Information collected automatically: When you use the Services, we may collect but do not store certain information about your computer or mobile device and your activities. This may include information that could be used to personally identify you (“Personal Information,”) but most often is aggregated, de-personalized information that would not be able to identify you personally (“Non-PII”) We may collect such information via:
Information you choose to provide: When you register with us, you must provide certain Personal Information, including your name, email address, phone number, address and zip code.
Registration and Ordering. Before using certain parts of the Services or ordering services, you must complete an online registration form. During registration, you will be prompted to provide to us certain Personal Information, including but not limited to your name, shipping and billing address(es), phone number, email address, and credit card number. In addition, we may also ask you for your country of residence and/or your organization’s country of operation, so we can comply with applicable laws and regulations. These kinds of Personal Information are used for our legitimate business purposes in fulfilling our contract with you, including billing, to fulfill your orders, to communicate with you about your services and our site, and for internal marketing purposes. If we encounter a problem when processing your order, we may use the personal information to contact you.
Emails. We require an email address from you when you register with us. We use your email for both “administrative” (e.g., confirming your registration) and “promotional” (e.g., newsletters, new product offerings, special discounts, event notifications, special third-party offers) purposes. Email messages we send you may contain code that enables our database to track your usage of the e-mails, including whether the e-mail was opened and what links (if any) were clicked. You may opt-out of receiving promotional emails and other promotional communications from us at any time via the opt-out links provided in such communications, or by e-mailing [email protected] with your specific request. However, we reserve the right to send you certain communications relating to the Services such as service announcements, security alerts, update notices, or other administrative messages) without affording you the opportunity to opt out of receiving such communications. If we do use your contact information for marketing purposes, it will be in our legitimate business interests to do so and we will do so in a way that minimizes any burden on you.
Online Survey Data. We may periodically conduct voluntary member surveys. We encourage our members to participate in such surveys because they provide us with important information regarding potential improvements to the Services. We do not link the survey responses to your name or email address, and all responses are anonymous and Non-PII.
|Type of Information||Legal Basis of Collecting||Reason for Collecting|
The information we collect is used to improve the content and the quality of the Services. We do not share your Personal Information without your consent except as necessary to fulfill our contracts with you, with your consent, or under the following circumstances:
Service Providers. We may share your information with our third-party service providers (including data processors and subprocessors) that support various aspects of our business operations (e.g., analytics providers, security and technology providers, and payment processors).
Legal Disclosures and Business Transfers. We may disclose any information without notice or consent from you: (a) in response to a legal request, such as a subpoena, court order, or government demand; (b) to investigate or report illegal activity; or (c) to enforce our rights or defend claims. We may also transfer your information to another company in connection with a merger, corporate restructuring, sale of any or all of our assets, or in the event of bankruptcy.
Aggregate Data. We may combine Non-PII we collect with additional Non-PII collected from other sources for marketing. We also may share aggregated, Non-PII with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis.
The Website and the Services may contain links to other websites. If you choose to click on a third party link, you will be directed to that third party's website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other websites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
We do not target or allow persons under the minimum age of eligibility (the “Minimum Age”) to use the Services, and we do not knowingly collect information from persons under the Minimum Age. Minimum Age means: (a) 18 years old for the People's Republic of China; (b) 16 years old for the Netherlands; (c) 14 years old for the United States, Canada, Germany, Spain, Australia and South Korea; (d) 13 years old for all other countries; or (e) the minimum legal age to enter into a contract or use our Services in your jurisdiction. The Services are not for use by anyone under the Minimum Age. By registering to the Services, you represent and warrant that you are at least our Minimum Age.
We store Personal Information only while the owner account is active. We will delete Personal Information from our system following closure of an account or upon request as detailed below, storing and maintaining the information no longer than it takes to engage in our lawful business activities.
Regardless of the type of information, we take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage, and processing practices, and introducing security measures, including physical security measures, to guard against unauthorized access to systems where we store personal data.
We restrict access to Personal Information to Kromatic employees, service providers and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to protect your Personal Information, we cannot guarantee its absolute security. IN NO EVENT WILL KROMATIC OR ITS SUBSIDIARIES, AFFILIATES OR ANY PARTY INVOLVED IN CREATING, PRODUCING OR DELIVERING THE SITE BE LIABLE IN ANY MANNER WHATSOEVER FOR ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL OR PUNITIVE DAMAGES ARISING OUT OF YOUR ACCESS, USE OR INABILITY TO USE THE SITES, OR IN CONNECTION WITH ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS OR LINE OR SYSTEM FAILURE (INCLUDING LOST PROFITS, LOSS OF BUSINESS OR DATA, BUSINESS INTERRUPTION, AND DAMAGES THAT RESULT FROM INACCURACY OF THE INFORMATION OR INCONVENIENCE, DELAY, OR LOSS OF THE USE OF THE SITES). THE FOREGOING LIMITATIONS APPLY WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE STRICT LIABILITY OR ANY OTHER BASIS, EVEN IF KROMATIC OR ITS AFFILIATES OR ANY OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
As a citizen of the European Union, you are entitled to the full spectrum of the rights under the General Data Protection Regulation that entered into effect on May 25, 2018 and all data privacy regulations that preceded it to the extent that they were not preempted by the GDPR. While we do not intentionally make ourselves subject to the GDPR by operating in the European Union, we will do our best to accommodate any valid request within a reasonable amount of time, and in all cases in the statutorily required amount of time.
As required by the GDPR, we require that all processors and subprocessors of the data we collect have privacy practices no less restrictive than our own and are bound to agreements that require strict confidentiality as it relates to your Personal Information. We take your privacy rights very seriously and will always act in good faith to balance your legitimate privacy rights with our contractual, lawful, and ethical obligations as a business.