CCPA Privacy Notice for California Consumers
CCPA Privacy Notice for California Consumers
Effective Date: 11/15/2022
Red Ribbon Bakeshop, Inc. and all related and affiliated companies (collectively, “Red Ribbon,” the “Company,” “we,” or “us”) respects your privacy and is committed to protecting it.
We collect data about users of our Website; about users of our mobile application; about individuals who contact or communicate with us online, by telephone or electronic means, or in person; about individuals who register for online promotions or who participate in rewards programs, online programs, surveys, or other transactions or activities; about individuals who visit our facilities or operations; about individuals who attend events organized or hosted by us; about our customers or prospective customers (where these are natural persons) or their employees, agents, and representatives; and about others who express an interest in us or with whom we carry on business (collectively, these individuals about whom we collect data are referred to as “you” and “your” in this Privacy Notice).
This notice describes the types of information we may collect from you or that you may provide when you visit our www.redribbonbakeshop.com (our “Website”), use our mobile application, or otherwise contact us, and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This notice applies to information we collect:
- On our Website.
- In email, text, and other electronic communications between you and us, including between you and our Website, you and our mobile application, and you and our social media pages.
- Through our mobile application you download from the App Store or Google Play.
- When you register for online promotions or participate in rewards programs, online programs, surveys, or other transactions or activities.
- Through or as a result of your entry upon any of our facilities or in connection with our operations, or attendance at an event organized or hosted by us.
- As a result of any sales, purchases, or other transactions made through us or through a third-party delivery service.
It does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on our Website.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). In particular, Red Ribbon collects and has collected from its consumers within the last twelve (12) months the following categories of Personal Information:
- Personal identifiers you provide when you provide information for orders or registration via our Website or mobile application, including your first and last name, alias, address, email address, telephone number, date of birth, fingerprint(s), gender, account name, online identifier, or any personal identifiers you provide to us when communicating with us.
- Transaction information you provide when you make a purchase from us, such as your first and last name, alias, address, telephone number, email address, and payment or financial information.
- Financial information you provide for payment information when you make a purchase from the Company, including through our Website or mobile application, such as your bank account number, debit card number, and/or credit card number.
- Records of commercial information such as your current and historical point-of-sale transactions and product purchases from us.
- Internet connectivity, usage, and activity information about your use, and the use by any person(s) you authorize, of our Website or mobile application, including the content you view, browser device and type, unique device identifier and/or Internet Protocol (IP) address, and information about your interactions with our Website or mobile application.
- Location information, including geolocation information provided through our Website’s server logs, our mobile application, and through Google Analytics for our Website by your device interacting with our Website, or associated with your Internet Protocol (IP) address, where we are permitted by law to process this information.
- Sensory data observed on general business security video surveillance at our facilities and operations and within our properties for the security and safety of our employees, customers, operations, assets, resources, and communities.
- Internet or other electronic network activity information, including, but not limited to, IP addresses, browsing history, search history, cookies, information about your interaction with our Websites or mobile application, and geolocation data.
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
How We Collect Your Information
Red Ribbon obtains the categories of Personal Information listed above from the following categories of sources:
- Directly from you. We collect information you provide to us when you inquire about our goods or services; register with us; place orders; participate in rewards programs, online programs, surveys, or other transactions or activities; through the billing and contact information you provide to us; communicate or otherwise interact with us through telephone, email or other electronic communication; through the use of our Website, our mobile application, our social media pages, or in person.
- Indirectly from you. We collect information from you, your household, or devices associated with you or your household through your use and actions on our Website, persistent cookies on our Website, and third-party analytics for our Website, as well as publicly available sources of information.
Use of Personal Information
We may use or disclose the Personal Information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, or communicate with us through email, our Website, our mobile application, our social media pages, or by telephone, we will use that Personal Information to respond to your inquiry and communicate with you. If you provide your Personal Information to make a purchase, we will use that information to process your payment and facilitate delivery or otherwise complete the purchase. We may also save your information to facilitate new purchases by you or process your requests.
- To have a means of communicating with you about transactions with us and send you information or request feedback about your purchases, our services, and features on our Website and mobile applications, or changes to our policies.
- To send you offers and promotions for our products and services.
- To provide, support, personalize, and develop our Website, mobile application, social media pages, products, and services.
- To create, manage, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website and mobile application experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, our mobile application, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, our mobile application, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, mobile application, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, sale, or transfer of some or all of Red Ribbon’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Red Ribbon about our Website users, mobile application users, and other consumers is among the assets transferred.
Red Ribbon will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
The security, integrity, and confidentiality of your personal information are extremely important to us. Red Ribbon has implemented technical and administrative security measures that are designed to protect personal information from unauthorized access, disclosure, use, and modification. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.
Sharing Personal Information
Red Ribbon does not disclose, share, or sell your Personal Information to any third parties for any monetary or commercial benefit, and has not disclosed, shared, or sold your Personal Information in the past twelve (12) months, for any monetary or commercial benefit.
Red Ribbon only discloses your information for a business purpose to service providers we utilize to provide goods and services for you and for marketing and web hosting in order to provide you with targeted communications and services that are tailored to your preferences.
In addition, Red Ribbon may disclose your personal information to (1) comply with any court order, law, or legal process, including to respond to any government or regulatory request, and/or (2) if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Red Ribbon, users and visitors of our Website and mobile application, or others.
The Rights of California Consumers Under the CCPA
The California Consumer Privacy Act of 2018 (CCPA) provides California residents who are “consumers,” as defined in the CCPA, with specific rights regarding their Personal Information. This section of this Privacy Notice describes the rights of “consumers,” as defined in the CCPA, and explains how California consumers can exercise those rights (“CCPA Privacy Notice”). Any terms defined in the CCPA have the same meaning when used in this CCPA Privacy Notice. Consumers with disabilities may access this CCPA Privacy Notice in an alternative format by contacting Red Ribbon through any one of the methods set forth below.
Right to Request Disclosure About the Personal Information Collected About You
Consumers, as defined in the CCPA, have the right to request that Red Ribbon disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we have received and verified your request, we will disclose to you:
- The categories of Personal Information we collected about you.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with whom we share that Personal Information, if any.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
However, Red Ribbon will not at any time in response to a request disclose a consumer’s financial account number or an account password, or security questions and answers.
Red Ribbon is not required to retain any Personal Information collected for a single, one-time transaction, if the information is not regularly retained by Red Ribbon, or re-identify any anonymous or de-identified information, in order to disclose that information to you.
Deletion Request Rights
Consumers, as defined in the CCPA, have the right to request that Red Ribbon delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we have received and verified your identify and request, we will delete your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access and Deletion Rights
If you are a California resident and you wish to exercise your rights to access the information Red Ribbon has collected about you and/or request that Red Ribbon delete the information about you, you will need to submit a verifiable consumer request so that Red Ribbon is able to corroborate your identity and provide your information to you.
To exercise your rights described above, please submit a verifiable request by:
- Emailing us at [email protected]
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. Any request to delete submitted through an online request will require you first to submit the request and, second, separately confirm that you want the information deleted.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer younger than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by any of the methods set forth above. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may opt back in to Personal Information sales at any time.We use Google Analytics to understand how you use our Website. This includes looking at where a visitor comes from and where they go when they leave our Website. Google provides an opt-out for this tool here.
We will not discriminate against you for exercising any of your CCPA rights after you have exercised those rights. Unless permitted by the CCPA, in response to you exercising your rights, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Our Website May Have Third Party Links
Our Website and mobile application may have links to third-party content. We do not control that content or the third party’s privacy practices. We encourage you to read their privacy policies to understand how they use your information.
Changes to Our Privacy Notice
Red Ribbon reserves the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will post the updated notice on our Website and update the notice’s effective date. Your continued use of our Website, our mobile application, and/or submitting information to us following the posting of changes constitutes your acceptance of such changes.
If you have any questions or comments about this notice, the ways in which Red Ribbon collects and uses your information, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Email: [email protected]