Privacy Policy
Last Modified: October 25, 2024
Hatch Studios, LLC, a Delaware limited liability company (the “Company,” “We,” or “Us”), thanks you for being part of our community. We respect your privacy and are committed to protecting it through our compliance with this Privacy Policy. We strive to use information to provide the best possible service while respecting the confidentiality of information we are entrusted with. This Privacy Policy describes the types of information that we may collect from you or that you may provide when you visit our Website and our practices for collecting, using, maintaining, transmitting, protecting, and disclosing that information.
a. This Privacy Policy also applies to all information we collect:
(i) in email, text, and other electronic messages between you and the Company or through links to the Website;
(ii) through mobile and desktop applications you download from the Website, which provide dedicated non-browser-based interaction between you and the Website;
(iii) through social media pages controlled by us or that we interact with;
(iv) when you interact with our advertising and applications, including sweepstakes, contests, or other online promotions on our Website or on third-party websites and services if those applications or advertising include links to this Privacy Policy;
(v) when you complete a
survey or questionnaire; participate in a focus group or other consumer or market research project;
(vi) when you post a product
review; send us any feedback, questions, comments, suggestions, or ideas;
(vii) when you visit one of
our brick-and-mortar stores; and
(viii) when you shop online.
b. All of the above points of contact are herein collectively referred to as “Platforms.”
c. This Privacy Policy shall not apply to information collected by:
(i) us offline or through
any other means, including on any other website operated by the Company or any third party (including our affiliates
and subsidiaries); and/or
(ii) any third party
(including our affiliates and subsidiaries), including information collected through any application or content that
may link to or be accessible from or on the Website.
PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND OUR POLICIES AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, IT IS YOUR CHOICE NOT TO USE OUR WEBSITE. BY ACCESSING OR USING THIS WEBSITE, YOU AGREE TO THIS PRIVACY POLICY AND AGREE TO ALL OF THE TERMS AND CONDITIONS SET FORTH HEREIN. THIS PRIVACY POLICY MAY CHANGE FROM TIME TO TIME (SEE CHANGES TO OUR PRIVACY POLICY), IN OUR DISCRETION. YOUR CONTINUED USE OF THIS WEBSITE AFTER WE MAKE CHANGES IS DEEMED TO BE ACCEPTANCE OF THOSE CHANGES, SO PLEASE CHECK THE POLICY PERIODICALLY FOR UPDATES.
1. This privacy policy explains:
a. Websites Covered by This
Privacy Policy
b. Changes to Our Privacy
Policy
c. Contact Information
d. Types of Information We
Collect
e. How We Use Your
Information and Who We May Share It With
f. Third-Party Links &
Content
g. Security and Data
Location
h. WHAT ARE YOUR PRIVACY
RIGHTS?
2. Websites Covered by This Privacy Policy.
a. Our Website
may from time-to-time link to third-party websites for your convenience and to provide easy access to additional
useful information. Should you select such a link you will leave the Website. We do not control those sites nor
their privacy practices, which may differ from our practices and policies. Any personal data you choose to provide
to or that is collected by such third parties is not in any way covered by this Privacy Policy. We recommend that
you read over such website’s privacy policy before providing any personal information. A link to another website
from Us does not constitute an endorsement or representation about the value, quality, or usefulness of anything
found on that third-party website.
b. Our Service
runs on Third-Party Service Providers. These Third-Party Service Providers adopt and post their own privacy
policies. However, the use of your Personally Identifiable Information by such parties is governed by the privacy
policies of such parties and is not subject to our control.
c. Throughout
this policy, when we refer to "Websites," we
mean all Company affiliated or controlled websites (such as fundraising websites, promotional websites, or websites
utilized for consumer and/or marketing research) and any other microsites or mobile websites we operate or use.
"Social Media Pages" are the official social
media pages we operate on Facebook, Twitter, Instagram, LinkedIn, and other social media platforms. This privacy
policy applies to all our Platforms (or pages or tabs within our Platforms) that feature brands owned by the Company
and to our communications with you via texts and emails that may refer to these brands. If you have any questions
about these definitions or anything else in this privacy policy, email us at help@hatchcollection.com.
d. PLEASE BE AWARE THAT IF YOU ELECT TO HAVE US SHARE YOUR INFORMATION WITH THIRD PARTIES, SUCH AS OUR INFRASTRUCTURE AND OTHER THIRD-PARTY PROVIDERS, THOSE ELECTIONS TO HAVE YOUR INFORMATION SHARED WILL SUPERSEDE ANYTHING TO THE CONTRARY IN THIS PRIVACY POLICY.
e. An
international sales facilitation and fulfilment partner is Global-E U.K. Limited (“Global-E”), a company registered in England and Wales (company registration number
08632376) whose registered office is at 2nd Floor, 167-169 Great Portland Street, London, W1W 5PF. If you purchase
products from this Website, your personal data will be collected and used by Global E for the purposes of fulfilling
your order and delivering products to you. This Privacy Policy only relates to the use of your data by us. Please
refer to the privacy policy of Global E for further details on how your personal data will be used by them.
f. Cart.com
(f/k/a Flurry) is a fulfilment partner and is registered to do business in Texas, New Jersey, Utah, Ohio,
California, and Tennessee with offices located at 612 Brazos St, Austin, TX 78701. If you purchase products from this Website,
your personal data will be collected and used by Cart.com for the purposes of fulfilling your order and delivering
products to you. This Privacy Policy only relates to the use of your data by us. Please refer to the privacy
policy of Cart.com for further details on how your personal data will be used by them.
3. Changes to Our Privacy Policy.
a. We reserve
the right to amend this privacy notice at our discretion and at any time. It is our policy to post any changes we
make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Website home
page. If we make material changes to how we treat our users’ Personal Information, we will notify you by email to
the primary email address specified in your account and/or through a notice on the Website home page. The date the
Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an
active, up-to-date, and deliverable email address for you, and for periodically visiting our Website and this
Privacy Policy to check for any changes. Your continued use of our Website following the posting of changes
constitutes your acceptance of such changes.
b. PLEASE NOTE THAT FOR CALIFORNIA RESIDENTS THE CALIFORNIA CONSUMER PRIVACY ACT OF 2018 (“CCPA”) AS REVISED BY THE CALIFORNIA PRIVACY RIGHTS ACT (“CPRA”), EFFECTIVE AS OF JANUARY 1, 2023, WILL GOVERN OUR USE AND YOUR RIGHTS WITH REGARD TO YOUR PERSONAL INFORMATION. THIS PRIVACY POLICY HAS BEEN UPDATED TO COMPLY WITH THE CPRA AND ITS ASSOCIATED REGULATIONS.
4. Contact Information.
You have the right to request information with respect to the types of personal information we share with third parties and the identities of the third parties with whom we have shared such information during the immediately preceding calendar year. To obtain this information, please email us at help@hatchcollection.com. Please allow up to thirty (30) days for a response. We value your opinions and suggestions. Please email us with any questions or concerns, or alternately you can write to us at the following address:Hatch Studios, LLC
225 Bush Street, Ste 1300
San Francisco, California
94104
5. Types of Information We Collect.
a. When you
access our Website, or access our other Platforms, we collect several types of information from and about users of
our Website, depending on the context of your interactions with Us and the Website (“Personal Information”), including information:
(i) by which you
may be personally identified, such as: name, e-mail address, telephone number, gender, ZIP code/postal code, or
other additional information supplied by you, by which you may be contacted online or offline
(ii) necessary to
process your payment if you make purchases, including payment details such as your payment instrument number (i.e.,
a credit card number), and the security code associated with your payment instrument, collected in connection with
an order, a return, a promotion, contest, or fundraising event. All payment data is stored after tokenizing your
account, or collected in connection with your shopping history with us, including the items you purchase);
(iii) content you
submit to our Platforms, including photos, videos, or reviews.
(iv) aggregated
information about people who visit and interact with our Social Media Pages. "Aggregated" means information that regards you but does not include your
personal information or otherwise is specifically associated with you.
(v) If you call,
email, text, or chat with our customer service agents, we may keep records of those conversations.
b. We collect
this information:
(i) directly
from you when you provide it to us;
(ii) automatically
as you navigate through the site, use our services, or visit a store. Information collected automatically may
include usage details, IP addresses, information collected through cookies, and video footage or photographs
captured when you are on our premises.
6. Information You Provide to Us.
a. The
information we collect on or through our Website may include, but is not limited to:
(i) information
that you provide by filling in forms on our Website. This includes information provided at the time of registering
to use our Website, goods ordered or returned, material posted, or further services requested. We may also ask you
for information when you enter a contest or promotion sponsored by us, when you make a donation for an affiliated
fundraising event and when you report a problem with our Website;
(ii) records and
copies of your correspondence (including email addresses and related contact information) if you contact us;
(iii) your responses
to surveys that we might ask you to complete for research purposes;
(iv) details of
transactions you carry out through our Website and of the fulfillment of your orders. You may be required to
provide financial information before placing an order through our Website;
(v) your search
queries on the Website;
(vi) information
required to process a credit card transaction; and/or
(vii) video
recordings and photographic information of you when you visit one of our stores.
(viii) We may take your
personal information and de-identify it so as to make it non-personally identifiable, either by combining it with
information about other individuals and/or by hashing the information or otherwise removing characteristics that
make the information personally identifiable directly to you. We will treat de-identified information as
non-personal to the fullest extent allowed by applicable law.
(ix) We may combine
the information we collect online with information we collect in our stores or elsewhere offline.
b. You also may
provide information to be published or displayed (hereinafter, “Posted”) on public
areas of the Website or transmitted to other users of the Website or third parties (collectively, “User Contributions”). Additionally, we cannot control the actions of other users of
the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee
that your User Contributions will not be viewed by unauthorized persons.
7. Community Forums and User Submission.
a. Through our
communication functionality and interactive features (“Community Forums”), you may have
the opportunity to submit information to us. Any and all information and content that you submit or post to the
Community Forums, including, without limitation, photos, audio, video, messages, text, files, reviews, or other
content you provide us and as further described in our Terms of Use shall be classified as User Submissions (“User Submissions”). Your User Submissions may be subject to additional terms as
provided in our Terms of Use, located at https://www.hatchcollection.com/pages/terms-of-use which we ask that you
review as your use of and submission of information to us is deemed as an acceptance of our Terms of Use.
Additionally, some features, such as user reviews, may be operated by a third party and your postings also may be
subject to the third party’s privacy policy and terms of use.
b. Please note
that certain information, such as your name and/or place of residence, may be publicly displayed on the Website
along with your User Submissions. Your use of any Community Forum is subject to our Terms of Use, including without
limitation the “User Submissions” section. Note that anything you submit through a
public-facing Community Forum may be made public – others will have access to your User Submission and may use it or
share it with third parties. We are not responsible for the actions of third parties, and the use of your
information and other User Submissions by such third parties is not subject to the protections of this Privacy
Policy.
c. Social
Networking Features. Functionality on the Website may permit interactions between the Website and a third-party
service such as Facebook or Instagram (“Social Networking Features”). Examples of
Social Networking Features include enabling you to “Like” or “Share” content from the Website or to “Like” or “Share” our page on a third-party service; to automatically or selectively show your
social media posts on the Website; and to otherwise connect the Website to a third-party service. If you choose to
share content or to otherwise post information through the Website to a third-party service, or vice versa, that
information may be publicly displayed. Similarly, if you post information on a third-party service that references
us (for example, by using a hashtag associated with us in your post), your post may be published on the Website or
otherwise in accordance with the terms of that third party. Also, both we and the third party may have access to
certain information about you and your use of the Website and the third-party service. These third-party social
networking companies may collect information about your visit to a Platform through the Social Networking Features
we have integrated into the Platform, and - if you are signed into your account with such a third-party social
networking company – it may collect additional information in accordance with the terms of your agreement with that
company. In addition, we may receive information about you if other users of a third-party service give us access
to their profiles and you are one of their “Connections” or information about you is
otherwise accessible through your profile or similar page on a social networking or other third-party service. The
information we collect in connection with Social Networking Features is subject to this Privacy Policy. The
information collected and stored by the third party remains subject to the third party’s privacy practices,
including whether the third party continues to share information with us, the types of information shared, and your
choices with regard to what is visible to others on that third-party service.
d. We may make
available on the Platforms a “Send-to-a-Friend,” “Refer a
Friend,” “Wish List” or similar function that permits you to send Platform
content directly to a third party through the Platforms. If you send a friend a communication using such
functionality, the information you provide about your friend (e.g., name and e-mail address) is used to facilitate
the communication and is not used for any other marketing purpose unless we obtain consent from that person. If you
disclose any personal information relating to other people, you represent that you have the authority to do so and
to permit us to use the information in accordance with this Privacy Policy.
e. All personal
information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to
such personal information.
f. Employment
Applications. If you apply for a job through the Website, we or our service provider(s) may ask you to provide
self-identifying information (such as veteran status, gender, and ethnicity) in conjunction with laws and
regulations enforced by, as applicable, the Equal Employment Opportunity Commission and other federal, state,
provincial/territorial, and local regulatory agencies. Providing such self-identifying information is voluntary,
but if you do provide such information, we and/or our service provider may submit that information to the
appropriate government or regulatory agencies to fulfill reporting requirements and use that information to defend
against employment-related complaints.
8. Information We Collect Through Automatic Data Collection Technologies.
a. As you
navigate through and interact with our Website, we may use automatic data collection technologies to collect certain
information about your equipment, browsing actions, and patterns, including:
(i) details of
your visits to our Website, including traffic data, location data, logs, and other communication data, and the
resources that you access and use on the Website; and
(ii) information
about your device and internet connection, including your IP address, operating system, and browser type.
b. The
information we collect automatically is only statistical data and does not include personal information, but we may
maintain it or associate it with the personal information that we collect in other ways or receive from third
parties. It helps us to improve our Website and to deliver a better and more personalized service, including by
enabling us to:
(i) estimate our
audience size and usage patterns;
(ii) store
information about your preferences, allowing us to customize our Website according to your individual interests;
(iii) speed up your
searches;
(iv) recognize you
when you return to our Website; and
(v) to protect our
Services. We may use your information as part of our efforts to keep our Website safe and secure (e.g., for fraud
monitoring and prevention).
(vi) to create a
better experience for you and provide you with targeted advertising.
c. The
technologies we use for this automatic data collection may include:
(i) Cookies (or browser cookies). A cookie is a small
file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the
appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts
of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue
cookies when you direct your browser to our Website. These technologies are able to store a unique identifier for a
device to allow a certain Internet site to recognize the device whenever the device is used to visit the site.
These technologies may be used for many purposes by us and our third-party service providers, such as automatically
collecting Usage Information, enabling features, remembering your preferences, and providing you with targeted
advertising elsewhere online. If you do not want to accept cookies, you can block them by adjusting the settings on
your Internet browser. You can find more information about cookies and how they work at www.allaboutcookies.org.
(ii) Flash Cookies. Certain features of our Website may
use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation
to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser
cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How
We Use and Disclose Your Information.
(iii) Web Beacons. Pages of our Website may contain
small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that
permit the Company, for example, to count users who have visited those pages and for other related website
statistics (for example, recording the popularity of certain website content and verifying system and server
integrity).
(iv) Web Browsers. Certain browsers, or browser
add-ons, may provide additional local data storage mechanisms that are used in a manner similar to cookies, and some
of the content included on our Platforms may make use of this local storage. If you choose to disable cookies, or
to otherwise restrict local storage, some features of the Platforms may not function properly, including the
shopping cart and ordering processes.
(v) Embedded Scripts. An embedded script is
programming code that is designed to collect information about your interactions with the Platforms, such as the
links you click on. The code is temporarily downloaded onto your device from our server or a third-party service
provider, is active only while you are connected to a Platform and is deactivated or deleted thereafter.
(vi) JavaScripts. JavaScripts are code snippets
embedded in various parts of websites and applications that facilitate a variety of operations including
accelerating the refresh speed of certain functionality or monitoring usage of various online components.
(vii) Entity Tags. Entity Tags are HTTP code mechanisms
that allow portions of websites to be stored or “cached” within your browser and validates these caches when the
website is opened, accelerating website performance since the web server does not need to send a full response if
the content has not changed.
(viii) HTML5 Local Storage. HTML5 local storage allows
data from websites to be stored or “cached” within your browser to store and retrieve data in HTML5 pages when the
website is revisited.
(ix) Resettable Device Identifiers. Resettable device
identifiers (also known as “advertising identifiers”) are similar to cookies and are found on many mobile devices
and tablets (for example, the “Identifier for Advertisers” or “IDFA” on Apple iOS devices and the “Google
Advertising ID” on Android devices), and certain streaming media devices. Like cookies, resettable device
identifiers are used to make online advertising more relevant.
We do not collect personal information automatically, but we may tie this information to
personal information about you that we collect from other sources, or you provide to us.
d. Third-Party Use of Cookies and Other Tracking
Technologies.
(i) Some content
or applications on the Website are served by third parties, including, without limitation, advertisers, advertising
networks and servers, content providers, and application providers (each, a “Third-Party
Data Collector”). The Third-Party Data Collector may use cookies alone or in conjunction with web beacons
or other tracking technologies to collect information about you when you use our Website. The information a
Third-Party Data Collector collects may be associated with your personal information, or your online activities over
time, across external websites and other online services. A Third-Party Data Collector may use this information to
provide you with interest-based (behavioral) advertising or other targeted content.
(ii) We do not
control the tracking technologies of any Third-Party Data Collector nor how information collected by any Third-Party
Data Collector may be used. If you have any questions about an advertisement or other targeted content, you should
contact the relevant Third-Party Data Collector directly.
(iii) We also
contract with third party advertising, analytics companies or other service providers to perform certain services
on our behalf, such as online ads on other websites, hosting the Platforms or Platform features, delivering
packages, processing credit card payments, processing transactions and fulfilling orders, removing repetitive
information from customer lists, providing customer service, providing website usage analytics, providing search
results and links (including paid listings and links), providing targeted advertising, sending email, direct mail or
other communications, providing marketing assistance and data analysis or enhancement, or performing other
administrative services. These companies use cookies or similar technologies to collect information about your
interactions with our Platforms and interactions with other websites. These advertising companies may use and share
the information gathered to deliver ads more tailored to your interests. We receive aggregate information from
these third parties to understand our advertising effectiveness. Any information collected by us or by third
parties through the use of cookies or similar technologies may be linked with other information we collect about
you. We may give these service providers access to your information (or allow them to collect information from or
about you) so that they can carry out the services they are performing for you or for the Company. These third
parties share information they have collected with us. Your information may also be collected and processed by
third parties, such as the payment providers you select, who will process your information independently in
accordance with their own privacy notices. Your information may also be shared with us by others, such as your
friends and family, when they use a service on our Platforms; for example, by sending you an E-Gift Card or shipping
an order to your address. If someone else has provided us with your information, we will only process your
information for the applicable purpose(s) as described below in this Policy.
9. Information We Collect Through Video Footage.
a. When you
visit a store, we may collect video recordings and photographs of you that we use:
(i) for
security;
(ii) to detect and
prevent fraud;
(iii) prevent
product loss or damage;
(iv) report
incidents, and
(v) for
operational purposes.
10. Do We Collect Information From Minors?
a. Our
Platforms are general audience points of contact and are not directed at children under the age of thirteen (13).
Further, we do not knowingly solicit data from or market to children under eighteen (18) years of age. By using the
Website, you represent that you are at least eighteen (18) years of age or that you are the parent or guardian of
such a minor and consent to such minor dependent’s use of the Website. If we learn that personal information from
users less than eighteen (18) years of age has been collected, we will deactivate the account and take reasonable
measures to promptly delete such data from our records. If you become aware of any data we may have collected from
children under eighteen (18) years of age, please contact us at help@hatchcollection.com.
b. No Right to
Opt-In to the Sale for Personal Information for Users under sixteen (16). Without limiting the foregoing, any user
who is under sixteen (16) years of age is not permitted to opt in to the sale of their Personal Information.
c. Our
Platforms are not intended for children under thirteen (13). No one under thirteen (13) should share any Personal
Information with us, including creating an account or making a purchase. The children's clothing we offer for sale
is intended for purchase by adults only. We do not knowingly collect any personal information from children under
thirteen (13). If we learn that we have collected the personal information of a child under thirteen (13), we will
make reasonable efforts to delete that information from our records. To request deletion of personal information
relating to a child under thirteen (13), please email help@hatchcollection.com.
d. California
residents under sixteen (16) years of age may have additional rights regarding the collection and sale of their
personal information. Please see Your State Privacy Rights for more information.
11. What Categories of Personal Information Do We Collect?
a. We have
collected the following categories of personal information in the past twelve (12) months:
(i) Identifiers. Contact details, such as real name,
alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, device
identifier, date of birth (or partial DOB such as birth day and month), Internet Protocol address, email address and
account name; or other similar identifiers.
(ii) Personal information. Categories listed in the
California Customer Records statute (Cal. Civ. Code § 1798.80(e)). This may include, your name, signature, contact
information, education, employment, employment history Social Security number, physical characteristics or
description, address, telephone number, passport number, driver’s license or state identification card number,
insurance policy number, education, bank account number, credit card number, debit card number, or any other
financial information, medical information, or health insurance information.
(iii) Financial Information. This may include signature,
credit card number, debit card number, and other financial information.
(iv) Protected Classification Characteristics Under
California or Federal Law. The classification characteristics include: date of birth, age, race, ancestry,
ethnicity or national origin, citizenship, religion or creed, marital status, medical condition, physical or mental
disability, sex (including gender, gender identity, or gender expression), pregnancy or childbirth and related
medical conditions), sexual orientation, veteran or military status, and genetic information (including familial
genetic information).
(v) Commercial information. Commercial information
includes transaction information, purchase history, financial details, payment information, records of items
considered, purchased, and returned; information about reviews you have written; information about your customer
service contact history (such as when you interact with our customer service team over the phone or through chat or
if you respond to our text messages, including transcriptions of conversations and IVR recordings); information
about your participation in our loyalty program or other member programs (such as how many points you have and
promotion codes we send to you); and information about your participation in any contests, sweepstakes, or
promotions.
(vi) Biometric information. This includes genetic,
physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other
identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans,
keystroke, gait, or other physical patterns, and sleep, health, or exercise data and advanced clothes fitting
features that are based on body scanning technology.
(vii) Internet or Other Similar Network Activities. This
includes browsing history, search history, online behavior, interest data, and interactions with our and other
websites, applications, systems, and advertisements. This category includes: the hardware model, browser, and
operating system you are using; the URL or advertisement that referred you to the Platform you are visiting; all of
the areas within the Platforms that you visit; devices you have used to access the Platforms; login information
(such as your last login); your time zone; location information based off your IP address; and mobile network (if
applicable).
(viii) Geolocation data. This includes device location,
Physical location, or movements that we can collect through your use of our mobile app or features on our Website
(e.g., store locator).
(ix) Sensory Data. This includes audio, electronic,
visual, thermal, olfactory, or similar information, images and audio, video or call recordings created in connection
with our business activities. We may collect images or recordings from you when you use certain features of the
Platforms, such as writing product reviews. We may also contact you directly regarding re-use of a photo or video
you have created.
(x) Professional or Employment-Related Information.
This includes current or past employment, employment history, business contact details in order to provide you our
services at a business level, job title, work history, and professional qualifications if you apply for a job with
us.
(xi) Education Information. Non-public education
information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)):
Education records directly related to a student maintained by an educational institution or party acting on its
behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial
information, or student disciplinary records.
(xii) Inferences Drawn From Other Personal Information.
Inferences drawn from any of the collected personal information listed above to create a profile or summary about,
for example, an individual's preferences and characteristics, psychological trends, predispositions, behavior,
attitudes, intelligence, abilities, and aptitude.
b. Inferred information. To help keep our databases
current and to provide you the most relevant content and experiences, we may infer or generate information based on
the information we collect or combine information provided by you with information from third party sources, in
accordance with applicable law. For example, we may profile user attributes or create profiles reflecting user
behavior. We may also infer, generate, or collect and receive information from third parties, including partners,
and from publicly accessible sources, for purposes that include to detect, prevent, or otherwise address fraudulent,
deceptive, or illegal activity, misuse of our services and software, security or technical issues, as well as to
protect against harm to the rights, property or safety of our employees, users, children, or the public.
c. Personal
information does not include: Publicly available information from government records, deidentified or aggregated
consumer information. Information excluded from the CCPA’s scope, such as: health or medical information covered by
the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of
Medical Information Act (CMIA) or clinical trial data; personal information covered by certain sector-specific
privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California
Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. We obtain the categories
of personal information listed above from the following categories of sources: directly from our clients or their
agents, indirectly from our clients or their agents, or directly and indirectly from activity on our Website.
d. We may also
collect other personal information outside of the specified categories in instances where you interact with us
in-person, online, or by phone or mail in the context of:
(i) Receiving
help through our customer support Platforms;
(ii) Participation
in customer surveys or contests; and
(iii) Facilitation
in the delivery of our Services and to respond to your inquiries.
12. How We Use Your Information.
a. General Use.
(i) The
information We collect about you or that you provide to us, including any personal information, is used to
comprehensively understand your needs and interests, and permit Us to deliver a more consistent and personalized
experience. For example, We may use your information:
(A) To present our
Website and its contents to you;
(B) To provide you
with information, products, or services that you request from us;
(C) To provide you
with notices about your account, including expiration and renewal notices;
(D) To carry out
our obligations and enforce our rights arising from any contracts entered into between you and us, including for
billing and collection;
(E) To notify you
about changes to our Website or any products or services we offer or provide though it;
(F) To allow you
to participate in interactive features on our Website;
(G) To provide
personalized promotional offers and select content to be communicated to you;
(H) To detect,
prevent and remediate fraud or other potentially prohibited or illegal activities; and/or
(I) For any other
purposes with your consent.
(ii) We may also
use your information to contact you about our own and third-parties’ goods and services that may be of interest to
you. If you do not want us to use your information in this way, please adjust your user preferences in your account
profile. For more information, see Choices About How We Use and Disclose Your Information.
b. SMS Marketing.
(i) We may
collect your telephone numbers in accordance with the practices set forth in this Privacy Policy, for example,
during purchases or when you sign up to receive promotional messages. You can opt into receiving SMS messages by
opting in on a purchase order check out page, or by email.
(ii) We may use
your phone number to provide you with personalized updates, promotional offers, exclusive discounts, and updates.
These text messages may relate to our product, services, promotions, discounts, or any other updates that we believe
may interest you.
(iii) SMS messaging
charges may be applied by your carrier.
c. We may use
the information we collect for the following business purposes:
(i) Understanding You. Analyzing your activity with us
(including your interactions with our store, Platforms, affiliated websites, fundraisers, promotions, surveys and
focus groups, and emails or other forms of communication) and monitoring the effectiveness of our advertising and
communications.
(ii) Personalization. Using your preferences and other
collected information to personalize our relationship with you, including presenting customized communication,
advertising, and experiences on our Platforms (e.g., personalized size and fit recommendations), Emails, and ads on
Social Media. We may also use the information we have collected from you to enable us to display advertisements to
our advertisers’ target audiences. Even though we do not disclose your personal information for these purposes
without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that
you meet its target criteria.
(iii) Product Rating and Reviews. Post product reviews
that you have submitted.
(iv) Communications. Communicating with you, including
responding to your requests and asking for feedback through surveys or other messages.
(v) Promotions. Running contests, sweepstakes, or other promotions.
(vi) Fundraising. Managing your registration for our events, including communication with
you about your ticket and attendance; recording attendance; processing donations, and improving fundraising
participants' experience.
(vii) Hiring. Recruiting and hiring our associates.
(viii) Your Experience. Serving content on our Platforms, developing our products and services,
better understanding your needs and preferences, and constantly improving your experience.
d. Credit Cards/Electronic Payments. Credit card and
electronic payment information is used solely for payment processing and fraud prevention efforts. Credit card
information, and other sensitive personal information required to process a credit decision, is not used for any
other purposes by us or our financial services providers, and will not be retained any longer than necessary to
provide your services.
13. With Whom We Share Your Data and How It is Used.
a. Consent. We may process your data if you have given
us specific consent to use your personal information for a specific purpose.
b. Legitimate Interests. We may process your data when
it is reasonably necessary to achieve our legitimate business interests.
c. Performance of a Contract. Where we have entered
into a contract with you, we may process your personal information to fulfill the terms of our contract.
d. Legal Obligations. We may disclose your information
where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial
proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response
to public authorities to meet national security or law enforcement requirements).
e. Vital Interests. We may disclose your information
where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our
policies, suspected fraud, situations involving potential threats to the safety of any person and illegal
activities, or as evidence in litigation in which we are involved.
f. More
specifically, we may need to process your data or share your personal information in the following situations:
(i) Business Transfers. We may share or transfer your
information in connection with, or during negotiations of, any merger, sale of company assets, financing, or
acquisition of all or a portion of our business to another company.
(ii) Vendors, Consultants and Other Third-Party Service
Providers. We partner with third parties to assist with many aspects of our e-commerce business, including
fulfilling orders, advertising, analyzing your interests and activity on our Platforms, and helping us communicate
with customers. We may share your data with third-party vendors, service providers, contractors or agents who
perform services for us or on our behalf and require access to such information to do that work. Examples include:
payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts. We
may allow selected third parties to use tracking technology on the Website, which will enable them to collect data
on our behalf about how you interact with our Website over time. This information may be used to, among other
things, analyze and track data, determine the popularity of certain content, pages, or features, and better
understand online activity. Unless described in this notice, we do not share, sell, rent, or trade any of your
information with third parties for their promotional purposes. We may also receive information collected by these
third parties and combine it with the information we have collected. Some of these third parties may be located
outside the United States. Your information may also be collected and processed by third parties, such as the
payment providers you select, who will process your information independently in accordance with their own privacy
notices.
(iii) Marketing Providers. We partner with third parties
to assist with the advertising and marketing of our business. We may share with them the types of information
described in How We Use Your Information. We may also receive information collected by these third parties and
combine it with the information we have collected.
(iv) Other Third Parties. We will disclose information
about you, including to government bodies or law enforcement agencies, when we believe it to be necessary for
compliance with the law or to protect the users of our Websites and Apps, our Websites and Apps, or the public.
14. Deidentified and Aggregated Data.
We may create aggregated, de-identified, or anonymized data from the personal information we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified, or anonymized data and disclose it to third parties for our lawful business purposes, including to analyze, build, and improve the Services and promote our business, provided that we will not disclose such data in a manner that could identify you.
15. Third-Party Links & Content.
a. The Website may link to or incorporate websites,
advertising or content hosted and served by third parties over which we have no control, and which are governed by
the privacy policies and business practices of those third parties. We are not responsible for the privacy
practices or business practices of any third party.
b. We may work with network advertisers, ad
agencies, analytics service providers, and other vendors to serve our advertisements on our Website and third-party
websites, apps, and elsewhere online and to provide us with information regarding use of and traffic on the Website
(including without limitation the pages viewed and the actions users take when visiting the Website) and the
effectiveness of our advertisements. For example, if you click on a specific advertisement for a specific third
party, our service provider(s) may be able to tell us the advertisement you clicked on and where you were viewing
the advertisement. The advertisements you see may be served by us or one or more third parties, who may use
information about your activities on the Website, and other websites and services you visit across the various
devices you use, to provide you targeted content and advertising. Our service providers may collect certain
information about your visits to and activity on the Website and other websites and services and may use this
information to target advertising to you.
c. Third parties may set and access their own
tracking technologies on your device (including without limitation cookies and web beacons) and may otherwise
collect or have access to information about you (such as Usage Information and device identifier). Some of these
parties may collect personal information over time when you visit the Website or other online websites and services.
Cookies and web beacons, including without limitation those set by third-party network advertisers, may be used to
(among other things): target advertisements, prevent you from seeing the same advertisements too many times, and
conduct research regarding the usefulness of certain advertisements to you. We may share certain information such
as device identifiers, Usage Information, hashed information, records of transactions you conduct on our Platforms
or offline, and other types of de-identified information with third-party advertising companies, analytics
providers, and other vendors for advertising and analytics purposes. In addition, we and our third-party service
providers may use this information to perform matching with third-party cookies in order to provide targeted online
marketing.
d. We use a variety of service providers to perform
advertising and analytics services, and some of these companies may be members of the Network Advertising Initiative
(“NAI”) or Digital Advertising Alliance (“DAA”). You may
wish to visit optout.networkadvertising.org, which provides
information regarding targeted advertising and the opt-out procedures of NAI members. You may also want to
visit optout.aboutads.info, which provides information regarding
targeted advertising and offers an opt-out for DAA-participating companies. If you are a California resident,
please see our California Privacy Rights Notice annexed hereto as Exhibit A, regarding additional rights you have, including how to exercise your
rights.
e. We use Google Analytics, which uses cookies and
similar technologies to collect and analyze information about use of the Platforms and report on activities and
trends. This service may also collect information regarding the use of other websites, apps, and online resources.
You can learn about Google’s practices by going to google.com/policies/privacy/partners,
and opt out of them by downloading the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.
16. Security and Data Location.
a. Security Measures.
(i) We have
implemented appropriate technical and organizational security measures designed to protect and secure your Personal
Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you
provide to us is stored on our secure servers behind firewalls. Any payment will be encrypted using SSL technology.
(ii) However,
despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or
information storage technology can be guaranteed to be 100% secure. Although we do our best to protect your
Personal Information, we cannot guarantee that hackers, cybercriminals, or other unauthorized third parties will not
be able to defeat our security, and improperly collect, access, steal, or modify your information transmitted to our
Website. Although we will do our best to protect your personal information, any transmission of Personal
Information is at your own risk. We are not responsible for circumvention of any privacy settings or security
measures contained on the Website. You should only access the Website within a secure environment.
b. Cookies. To facilitate and customize your experience
with the Website, we may store cookies on your computer. A cookie is a small text file that is stored on a User’s
computer for record-keeping purposes which contains information about that User. We use cookies to save you time
while using the Website, remind us who you are, and track and target User interests in order to provide a customized
experience. Cookies also allow us to collect information from you, like which pages you visited and what links you
clicked on. Use of this information helps us to create a more user-friendly experience for all visitors. In
addition, we may use third party advertising companies to display advertisements on our services. As part of their
service, they may place separate cookies on your computer. We also contract with third party advertising or
analytics companies to serve you online ads on other websites. These companies use cookies or similar technologies
to collect information about your interactions with our Platforms and interactions with other websites. These
advertising companies may use and share the information gathered to deliver ads more tailored to your interests. We
receive aggregate information from these third parties to understand our advertising effectiveness. Any information
collected by us or by third parties through the use of cookies or similar technologies may be linked with other
information we collect about you. We have no access to or control over these cookies. This Privacy Policy covers
the use of cookies by our Website only and does not cover the use of cookies by any advertiser or other third party.
Most browsers automatically accept cookies by default, but, if you prefer, you may be able to modify your browser
settings to remove cookies and to reject cookies. Users may choose to set their web browser to refuse cookies, or
to alert you when cookies are being sent. If you choose to remove cookies or reject cookies, this could affect
certain features or services of our Website. To opt-out of interest-based advertising by advertisers on our Website
visit http://www.aboutads.info/choices/.
c. Analytics. Visitors to this Website who have
JavaScript enabled are tracked using Google Analytics. Google Analytics may collect some or all of the following
types of information from you: type of user agent (web browser) used, software manufacture and version number; type
of operating system; color processing ability of your screen; JavaScript support; Flash version; screen resolution;
network location; IP address; country, city, state, region, county, or any other geographic data; hostname;
bandwidth (internet connection speed); time of visit; pages visited; time spent on each page of the Website;
referring site statistics; the website URL you came through in order to arrive at the Website; or search engine
query used to find the Website. This data is primarily used to optimize our Website for our visitors and for
internal marketing purposes.
d. Other Tracking Devices. We may use other industry
standard technologies like pixel tags and web beacons to track your use of our Website pages and promotions, or we
may allow our third-party service providers to use these devices on our behalf. Pixel tags and web beacons are tiny
graphic images placed on certain pages on our Website, or in our emails that allow us to determine whether you have
performed a specific action. When you access these pages or open or click an email, pixel tags, and web beacons
generate a notice of that action. Pixel tags allow us to measure and improve our understanding of visitor traffic
and behavior on our Website, as well as give us a way to measure our promotions and performance. We may also
utilize pixel tags and web beacons provided by our affiliates and/or partners for the same purposes.
e. Timing.
(i) We will only
keep your personal information for as long as it is necessary for the purposes set out in this privacy notice,
unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal
requirements). No purpose in this notice will require us keeping your personal information for longer than six (6)
months past the termination of the user’s account.
(ii) When we have
no ongoing legitimate business need to process your personal information, we will either delete or anonymize such
information, or, if this is not possible (for example, because your personal information has been stored in backup
archives), then we will securely store your personal information and isolate it from any further processing until
deletion is possible.
17. Additional US State Privacy Rights.
a. Some states
in the US have passed state-specific privacy laws. This section supplements our privacy policy by explaining your
privacy rights if you are a resident in one of these states, provides certain mandated disclosures about our
treatment of personal information, and includes:
(i) Colorado,
Connecticut, Utah and Virginia specific disclosures and rights;
(ii) California
specific disclosures and rights;
(iii) Opt-outs for
sale or sharing of personal information; and
(iv) Metrics on
consumers exercising their rights.
b. Colorado, Connecticut, Utah, and Virginia.
(i) If you are a
resident of Colorado, Connecticut, Utah, or Virginia, we have certain obligations, and you have certain rights with
respect to your personal information, including:
(A) Right to
confirm whether the controller is processing the consumer’s personal information and the right to access such
information;
(B) Right to
correct inaccuracies in personal information;
(C) Right to delete
personal information;
(D) Right of data
portability;
(E) Right to opt
out from targeted advertising; and
(F) Right to opt
out from the sale of personal information.
(ii) In certain
states, you also have the right to opt out from profiling in furtherance of decisions that produce legal or
similarly significant effects on the consumer (such as Virginia, Colorado, and Connecticut) and appeal a decision
regarding a request to exercise your rights.
(iii) If you wish to
exercise one or more of these rights, please review the “What rights do I have regarding my personal information?”
section above. If you would like to opt out of targeted advertising or the selling or sharing of personal
information, please see the instructions below.
c. California.
(i) The
California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy
Rights Act of 2021 (“CPRA”) requires us to provide California consumers with some
additional information related to how we collect, use, retain, and disclose personal information as well as describe
additional rights. If you are a resident of the State of California, please see our California Privacy Rights
Notice annexed hereto as Exhibit A, regarding additional rights you have, including how to
exercise your rights.
18. What Are Your Other Privacy Rights If Located Outside the United States?
a. If you are a
resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland,
you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your personal information, as outlined below.
(i) Annexed
hereto as Exhibit
B is our EU Privacy Rights Notice which summarizes the
additional rights you have, including how to exercise such rights.
(ii) If there are
any conflicts between the attached EU Privacy Rights Notice and this Privacy Policy, the policy or portion that is
more protective of personal information shall control to the extent of such conflict. Note that we may also process
personal information of our customers’ end users or employees in connection with our provision of certain services
to customers, in which case we are the processor of personal information. If we are the processor of your personal
information (i.e., not the controller), please contact the controller party in the first instance to address your
rights with respect to such data.
b. If you are a
resident in the EEA, the contact detail for the data protection authorities is available here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
c. If you are a
resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
d. If you are a
resident in the UK, the contact detail for the data protection authorities is available here:
https://www.gov.uk/data-protection/find-out-what-data-an-organisation-has-about-you.
e. If you have
questions or comments about your privacy rights, you may email us at help@hatchcollection.com.
19. Account Information.
a. If you would
at any time like to review or change the information in your account or terminate your account, you can contact us
using the contact information provided.
b. Upon
your request to terminate your account, we will deactivate or delete your account and information from our
active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems,
assist with any investigations, enforce our Terms of Use and/or comply with applicable legal
requirements.
20. Your Privacy Choices.
a. You can
control the information we collect and use in the following ways:
(i) Location Information. You can disable
location-based services on your mobile device or web browser by adjusting the settings on your device or browser.
This will prevent our Websites and Apps from accessing your location information. Note that some services,
including check-in or nearby store locations, may not be available if you disable location-based services.
(ii) Push Notifications. We only send push
notifications to Apps users who agree to receive them. To stop receiving push notifications, adjust the settings on
your mobile device.
(iii) Emails. You can unsubscribe from our marketing
email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the
details provided below. You will then be removed from the marketing email list — however, we may still communicate
with you, for example to send you service-related emails that are necessary for the administration and use of your
account, to respond to service requests, or for other non-marketing purposes. To otherwise opt-out, you may contact
us using the contact information provided.
(iv) SMS Messages. We will not send you any text
messages unless you consent to receive them. You can opt out at any time from SMS marketing if you longer wish to
receive SMS messages from us. To opt out of receiving SMS Messages, including shipping alert text messages, reply
“STOP”, “UNSUBSCRIBE”, “CANCEL”, or “QUIT” to any SMS message received from us to any text message you have
received from us. Please note, that the opt out process may take up to ten (10) business days to become effective.
During this period, you may still receive some SMS messages from us. If you have opted out of SMS marketing and wish
to have your phone number removed from our database, you can make this request by emailing us.
(v) Online Accounts. You can keep your contact
information and payment methods accurate and up to date by logging into your account on our Websites or Apps.
(vi) Online Advertising. For information about opting
out of third party advertising, visit: NAI Opt-Out (http://www.aboutads.info/choices/) and DAA Opt-Out (http://optout.networkadvertising.org/?c=1) (you
will leave this Website for a separately managed online site where you can specify your preference under those
programs). You can also click on the icon that may appear on some of our advertising served through these
technologies. We may use more than one third party company for placing this advertising, which would require you to
opt out of each company.
b. Controls For Do-Not-Track Features. Most web
browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to
have data about your online browsing activities monitored and collected. At this stage no uniform technology
standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to
DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If
a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice
in a revised version of this privacy notice.
c. Based on the
applicable laws of your country, you may have the right to request access to the personal information we collect
from you, change that information, or delete it in some circumstances. To request to review, update, or delete your
personal information, please email us at help@hatchcollection.com.
d. If you are a
California resident, you can learn more about your privacy rights below in our California
Privacy Rights Notice annexed hereto as Exhibit A.
e. If you are a
resident of the EU, you can learn more about your privacy rights below in our GDPR Consumer Privacy Rights Notice
annexed hereto as Exhibit B.
EXHIBIT A
California Privacy Rights Notice
This Privacy Notice for California Residents supplements the information contained in the Privacy Policy of Hatch Studios, LLC (the “Company,” “We” or “Us”) and applies solely to all visitors, users, and others who reside in the State of California (“Consumers” or “You”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2021 (“CPRA”), and any terms defined in the CCPA and CPRA have the same meaning when used in this Notice.
This Policy does not apply to workforce-related personal information
collected from California-based employees, job applicants, contractors, or similar individuals.
Where noted in this Policy, the CCPA temporarily exempts personal information reflecting a
written or verbal business-to-business communication (“B2B personal information”) from
some its requirements.
The CCPA permits our users who are California residents to request
and obtain from us, once a year and free of charge, information about categories of personal information (if any) we
disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which
we shared personal information in the immediately preceding calendar year. If you are a California resident and
would like to make such a request, please submit your request in writing to us using the contact information
provided below.
If you are under 18 years of age, reside in California, and have a registered account with the Website, you have the right to request removal of unwanted data that you publicly post on the Website. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).
1. Definition of “Resident”
a. The California Code of Regulations defines a "Resident" as:
(i) every individual who is in the State of California for other than a temporary or transitory purpose; and
(ii) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.
b. All other individuals are defined as "Non-Residents."
c. If this definition of "Resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.
2. Sharing Personal Information.
a. We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we require the recipient to both keep that personal information confidential and not use it for any purpose except for use in connection with performing the services on our behalf. The CCPA prohibits third parties who obtain the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales. We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf.
b. We may use
your personal information for our own business purposes. This is not considered to be "Selling" of your personal data.
c. We may use
or disclose the personal information we collect for one or more of our business purposes in this Privacy Policy or
as otherwise set forth in the CCPA. We will not collect additional categories of personal information or use the
personal information we collected for materially different, unrelated, or incompatible purposes without providing
you notice.
d. The Company
discloses the following categories of personal information for a business purpose:
(i) Identifiers.
(ii) California
Customer Records
(iii) Personal
Information Categories.
(iv) Commercial
information.
(v) Internet or
other Electronic Network Activity Information (i.e., browsing history and information regarding a consumer’s
interaction with our Website).
(vi) Geolocation
data.
e. We disclose your personal information for a business purpose to the following categories of third parties:
(i) Our
affiliates;
(ii) Service
Recipients; and
(iii) Third parties
to whom you authorize us to disclose your personal information in connection with the products or services we
provide to you.
3. CCPA Rights.
The CCPA provides consumers who are California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights:
a. Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
(i) The
categories of personal information we collected about you;
(ii) The
categories of sources for the personal information we collected about you;
(iii) Our business
or commercial purpose for collecting or selling that personal information;
(iv) The categories
of third parties with whom we share that personal information;
(v) The specific
pieces of personal information we collected about you (also called a data portability request);
(vi) If we sold or
disclosed your personal information for a business purpose, two separate lists disclosing:
(A) Sales.
Identifying the personal information categories that each category of recipient purchased; and
(B) Disclosures
for a business purpose. Identifying the personal information categories that each category of recipient obtained.
We do not provide these access and data portability rights for B2B personal information.
b. Deletion Request Rights. You have the right to
request that we delete any of your personal information that we collected from you and retained, subject to certain
exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability,
and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our
records, unless an exception applies. We may deny your deletion request if retaining the information is necessary
for us or our service provider(s) to:
(i) Complete the
transaction for which we collected the personal information, provide a good or service that you requested, take
actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms
of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract
with you;
(ii) Detect
security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those
responsible for such activities;
(iii) Debug products
to identify and repair errors that impair existing intended functionality;
(iv) Exercise free
speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right
provided for by law;
(v) Comply with
the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
(vi) Engage in
public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all
other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously
impair the research’s achievement if you previously provided informed consent;
(vii) Enable solely
internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
(viii) Comply with a
legal obligation; and
(ix) Make other
internal and lawful uses of that information that are compatible with the context in which you provided it.
4. Exercising Access, Data Portability, and Deletion Rights.
a. To exercise
the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us
by either:
(i) Calling us
at 2123431685; or
(ii) Emailing us
at help@hatchcollection.com.
b. Only you, or
someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal
information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a
verifiable consumer request for access or data portability twice within a twelve (12) month period.
c. The
verifiable consumer request must:
(i) Provide
sufficient information that allows us to reasonably verify you are the person about whom we collected personal
information or an authorized representative.
(ii) Describe your
request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot
respond to your request or provide you with personal information if we cannot verify your identity or authority to
make the request and confirm the personal information relates to you. You do not need to create an account with us
to submit a request to know or delete. However, we do consider requests made through your password protected
account sufficiently verified when the request relates to personal information associated with that specific
account. We will only use personal information provided in the request to verify the requestor’s identity or
authority to make it. If, however, we cannot verify your identity from the information already maintained by us, we
may request that you provide additional information for the purposes of verifying your identity, and for security or
fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying
you. For instructions on exercising your sale opt-out or opt-in rights, see Personal Information Sales Opt-Out and
Opt-In Rights.
d. Response Timing and Format. We endeavor to respond
to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety
(90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we
will deliver our written response to that account. If you do not have an account with us, we will deliver our
written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve
(12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain
the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format
to provide your personal information that is readily useable and should allow you to transmit the information from
one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable
consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request
warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing
your request.
e. Personal Information Sales Opt-Out and Opt-In
Rights. If you are sixteen (16) years of age or older, you have the right to direct us not to sell your
personal information at any time (the “Right to Opt-Out”). We do not sell the personal
information of consumers we actually know are less than sixteen (16) years of age, unless we receive affirmative
authorization (the “Right to Opt-In”) from either the consumer who is at least thirteen
(13) but not yet sixteen (16) years of age, or the parent or guardian of a consumer less than thirteen (13) years of
age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. To exercise the
right to opt-out, you (or your authorized representative) may submit a request to us by emailing us at
help@hatchcollection.com. Once you make an opt-out request, we will wait at least twelve (12) months before asking
you to reauthorize personal information sales. However, you may change your mind and opt back into personal
information sales at any time by amending your preferences here. You do not need to create an account with us to
exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and
comply with the request.
f. In
accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified
in response to a consumer request or to re-identify individual data to verify a consumer request.
5. Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services;
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
6. CCPA Rights Request Metrics.
Metrics regarding the consumer rights requests We received from
California residents from January 1, 2023 to December 31, 2023 appear in the following chart:
Request Type: [Right to Know,
Right to Delete, Right to Opt-Out]
Received: [0]
Granted (in whole
or in part) : [0]
Denied: [0]
Median Days to Respond: [0]
Requests to Know: [0]
Unverifiable: [0]
Not by a California resident: [0]
Called for information
exempt
from disclosure: [0]
Denied on other grounds: [0]
Requests to Delete: [0]
Requests to Opt-Out
of Personal Information Sales: [0]
7. Other California Privacy Rights.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to help@hatchcollection.com or write us at:Hatch Studios, LLC
225 Bush Street, Ste 1300
San Francisco, California
94104
8. Changes to Our Privacy Notice.
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
EXHIBIT B
GDPR CONSUMER PRIVACY RIGHTS NOTICE
Additional Notice for European Union (EU) Residents
This GDPR Consumer Privacy Rights Notice supplements the information contained in the Privacy Policy of Hatch Studios, LLC (“Company”, “We”, or “Us”) and applies solely to all visitors, users, and others who reside in the European Union (“EU”) (“Consumers” or “You”). We adopt this notice to comply with the General Data Protection Regulation (“GDPR”) and any terms defined in the GDPR have the same meaning when used in this Notice.
This notice explains what information we collect about you, how that information is used, who receives this information, the circumstances in which such information is shared and the steps taken to maintain this information private and secure. If you are not resident of the EU, please refer to our privacy policy included on the first page of this document.
1. How We Collect and Use Personal Data.
a. We collect Personal Data from natural persons who are residents of the as described below.
(i) The types of Personal Data we collect:
(A) Identifiers: Includes your real name, postal address, email address, phone number, unique personal identifier, online identifier, token identifier, account name, social security number, driver’s license number, passport number, and/or other government issued number. All of these would be collected when and to the extent that you provide it to us directly or through third parties.
(B) Personal Data in Customer Records: Includes any information that identifies, relates to, describes, or is capable of being associated with a particular consumer or household, including, the “identifiers” listed in(A), and the following: signature, physical characteristics or description, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, medical information or health insurance, or any other financial information, such as: income, account balance, transaction history, payment history, credit history information when and to the extent that you provide it to us directly or through third parties.
(C) Legally Protected Characteristics: Includes date of birth/age, gender, race, color, national origin, citizenship, marital status, physical or mental disability, veteran or military status, religion or creed, medical condition, pregnancy or childbirth and related medical conditions, sexual orientation, genetic information (including familial genetic information)when and to the extent that you provide it to us directly or through third parties.
(D) Internet or Network Activity: Includes, but is not limited to, browsing history on our websites, search history, information on a consumer’s interaction with our websites or applications.
(E) Geolocation Data: Includes information such as physical location or movements.
(F) Information Typically Detected by the Senses: Includes audio information such as recordings of when you called into our customer service line; visual recordings or images such as the ones obtained through Closed-Circuit Television (“CCTV”) at our local branches or other premises; and electronic information in the form of Internet or other electronic network activity information, as described above.
(G) Employment Information: Includes current or past professional or employment-related information, including job history, performance evaluations, position details, or references.
(H) Education Information: Includes education information and qualifications that are not publicly available.
(I) Inferences from above used to Profile: Includes inferences drawn from other Personal Data, such as profiles reflecting a person’s preferences, behavior, attitudes, abilities, and aptitudes. The Company does not operate a website directed towards children or has actual knowledge that the bank is collecting or maintaining personal information from children online.
b. Sources from which we obtain your Personal Data:
(i) For each of these categories, we obtain your Personal Data from a variety of sources, including from:
(A) our customers and consumers, with respect to both online and offline interactions you may have with us or our service providers and other entities with whom you transact;
(B) others with whom you maintain relationships who may deal with us on your behalf;
(C) the devices you use to access our websites, mobile applications, and online services;
(D) credit bureaus;
(E) identity verification and fraud prevention services;
(F) marketing and analytics providers;
(G) public databases;
(H) social media platforms; and
(I) other sources consistent with this Privacy Policy.
c. Legal basis for processing:
(i) Depending on the purpose of the processing activity (see Section 2(d)), the legal basis for the processing of your personal data will be one of the following:
(A) necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract, such as when we use your data for some of the purposes in Section 2(d) (as well as certain of the data disclosures described in Section 2(e));
(B) required to meet our legal or regulatory responsibilities, including when we conduct the client on-boarding processes and make the disclosures to authorities, regulators and government bodies;
(C) in some cases, necessary for the performance of a task carried out in the public interest;
(D) necessary in order to protect the vital interests of the data subject or of another natural person;
(E) in limited circumstances, processed with your consent which we obtain from you from time to time (for instance, where required by laws other than the GDPR), or processed with your explicit consent in the case of special categories of Personal Data such as your medical information; and
(F) necessary for the legitimate interests of the Company, without unduly affecting your interests or fundamental rights and freedoms.
(ii) Where the Personal Data we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this Personal Data, there is a possibility we may be unable to on-board you as a client or provide products or services to you (in which case we will inform you accordingly).
2. How we use your Personal Data.
a. At the time you submit Personal Data or make a request, the intended use of the information you submit will be apparent in the context in which you submit it and/or because the Company states the intended purpose. The Company needs to collect, process and use Personal Data for a number of purposes. A primary purpose is to ensure we can provide customers with the products and services we offer and which they have requested. We also need to use Personal Data for purposes of carrying out our business operations, including confirming a person’s authority as a representative or agent of a customer, maintaining business continuity plans and processes, undertaking internal investigations and audits, handling legal claims, responding to requests form supervisory authorities, and complying with applicable laws and regulations.
b. We use the Personal Data we collect, as identified in the categories listed in Section 2(a) above, for the business purposes listed below:
(i) Financial, Legal and Compliance Management: Audits, accounting, and supporting our everyday operations, including to meet risk, legal, and compliance requirements;
(ii) Fraud Prevention: Reporting, evaluating and monitoring particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
(iii) Security: Detecting and protecting against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
(iv) IT Operations: Debugging to identify and repair errors in our systems;
(v) Marketing/Prospecting: Short-term, transient use, including contextual customization of ads; conducting marketing and surveys associated with our products and services;
(vi) Customer Services: Providing services on your or our behalf, or on behalf of another, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services;
(vii) Research: Conducting internal research to develop and improve technology;
(viii) Improving Products and Services: Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide;
(ix) Operation of our Sites: Preparing statistics, analyzing traffic patterns and performing analysis to support our operations; and
(x) Legal Proceedings: Receiving and responding to law enforcement requests, to prepare for or in support of ongoing litigation and as required by applicable law, court order, or governmental regulations.
c. We may also use the Personal Data we collect for:
(A) other operational processes,
(B) purposes for which we provide you additional notice, or
(C) purposes compatible with the context in which the Personal Data was collected.
3. Sharing of Personal Data.
a. When providing products or services to you, we will share Personal Data with other Company subsidiaries in order to ensure a consistently high service standard across our group, and to provide services and products to you.
b. In some instances, we also share Personal Data with our service providers, which provide services to us, such as IT and hosting providers, marketing providers, appraisers, adjusters, debt collectors fraud prevention providers, credit reference agencies, and others. For more information on the service providers with whom we share information, please see Reasons we can share your personal information. Whenever we disclose Personal Data, we execute a contract that describes such purpose and require the recipient to keep the Personal Data confidential and prohibit its use for any purpose other than to perform the obligations under the contract. When we do so, the Company requires such recipients to comply with appropriate measures designed to protect your Personal Data, including through contractual arrangements.
c. If required from time to time, we disclose Personal Data to public authorities, regulators, or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
d. If our business or assets were sold to another party, Personal Data will be transferred as part of the transaction. The Company may also share Personal Data with prospective purchasers during the due diligence process related to the prospects of selling or transferring part of, or an entire business. The Company requires such recipients to comply with confidentiality, privacy, and other legal requirements and in response, follow security measures designed to protect your Personal Data.
e. We will disclose Personal Data when legally required, to exercise or protect legal rights, including ours and those of our employees or other stakeholders; or in response to requests from you or your representatives.
4. Transfer of Personal Data to Different Countries.
We do business with service providers around the world and, in some instances, may transfer Personal Data to such providers in the course of doing business with them. These providers assist us with certain operations and activities. In those cases, the Company requires such recipients to comply with appropriate measures designed to protect your Personal Data, including through contractual arrangements.
5. How We Secure Personal Data.
We implement appropriate technical and organizational measures to address the risks corresponding to our use of your Personal Data, including loss, alteration, or unauthorized access to your Personal Data. We require our service providers to do the same through contractual agreements.
6. How Long We Keep your Personal Data.
We will retain your Personal Data for as long as it is needed or permitted in light of the purposes in Section 2(d). The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii)whether there is a legal or regulatory obligation to which we are subject; and (iii) whether retention is advisable in light of our legal or regulatory obligation (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
7. Your Data Protection Rights.
a. Laws in the EU enable individuals to have appropriate control
and oversight over what organizations do with your Personal Data.
b. The following are your
Personal Data rights:
(i) The right to be informed about our processing of your Personal
Data.
(ii) The right of erasure (right to be forgotten), which allows you to ask us to
destroy your Personal Data if you believe we no longer need it, or we are using it inappropriately. However, we may
continue to retain your information if we are entitled or required to retain it.
(iii) The
right to data portability, which includes the right to receive Personal Data you have provided to us in a
structured, commonly used, and machine-readable format.
(iv) The right of access to data
that has been collected and that we process. You may ask us for a description of the Personal Data we hold and the
purposes for holding it. You may ask for a paper or electronic copy of this information.
(v) The right to rectify or correct data if it is inaccurate, or to have incomplete data
completed.
(vi) The right to restrict processing when you contest data accuracy, when you
believe our use is unlawful, or when you wish for us to keep but not use Personal Data beyond our time limit for
storage, for purposes as described above in Section 2(d).
(vii) The right to lodge
complaints with a data protection authority regarding any processing by us or on our behalf.
(viii) The right to object extends to direct marketing when Personal Data is processed for
direct marketing purposes, including profiling to the extent it is related to such marketing. You may object to
direct marketing by clicking the “unsubscribe” link in any of our emails to you or by emailing us at
help@hatchcollection.com at any time. To object to SMS marketing, you may opt out by texting “STOP”, “UNSUBSCRIBE”,
“CANCEL”, or “QUIT” to any SMS message received from us.
c. The Company will seek to obtain your consent where required by applicable law. We may analyze users’ online activities, interests, and preferences in order to provide our services, such as to configure our online channels and apps for a better experience, and/or for marketing purposes. Where we process your Personal Data on the basis of your consent, you have the right to withdraw that consent at any time subject to applicable legal obligations. Please also note that the withdrawal of consent shall not affect the lawfulness of processing, based on consent before its withdrawal.
8. How to Revoke Your Consent to Our Use of Your Personal Data and Submit Privacy Related Inquiries.
a. You can direct all requests relating to access, correction, and
other legal rights regarding Personal Data, or any questions regarding this Notice, by emailing us at
help@hatchcollection.com.
b. We try to respond to all authenticated requests in relation to
your legal rights within one month. Occasionally it may take us longer than a month to respond, if your request is
particularly complex or you have made a number of requests. In this case, we will notify you and keep you
updated.
c. You may also submit a general privacy related inquiry in accordance with
applicable laws and regulations. We will respond to such requests in accordance with applicable laws.
d. Please issue such requests by sending a completed inquiry to us via email at
help@hatchcollection.com. Please provide your name and contact information along with your inquiry.
9. Changes to Our Privacy Notice.
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.