PRIVACY POLICY

Simply Styled Sites (“Company,” “we,” “us,” “our”) maintains this Privacy Policy to inform you of our practices with regard to personal data we collect from or about you in connection with our website (the “Site”) or through the provision of our services (the “Services”). We may update this Privacy Policy from time to time. We will notify you of any material change by providing a notice on our website or, if you are a customer, by whatever other means upon which we have mutually agreed. This is the current version of this Privacy Policy By using the Site or the Services provided by Company, you acknowledge your consent to the practices described herein.  Definitions and usage from Your other Agreements with the Company are incorporated and used here as necessary. If you are a customer who is subject to the privacy laws of California or the European Union, the Data Privacy Addendum located at the end of this agreement applies to you.   The Privacy Policy and Data Privacy Addendum it may be updated from time to time governs the obligations between us with regard to personal data as defined by such laws.

Personal data we collect

  1. Information you give us
    In order for you to use our Services and other features of our Site, we will ask you for some of your personal data (e.g. contact information, name, etc.). The amount and type of information that we gather depends on the nature of the interaction. For example, we ask visitors who would like to comment on our blog to provide a username. Those who purchase Services from us are asked to provide additional information including, as necessary, the personal and financial information required to process transactions. In each case, we collect such information only insofar as is necessary or appropriate to fulfill the purpose of your interaction with us. You can always refuse to supply personal data; however, doing so may prevent you from receiving our Services or engaging in other activities on the Site. In no event will we ever request sensitive personal data (e.g. health information, religious preferences, etc.) from you, and we expressly request that you not provide any such sensitive personal data to us.
  2. Web server logs
    As is true of most websites, we gather certain information automatically through your use of the Site. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring or exit pages, the files viewed on the Site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and clickstream data to analyze trends in the aggregate and administer the site. We use analytical software to help us understand this information. This software sends information to its licensor. Other sites and companies may also use this software. As a result, the licensor may collect information that, when aggregated by them, allows them to identify you individually. We have no responsibility for this collection and use.
  3. Cookies
    We and Company Parties or our Partners use cookies and similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level.
    Ads appearing on our Site may be delivered to you by advertising partners who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers our use of cookies and does not cover the use of cookies by any advertisers. However, data tracking files used by us may also be used by these advertisers and, when combined with other information held by them, be used to identify you. For more information on third-party cookies and instructions on how to opt-out of those cookies set by members of the National Advertising Initiative, please click here.
    Or, if you are located in the European Union, please visit the European Interactive Digital Advertising Alliance here.
  4. Information collected by our customers.
    Our customers may collect personal data in connection with the Services we provide to them. Company’s customers control the personal data they collect, and Company will not use or disclose that personal data except as authorized or directed by the customer in the course of our provision of the Services and as governed by our agreement with that customer. If your personal data is controlled by one of our customers, and you have concerns about the way that data is managed or wish to exercise your rights with respect to such data (including your rights of access, amendment, or deletion), please contact that customer directly.
  5. How we use personal data
    Company will only use the personal data we collect as reasonably
    necessary for the following purposes:

    1. to allow you to use and interact with the Site;
    2. to provide the Services to you as our customer;
    3. to inform our continued development of the Site and the Services;
    4. to communicate with you from time to time in response to your requests for information
      or as may be relevant to your account with us;
    5. to send marketing communications related to the services we provide;
    6. as required by applicable law or legal requirements pertaining to records retention or for internal administrative purposes; or
    7. as specifically authorized by you in writing.
  6. Disclosure to third parties
    We will not disclose your personal data to third parties except as
    follows:

    1. when we believe, disclosure is reasonably required to comply with any law or legal request;
    2. to enforce our legal and contractual rights, or to protect the rights and safety of others;
    3. to third parties who help us provide any part of the Site or the Services, to the limited extent required for such help, and on condition that they may not further disclose your data or use it for any other purpose; or
    4. as part of a sale of our assets or a merger of our company.

We remain responsible for compliance with this Privacy Policy by third parties to whom we disclose your personal data.

7. Procedures to protect personal data
We have put in place reasonable measures and appropriate procedures for implementing these policies and for safeguarding the personal data we collect. However, we cannot guarantee that personal data we collect will never be disclosed in a manner inconsistent with this Privacy Policy. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received.

8. Your rights over personal data that we control
Upon request, we will provide you with details regarding your personal data that has been collected by us or which is under our control. If you would like to change information that we maintain about you, you may log into your account and change it or submit a support request for any information to which you don’t have access or the ability to change yourself. Information covered by this Privacy Policy may be deleted upon your request, provided that such deletion may impact our ability to provide you with the Services. You may also request that we update or correct your personal data by writing us at 5205 Avenida Encinas Ste A, Carlsbad, CA 92008, or by sending an email to [email protected] We will respond to your request within a reasonable time frame. You may opt-out of receiving most e-mails from us by following the “unsubscribe” instructions provided in the e-mails. Alternatively, you may contact us as described herein. If you are our customer, you may not be able to opt out of all emails, including certain administrative or billing communications which are important to the ongoing maintenance of your account.  We may keep your personal data for as long as reasonably required to meet the purposes described herein. Additionally, we will retain this information as required by law, as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9. EU-US and Swiss-US Privacy Shield
The Company, the Company Parties or our Partners to the extent necessary participate in and have certified our compliance with the EU – U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.Under the Privacy Shield Frameworks, we are responsible for the processing of personal data that we collect from you and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland including the onward transfer liability provisions.  With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including requests made to meet national security or law enforcement requirements.  If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge)
at https://feedback-form.truste.com/watchdog/request.Under certain conditions more fully described on the Privacy Shield website located at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

10. California Residents
If you are a resident of the State of California, this Section addresses your rights and our obligations under the California Consumer Privacy Act of 2018 (“CCPA”). Terms used in this Section have the same meaning as provided in the CCPA.

 11. Information We Collect
Our Site collects information that identifies, relates to, describes, references, is capable of
being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, our Site has collected the following categories of personal information from visitors within the last 12 months:

Category: Identifiers.
Examples: A real name, IP address, email address, account name, or other similar identifiers.

Category: Personal information categories listed in the California Customer Records statute
(Cal. Civ. Code § 1798.80(e)).
Examples: A name, address, telephone number, and (if you are applying for a job) your current employment
and employment history.

Category: Internet or other similar network activity.
Examples: Browsing history, search history, information on a consumer’s interaction with a website,
application, or advertisement.

Category: Geolocation data.
Examples: Physical location or movements.

Personal information does not include:

  1. Publicly available information from government records.
  2. De-identified or aggregated consumer information.
  3. Information excluded from the CCPA’s scope.

We obtain the categories of personal information listed above from the following categories of
sources:

  1. Directly from you. For example, from forms you complete on our website.
  2. Indirectly from you. For example, from observing your actions on our website or interactions with our advertisers.

Use of Personal Information
We may use, or disclose the personal information we collect for one or more of the following business purposes:

  1. To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to
    purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
  2. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  3. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  4. As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  5. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information
We disclose all of the above categories of personal information to our third-party service providers subject, in each case, to a written contract that describes the business purpose of the disclosure and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Sales of Personal Information
We do not and will not sell your personal information.

Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will provide:

  1. The categories of personal information we collected about you.
  2. The categories of sources for the personal information we collected about you.
  3. Our business or commercial purpose for collecting or selling that personal information.
  4. The categories of third parties with whom we share that personal information.
  5. The specific pieces of personal information we collected about you (also called a data portability request).
  6. The categories of personal information we sold to a purchaser, and the categories of recipients.
  7. The categories of personal information we disclosed for a business purpose, and the categories of recipients.

Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion
Rights
To exercise the access, data portability, and deletion rights described above, you can contact us by email at [email protected] or by phone at 760-683-4455. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination
We will not discriminate against you for exercising any of our CCPA rights. Unless permitted by the CCPA, we will not:

  1. Deny you goods or services.
  2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  3. Provide you a different level or quality of goods or services.
  4. Suggest that you may receive a different price or rate or goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us an electronic message through our website or write us at our address listed on our webpage.

Data Privacy Addendum

This Digital privacy Addendum (‘”DPA”)  amends the Agreement between Company and You or Customer and addresses the rights and obligations of the parties with respect to data privacy under Applicable Law. We may update this DPA from time to time in our sole discretion; the is the current version.

Definitions. Capitalized terms which are not defined herein shall have the meaning provided in the Agreement. In addition, the following defined terms apply solely with respect to this DPA.

  1. “Applicable Law” means any statute, regulation, executive order, and other rule or rules issued by a government office or agency that have binding legal force and are generally applicable to Personal Data or the provision of the Services with respect to Personal Data, including GDPR, CCPA, and the state and federal laws of the United States.
  2. “CCPA” means the California Consumer Privacy Act of 2018.
  3. “Data Subject” means an identified or identifiable natural person whose rights are protected by GDPR or a “Consumer” as defined under CCPA.
  4. “GDPR” means Regulation 2016/679 of the European Parliament.
  5. “Personal Data” means any information about a natural person that is identified or identifiable to the natural person, either alone or in combination with other information, that Company will Process or have access to as part of providing the Services, including any such information that is created by means of the Services. Personal Data includes “personal data” as that term is defined under GDPR and “personal information” as defined under CCPA.
  6. “Process,” when used with respect to Personal Data, means: (i) to record, store, organize, structure, analyze, query, modify, combine, encrypt, display, disclose, transmit, receive, render unusable, or destroy, by automated means or otherwise; (ii) to provide cloud or other remote technology hosting services for applications or services that do any of the foregoing; and (iii) any other use or activity that is defined or understood to be processing under Applicable Law.
  7. “Security Event” means any of the following: (i) unauthorized Processing or other use or disclosure of Personal Data; (ii) unauthorized access to or acquisition of Personal Data or the systems on which Personal Data is Processed; (ii) any significant corruption or loss of Personal Data that Company is unable to repair within a minimal period of time; (iii) any event that has or is reasonably likely to significantly disrupt the Processing of the Personal Data as part of the Services; and (iv) any material unsuccessful attempt to gain unauthorized access to, or to destroy or corrupt, the Personal Data, but not including any routine, unsuccessful events such as pings, port scans, blocked malware, failed log in attempts, or denial of service attacks.
  8. Confidential Information. The Personal Data that Company Processes for you as part of the Services is your Confidential Information covered by our confidentiality commitments stated in the Agreement. We make the additional commitments stated in this DPA as to the Personal Data.
  9. Use and Disclosure. We will not use, disclose, or Process the Personal Data except as permitted by the Agreement or your other written instructions, or as strictly necessary for our internal administrative purposes related to the provision of our Services. We will make available to you a list of any sub-processors we use in compliance with Applicable Law. We will require any sub-processors to contractually agree to terms at least as protective of your Personal Data as those stated in this DPA and the Agreement.
  10. Compliance with Applicable Law. Each party will comply with Applicable Law as it relates to such party’s performance under the Agreement
  11. Notice of Request from Data Subject. We will promptly notify you if we receive a request from a Data Subject to disclose, provide a copy, modify, block, or take any other action with respect to Personal Data pertaining to the Data Subject, unless notice is prohibited by Applicable Law; and, except to the extent required by Applicable Law, we will not independently take any action in response to a request from a Data Subject without your prior written instruction. We will cooperate with your reasonable requests for access to Personal Data and other information and assistance as necessary to respond to a request or complaint by a Data Subject.
  12. In the event of an actual or suspected Security Event.In the event of a discovered or suspected Security Event, Company shall provide notice without undue delay to Customer’s technical and account contacts using those means established for routine account-related communications (or other such method of notice as agreed between us). Our notice shall include the following information to the extent it is reasonably available to Company at the time of the notice, and Company shall update its notice as additional information becomes reasonably available: (i) the dates and times of the Security Event; (ii) the facts that underlie the discovery of the Security Event, or the decision to begin an investigation into a suspected Security Event, as applicable; (iii) a description of the Personal Data involved in the Security Event, either specifically, or by reference to the data set(s), and (iv) the measures planned or underway to remedy or mitigate the vulnerability giving rise to the Security Event. We will take those measures available, including measures reasonably requested by you, to address a vulnerability giving rise to a successful Security Event, both to mitigate the harm resulting from the Security Event and to prevent similar occurrences in the future. We will cooperate with your reasonable requests in connection with the investigation and analysis of the Security Event, including a request to use a third-party investigation and forensics service. Company shall retain all information that could constitute evidence in a legal action arising from the Security Event and shall provide the information to you upon your request. Except to the extent required by law in the written and reasonable opinion of Company’s legal counsel, or as reasonably required by our investigation of the Security Event or our other contractual obligations, we will not disclose to any third party the existence of a Security Event or suspected Security Event or any related investigation without Customer’s prior written consent.
  13. Your representations with regard to Personal Data you disclose to us.With regard to the Personal Data of others that you may provide to us, you hereby represent and warrant: (i) the Personal Data has been collected in accordance with Applicable Law; (ii) the transfer to us for the purpose of providing the Services is authorized under Applicable Law; (iii) you will comply with Applicable Law as to requests from Data Subjects in connection with the Personal Data; (iv) you shall disclose to us only that Personal Data that is necessary for our provision of the Services; and (v) you shall not ask us to take any action with respect to the Personal Data that you are not permitted to take directly.
  14. For the purposes of CCPA: (i) we are a “Service Provider” as defined under Section 1798.140(v); (ii) you are disclosing Personal Data to us solely for a valid business purpose in providing the Services to you; and (iii) we may not sell Personal Data or retain, use, or disclose Personal Data except as required to provide the Services in accordance with the Agreement. We certify that we understand and will comply with these obligations.
  15. Audit; Records. We will comply with any audit request to the extent required by law or due legal process. We will keep reasonable records to evidence our compliance with our obligations under this DPA and shall preserve such records for at least two (2) years from the date of the events reflected therein.