We internally collect Personal Data in connection with our Services. This policy applies to information we collect: (a) on this Website, (b) in email, text, and other electronic messages between you and this Website, (c) through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website, and (d) when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy. We collect this information to personalize, provide, and improve our Services, to allow you to set up a user account, to enable you to build Conversations, to contact you, to fulfill your requests for certain products and services, and to analyze how you use the Services, but we’ll talk more about all of that below. This policy does not apply to information collected by: (a) us offline or through any other means, including on any other website operated by Company or any third party; or (b) any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
Who are we and how can you contact us?
We are, as stated above, Paloma®. We collect and process your Personal Data, as well as manage our third-party service providers that additionally process your Personal Data.
The best way to contact us is through our dedicated customer service email, firstname.lastname@example.org.
You can also reach us as follows:
Paloma Works PBC
245 8th Ave #1050
New York, NY 10011
Who do we collect Personal Data from?
We collect Personal Data from our users, who are those individuals and businesses that sign up to use our Services. For our users, we act as data controllers, making decisions about the purposes for which we process Personal Data.
What Personal Data do we collect from you and why?
Through your visitation to, use of, and interaction with the Website, you may be asked for certain types of Personal Data. You will be asked to register to use our Services and when you do so, we will ask you for certain Personal Data. This section will only cover the Personal Data that we receive specifically from you.
Personal Data collected when you register with us: When you register to use the Services, we will collect the following Personal Data from you: name, business name (if applicable), email address, phone number, time zone, and a list of Facebook and Instagram pages you manage. We process all registration information manually and you will never be asked to sign up for anything outside of the registration information that we specifically ask you for when you sign a contract with us to use our Services.
Personal Data collected from User Customers: We collect Personal Data from User Customers under the direction of our users. If you are a User Customer who engages in a Conversation through our Services, we may collect information such as your name, and any profile picture or avatar you have associated with your Facebook and/or Instagram account. We’ll also collect and process the information that you provide to us through Conversations (such as responses to questions and search queries) and we’ll then provide that information to our users for their business purposes. If you are a customer who completes a Checkout with a User, we will also collect information such as your name, shipping address, email and phone number and we’ll then provide that information to our clients for their business purposes. We never sell or rent such information to anyone.
Personal Data collected for billing: As a user of our Services, you will be asked to provide us with billing and payment information. We do not collect or store billing information through any web portals, just like our registration Services.
Personal Data collected when we’re communicating: As a user of our Services, we may communicate with you about your account with us. These communications specifically won’t be marketing communications, but will rather be transactional and informational items, such as updates to our policies or other privacy-related matters, order confirmations, or receipts (in other words, you won’t be able to opt-out of these important messages). You may also be asked questions about how to improve Paloma®, or you may, at some point, communicate with our representatives because of questions that you have. In that case, we’ll receive your contact information and the contents of those communications. We consider this information Personal Data. We collect this information so that we can help with anything you need and to continue improving our Services in the future.
What Personal Data do we collect about you that we get from other sources and why?
Geo-location data: We may collect information about your location depending on the permissions you have set on your device or browser. We solely and exclusively use this information to provide you with our Services, including to update your time zone for accuracy. You can enable or disable location Services when you use our Services at any time, through your device or browser settings.
Usage Data: We may also collect information about the use of our Services, such as Conversations you have created using the Services, as noted above, and general data about your interactions with our Services. We collect this data to help us troubleshoot any problems that may arise for you and other users, as well as to help us understand usage trends and information.
What is our legal basis for processing your Personal Data?
We respect data minimization principles, which means we only collect the minimal amount of Personal Data required for legitimate business purposes, including providing the Paloma® Services to you.
In other words, we need the Personal Data that we do collect to effectively run our business and we don’t collect more than is necessary. The Personal Data you provide to us voluntarily (such as through registration, use, and communication with us) is up to you. That said, we may still process automatic Personal Data, such as that received through cookies, regardless of how you interact with our Services.
Will your Personal Data ever be shared and if so, how and with whom?
At Paloma®, we never rent or sell your Personal Data to anyone in a form that can identify you. We do, however, use third party service providers (those “data processors” we mentioned earlier) to help us operate Paloma®, including our web host and payment processors. We also share general business information - i.e. non-Personal Data - with partners and potential partners.
Third-Party Service Providers: The third party service providers that we use help run the business, so your data will pass through them, but we don’t provide your Personal Data (or any personally identifying information) for intentional access (for marketing list purposes, for example) to anyone. For the third parties that we utilize who also process your Personal Data, we have appropriate security and contractual measures (like encryption and data processing agreements) to ensure that your Personal Data always gets treated in compliance with the policies laid out here, as well as applicable law.
Other Disclosures: In certain cases, we may have to disclose your Personal Data to third parties outside those above. We limit that disclosure to the following circumstances:
- To satisfy any local, state, or Federal laws or regulations;
- To respond to requests, such discovery, criminal, civil, or administrative process, subpoenas, court orders, or writs from law enforcement or other governmental or legal bodies;
- To bring legal action against a user who has violated the law or violated our Terms of Service;
- In the case of any business transfer, sale, or transfer of assets of Paloma® (we’ll notify you if this happens);
- To generally cooperate with any lawful investigation about our users; or
- If we suspect any fraudulent activity on Paloma®.
Your Consent: Otherwise, if we get your explicit, unambiguous, and prior consent to share your Personal Data with anyone, we’ll do so.
What about marketing?
We may send you marketing communications, such as newsletters and brochures, but only after we obtain your explicit consent. In other words, we’re never going to automatically add you to a mailing list or other marketing communication list - we’ll specifically ask you to opt-in to the communications you want to receive.
If you do consent to receive marketing communications through your affirmative opt-in, you’ll be receiving things like newsletters, targeted campaigns, and offerings of new products, services, promotions, or recommendations from us and our affiliates and subsidiaries.
Even if you do want to get marketing messages from us, you’ll be able to revoke your consent at any time. You can do so by:
- Clicking on the “unsubscribe” link contained in each marketing email sent to you
- Sending an email to email@example.com
We’ll take you off our marketing list as soon as we can and you won’t hear from us again.
How do we store and protect your Personal Data?
Personal Data Storage: We only store your Personal Data as long as it is necessary for providing you with the Services or until you stop using our Services and request deletion of your data. We may also store your Personal Data for any applicable legal record-keeping, including after the closure of your account for legitimate business purposes (e.g., maintaining our accountancy records, enforcing our Terms of Service, or otherwise maintaining the safety and security of our Paloma® for a time period permitted by applicable law).
Personal Data Protection: We employ organizational and technical security measures to protect your Personal Data, such as limiting access to your Personal Data, secured networks, and encryption.
We also use secure physical and digital systems to store your Personal Data. We ensure that your Personal Data is protected against unauthorized access, disclosure, or destruction by utilizing practices that are consistent with standards in the industry to protect your privacy.
Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take all reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm, as well as notifying you of such breaches as soon as possible, but in no event, later than two weeks time.
What are your rights in relation to your Personal Data?
By using Paloma, you can exercise the following rights:
- REFUSING TO PROVIDE YOUR PERSONAL DATA: The voluntary Personal Data you provide to us is an integral part of your use of Paloma®. You can choose to forego the provision of that data, but you will be restricted from using our Services.
- WITHDRAWING CONSENT: You can withdraw your consent to the processing of your Personal Data at any time by sending an email to firstname.lastname@example.org. However, please be advised, as above, that you may be restricted from using the Paloma® Services. We may request identity verification to ensure we are interacting with the correct data subject. User Customers must contact the businesses they began conversations with for any withdrawal of consent, modification, or deletion of Personal Data.
- ACCESSING, OBTAINING, MODIFYING, AND DELETING YOUR PERSONAL DATA: Through your use of our Services, you can access and amend your own data at any time. To obtain, modify, amend, or delete your personal information, you can contact us directly at email@example.com. We will seek to respond to your request within a reasonable time.
- LAUNCHING A COMPLAINT WITH A DATA PROTECTION AUTHORITY: If you are a resident of the European Union and you are not satisfied with the outcome of your complaint submitted to us, you have the right to lodge a complaint with your local data protection authority.
How exactly can you launch a complaint, if you’re unhappy with the way in which we collect or process your Personal Data?
U.S. Residents: If you’re located in the United States, the collection of your Personal Data, is subject to investigation and enforcement by the Federal Trade Commission (“FTC”). We’re committed to resolving any complaints about the handling of your Personal Data as quickly and efficiently as we can, but if you’re not happy, you can lodge a complaint with the FTC.
California Privacy Rights: California Civil Code Section § 1798.83 permits users of Paloma that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org.
E.U. Residents: If you are a resident of the European Union and you are not satisfied with the outcome of your complaint as you submitted it to us, you have the right to lodge a complaint with your local data protection authority.
What about the international transfer of Personal Data?
We are based in the United States. In other words, your Personal Data gets sent to the United States whenever you use our Services. The risks of transferring data outside of your jurisdiction to the United States includes the possibility of data breaches and loss, but we use commercially reasonable efforts to maintain industry standards that protect your Personal Data as much as possible.
Do we collect any Personal Data from minors?
We do not allow use of Paloma® or any of our Services by users under the age of 18 (eighteen). As such, we don’t knowingly collect, store, or otherwise use any Personal Data from any minors under 18 (eighteen). If you are under 18, do not use or provide any information on this Website, through any of its features, register on the Website, make any purchases through the Website or the Services, use any of the interactive features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If you are a parent or guardian, and you learn that your children have provided us with Personal Data, please contact us immediately. If we become aware that we have collected Personal Data from children without verification of parental consent, we will immediately take steps to remove that information from our servers.