PERSONAL INFORMATION WE COLLECT, USE AND DISCLOSE
We collect, use, and disclose personal information about you solely for business purposes and as specifically stated in this Policy. Please note that when you use the Goli website (the “Site”), you are consenting to the collection, retention, disclosure, and other uses of your personal information as specified in this Policy.
Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We may use your personal information to:
- Process your order on the Site
- Send you notifications about your transaction or shipment
- Provide and improve our customer support
- Customize, measure, and improve our services
- Design our website in consequence of the way visitors use it
- Deliver target marketing, service update notices, and promotional offers based on your communication, and assess the success of our marketing and advertising campaigns
- Complete security checks related to the use of our services and help us screen for potential risk and fraud
- Contact you by email or by the method selected in your preferences.
Categories of Personal Information We Collect
We have collected the following categories of personal information within the last twelve (12) months:
- Identifiers, such as your name, postal address, email address, social network details, telephone number, or other similar identifiers. This information may be disclosed, as required, to internal and third-party customer support teams, e-commerce platform service providers, analytics and marketing service providers, and health and safety management service providers, or such service providers may collect this information from you when you use the Site or otherwise interact with them.
- California Customer Records listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, address, telephone number, and contact information. This information is disclosed to internal and third-party customer support teams, e-commerce platform service providers, analytics and marketing service providers, and health and safety management service providers, or such service providers may collect this information from you when you use the Site or otherwise interact with them. As it relates to bank account number, credit card number, debit card number, payment information or any other financial information, such information will be directly collected from you by e-commerce platform service providers and payment processing service providers. Goli’s customer support team may also collect medical information when provided directly by you and may disclose such information to health and safety management service providers as required, or such service providers may collect this information from you when communicating directly with you.
- Protected Classification Characteristics under California or federal law, such as age, and gender. This information is disclosed to customer support teams, and analytics and marketing service providers, or such service providers may collect the information from you when you use the Site. As it relates to age, gender, medical conditions, physical or mental disability, pregnancy or childbirth-related medical conditions, genetic information, and any similar information, health and safety management service providers may collect such information from you when communicating directly with you.
- Commercial Information, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This information is disclosed to GerdLi’s marketing team, e-commerce platform service providers, and analytics and marketing service providers, or such providers may collect such information from you when you use the Site.
- Payment and Financial Data, such as any data that is needed in order to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). Such payment and financial data is handled by GerdLi and the payment processing provider(s) in a manner compliant with applicable laws, regulations and security standards.
- Internet/Network Information, such as browsing history, search history, IP address, device identifier, browser type, operating system, the data and time of your visit on the Site, and information related to your interaction with advertisements, the Site, and emails sent to you. This information is disclosed to GerdLi’s marketing team and analytics and marketing service providers, or such providers may collect such information from you when you use the Site.
- Geolocation Data, such as location information from your device or estimated based on your IP address. This information is disclosed to GerdLi’s marketing team, and analytics and marketing service providers, or such providers may collect such information from you.
- Sensory Information, such as recordings of phone calls with you, where permitted by law. This information is disclosed to GerdLi’s customer support and management teams.
- Other Personal Information, including information you provide for us to post in a public space, including on the Site (such as testimonials) or on GerdLi’s social media pages, or that you post directly on GerdLi’s social media pages, information from your social media profile and information posted on your personal webpage, other information you submit, either by email, or when you attend any GerdLi events or communicate with internal or third-party customer support teams. This information is disclosed to marketing and customer support teams, and marketing service providers, or such providers may collect such information from you.
- Inferences, such as your profile reflecting personal preferences, characteristics, and predictions about your interests and preferences. This information is disclosed to GerdLi’s marketing team, and analytics and marketing service providers, or such providers may collect such information from you.
Sources of Personal Information
We obtain the personal information listed in the categories above as previously specified, or otherwise from the following sources, as applicable:
- Directly from you when you provide it to us, including when you contact us, when you visit the Site, and when you make purchases on the Site. Some of GerdLi’s service providers may further disclose personal information to their own third-party service providers, as required for them to provide their services.
- Indirectly from you, for example, from observing your actions on the Site, or automatically using cookies and other tracking technologies, as further specified in the “Tracking Technologies” section below. We may also obtain personal information about you from some of our business partners or companies who compile information about shoppers and their preferences, and from certain social media platforms.
When you visit the Site, we collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, which websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Do Not Track
Please note that we do not alter the Site’s data collection and use practices when we see a “Do Not Track” signal from your browser.
Sale of Personal Information and Disclosure to Other Parties
- GerdLi family of companies. GerdLi may share data within the GerdLi family of companies, which includes all subsidiaries and affiliates, as required.
- Service Providers. GerdLi shares data with its service providers, including third party providers that help with the following: order fulfillment, payment processing, fraud detection and identity verification, website operation, market research companies, support services, promotions, website development, data analysis, etc.
- Other parties due to a merger, acquisition, or sale. GerdLi may share data in the course of a corporate transaction such as a merger, acquisition, or sale of all or a portion of its assets.
- Other parties as required by law. GerdLi may disclose your information in the course of any legal process, upon request from a government entity, to protect our legal rights, to protect your safety or the safety of others, to investigate or prevent fraud, or in order to comply with the law or a legal requirement such as a subpoena.
SPECIFIC SERVICE PROVIDERS
As mentioned, maintaining your privacy is very important to GerdLi. Therefore, all your purchase transactions are processed via WordPress and are fully secure. In fact, GerdLi uses WordPress to power its online store. GerdLi also uses Google Analytics to better understand how customers use the Site — you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We may provide links or refer you to third-party websites or apps, including social media platforms. Please note that this Policy only applies to individuals who interact with GerdLi as consumers. This Policy does not apply to, and GerdLi is not responsible for, the privacy practices of any third parties. We invite you to read their privacy policies carefully.
As described above, we may use your personal information to provide you with targeted advertisements and/or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Despite the existence of this Policy and GerdLi’sefforts to maintain your privacy rights and protect your personal data, the transmission of information through the Internet is not always completely secure, and as such, we cannot guarantee the security of your data during transmission through the GerdLi website and any applications used.
YOUR PRIVACY RIGHTS
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident, we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
The California Consumer Privacy Act (“CCPA”) provides consumers that are California residents with specific rights regarding their personal information. This section describes your rights under CCPA and explains how to exercise those rights (subject to certain limitations at law) in relation to the personal information about you that we have collected and disclosed, as applicable.
- Right to Know (Right to Access Specific Information): The right to know and access any of the following information relating to the personal information we have collected, used, and disclosed within the past twelve (12) months (subject to verification of your identity):
- The specific pieces of personal information we have collected about you;
- The categories of personal information we have collected about you;
- The categories of sources of the personal information we have collected about you;
- The categories of personal information disclosed to third parties for a business purpose, and the categories of third parties to whom this information was disclosed;
- The business or commercial purposes for collecting the personal information.
- Right to Request Deletion: The right to request the deletion of your personal information that we have collected from or about you and retained (subject to our verification of your identity). However, we may deny your request to delete your personal information if it is necessary to maintain your personal information in order for us to:
- Complete the transaction for which we collected the personal information, fulfill the terms of any written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our obligations towards you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for such activities;
- Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
- Enable solely internal uses that are reasonably aligned with your expectations based on our relationship with you;
- Comply with a legal obligation;
- Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
- Right to Non-Discrimination: The right not to be discriminated against for exercising any of your CCPA rights. Unless permitted by the CCPA and for a valid reason, GerdLi will not, after you have exercised any of such rights:
- Deny you goods or services;
- Charge you different prices or rates for goods or service, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services;
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Right to Opt-Out of Personal Information Sales: The right to direct companies not to sell personal information about you to third parties. This section does not apply as GerdLi does not sell any personal information to third parties for direct monetary consideration.
Rights Under California’s “Shine the Light” Law
California’s “Shine the Light” law (Civil Code § 1798.83) permits California residents that have a business relationship with GerdLi, and/or that use the Site, to request certain information regarding disclosure of personal information to third parties for their direct marketing purposes during the preceding calendar year, or to opt-out of such disclosures.
When you place an order through the Site, we will maintain your personal information for our records as required, unless and until you ask us to delete this information when feasible.
This Policy may be updated from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons, and the updated Policy will be posted on the Site. Please consult the Policy periodically for updates. Your continued use of the Site following the posting of such updates constitutes your acceptance of such changes.
The Site is not intended for individuals under the age of 18, and Goli does not intentionally collect any information from minors. If you are the parent or legal guardian of a child under the age of 13, and believe that your child has provided personal information to us, please contact us as specified in the section below to inform us and request deletion of this personal information.
For more information about our privacy practices, to make requests related to your privacy rights, or if you would like to make a complaint, please contact us by e‐mail or by mail.
Contacting Us Under the CCPA
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal information and your California privacy rights. You are entitled to submit up to two requests to us within a twelve-month period.
In your request, please provide sufficient information that allows for verification of your identity (i.e., your name, email address, mailing address, and whether you are the person about whom we collected personal information or an authorized representative of such person), and describe (1) your request with sufficient detail that allows for proper evaluation and (2) the personal information that it relates to. In certain cases, additional personal information may be needed in order to properly respond to your request, and such information will be used solely for the purposes of verification.
You do not need to create a GerdLi account to submit a request.
Responses to Your Requests Under the CCPA
You will receive a response to your request within 45 days of its receipt. If more than 45 days (but no longer than 90 days) are reasonably required, you will be informed in writing of such an extension. If your request is not fulfilled, you will be provided with a justification within 45 days of your request.