ROUND ROOM HOLDINGS, INC.
A. INFORMATION WE COLLECT
We typically collect four kinds of information about you when you use our Services:
Personal Data: Our definition of personal data includes any information that may be used to specifically identify or contact you, such as your name, address, or phone number. Personal data also includes information that may be used to identify you indirectly, including by reference to an online identifier, location data, or services identification number. As a general policy, we do not automatically collect your personal data when you visit our Website. In certain circumstances, we may request, allow, or otherwise provide you an opportunity to submit your personal data in connection with a feature, program, promotion, or some other aspect of our Services. For instance, you may: (a) provide your name, mail/shipping address, email address, credit card number, and phone number when registering with our Services and executing a Membership Agreement; (b) provide certain demographic information about yourself (e.g., age, gender, purchase preference, usage frequency) when using our Services; or (c) post a general comment and/or recommendation on our Services. Certain information may not be personal data when standing alone (e.g., your age), but may become so when combined with other information (e.g., your age and name). Whether or not you provide this information is your choice; in many instances, however, this type of information is required to enter into a Membership Agreement or participate in a particular activity, realize a benefit we may offer, or gain access to certain content or features available through our Services.
Usage Data: Our definition of usage data is any information that does not personally identify you (also referred to herein as "non-personal data") that is automatically collected anytime you visit the Website, including information such as browser type and referring websites. Usage data can include certain personal data that has been de-identified; that is, information that has been rendered anonymous. We obtain usage information about you from information that you provide us, either separately or together with your personal data. We also automatically collect certain usage data from you when you access our Services with your Equipment. This information can include, among other things, your wireless carrier, your IP addresses, the type of browser you are using (e.g., Internet Explorer, Firefox, Safari, Opera), the operating system you are using (e.g., Vista, Windows XP, Mac OS, Android, iPhone) on the Equipment, the domain name of your Internet service provider (e.g., CenturyLink, Google, Cox, AOL), the search terms you use on our Services, the specific web pages you visit, how much you use our Services, and the duration of your visits.
Financial Data: Our definition of financial data is any information needed to facilitate the purchase of items or services, including credit card information. Financial data may constitute personal data, depending on the circumstances of its collection and use.
Wireless Carrier and Service Information. Our definition of wireless carrier and service information is any information collected by us or any Partner pursuant to provision of any Services which includes, but is not limited to, the make and model of any Eligible Device (as defined below), serial number of any Eligible Device, and location of a wireless retailer servicer. "Eligible Device" hereunder means any smartphone, tablet, or mobile broadband device identified by you in any Membership Agreement.
B. HOW WE USE & DISCLOSE THE INFORMATION COLLECTED
Personal Data: The personal data you voluntarily submit to us is generally used to provide services pursuant to the Membership Agreement, carry out your requests, respond to your inquiries, better serve you, or in other ways naturally associated with the circumstances in which you provided the information. We may also use this information to later contact you for a variety of reasons, such as customer service, providing you promotional information for our products or those of any Partner, our parent company, subsidiaries, or other affiliated companies ("affiliated companies"), or to communicate with you about content or other information you have posted or shared with us via use of our Services.
You may opt-out from receiving future promotional information from us or our affiliated companies, or direct that we not share your information with any affiliated companies, as set forth below.
In certain instances, we may also share your personal data with third parties performing functions on our behalf (or on behalf of our affiliated companies) or accessing the Services (e.g., vendors that process credit card orders, provide our Services, administer our promotions, provide us marketing or promotional assistance, analyze our data, assist us with customer service). These third parties agree to use this information, and we share information with them, only to carry out our requests or provide Services.
Usage Data: We use usage information in a variety of ways. For example, we may use usage information to evaluate use of our Services (e.g., visits to our Website, use of our Applications), analyze site traffic, track purchases, understand customer needs and trends, carry out targeted promotional activities, and to improve our Services. We may use your usage information by itself or aggregate it with information we have obtained from others. We may, among other things, share your usage information with any Partner, our affiliated companies, allow third parties to collect such information directly from you.
Wireless Carrier and Service Information: We use, and our Partners use, wireless carrier and service information in order to provide services pursuant to the Membership Agreement.
General Uses and Disclosures: We use and share the information, including personal data, we collect from users for the purposes described below. To perform the following tasks, we may transfer your data to countries outside the United States and EEA using appropriate safeguards when necessary. When necessary, we will obtain your consent before using your data for these purposes:
Provision of Services to Website Users. If you use the Website, we will use your information to process and respond to your requests, comments, inquiries, and other forms you submit through the Website.
Processing Online Purchases. We use your Financial Data to process any purchases made on the Website, including disclosure of your Financial Data to third-party payment processors.
Improving our Services. We use your information to enhance our understanding of our users’ preferences and optimize the performance of the Services.
Disclosures to Service Providers. We share your information with third-party service providers that assist us with hosting and maintaining the Website, processing credit card information, analyzing online activity on the Website, marketing our services, and managing our daily business operations and delivery of the Services. We share only the minimum amount of personal data with these service providers that they need to perform their tasks. We also enter into contracts with these service providers that require them to protect personal data.
Compliance with Legal Obligations. We will share your information with law enforcement, government officials, regulatory agencies, or other parties when we are required to do so by applicable law. We will also disclose your information to comply with a judicial proceeding, court order, subpoena, or legal process.
Other Legitimate Interests. We will use and disclose your information when necessary for our legitimate interests, as long as such interests are not overridden by our users’ interests, rights, and freedoms with respect to their personal data.
CCPA Notice of Collecting and Sharing Personal Information
The chart below lists the categories of Personal Information we have collected, the sources from which we have collected Personal Information, and our purposes for sharing Personal Information, within the last twelve (12) months:
C. COOKIES AND PREFERENCE BASED ADVERTISING
Web beacons are tiny graphics with a unique identifier, similar in function to cookies, and may be used to track the online movements of users, when an email has been opened, and to provide other information. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page where the web beacon is placed. We may use web beacons to improve your experience with the Website, including to provide you with content customized to your interests and to understand whether users read email messages and click on links contained within those messages so that the Website can deliver relevant content. Our web beacons may collect some contact information (for example, the email address associated with an email message that contains a web beacon).
Other examples of the information we collect and analyze in this manner include: the Internet Protocol (IP) address used to connect your Equipment to the Internet; computer and connection information such as browser type and version, operating system, and platform; your activities on our Website, including the products you view or searched for, as well as the URL you come from and go to next (whether this URL is on our Website or not); and cookie number. It is important to note that the cookies and Web beacons that we use do not contain and are not tied to personal data or personally identifiable information about you.
A couple of important notes about this opt-out tool: (1) it includes all the advertising networks that we may work with, but also many that we do not work with; and (2) it may rely on cookies to ensure that a given advertising network does not collect information about you ("Opt-out Cookies") – an explanation of how Opt-out Cookies work can be found on www.aboutads.info. Therefore, if you use different Equipment, change web browsers, or delete these Opt-out Cookies from your computer, you will need to perform the opt-out task again.
Do Not Track Features: Certain browsers may offer you the option of providing notice to websites that you do not wish for your online activities to be tracked for preference-based advertising purposes ("DNT Notice"). Some browsers are, by default, set to provide a DNT Notice, whether or not that reflects your preference. Providing DNT Notice is often touted as a means to ensure that cookies, web beacons, and similar technology are not used for preference-based advertising purposes – that is, to restrict the collection of non-personally identifiable information about your online activities for advertising purposes. Unfortunately, given how preference-based advertising works, DNT Notices may not effectively accomplish this goal. For this and a variety of other reasons, with respect to our Website, we do not take any action based on browser based DNT Notices. Rather, if you do not wish to participate in preference-based advertising activities, you should follow the simple opt-out process identified below.
D. OTHER USES & INFORMATION
IP Addresses: An IP address is a number that is automatically assigned to the Equipment whenever you access the Internet. Web servers (computers that serve up web pages) automatically identify the Equipment by its IP address. When visitors request pages from our Website, our servers typically log their IP addresses. We collect IP addresses for purposes of system administration, to report non-personal aggregate information to others, and to track the use of our Services. IP addresses are considered non-personally identifiable information and may also be shared as provided above. It is not our practice to link IP addresses to anything personally identifiable; that is, the visitors’ session will be logged, but the visitor remains anonymous to us.
Email Communications: If you send us an email with questions or comments, we may use your personal data to respond to your questions or comments, and we may save your questions or comments for future reference. For security reasons, we do not recommend that you send non-public personal information, such as passwords, social security numbers, or bank account information, to us by email. We may send you emails for a variety of reasons –such as emails in response to your request for a particular service or your registration for a feature that involves email communications, that relate to purchases you have made with us (e.g., product updates, customer support), about our other products, services, or events, or when you consent to being contacted by email for a particular purpose. In certain instances, we may provide you with the option to set your preferences for receiving email communications from us – that is, agree to some communications but not others. You may "opt-out" of receiving future commercial emails from us by clicking the "unsubscribe," "opt-out," or similar link included at the bottom of most emails we send, or as provided below; we reserve the right, however, to send you transactional emails such as customer service communications.
Transfer of Assets: As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or all (or substantially all) of our assets, the personal data and non-personal data we have about you will be transferred to and used by this acquiring entity, though we will take reasonable steps to ensure that your preferences are followed. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.
The features, programs, promotions, and other aspects of our Services requiring the submission of personally identifiable information are not intended for children. We do not market and do not knowingly collect personally identifiable information from children under the age of 13. Certain benefits of our Services may be restricted to adults, age 18 or older. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personally identifiable information to us, please contact us as provided in Section H below. A parent or guardian of a child under the age of 13 may review and request deletion of such child's personally identifiable information as well as prohibit the use thereof. If we discover that we have inadvertently collected information from a child under 13 years of age, we will promptly take all reasonable measures to delete such information from our systems.
F. KEEPING YOUR INFORMATION SECURE
We have implemented security measures we consider reasonable and appropriate to protect against the loss, misuse, and alteration of the information under our control. Please be advised, however, that while we strive to protect your personal data and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online or through our Services, and are not responsible for the theft, destruction, or inadvertent disclosure of your personal data. In the unfortunate event that your "personal data” (as the term or similar terms are defined by any applicable law requiring notice upon a security breach) is compromised, we may notify you by email (at our sole and absolute discretion) to the last email address you have provided us in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation. From time to time we evaluate new technology for protecting information, and when appropriate, we upgrade our information security systems.
G. OTHER SITES/THIRD-PARTY LINKS
Our Services may link to or contain links to third-party websites, including the websites of our Partners, that we do not control or maintain, such as in connection with purchasing products we may recommend or reference via our Services and/or advertisements you may see while using our Services. We are not responsible for the privacy practices employed by any third-party website. We encourage you to note when you leave our Website and to read the privacy statements of all third-party websites before submitting any personally identifiable information.
H. CONTACT & OPT-OUT INFORMATION
Mail: ATTN: Compliance Officer
525 Congressional Blvd
Carmel, IN 46032
We will respond to your request and, if applicable and appropriate, make the requested change in our active databases as soon as reasonably practicable. Please note that we may not be able to fulfill certain requests while allowing you access to certain benefits and features of our Services.
I. SOLE STATEMENT
J. YOUR RIGHTS
Data Subjects from the EEA have the following rights under the GDPR:
To access the Personal Data we maintain about you;
To be provided with information about how we process your Personal Data;
To correct your Personal Data;
To have your Personal Data erased;
To object to or restrict how we process your Personal Data; and
To request your Personal Data to be transferred to a third-party.
Data Subjects from Canada have the following rights under PIPEDA:
To know why an organization collects, uses or discloses your personal information;
To expect an organization to collect, use or disclose your personal information reasonably and appropriately, and not use the information for any purpose other than that to which you have consented;
To know who in the organization is responsible for protecting your personal information;
To expect an organization to protect your personal information by taking appropriate security measures;
To expect the personal information an organization holds about you to be accurate, complete and up-to-date;
To obtain access to your personal information and ask for corrections if necessary;
To complain about how an organization handles your personal information if you feel your privacy rights have not been respected; and
To receive products or services even if you refuse consent for the collection, use or disclosure of your personal information, unless that information is essential to the transaction.
To exercise the above rights, please contact us at the information provided above. We will consider and process your request within a reasonable period of time. Please be aware that under certain circumstances, the GDPR or PIPEDA may limit your exercise of these rights.
Consumers from California (California residents) have the following rights under the CCPA:
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and confirm your identity, we will disclose to you:
The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
sales, identifying the personal information categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
The specific pieces of personal information we collected about you (also called a data portability request).
Currently, we do not provide a right to know for business-to-business (B2B) personal information.
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our Partners to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a Membership Agreement, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our Partners to take similar action.
Currently, we do not provide these deletion rights for B2B personal information.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by either:
Calling us at 855-799-8301
Emailing us at: firstname.lastname@example.org
Mailing a request to: ATTN: Compliance Officer
10300 Kincade Dr.
Fishers, IN 46037
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may make a request to know twice within a 12-month period. Your request to know or delete must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Additionally, you must describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at email@example.com.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
K. RETENTION OF PERSONAL DATA
For Data Subjects from the EEA and Canada, we will retain your Personal Data only as long as necessary to process your request or other submission, fulfill the terms of our service contract with you, and comply with applicable law.
L. HOW TO WITHDRAW CONSENT
At any time, Data Subjects from the EEA or Canada may withdraw consent you have provided to us for using, disclosing, or otherwise processing your Personal Data. You may withdraw your consent by contacting us pursuant to Section H above.
Please note that your withdrawal of consent to process certain Personal Data about you (1) may limit our ability to deliver services to you and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal.
M. HOW TO FILE A COMPLAINT
Data Subjects from Canada may file a complaint with the Office of the Privacy Commissioner of Canada. Additional information can be found here: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/.
You may also contact us using the contact information provided above to be directed to the appropriate DPA contact(s).