1. INTRODUCTION
Thank you for using Crate! Capitalized terms used but not defined shall have the respective meanings given to them in the Terms of Service (the “Terms”). The provisions of the Terms apply to this PrivacyPolicy (“Policy”) as well. We created this Policy to give you confidence as you visit and use our websites, including, but not limited to, https://www.crate.com, and any other website we operate that links to thisPolicy, and any of our pages or accounts on any other online platforms (including, but not limited to, social media sites such as Facebook, Instagram, LinkedIn and Twitter) (collectively, our “Sites”), and all other products or services available through our Sites, or otherwise (collectively, with our Sites and general business operations, our “Service”). This Policy covers how we collect, use, store, and share your information when you use our Service. This Policy has been written to comply with the requirements of the EU General Data Protection Regulation (“GDPR”) and various other data privacy laws. All references to “we”, “us”, “our”, or “Crate”, refer to Crate, Inc., a Delaware corporation. All references to “you”, “your”,or “user”, relate to the person who registered an Account to use or access the Services.
PLEASE READ THIS POLICY CAREFULLY. BY CREATING AN ACCOUNT, YOU REPRESENT AND AGREE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY BOTH THIS POLICY AND OUR TERMS AS BINDING AGREEMENTS.
CRATE RESERVES THE RIGHT TO CHANGE THIS POLICY FROM TIME TO TIME, WITH OR WITHOUT NOTICE TO YOU, EXCEPT TO THE EXTENT REQUIRED BY GDPR. IF YOU CONTINUE TO USE THE SERVICE, YOU CONSENT TO THE NEW POLICY. WE WILL ALWAYS HAVE THE LATEST POLICY POSTED ON THE SERVICE.
2. APPLICABILITY
This Policy applies to personal information we collect on the Service. As used in this Policy, “personal information” means information that can be used to identify any natural person either directly or indirectly.
3. PERSONAL INFORMATION WE COLLECT
3.1 Personal Information You Voluntarily Provide to Crate
When you register for an Account, we require that you provide us with certain personal information about you. Depending on the types of activities you engage in on our Sites or how you otherwise use or interact with our Service, we may collect the following categories of personal information about you:
We collect information that you provide to us directly when you:
The collection of this information is necessary to provide the functionality of the Service and/or to comply with applicable laws and regulations related to the Service’s product offerings. While the information described here is provided to us only with your permission, some aspects of the Service may not be available if you choose not to provide us with such information and personal information.
3.2 Personal Information We Collect Automatically
In addition to the information that you provide to us voluntarily, we collect information automatically through the Service, such as how you use and interact with the Service, data on activities that you pursue through the Service, pages visited, links clicked, and other similar activities. This information is used to provide you with the Service, to better understand our users and how they use the Service, and to improve the Service.
You may be able to limit such collection in the settings on your device. As with the voluntarily provided information described above, some aspects of the Service may not be available if you choose not to provide us with such information and personal information. See Section 5 for more information on our automatic collection of your personal information.
3.3 How We Use Personal Information
We use the personal information that we collect to make the Service available to our users, to comply with our legal obligations under applicable laws, to market and promote the Service, to improve the Service, and to protect our legal rights.
Examples of the ways in which we may use your personal information include:
By using the Service, you consent to us using your personal information to contact you with email newsletters or about our products and special events. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails, or by whatever other means we allow you to unsubscribe. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services. Upon receipt of any of the above request(s), we will reflect any changes you request in our databases to the full extent required by GDPR, the SCCs, or other applicable law and we will confirm the changes to you.
We may also use your personal information for any other purposes with your consent.
The legal grounds for our processing of your personal information for the purposes above are:
3.4 How We Share Personal Information
We may disclose personal information that we collect in the following circumstances:
Additionally, from time to time, we may receive requests from government agencies to obtain information about our users. In handling such government requests, we greatly value the privacy of your information. While we may be required to turn over partner information at times, we will strive to require a search warrant or subpoena, to the extent that we can reasonably demand such warrant or subpoena, before we turn over information about you and we will also strive to notify users when we receive government
requests about their data. We will only share your personal information for the foregoing reasons to the extent permitted by GDPR or other applicable data privacy laws.
Finally, we may disclose anonymized, non-personal information about the Service and our users without restriction.
We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and we have contracts in place with such vendors in line with the Article 28 requirements of GDPR, pursuant to which they are required, amongst other things, to maintain the confidentiality of the personal information to the extent required by GDPR.
3.5 Accessing and Correcting Your Information
You are solely responsible for ensuring that any personal information that you provide to us is accurate. You may be able to view and update certain personal information that we have about you by logging into your Account or by emailing the address provided at the end of this Policy. Please note that except to the extent required to comply with GDPR, we reserve the right to reject any changes you make to your personal information and to reject any requests to change your personal information submitted through inappropriate channels.
3.6 Special Notice for California Residents
If you reside in California, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please send us an email at legal@crate.co or write to us at the address listed at the end of this Policy. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.
4. DATA SECURITY AND RETENTION
We use commercially reasonable physical, technical, and administrative measures to secure your personal information from accidental loss and from unauthorized access, use, and disclosure. For example, we (i) restrict access to personal information to employees, contractors, and other service providers, (ii) limit the storage of personal information to users’ name and email address only, (iii) train our personnel on privacy issues as needed, and (iv) require our employees to sign confidentiality agreements that extend to your personal information. However, the transmission of information via the Internet is not completely secure. As we cannot guarantee the security of information transmitted to or from us, we are not responsible for any unauthorized access to and disclosure of any information you send to or receive from us. Any transmission of personal information is at your own risk. We are not responsible to our users or to any third party due to any loss, misuse, or alteration, except to the extent required by GDPR, the SCCs, or other applicable law.
Please also keep in mind that the safety and security of your information also depends on you. You are responsible for keeping your account information, including your password, confidential. We ask you not to share your password with anyone. If you have reason to believe that your data is no longer secure, please contact us immediately at the email address or mailing address listed at the end of this Policy.
If you would like to deactivate your Account, please email the address provided at the end of this Policy. However, even after you request deactivation of your account, we can retain copies of information about you, including your name and email address, and any transactions or services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our services and products, to assist with investigations, to enforce any of our terms and conditions or other applicable agreements or policies, or to take any other actions consistent with
applicable law. In addition, you acknowledge that your Account will not be deleted, and you may request reactivation by emailing the address provided at the end of this Policy.
We will use commercially reasonable efforts to ensure that Third-Party Partners delete or modify your personal information to the extent required by GDPR and the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU) (the “SCCs”).
5. AUTOMATED DATA COLLECTION TECHNOLOGIES
As you navigate through and interact with the Service, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, as further described in this Policy.
5.1 Cookies and Analytics
We may use cookies and other technologies to automatically collect information about your use of the Service. You can learn more about these technologies below. We may use this information to provide you with a better experience, to comply with our legal obligations under applicable law, to protect you and detect irregular or suspicious account activities, to customize our services and content for you, and to better understand how our users interact with the Service.
(a) Cookies. A cookie is a small file placed on your computer when you visit certain websites. Cookies may be either first-party or third-party cookies, and they may be either permanent or temporary (i.e. session) cookies. It may be possible to refuse to accept cookies by activating the appropriate setting within your browser. However, if you disable or refuse cookies, please note that some parts of the Service may be inaccessible or may not function properly.
(b) Other Technologies. We may use other third-party services, including but not limited to, Google Analytics, Google Tag Manager, Facebook Pixel, LinkedIn Insight Tag, that automatically collect information about you to better understand how you use and interact with the Service. For example, we may use third-party vendors to provide us with services surrounding analytics, advertising, and cybersecurity. The information collected through this process by the third-party service providers does not enable us or them to identify your name, contact details or other personal information that directly identifies you unless you choose to provide these. We use this information to better understand how users interact with the Service and to improve your experience while using the Service. We may also use these analytics services to record mouse clicks, mouse movements, scrolling activity, as well as any text that you type into our Service. By using our Service, you acknowledge and agree that you are aware that our Service may record your activities on our Service and that you consent to this recording.
5.2 Log Files
Log files refers to the information that is automatically sent by your web browser or device (or otherwise automatically collected) each time you view or interact with our online Service. The information inside the log files may include IP addresses, type of browser, internet service provider, date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us.
5.3 Device and Online Usage
We may collect information about your computer, browser, mobile or other device that you use to access our Service. We may use cookies, pixels, log files and other techniques to collect such information, including IP address, time zone, device identifiers and other unique identifiers, browser type, browser language, operating system name and version, device name and model, version, referring and exit pages,
dates and times of Service access, links clicked, features uses, crash reports and session identification information.
5.4 “Do Not Track” Signals
We do not currently respond or take any action with respect to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of information about an individual consumer's online activities over time and across third-party websites or online services.
6. THIRD-PARTY SERVICES
Any third-party services integrated with the Service shall be subject to the policies and practices of such third parties, and we are not responsible for how they collect, use, and share your personal information except to the extent required by GDPR and the SCCs. We encourage you to review the privacy practices and policies of such third parties. We make no guarantees about, and assume no responsibility for the information, services, or data/privacy practices of third parties except to the extent required by GDPR and the SCCs..
When you create an Account, link a social media account, or connect with a third-party service, you are authorizing us to share your identity and banking information with the Third-Party Partners. You are also agreeing to the terms of each applicable Third-Party Partner (collectively, the “Partner Terms”). The Partner Terms may be modified from time to time, and the governing versions are incorporated by reference into this Policy. Any term not defined in this section but defined in the Partner Terms assumes the meaning as defined in the Partner Terms.
Additionally, our Site may include links to other third-party websites as a convenience to you. If you click on one of those links you will be taken to websites we do not control, and this Policy does not apply to those third-party websites. The inclusion of any link does not imply our endorsement of any other company, its site(s), or its product(s) and/or service(s). We are not responsible for the privacy practices or content of any other site.
IT IS YOUR RESPONSIBILITY TO READ AND UNDERSTAND THE PARTNER TERMS BECAUSE THEY CONTAIN TERMS AND CONDITIONS CONCERNING YOUR CRATE ACCOUNT, INCLUDING BUT NOT LIMITED TO USE OF YOUR PERSONAL INFORMATION.
7. SOCIAL MEDIA, ADS, AND PLUG-INS
We engage with guests on multiple social media platforms (e.g., Facebook and Instagram). If you contact us on one of our social media platforms, request guest service via social media, or otherwise direct us to communicate with you via social media, we may contact you via direct message or use other social media tools to interact with you. In these instances, your interactions with us are governed by this Policy as well as the privacy policy of the social media platform you use. We may display targeted ads to you through social media platforms and other websites. These ads are sent to groups of people who share traits such as likely commercial interests and demographics. Our online services may use social media plug-ins (e.g., the Facebook "Like" button, "Share to Twitter" button) to enable you to easily interact with certain social media websites (e.g., Facebook, Twitter, Instagram) and share information with others. When you visit our online services, the operators of the available social media plugins can place a cookie on your device enabling such operators to recognize individuals who have previously visited our online services. If you are logged into these social media websites while visiting our online services, the social media plugins allow the relevant social media websites to receive information that you have visited our online services or other information. The social media plugins also allow the applicable social media websites to share information about your activities on our online services with other users of the social media website.
For example, Facebook Social Plugins allow Facebook to show your "Likes" and comments on our online services to your Facebook friends. Facebook Social Plugins also allow you to see your friends' Facebook activity on our online services. We do not control any of the content from the social media plugins.
8. RESTRICTIONS ON USE
Our services and products are not intended for individuals under the age of eighteen (18). We do not knowingly collect and use personal information related to minors.
9. INTERNATIONAL DATA TRANSFERS
Information collected in the European Economic Area (“EEA”) may be transferred, stored and processed by us or third parties (as provided in this Policy) in the United States and other countries whose data protection laws may be different than the laws of your country. Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by entering into SCCs with the relevant third party.
Please contact us at legal@crate.co if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
As described in this Policy, we may share personal information with third parties and may be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
YOU CONSENT TO ANY AND ALL INFORMATION YOU PROVIDE AND SUBMIT VIA THE SITE BEING SENT TO THE UNITED STATES OF AMERICA. THE UNITED STATES HAS NOT SOUGHT NOR RECEIVED A FINDING OF “ADEQUACY” FROM THE EUROPEAN UNION UNDER ARTICLE 45 OF THE GDPR. CRATE RELIES ON DEROGATIONS FOR SPECIFIC SITUATIONS AS SET FORTH IN ARTICLE 49 OF THE GDPR. YOU ARE ALSO INFORMED THAT THE UNITED STATES PRESENTLY DOES NOT HAVE AN ADEQUATE LEVEL OF PERSONAL DATA PROTECTION AS DETERMINED BY THE EUROPEAN COMMISSION’S ADEQUACY DECISION ON OCTOBER 6, 2015 (Case C-362/14) AND ARTICULATED IN THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION AND HAS NOT RECEIVED A SIMILAR DESIGNATION OF ADEQUACY BY ANY OTHER FOREIGN DATA PROTECTION AUTHORITY. YOU AGREE TO THE TRANSFER OF YOUR DATA AND PERSONAL DATA TO THE UNITED STATES, HOWEVER, TO BE USED IN ACCORDANCE WITH THIS PRIVACY POLICY.
10. YOUR CHOICES
You can change some of your personal information through the account settings provided on the Service. In addition, if you wish to access, receive a copy of, change or delete the personal information we hold about you, you may contact us as described at the end of this Policy.
You may withdraw the consent granted in this Policy for us to use the personal information described in this Policy by contacting us as described at the end of this Policy. Please note that if you do so, it will not affect the lawfulness of the use of your personal information based on your prior consent.
In addition, you may contact us as described at the end of this Policy to request that we do not disclose your personal information to third parties (other than those that are acting as our agent to perform tasks on our behalf, such as data processors) or to request that your personal information not be used for a purpose that is materially different from the purposes for which it was originally collected or for purposes subsequently authorized by you.
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by contacting us as described at the end of this Policy. Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, even after you opt-out from receiving commercial messages from us, you may continue to receive administrative messages from us regarding the Service.
Upon receipt of any of the above request(s), we will use reasonable efforts to reflect any changes you request in our databases to the full extent required by GDPR or other applicable law.
If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.
11. CONTACT US
To ask questions or comment about this Policy and our privacy practices, contact us at legal@crate.co or 9450 SW Gemini Dr, PMB 39175, Beaverton, Oregon 97008-7105. Please note that email communications may not be secure. Accordingly, you should not include personal or other sensitive information in your email correspondence.
12. DATA PROTECTION OFFICER
Finally, we have appointed a Data Protection Officer (“DPO”). Our DPO can be contacted directly by email at privacy@crate.co or by mail at:
Crate, Inc.
ATTN: Data Protection Officer 9450 SW Gemini Dr
PMB 39175
Beaverton, Oregon 97008-7105
[End of Privacy Policy]