided us with personal information, we will delete such personal information. We encourage parents and guardians to spend time online with their children and to participate and monitor the interactive activities of their children.
Assignment:
In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger, you grant us the right to assign the personally identifiable and non-personal information collected via the Sites.
Contacting Us:
Our “contact us” page contains e-mail links, a contact form, and phone number that allow you to contact us directly with any questions or comments that you may have. You can access our Contact Page HERE
Disputes, Agreement to Arbitrate, and Choice of Law:
By using the Sites, you and Thomas Toffee agree that, if there is any controversy, claim, action, or dispute arising out of or related to your use of the Sites, or the breach, enforcement, interpretation, or validity of this Privacy Policy or any part of it ("Dispute"), both parties shall first try in good faith to settle such Dispute by providing written notice to the other party describing the facts and circumstances of the Dispute and allowing the receiving party 30 days in which to respond to or settle the Dispute.
Notice shall be sent to Thomas Toffee at:
Thomas Toffee.
26500 Agoura Road,
Suite 102 345,
Calabasas, CA 91302
Responses will be sent to you at your last-used billing address or the billing and/or shipping address in your online profile.
Both you and Thomas Toffee agree that this dispute resolution procedure is a condition precedent that must be satisfied before initiating any litigation or filing any claim against the other party. IF ANY DISPUTE CANNOT BE RESOLVED BY THE ABOVE DISPUTE RESOLUTION PROCEDURE, YOU AGREE THAT THE SOLE AND EXCLUSIVE JURISDICTION FOR SUCH DISPUTE WILL BE DECIDED BY BINDING ARBITRATION ON AN INDIVIDUAL BASIS. ARBITRATION ON AN INDIVIDUAL BASIS MEANS THAT YOU WILL NOT HAVE, AND YOU WAIVE, THE RIGHT FOR A JUDGE OR JURY TO DECIDE YOUR CLAIMS, AND THAT YOU MAY NOT PROCEED IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE CAPACITY. Other rights that you and we would have in court will not be available or will be more limited in arbitration, including discovery and appeal rights. All such Disputes shall be exclusively submitted to JAMS (www.jamsadr.com) for binding arbitration under its rules then in effect before one arbitrator to be mutually agreed upon by both parties.
The arbitrator, and not any federal, state, or local court or agency, shall have exclusive authority to resolve any dispute arising under or relating to the interpretation, applicability, enforceability, or formation of this Privacy Policy, including any claim that all or any part of this Privacy Policy is void or voidable.
This Privacy Policy has been made in, and shall be construed in accordance with, the laws of the State of California, without giving effect to any conflict of law principles. The parties acknowledge that this Privacy Policy evidences a transaction involving interstate commerce. Notwithstanding the provision in the preceding paragraph with respect to applicable substantive law, any arbitration conducted pursuant to the terms of this Privacy Policy shall be governed by the Federal Arbitration Act (9 U.S.C. §§ 1-16).