GDPR – COMPLIANT
LEGACY.COM & WEB ANNOUNCEMENTS
UPDATED DEC 2019
PARTICULARLY IMPORTANT INFORMATION
WHO WE ARE: For the purpose of applicable data protection legislation, the data controller of your personal data is Legacy.com of 230 W. Monroe Suite 400, Chicago, IL 60606 USA & Web Announcements Ltd. of 12 New Fetter Lane, London EC4A1JP. Our data protection officer is Mr. Paul Roche – [email protected].
MUST READ SECTIONS: We draw your attention in particular to the sections entitled “International Data Transfer” and “Your Rights.”
CHANGES TO THIS POLICY: We will post any modifications or changes to the Policy on our Services. We reserve the right to modify the Policy at any time, so we encourage you to review it frequently. The “Last Updated” legend above indicates when this Policy was last changed. If we make any material change(s) to the Policy, we will post a notice on our Services prior to such changes(s) taking effect.
- PURPOSES OF PROCESSING
- COLLECTING YOUR PERSONAL DATA
- FLASH TECHNOLOGY
- PIXEL TAGS
- DO NOT TRACK SIGNALS
- USING YOUR PERSONAL DATA
- SHARING YOUR PERSONAL DATA
- ANONYMOUS DATA
- THIRD PARTY SITES
- USER GENERATED CONTENT
- INTERNATIONAL DATA TRANSFER
- OUR POLICY ON CHILDREN
- SENSITIVE PERSONAL DATA
- YOUR RIGHTS
- CONTACT INFORMATION
- EU-U.S. PRIVACY SHIELD
- FOR CALIFORNIA RESIDENTS – CALIFORNIA CONSUMER PRIVACY ACT
1. PURPOSES OF PROCESSING
What is personal data?
We collect information about you in a range of forms, including personal data. As used in this Policy, “personal data” is as defined in the UK Data Protection Act 1998/the European Data Protection Directive 95/46/EC/General Data Protection Regulation 2018 and any successor legislation, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.
Why do we need your personal data?
We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide you with access to the Services. If you created a profile/registered with us, you will have been asked to tick to agree to provide this information in order to access our Services, purchase our products, view our content. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your personal data in line with this Policy, please do not use our Services.
2. COLLECTING YOUR PERSONAL DATA
We collect information about you in the following ways:
Information You Give Us. This includes:
- the personal data you provide when you register to use our Services, including your name, email address, and password
- the personal data that may be contained in any video, photo, image, condolence, sympathy message, diary entry or other written submission you upload or post to the Services
- the personal data you provide when you report a problem with our Services or when we provide you with customer support
- the personal data you provide when you make a purchase through our Services
- the personal data you provide when you correspond with us by phone, email or otherwise
- the personal data you provide via any single sign-on service (SSO) including your name and email address
- the personal data you provide through email forms, chat, guest book forms, contact or content request forms, forums or groups, testimonials, reviews and feedback forms
Information from Social Networking Sites. Our Services include interfaces that allow you to connect with social networking sites (each a “SNS”). If you connect to a SNS through our Services, you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.
Sites we currently connect to include:
Information We Get from Others. We may also get information about you from other sources, for example, if you have agreed to share information with one of our partners or affiliates eg. newspapers,. this may include name and email address, we may add this to information we get from our Services.
Information Automatically Collected. We automatically log information about you and your computer or mobile device when you access our Services. For example, when visiting our Services, we log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the web page that referred you to our website pages you viewed on our website, how long you spent on a page, access times and information about your use of and actions on our Services. We collect this information about you using cookies. Please refer to the sections on cookies, Flash Technology and Pixel Tags below.
Automated Decision Making and Profiling. We may use automated decision making and/or profiling in regard to your personal data for some services and products, for example we may refuse access based on your IP address, either temporarily or permanently, based on frequency of page requests or inappropriate use. You can request a manual review of the accuracy of an automated decision that you are unhappy with or limit or object to such automated decision making and/or profiling by contacting us at [email protected].
What are cookies?
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them or they expire after a set period which varies depending on the cookie) to provide you with a more personal and interactive experience on our Services.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Services; and (2) third party cookies, which are served by service providers on our Services, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies we use
Our Services use the following types of cookies for the purposes set out below:
- Essential Cookies – These cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, we use session cookies to provide you secure access to your account details and prevent others from accessing your account. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
- Functionality Cookies – These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and search filter choices to help prefill search forms on subsequent visits to the site. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.
- Analytics and Performance Cookies – These cookies are used to collect information about traffic to our Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.
We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Services works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies.
You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html.
You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB.
- Targeted and advertising Cookies – These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show adverts which we think will be relevant to your interests while you are on third party websites.
You can disable cookies which remember your browsing habits and target advertising at you by visiting http://www.youronlinechoices.com/uk/your-ad-choices. If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.
- Social Media Cookies – These cookies are used when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.
If you do not accept our cookies, you may experience some inconvenience in your use of our Services. For example, we may not be able to recognize your computer or mobile device and you will not be able to log in and stay logged in, and we will not be able to remember your language preferences.
4. FLASH TECHNOLOGY
We may also use Flash cookies (which are also known as Flash Local Shared Object (“LSOs”)) on our Services to collect and store information about your use of our Services. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash cookies stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel at https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
You can also control Flash LSOs by going to the Global Storage Settings Panel at https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our Services.
5. PIXEL TAGS
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Services to track the actions of users on our Services. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Services, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.
6. DO NOT TRACK SIGNALS
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Generally. We may use other companies to serve third-party advertisements when you visit and use the Services. These companies may collect and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to the Services and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies use of their tracking technologies is subject to their own privacy policies.
Targeted Advertising. In order to serve offers and advertisements that may interest you, we may display targeted advertisements on the Services, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.
Your Ad Choices. Some of the third party services providers and/or advertisers may be members of the Network European Interactive Digital Advertising Alliance (“EDAA”) Self-Regulatory Program for Online Behavioural Advertising. To learn more, visit http://www.edaa.eu/edaa-for-users which provides information regarding targeted advertising and the “opt-out” procedures of EDAA members.
Mobile. We may, from time to time, offer certain location or pinpoint based services, such as location assisted navigation instruction. If you elect to use such location-based services, we must periodically receive your location in order to provide such location-based services to you. By using the location-based services, you authorise us to: (i) locate your hardware; (ii) record, compile and display your location; and (iii) publish your location to third parties designated by you by means of location publication controls available within the applications (for example, settings, user preferences). As part of the location-based services, we may also collect and store certain information about the users who elect to use such location-based services, such as a device ID. This information will be used to provide you the location-based services. We may use third-party providers to help provide such location-based services through mobile systems and we may make information available to such providers to enable them to provide their location-based services, provided that such third party providers may use the information only in accordance with this Policy.
8. USING YOUR PERSONAL DATA
We may use your personal data as follows:
- to operate, maintain, and improve our Services, products, and services;
- to manage your account, including to communicate with you regarding your account, if you have an account on our Services;
to respond to your comments and questions and to provide customer service;
to send information including technical notices, updates, security alerts, and support and administrative messages;
- to provide you with requested content
- to send you marketing e-mails about upcoming promotions, and other news, including information about products and services offered by us and our affiliates. You may opt-out of receiving such information at any time: such marketing emails tell you how to “opt-out.” Please note, even if you opt out of receiving marketing emails, we may still send informational emails. Informational emails may include emails about your account with us (if you have one) and our business dealings with you;
- to process payments you may make via our Services
- to link or combine user information with other personal data
- as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others; and
- as described in the “Sharing of your Personal Data” section below.
9. SHARING YOUR PERSONAL DATA
We may share your personal data as follows:
- Third Parties Designated by You. We may share your personal data with third parties where you have provided your consent to do so.
- Our Third Party Service Providers. We may share your personal data with our third party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing, reporting and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to comply with appropriate security measures to protect your personal data.
- Affiliates. We may share some or all of your personal data with our affiliates, in which case we will require our affiliates to comply with this Policy. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.
- Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- Other Disclosures. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
10. ANONYMOUS DATA
When we use the term “anonymous data,” we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party.
We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies. We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyses usage patterns in order to make improvements to our Services.
11. THIRD PARTY SITES
Our Services may contain links to third party websites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them.
12. USER GENERATED CONTENT
You may share personal data with us when you submit user generated content to our Services, including via forums, message boards, guest book entries and blogs on our Services. Please note that any information you post or disclose on our Services will become public information, and will be available to other users of our Services and to the general public. We urge you to be very careful when deciding to disclose your personal data, or any other information, on our Services. Such personal data and other information will not be private or confidential once it is published on our Services.
If you provide feedback to us, we may use and disclose such feedback on our Services , if you have provided your consent to do so, we may post your first and last name along with your feedback on our Services. We will collect any information contained in such feedback and will treat the personal data in it in accordance with this Policy.
13. INTERNATIONAL DATA TRANSFER
Your information, including personal data that we collect from you, may be transferred to, stored at and processed by us and our affiliates and other third parties outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Services, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.
We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the details in Section 20 below.
We will only retain your personal data as long reasonably required for us to provide the Services until you request otherwise unless a longer retention period is required or permitted by law for example for regulatory purposes.
16. OUR POLICY ON CHILDREN
Our Services are not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us using the details in Section 20 below. We will delete such information from our files as soon as reasonably practicable.
17. SENSITIVE PERSONAL DATA
Subject to the following paragraph, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
If you send or disclose any sensitive personal data to us when you submit user generated content to our Services, you consent to our processing and use of such sensitive personal data in accordance with this Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such user generated content to our Services.
18. YOUR RIGHTS
- Opt-out. You may contact us anytime to opt-out of: (i) direct marketing communications; (ii) automated decision-making and/or profiling; (iii) our collection of sensitive personal data; (iv) any new processing of your personal data that we may carry out beyond the original purpose; or (v) the transfer of your personal data outside the EEA. Please note that your use of some of the Services may be ineffective upon opt-out.
- Access. You may access the information we hold about you at any time via your profile/account or by contacting us directly.
- Amend. You can also contact us to update or correct any inaccuracies in your personal data.
- Move. Your personal data is portable – i.e. you to have the flexibility to move your data to other service providers as you wish.
- Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.
We are committed to resolve any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us at: [email protected]. We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
20. CONTACT INFORMATION
You may contact us in writing at [email protected].
21. EU-U.S. PRIVACY SHIELD
Legacy.com complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the EU to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov.
As described in the Privacy Shield Principles, Legacy.com is accountable for personal data that it receives and subsequently transfers to third parties. If third parties that process personal data on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Legacy.com commits to resolve complaints about our collection or use of your personal data. EU individuals with inquiries or complaints regarding this Policy should first contact us at: [email protected].
Legacy.com commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to personal data transferred from the EU. Please contact us to be directed to the relevant DPA contacts.
As further explained in the Privacy Shield Principles, binding arbitration before a Privacy Shield Panel will also be made available to you in order to address residual complaints not resolved by any other means. LEGACY.COM is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
22. For California Residents – California Consumer Privacy Act
I. Description of Consumer Rights
1. Your Rights
You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to exercise free of charge:
- Disclosure of Personal Information We Collect About You You have the right to know:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- Our business or commercial purpose for collecting or selling personal information;
- The categories of third parties with whom we share personal information, if any; and
- The specific pieces of personal information we have collected about you.
- Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
- Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
- Provide the personal information to you more than twice in a 12-month period.
- Disclosure of Personal Information Sold or Used for a Business Purpose
In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know:
- The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and
- The categories of personal information that we disclosed about you for a business purpose.
- Right to Deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
- Delete your personal information from our records; and
- Direct any service providers to delete your personal information from their records.
- Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- Debug to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
- Enable solely internal uses that are reasonably aligned with your expectations based on the your relationship with us;
- Comply with an existing legal obligation; or
- Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
- Protection Against Discrimination
You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
- Deny goods or services to you;
- Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Provide a different level or quality of goods or services to you; or
- Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
II. Disclosure of Personal Information Collected
- Information We Collect About You
We may collect and use the following personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
|Categories of Personal Information||Specific Types of Personal Information Collected|
|Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers)||Name, address, IP address|
|Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, credit card number, debit card number||Name, address, telephone number, credit card number, debit card number, demographic information of consumers who voluntarily participate in surveys|
|Internet or other electronic network activity information (e.g., information regarding a consumer’s interaction with an Internet Web site, application, or advertisement)||Browsing history, interaction with ads|
|Audio, electronic, visual, or similar information||Consumers can voluntarily post audio or audio-visual tributes on guest books|
|Professional or employment-related information||None, unless offered voluntarily by consumer|
|Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)||None|
|Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences,||We may use Google Analytics to notify consumers who visited an obituary to consider sponsoring a guest book or sending flowers|
- How Your Personal Information is Collected
We collect most of this personal information directly from you in person, by telephone, or email and/or via our website. However, we may also collect information:
- from publicly accessible sources (e.g., death notices);
- directly from a third party;
- from a third party with your consent;
- from cookies on our website; and
- via our IT systems, including:
- automated monitoring of our websites and other technical systems, such as our computer networks and connections, access control systems, communications systems, email and instant messaging systems.
- automated monitoring of our websites and other technical systems, such as our computer networks and connections, access control systems, communications systems, email and instant messaging systems.
- Why We Use Your Personal Information
We use your personal information for the following reasons:
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Debugging to identify and repair errors that impair existing intended functionality;
- Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction;
- Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider;
- Undertaking internal research for technological development and demonstration; and
- Who We Share Your Personal Information With
We routinely share personal information with:
- our newspaper and funeral home affiliates;
- service providers we use to help deliver our products and/or services to you, such as floral providers, payment service providers, warehouses and delivery companies;
- other third parties we use to help us run our business, such as marketing agencies or website hosts; and
- third parties approved by you, including social media sites you choose to link your account to or third-party payment providers.
III. Notice of the Right to Opt-Out of the Sale of Personal Information
- Notice Regarding the Sale of Your Personal Information or Use for a Business Purpose
We may disclose to a third party personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt-out of the sale or disclosure of your personal information. If you exercise your right to opt-out of the sale or disclosure of your personal information, we will refrain from selling your personal information, unless you subsequently provide express authorization for the sale of your personal information.
- How to Exercise Your Right to Opt-Out of the Sale or Disclosure of Personal Information to a Third Party
To opt-out of the sale or disclosure of your personal information, visit our homepage and click on the Do Not Sell My Personal Information link.
IV. How to Exercise Your Rights
- How to Exercise Your Rights
- Complete a data subject request form available on our website;
- Call us, toll-free, at 888-397-9494; or
- Email to [email protected] or write to us at Legacy.com, Privacy Protection, 230 West Monroe, Suite 400, Chicago, Illinois 60606.
- Verifying Your Identity
If you choose to contact directly by email/phone/in writing, you will need to provide us with:
- Enough information to identify you (e.g., your full name, address and customer or matter reference number);
- Proof of your identity and address (e.g., a copy of your driving license and a recent utility or credit card bill); and
- A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such a person’s behalf.
Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.
If you do not respond to our request to verify your identity within seven days after we send you a request for verification, your request may expire and will not be processed.