Effective Date: April 1, 2020
1. DATA WE MAY OBTAIN
We may collect and process your “Personal Data” (or “Personal Information”), which includes any information that can be used to identify, locate or contact natural persons. Personal Data includes, but is not limited to, your name, email address, age, and location. It also includes other information that may be associated with your Personal Data, such as your internet connection, the physical equipment you use to access the Services, and usage details.
We may also collect information such as the Operating System (“OS”) running on your device, Internet Protocol (“IP”) address (which may be used to obtain your geolocation), access times, browser type, language, date and time of creation of accounts, and the website you visited before or will visit after using our Services.
We may collect certain Personal Data that the European Union’s General Data Protection Regulation (“GDPR”) may deem “Sensitive Personal Data”, including data concerning your health through the Service as set forth more fully below.
2. CONTACT INFORMATION
To ask questions or provide comments about the Policy, our privacy practices, or to exercise any rights identified in the Policy, please contact us at:
If you are a resident of Europe and wish to contact a Data Protection Authority (“DPA”) in your resident country, please see the following list: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
3. COLLECTION OF PERSONAL DATA
We may request or obtain Personal Data from you to provide Services to you. If you fill out the contact form or other portals on the Website or App, you may be asked to provide us with certain Personal Data, including your email, name, or phone number. Please do not submit any confidential or proprietary information, including Sensitive Personal Data, through these contact or subscription portals.
When downloading our App or making purchases on our App, you may be asked to provide certain credit or debit card (“Payment Card”) data, which may include your credit or debit card number, card expiration date, CVV code, check payment information, and billing/payment account address. We do not collect or process Payment Card data. Apple and Google collect Payment Card data with respect to certain purchases made through the App.
We may collect Personal Data about you from various third parties, such as third parties whom we use to provide services to you. From time to time, we may use third-party information to supplement the Personal Data of yours which we possess.
We may also use automated data collection methods in connection with our Services, which are governed by Section 4 of this Policy.
Our Service is only intended for persons sixteen (16) and older. We do not solicit or knowingly collect any Personal Data from persons under the age of 16. We do not allow persons under 16 to register for the Service. If we learn that we have obtained Personal Data from a person under the age of 16, we will delete that Personal Data.
4. COOKIES AND OTHER AUTOMATED DATA COLLECTION
We use a number of automated data collection methods that help us to improve your experience with our Services, including, without limitation, helping us administer the Website and App, analyze their usage, and improve the overall user experience. These methods of automatic collection may include:
Cookies: Cookies are small pieces of data sent to your browser from a web server and stored on your computer’s hard drive. Your web browser may include a function that permits you to refuse the setting of all or some cookies. If you do so, you may not be able to access all or parts of the Website.
Google Analytics: We may use Google Analytics cookies to collect aggregate information about how users visit the Website or App. You can review Google Analytics’ data practices here, and many install a Google Analytics Opt-out Browser Add-on here.
Server Logs: We may track information about your visit to the Website and App and store that information in web server logs.
Social Media Widgets: We may use social media features, including without limitation, “Like” or “Share” buttons to aid social media sharing or interactive features. These features may collect your IP address, information about the webpage you are visiting or using, and may set a cookie to enable the feature to function properly. Social media features and widgets are hosted by a third party or hosted directly on our Products. We do not control any of the content from the social media widgets and recommend that you review each social media company’s privacy policies prior to using any such widget.
Single Sign-On Tools: You may be able to create and log into user accounts on the Website or App using single sign-on (“SSO”) tools through third-party services such as Facebook, Apple, or Google. SSO services will authenticate your identity, give you the option to share certain of your Personal Information with us, and will automatically populate information required to create or log into an account with us. Some third parties that provide SSO services allow you to post or share information concerning your interaction with the Website on their network. These third parties may collect information about you, all of which is governed by such third-party websites.
5. DO NOT TRACK SIGNALS
“Do Not Track” is a preference you can set in certain web browsers to let websites you visit know that you do not want them tracking certain information about you. The Website and App do not currently respond to Do Not Track settings. For further details regarding Do Not Track settings, visit donottrack.us.
6. USE OR PROCESSING OF PERSONAL DATA
We may use the Personal Data that we collect for the following purposes:
Providing the Service to you;
Presenting and providing content to you, and operating and improving the Service;
Notifying you concerning changes in any Service, or of modifications to our policies, including the Policy;
Communicating with you concerning the Service;
Responding to your requests, questions, or comments;
Transmitting notices, updates, technical information, and other messages;
Allowing you to participate in interactive features of the Service;
Obtaining payment for the Service;
Communicating with you concerning events, offerings, promotions, or for other marketing purposes;
Monitoring and analyzing usage, trends, and activities related to the Service, including website analytics;
Conduct surveys, sweepstakes, giveaways, contests, and other promotions;
Enforcing any contracts between or among us;
Carrying out our legal obligations, including:
Evaluating and assessing applications or requests for contributors;
Maintaining records as required by law or any governmental agency;
For any other purpose that you request or with your consent.
7. SHARING OF PERSONAL DATA
We may disclose your Personal Data in the following circumstances:
If Personal Data is “anonymized”, meaning it cannot be used to identify you;
To our subsidiaries, affiliates, agents, contractors, service providers, partners, and other third parties we use to support our business;
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, consolidation, asset sale, dissolution, or other substantial corporate transaction or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by us about users of our Services is among the assets transferred;
To fulfill the purpose for which you provide it;
To comply with any enforceable subpoena, government or regulatory request or demand, investigative demand, court order, law or legal process;
To enforce or apply our legal rights, including for billing and collection purposes, and to defend against legal claims;
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others, including for the purposes of fraud protection and credit risk reduction;
For any other purpose disclosed by us when you provide the information; or
With your prior consent.
8. PERSONAL DATA PROTECTION
We maintain physical, technical, and administrative safeguards to protect your Personal Data from unauthorized access, use, disclosure, alteration or destruction. We regularly update and test our data security technology, restrict access to your Personal Data to our personnel with the need to access such Personal Data in the course and scope of their performance of duties for us. We also train our personnel concerning the privacy and security of your Personal Data.
9. YOUR CALIFORNIA PRIVACY RIGHTS
If you are a California resident, California Civil Code section 1798.83 allows you to request information about our disclosure of your Personal Data to third parties for those third parties’ direct marketing purposes. You can make such requests of us using the contact information identified in Section 2. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted in ways other than those specified above.
10. EMAIL MARKETING
You have the right to opt out of receiving future marketing, promotional, or emails from us by following the instructions set forth in any such emails. Even if you opt out of such communications, we may nevertheless transmit non-promotional communications to you, such as communications concerning ongoing representations or business relationships. We may not accommodate a request to change information if we believe that the requested change would violate any law or legal requirement or cause the information to be incorrect.
11. RESIDENTS OF THE EUROPEAN ECONOMIC UNION
Pursuant to the GDPR, we are the “Controller” with respect to your Data that we process. If you are a resident of the European Economic Area (“EEA”), you have certain rights and protections under applicable law regarding the processing of your Data, including:
Information: You have a right to be informed about our collection and use of your Personal Data.
Access: You have the right to access the Personal Data that we hold about you. Access may be denied in certain, limited circumstances, for example, if providing access would reveal a third party’s Personal Data.
Rectification: You have the right to seek rectification of inaccurate Data, or the completion of incomplete Personal Data.
Erasure: You have the right to erase your Personal Data when that Personal Data is no longer necessary for the purposes for which it was collected, when, among other things, you have withdrawn consent and we have no other legal grounds to continue processing, or when your Personal Data has been unlawfully processed. We may not be required to erase your Personal Data if, for example, processing is necessary to exercise the right of freedom of expression and information, for the establishment, defense, or exercise of legal claims, or for any other reason set forth in GDPR Article 17(3).
Restriction: You have the right to restrict our processing of your Personal Data in certain circumstances, e.g., when processing is unlawful or when you contest the accuracy of the Personal Data.
Portability: You have the right to request that we provide your Personal Data to you, or to another data controller, in a structured, commonly used, and machine-readable format.
Objecting: You have the right, in certain instances, to object to our processing of your Personal Data and to ask us to block, erase and restrict your Personal Data.
Right to be Informed About Automatic Decision-making or Profiling: You have the right to determine whether your Personal Data is being used in automatic-decision-making processes or for profiling.
Complaints: If you have a concern about our processing of your Personal Data, you have the right to lodge a complaint with the DPA or to seek remedies in a court.
Consent: If you provided your consent to our processing of your Personal data, you have the right to withdraw such consent by notifying us. Upon receipt of your notice, we will not continue to process your Personal Data for the purpose for which you previously consented, provided that we may continue to process your Personal Data if there is another legal basis for such continued processing.
Children’s Data: Our Service is not intended for use by persons under sixteen (16) years old, and we do not knowingly collect Personal Data of persons under 16.
Data Transfers: Carry’s headquarters and operations personnel are located in the State of Oregon in the United States, though we offer our Service in other countries. In order to provide our Service to you, we may transfer your Personal Data to the United States, which is not presently recognized by the European Commission as providing an adequate level of data protection. We transfer Personal Data outside the EEA when it is necessary for us to provide the Service to you, when you have consented to such a transfer, when it is necessary for us to establish, exercise, or defend legal claims, or based on another derogation specified in Article 49 of the GDPR.
Processors: We are the “Controller” with respect to your Personal Data, meaning we determine the purposes and means of processing your Personal Data. We may engage third parties to process Personal Data, who will act as “Processors” with respect to your data. We may engage these processors to provide the following services: Information technology (“IT”), telecommunications, email service providers, and data hosting service providers.
Automatic Decision-Making or Profiling: We do not use automatic decision-making or profiling.
12. DATA RETENTION AND STORAGE
Your Personal Data is stored on the servers of the cloud-based database management services we engage, which are in the United States.
We retain your Personal Data for the duration of your business or other relationship with us, and for a period thereafter to allow you to continue your business relationship with us in the future, to analyze the data for our own operations, and for historical and archiving purposes. You may delete your account with us at any time, though we may retain some Personal Data after such a deletion. Requests for deletion are governed by section 11 of this Policy.
13. CHANGES TO THE POLICY
We reserve the right to revise the Policy. The Effective Date of this Policy is set forth at the top of this webpage, and this Policy supersedes any and all prior versions. If we materially change the way we collect, use, or disclose your Personal Data, we will notify you prior to said change by email and/or by inserting a prominent notice on the Website and App.