Privacy Policy Belgium (English)

Privacy Policy Belgium (English)

Privacy Policy

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information and how to contact us or the supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so we are subject to various laws in the United States and the General Data Protection Regulation (GDPR) which applies across the European Union (EU) and European Economic Area (EEA) (respectively the UK GDPR in the United Kingdom), and we are responsible as “controller” of that personal information for the purposes of those laws. To the extent this policy refers to provisions of the GDPR, if you are residing in the UK, any such reference shall be construed as a reference to the respective provisions enshrined in the UK GDPR.

  1. Key Terms.

    It would be helpful to start by explaining some key terms used in this policy:

We, us, our

Big Agnes Inc.

Our representative

Big Agnes International, B.V.

Herengracht 280

1016BX Amsterdam

Netherlands

Data protection officer contact details

[email protected]

877.554.8975

  1. Personal Information We Collect About You.

    We may collect and use the following personal information that identifies, relates to, describes, is reasonable capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

Categories of Personal Information

Specific Types of Personal Information Collected

Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers)

Name, Email Address, Postal Address, IP Address, Phone Number

Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)

Order history and payment details. We do not store full credit card numbers.

Internet or other electronic network activity information (e.g., IP address, browsing history, search history, and information regarding a consumer’s interaction with our or a third party web site, application, or advertisement)

IP address, device ID, the activity of users in the context of the website, the type of the respective end-device, the browser in use as well as the date and time of use.

Geolocation data

IP Address to determine shopping country

Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Please refer to section 6.

  1. How Your Personal Information is Collected.

    We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website. However, we may also collect information:

  • From publicly accessible sources (e.g., property records);
  • Directly from a third party (e.g., sanctions screening providers, credit reporting agencies, or customer due diligence providers);
  • From a third party with your consent (e.g., your bank);
  • From cookies on our website; and
  • Via our IT systems, including:
  • Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems
  1. How and Why We Use Your Personal Information.

    Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.,

  • To comply with our legal and regulatory obligations;
  • For the performance of our contract with you or to take steps at your request before entering into a contract;
  • For our legitimate interests or those of a third party; or
  • Where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your personal information for and our reasons for doing so. In case of the GDPR applying to such processing; we further state the respectively applicable legal basis for such processing as well as the pertinent data retention periods. Please note that any indicate retention period is subject to any such information falling under a statutory retention obligation (e.g. in case of tax-relevant information we are legally obligated to store such data for up to 10 years); further, in individual cases (such as legal disputes), it may be required to retain information for a longer period of time.

What we use your personal information for

Our reasons

Legal basis under the GDPR

Retention period under the GDPR

To provide and ship products and/or services to you

For the performance of our contract with you or to take steps at your request before entering into a contract

Art. 6 para. 1 lit. b GDPR

3 years after the end of the year of the purchase

To process payments including providing your information to our payment service providers (cf. below section 7)

For the performance of our contract with you or to take steps at your request before entering into a contract

Art. 6 para. 1 lit. b GDPR

3 years after the end of the year of the purchase

To provide this website to you as well as improvements to the service’s presentation, features and functionalities as well as general administration tasks

For the provision of the website to you or for our legitimate interest in ensuring and enhancing the functionality and error-free operation of the website and that it is tailored to the users’ needs

Art. 6 para. 1 lit. b, respectively lit. f GDPR

7 days after website visit

Creating and maintaining customer accounts

For the provision of, respectively for our legitimate interest of providing this functionality at your request based on Art. 6 para. 1 lit. b or lit. f GDPR

Art. 6 para. 1 lit. b, respectively lit. f GDPR

3 years after the end of the year in which the customer relationship ends

Customer inquiries

For our legitimate interest in processing your request

Art. 6 para. 1 lit. f GDPR

3 years after the end of the year of the inquiry

To personalize and analyze your use of this website

As further described under section 6.

As further described under section 6.

As further described under section 6.

To obtain and present user reviews

For our legitimate interest in offering this functionality to you, to gather your review to enhance our services and to use your review to market us and our products

Art. 6 para. 1 lit. f GDPR

Maximum of 3 years after they are obtained

To prevent and detect fraud against you or Big Agnes Inc.

For our legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for us and for you

Art. 6 para. 1 lit. f GDPR

3 years after the end of the year of each assessment

Conducting checks to identify our customers and verify their identity

Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator

Either as we are directly required to do so by law or because we have a legitimate interest in complying with other legal and regulatory obligations

Art. 6 para. 1 lit. c, respectively lit. f GDPR

3 years after the end of the year of each assessment

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies

Either as we are directly required to do so by law or because we have a legitimate interest in complying with other legal and regulatory obligations

Art. 6 para. 1 lit. c, respectively lit. f GDPR

As long as required to fulfil the aforementioned purpose. We, however, strive to delete or anonymize personal data as soon as possible.

Ensuring business policies are adhered to, e.g. policies covering security and internet use

For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you

Art. 6 para. 1 lit. f GDPR

As long as required to fulfil the aforementioned purpose s. We, however, strive to delete or anonymize personal data as soon as possible.

Operational reasons, such as improving efficiency, training and quality control

For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price

Art. 6 para. 1 lit. f GDPR

As long as required to fulfil the aforementioned purpose or as long as required in case any statutory retention obligation applies. We, however, strive to delete or anonymize personal data as soon as possible.

Ensuring the confidentiality of commercially sensitive information

For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information

To comply with our legal and regulatory obligations

Art. 6 para. 1 lit. c, respectively lit. f GDPR

As long as required to fulfil the aforementioned purpose. We, however, strive to delete or anonymize personal data as soon as possible.

Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures

For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price

Art. 6 para. 1 lit. f GDPR

Any results of such analysis are anonymous. Any underlying, personal data is deleted after the conclusion of the analysis (if not required for any other purpose set out in this policy).

Preventing unauthorized access and modifications to systems

For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you

To comply with our legal and regulatory obligations

Art. 6 para. 1 lit. c, respectively lit. f GDPR

We retain log files to all our systems for 90 days. In case of anomalies, attacks or other incidents we retain any pertinent log files and other relevant information for as long as required to investigate/remediate the incident or pursue our legal avenues

Updating and enhancing customer records / customer relationship management

For the performance of our contract with you or to take steps at your request before entering into a contract

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party for optimizing our marketing and sales efforts

Art. 6 para. 1 lit. b GDPR

 

Art. 6 para. 1 lit. c GDPR

 

Art. 6 para. 1 lit. f GDPR

3 years after the end of the year in which the customer relationship ends

Statutory returns

Either as we are directly required to do so by law or because we have a legitimate interest in complying with other legal and regulatory obligations

Art. 6 para. 1 lit. c, respectively lit. f GDPR

3 years after the end of the year of the return.

Ensuring safe working practices, staff administration and assessments

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you

Art. 6 para. 1 lit. c, respectively lit. f GDPR

As long as required to fulfil the aforementioned purpose. We, however, strive to delete or anonymize personal data as soon as possible.

Marketing our services and those of selected third parties to:

¾    existing and former customers;

¾    third parties who have previously expressed an interest in our services;

¾    third parties with whom we have had no previous dealings.

As further described under sections 5 and 6.

As further described under sections 5 and 6.

As further described under sections 5 and 6.

Credit reference checks via external credit reference agencies

For our legitimate interests or those of a third party, i.e. to ensure our customers are likely to be able to pay for our products and services

Art. 6 para. 1 lit. f GDPR

3 years after the end of the year of each assessment.

External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts

For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards

To comply with our legal and regulatory obligations

Art. 6 para. 1 lit. f, respectively lit. c GDPR

As long as required to fulfil the aforementioned purpose. We, however, strive to delete or anonymize personal data as soon as possible.

The above table does not apply to special category personal information, which we will only process with your explicit consent.

  1. Promotional Communications.

    We may use your personal information to send you updates (by email, text message, telephone or post) about our products and/or services, including exclusive offers, promotions or new products and/or services.

We have a legitimate interest in processing your personal information for promotional purposes (see above “How and why we use your personal information”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal information with the utmost respect and never sell or share it with other organizations outside the Big Agnes Inc group for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by:

  • Contacting us at [email protected]
  • Using the “unsubscribe” link in emails or “STOP” number in texts

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

For customers located in the EU/UK:

We will only use your personal information to send you updates (by email, text message or telephone) about our products and/or services, including exclusive offers, promotions or new products and/or services if you have provided us respective prior explicit consent.

We base the processing of your personal data in this context on your consent as per Art. 6 para. 1 lit. a GDPR. If you have provided consent, we may also collect data on how you interact with our promotional communications for the purpose of personalized marketing (cf. section 6 below).

You may withdraw your consent with effect for the future at any time by:

  • Contacting us at [email protected]
  • Using the “unsubscribe” link in emails or “STOP” number in texts

The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Notwithstanding, in case we have obtained your e-mail-address in connection with the sale of a good or service, we will use your e-mail-address to send you communication in relation to our own similar goods and services provided that you have not objected to such use of your personal data.

You may object to receive such communication at any time with effect for the future by exercising one of the abovementioned options. Objecting does not lead to costs other than transmission costs in accordance with the basic rates.

The legal basis for such processing is Art. 6 para. 1 lit. f GDPR in connection with the respective provision transposing Art. 13 (2) of the EU Directive on privacy and electronic communications 2002/58/EC into national law in the jurisdiction where you are located, for example in Germany Sec. 7 para. 3 of the Law Against Unfair Competition (Gesetz gegen unlauteren Wettbewerb, UWG) or in the UK Sec. 22 para. 3 of the The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

We will process your personal data for the abovementioned purposes only until you withdraw your consent, respectively until you object to receive any such communication. We will further store information that you have revoked your consent, respectively objected to receive marketing information in order to safeguard you do not receive any such communication going forward.

  1. Cookies, Pixel, Fingerprints and similar technologies

General information and information about your right to withdraw your consent

This website uses cookies and similar technologies (altogether “cookies”) that are stored on your device for the following purposes: Essential, Personalization, Analysis and Personalized marketing. These are explained in more detail below.

You can also find more information on the cookies used by our website, especially on their storage period, or exercise your right to withdraw your consent at any time with effect for the future under “Cookie Settings”. There, please move the respective or all slider(s) to the left and click on “Save” if you want to withdraw your consent for single or all purposes. In this case, only cookies that are technically necessary to provide you with this website will be used.

Your consent is set per browser and computer. Therefore, if you visit our website at home and work or with different browsers, you need to withdraw consent with every device or browser.

Type of cookie

Explanation

Legal basis under the GDPR

List of relevant services (see below for detailed information)

Storage period

Essential

Essential cookies are technically required to enable the use of our website and the functionalities contained thereon (e.g., for displaying content, load balancing and IT security) as requested by you and will be used automatically

The respective provision transposing Art. 5 (3) sentence 2 of the EU Directive on privacy and electronic communications 2002/58/EC into national law in the jurisdiction where you are established, for example in article XII. 13 of the Belgian Code of Economic Law and for the processing of personal data relating to you for this purpose Art. 6 para. 1 lit. b GDPR.

 

 

Osano

 

Cookies are stored for 365 days.

Signifyd

 

Cookies are stored for 720 days.

Monsido

 

Cookies are stored for 365 days.

Personalization

Personalization cookies are used to provide you with functionalities which are not strictly necessary, but enable you to use our website in a more comfortable and personalized manner, e.g. by saving and analyzing your preferences, entries and settings such as language choices. If you do not allow functional cookies, these functionalities may not be provided or may not function properly.

Your consent (to the extent given) in accordance with the respective provision transposing Art. 5 (3) sentence 1 of the EU Directive on privacy and electronic communications 2002/58/EC into national law in the jurisdiction where you are established, for example in article XII. 13 of the Belgian Code of Economic Law  and for the processing of personal data relating to you for this purpose Art. 6 para. 1 lit. a GDPR.

Power Reviews

 

Cookies are stored for 720 days.

 

Geo:Pro Geolocation Redirects

Cookies are stored for 720 days.

Weglot

Cookies are stored for 365 days.

Analysis

Analysis cookies are used to analyze your use of our website in order to measure and improve the performance of our website as well as the usage experience for the users. For this, especially your visits, activities and interactions on our and other websites as well as in-formation about your browser and device are analyzed and used to generate pseudonymous statistics. This helps us, for example, to know which pages of our website are the most and least popular and to see how users move around the site as well as to conduct tests and on such basis generate business insights in order to optimize our sales efforts.

Your consent (to the extent given) in accordance with the respective provision transposing Art. 5 (3) sentence 1 of the EU Directive on privacy and electronic communications 2002/58/EC into national law in the jurisdiction where you are established, for example in article XII. 13 of the Belgian Code of Economic Law  and for the processing of personal data relating to you for this purpose Art. 6 para. 1 lit. a GDPR.

Google Analytics

Cookies are stored for 24 months; the data retrieved by such cookies is stored for 24 months

Personalized marketing

These cookies may be used by us and our partners to build a profile of your interests, behavior and characteristics to show you relevant advertisements on our website and other media, such as websites, on social media platforms and in (mobile) applications that all might also be provided by third parties. For this, especially your usage behavior (also on other websites, social media platforms and apps), including your interactions with content and advertisements, in-formation that you have entered (e.g., in forms and surveys), occupational information about you (that is collected inter alia from LinkedIn) as well as information about your device and location and your interaction with our direct marketing communication (e.g. newsletters) is analyzed. This data may also be used to optimize and measure the success of advertisement campaigns.

Your consent (to the extent given) in accordance with the respective provision transposing Art. 5 (3) sentence 1 of the EU Directive on privacy and electronic communications 2002/58/EC into national law in the jurisdiction where you are established, for example in article XII. 13 of the Belgian Code of Economic Law and for the processing of personal data relating to you for this purpose Art. 6 para. 1 lit. a GDPR.

Meta Pixel

Cookies are stored for 24 months; the data retrieved by such cookies is stored for 24 months

Klaviyo

Cookies are stored for 24 months; the data retrieved by such cookies is stored for 48 months

Rakuten

Cookies are stored for 24 months; the data retrieved by such cookies is stored for 24 months

 

Essential

  • Signifyd

To enhance our fraud prevention efforts and ensure the safety of your transactions, we collaborate with Signifyd, an industry leader in fraud protection.

When you make a purchase on our website, we share certain information with Signifyd to verify the authenticity of the transaction and to protect against potential fraud. The information shared may include your name, email address, billing and shipping addresses, and details about the items you have purchased. This is solely to help Signifyd assess the risk associated with the transaction and to provide their fraud prevention services.

We want to reassure you that this process respects your privacy. We share only the necessary information required for fraud analysis and do not disclose sensitive payment information like credit card numbers.

For further insight into how Signifyd processes and protects your data, please review their privacy policy available at Signifyd Privacy Policy: https://www.signifyd.com/privacy/

  • Monsido

To ensure that our website is accessible and provides a seamless experience for all users, we have partnered with Monsido, a leader in web accessibility and performance management.

Monsido assists us in scanning our website to identify and address issues related to accessibility, quality assurance, and SEO. This helps us ensure that our website meets various standards and provides an optimal experience for all visitors. When you visit our site, Monsido collects data related to website usage and performance. This data does not include personal identifiers like your name or email address; it focuses on technical elements and user interactions to improve website functionality.

We do not share any information related to you as a person with Monsido. The data collected is solely for enhancing website usability and ensuring compliance with accessibility standards.

  • Osano

As part of our commitment to protecting your privacy and ensuring that your personal data is handled with care, we have partnered with Osano, a provider dedicated to ensuring compliance with privacy laws and regulations.

Osano assists us in managing consent and cookie preferences on our website. When you visit our site, Osano helps in capturing and storing your consent preferences to ensure that your privacy choices are respected and that we comply with legal standards.

No information related to you as a person such as your name, email address, or payment details is shared with Osano without your explicit consent. The information managed by Osano primarily includes your consent preferences and interactions with our privacy management tools. This ensures that your experience on our website is not only compliant with privacy regulations but also tailored to your preferences.

  • Rakuten

To enhance your shopping experience by providing valuable rewards and promotional offers, we have partnered with Rakuten, a global leader in affiliate marketing and cash-back rewards.

Rakuten assists us in managing and tracking the rewards and promotions that you access through our website. When you make a purchase or participate in a promotion via Rakuten’s platform, they collect information necessary to ensure you receive your rewards. This information typically includes details about the transactions, such as the purchase amount and the items bought. It does not include personal identifiers like your name or email address unless specifically required for the reward or promotion.

We do not share any sensitive personal information, such as payment details, with Rakuten. The data exchanged is strictly limited to what is necessary for tracking and processing the rewards and promotions.

For further details on how Rakuten manages and protects your data, please review their privacy policy, which you can access at Rakuten Privacy Policy: https://www.rakuten.com/help/article/privacy-policy

Personalization

  • Power Reviews

As part of our commitment to enhancing your experience and offering you valuable services, we collaborate with PowerReviews, a trusted provider specializing in facilitating product reviews on our website.

When you make a purchase through our website, we provide PowerReviews with specific information to enable them to offer you the opportunity to review the products you've purchased. The information shared includes your name, email address, and the details of the products you've ordered. This is solely for the purpose of enabling the product review process, allowing you to share your opinions and experiences with other customers.

We want to assure you that we are mindful of your privacy in this process. Therefore, we do not share sensitive details such as the prices you paid or any of your payment information with PowerReviews or any other third parties.

To understand more about how PowerReviews handles the information provided to them, we encourage you to review their privacy policy. You can access it at PowerReviews Privacy Policy: https://www.powerreviews.com/privacy-policy/

  • Geo:Pro Geolocation Redirects

To tailor our website experience to better suit your location-specific needs and preferences, we have partnered with Geo:Pro Geolocation Redirects, a service specializing in geolocation technology.

Geo:Pro Geolocation Redirects helps us determine your geographical location based on your IP address when you visit our website. This information allows us to provide you with content, offers, and language preferences that are most relevant to your region. Please be assured that the information used for these purposes is limited to your IP address and does not involve any personal identifiers such as your name, email address, or precise location details.

We do not share any further information with Geo:Pro Geolocation Redirects. The use of your IP address is solely for the purpose of enhancing and personalizing your browsing experience on our site.

  • Weglot

To provide a seamless and inclusive browsing experience for all our users, regardless of their language, we have partnered with Weglot, a leading provider of website translation and multilingual support services.

Weglot assists us in offering our website content in multiple languages, enhancing accessibility for a global audience. When you visit our website, Weglot automatically detects your browser's language settings and provides the option to view the content in your preferred language. This process does not involve the collection or use of personal identifiers such as your name or email address; instead, it focuses solely on language preferences to facilitate content translation.

We do not share any personal information with Weglot. The use of your language settings is exclusively for the purpose of delivering a tailored and accessible website experience.

Analysis

n/a

Personalized marketing

  • Google Analytics

Provided you have consented, this website uses Google Analytics, a web analytics service provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) and Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) (“Google”) for the purpose of analyzing the use of this website.

For this purpose, a cookie is installed on your device. This cookie will collect data such as browser and device information, your IP address, visited websites, and date and time of server request for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and inter-net usage to the website provider. The cookie also collects information about the interactions that users had with ads (clicking a text ad or viewing a video ad). We will also share information on the status and the scope of your consent with Google.

We will use the data collected to optimize this website and campaigns, retarget and personalize ads. For this purpose, the cookies stored on your device by Google allow you to be retargeted on the one hand (e.g. within the scope of “Google Ads”) on Google's websites and on the other hand (e.g. within the scope of “Google Campaign Manager 360”) on our websites and – depending on your interests – when you visit websites of other partners. For this purpose, your browser is identified during advertising delivery and assigned to a target group. This information is used to display relevant and interesting ads to you. This data may also be used to optimize and measure the success of advertisement campaigns as well as to predict and gain insights on the potential behavior across all users.

We have implemented Google Analytics in a manner so that the last octet (the last portion) of your IP address is immediately obfuscated when the IP address is collected within the EU or EEA. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the US.

You find more information about privacy in Google services here: http://www.google.de/intl/de/policies/privacy

  • Meta Pixel

Provided you have consented, we use the Meta Pixel provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) (“Meta”). This tool allows us to analyze and personalize our ads based on your usage of our website in order to provide ads specifically tailored for you. To this end, the Meta Pixel collects your IP address, browser information, the visits and actions you take on our websites, “Facebook-ID” and date and time of the server request. See section 1 a. of the Facebook Business Tools Terms (https://www.facebook.com/legal/technology_terms), for further information about the data you share with us via Facebook/Meta Business Tools such as the Pixel.

The data collected is used to optimize campaigns and create custom audiences, which are groups of Facebook and Instagram users based on that data collected, to target ad campaigns on Facebook and Instagram (Facebook and Instagram Ads). For this purpose, it can also be determined whether different end devices belong to you or your household.

Insofar as data on your usage of our website is collected, personalized ad campaigns are optimized and custom audiences are created, we act as joint controller in accordance with Art. 26 GDPR together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. In this respect, we have entered into an agreement with Meta which can be found here: https://www.facebook.com/legal/controller_addendum (“Controller Addendum”). The agreement determines the respective roles and responsibilities for fulfilling the obligation under the GDPR with regard to joint controllership.

The required information as per Art. 13 para. 1 lit. a, b GDPR with regard to data processing as joint controllers can be found in Meta’s privacy policy here: https://www.facebook.com/privacy/policy.

We have agreed with Meta that Meta is the contact point for the exercise of data subject rights pursuant to Articles 15-20 of the GDPR with regard to the processing activities in joint controllership.

Further information on how Meta processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy.

Further information on data protection and the storage period with respect to Meta Pixel can be found at: https://www.facebook.com/privacy/explanation and https://www.facebook.com/policies/cookies/.

  • Klaviyo (Email Marketing)

To provide you with a personalized and engaging shopping experience, we utilize Klaviyo, a trusted service that specializes in email marketing and customer relationship management.

Klaviyo assists us in managing our email communications and marketing campaigns by collecting and analyzing data on how you interact with our emails. This includes tracking which emails you open, the links you click on, and the products you show interest in. The data collected helps us to tailor our communications to better suit your preferences and provide you with more relevant information and offers.

Please be assured that the information collected by Klaviyo is limited to your interactions with our emails and does not include any sensitive personal data such as payment details. We share only your email address and purchasing behavior with Klaviyo to facilitate these personalized communications.

For more detailed information on how Klaviyo processes and protects your data, please review their privacy policy, which you can access at Klaviyo Privacy Policy.

  1. Who We Share Your Personal Information With.

    We routinely share personal information for the abovementioned purposes with:
  • Our affiliates, including companies within the Big Agnes Inc group;
  • Service providers we use to help deliver our products and/or services to you, such as payment service providers, warehouses and delivery companies;
    • Shopify Payments
    • Paypal
  • Other third parties we use to help us run our business, such as marketing agencies or website hosts (cf. above section 6);
  • Third parties approved by you, including social media sites you choose to link your account to;
  • Credit reporting agencies;
  • Our insurers and brokers;
  • Our banks

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors, e.g. in relation to ISO or Investors in People accreditation and the audit of our accounts.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We will not share your personal information with any other third party.

  1. Where Your Personal Information is Held.

    Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: “Who We Share Your Personal Information with”).

For customers located in the EU/EEA. Some of these third parties may be based outside the EU/EEA or countries officially recognized by the EU Commission as providing an adequate level of data protection.  Where this is not the case your personal data may potentially be transferred to third countries (i.e. outside of the EU/EEA and countries officially recognized by the EU Commission as providing an adequate level of data protection) not providing for a level of data protection essentially equivalent to that of the EU/EEA. Any such transfers of your personal data, however, only occur in case the additional requirements for international data transfers enshrined in Art. 44 et seq of the GDPR are complied with, pre-dominantly by concluding EU Standard Contractual Clauses and, if required, implement additional measures in order to establish an adequate level of data protection. The EU Standard Contractual Clauses are model contracts provided by the EU Commission which – if required – together with additional measures are intended to ensure that your personal data are processed in accordance with European data protection standards even if the processing takes place outside the EU/EEA.

  1. How Long Your Personal Information Will Be Kept.

    We will keep your personal information while you have an account with us or while we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as is necessary:
  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To show that we treated you fairly or we have complied with our contractual or statutory obligations in relation to you (usually until the respectively applicable statute of limitation expires); or
  • To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.

When it is no longer necessary to retain your personal information, we will delete or anonymize it.

  1. Your Rights Under the CCPA.

    You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to exercise free of charge:

 

Disclosure of Personal Information We Collect About You

You have the right to know:

·         The categories of personal information we have collected about you;

·         The categories of sources from which the personal information is collected;

·         Our business or commercial purpose for collecting or selling personal information;

·         The categories of third parties with whom we share personal information, if any; and

·         The specific pieces of personal information we have collected about you.

·         Please note that we are not required to:

·         Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;

·         Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or

·         Provide the personal information to you more than twice in a 12-month period.

Personal Information Sold or Used for a Business Purpose

In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know:

·         The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and

·         The categories of personal information that we disclosed about you for a business purpose.

You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt-out of the sale or disclosure of your personal information. If you exercise your right to opt-out of the sale or disclosure of your personal information, we will refrain from selling your personal information, unless you subsequently provide express authorization for the sale of your personal information. To opt-out of the sale or disclosure of your personal information, please email [email protected].

 

Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

·         Delete your personal information from our records; and

·         Direct any service providers to delete your personal information from their records.

·         Please note that we may not delete your personal information if it is necessary to:

·         Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

·         Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

·         Debug to identify and repair errors that impair existing intended functionality;

·         Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;

·         Comply with the California Electronic Communications Privacy Act;

·         Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

·         Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

·         Comply with an existing legal obligation; or

·         Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Protection Against Discrimination

You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:

·         Deny goods or services to you;

·         Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;

·         Provide a different level or quality of goods or services to you; or

·         Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.

  1. Your Rights Under the GDPR.

    If you are residing in the EU/EEA, you have the right under the General Data Protection Regulation (GDPR), as applicable, to exercise free of charge:
  • Right to access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data.
  • Right to rectification: You have the right to have false personal data concerning you corrected.
  • Right to erasure: You may also request the deletion of your personal data, for example if your data are no longer required for the purposes for which they were collected or otherwise processed.
  • Right to restriction of processing: You also have the right to request that the processing of your personal data be restricted; in such a case, the data will be blocked for any processing. This right exists in particular if the accuracy of the personal data between you and us is debated.
  • Right to lodge a complaint with the respectively competent data protection supervisory authority: You also have the right to file a complaint at any time with a supervisory authority, in particular a supervisory authority in the Member State where you are staying, working or the place of alleged infringement, if you believe that the processing of personal data concerning you is in violation of applicable data protection laws.
  • Right to data portability: If we process your personal data to fulfil a contract with you or on the basis of your consent, you also have the right to receive your personal data in a structured, commonly used and machine-readable format, provided and to the ex-tent that you have made the data available to us.
  • Right to withdraw consent: if you have provided consent to us to process your personal data, you have the right to withdraw any such consent with effect for the future at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to object: In case of processing activities involving your personal data that are carried out on basis of a legitimate interest of us or a third party, you have the right to object against such processing of your personal data at any time for reasons resulting from your specific situation. We will stop that processing unless we can prove important reasons for the processing which deserve protection which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against legal claims.
  1. Keeping Your Personal Information Secure.

    We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We continually test our systems and are ISO 27001 certified, which means we follow top industry standards for information security. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

  1. How to Exercise Your Rights.

    If you would like to exercise any of your rights as described in this Privacy Policy, please:
  • Complete a data subject request form. Questions about this policy? Fill out our contact form and choose “website usage” as the reason for contact. We’ll have an expert follow up. https://link.bigagnes.com/contact
  • Call us, toll-free, at 877.554.8975; or
  • Email us at [email protected].

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

If you choose to contact directly by website/email/phone/in writing, you may need to provide us with:

  • Enough information to identify you (e.g., your full name, address and customer or matter reference number);
  • Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
  • A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

  1. Changes to This Privacy Notice.

    This privacy notice was published on 30.5.24 and last updated on 30.5.24.

We may change this privacy notice from time to time–when we do, we will inform you via mechanism for informing the data subject of changes to the notice, e.g., our website or other means of contact such as email.

  1. How to Contact Us.

    Please contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are shown below:

 

Our contact details

Our Data Protection Officer's contact details

PO Box 773072Steamboat Springs CO 80477

PO Box 773072Steamboat Springs CO 80477

[email protected]

[email protected]

877.554.8975

877.554.8975

  1. Do You Need Extra Help?

    If you would like this notice in another format (for example: audio, large print, braille) please contact us (see “How to contact us” above).