What Personal Information We Collect
In order to provide services to our customers, we must collect certain personal information from and about you. Such services may include submitting shipping orders on your behalf, as well as others. Canary does not sell personal information.
The types of personal information collected, processed, and stored by Canary will be limited to those which are required to establish and maintain these services. This information has been collected and transferred to third parties within the last 12 months. Such information may include:
- Contact information (phone number and e-mail address)
- Shipping Address
- UserID and user profile information for Canary website and applications
- Occasionally we may request tax ID information when shipping internationally
How We Use Personal Information
Canary will use the information it collects in order to establish and maintain merchandising services as well as respond to inquiries, or perform other tasks that are necessary when acting as a merchandiser. In addition, information may be used for other legal purposes, such as audit, security, fraud prevention, or preserving and defending Canary’s legal rights.
For the data subject, uses may also include contacting you to establish or maintain shipping information involving you. These communications will only come directly from Canary (or agents working on behalf of Canary).
Data that has been anonymized does not personally identify you and is not covered by this Privacy Statement.
Canary will retain your personal information for as long as is necessary to provide our services, except where retention of personal information is necessary for compliance with a law, regulation, or other legal authority, or is otherwise permitted to be maintained for other legal purposes, such as audit, security, fraud prevention, or preserving and defending Canary’s legal rights.
Collection and Use of Non-Personal Information
We may also collect data in a form that, on its own, does not allow us to identify or contact a specific individual. We may use, transfer or disclose non-personal identifiable for any purpose. The following are examples of non-personal information that we collect and how we may use it:
- When you visit our websites, we may collect technical and navigational information, such as web browser type, Internet protocol address, language, location, time zone, unique device/browser identifier, and URLs requested so that we may better understand visitor behavior and improve our products, services, and content.
If we combine non-personal information with personal information the combined information will be considered personal information for the purposes of this Policy. Aggregated or anonymized information is not covered by this Policy.
Cookies and Other Technologies
Canary’s websites, products, services, and content may use “cookies” and other technologies such as web beacons and pixel tags. These technologies may be used to deliver our services as well as to help us better understand user behavior.
“Cookies” are alphanumeric identifiers in the form of data files that are inserted and stored by your web browser on your computer’s hard drive. We may set and access cookies on your computer to monitor usage history and to store your preferences and login information.
Most internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer, however, if you choose to eliminate cookies, the functionality of the website may be impaired or not operate properly.
We, or third-party service providers acting on our behalf, may use web beacons, or pixel tags to collect certain usage information. Web beacons are images embedded in a web page or email for the purpose of measuring and analyzing website usage and activity.
We use this information to provide, enhance and improve our products, services and content as well as to monitor and analyze its usage. Web beacons may also be used for the technical administration of our services, to better tailor our websites to user needs, to generate and derive useful data and information concerning the interests, characteristics and usage behavior of our users, and to verify that users meet our access criteria.
Pixel tags are also used to enable us to send email messages in a format a customer can read. They also tell us whether email has been opened. We may use this information to reduce, tailor, or eliminate messages that we send to users.
In some of our email messages we may use a “click-through URL” linked to web pages on our websites. When a recipient clicks on these URLs, a separate web server records their click before arriving at the destination. We use click-through data to help us determine the interest in particular content or topics. If you prefer not to be tracked in this way you may opt to not click on links contained in our emails.
Like most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data.
We may use this information to analyze trends, administer our website, and to learn about user behavior.
Transfer to Third Parties
In order to manage merchandising services that involve you, your information may be shared with third-party service providers that may be engaged to assist us in managing the processes required to provide these services. Any engagement of a third-party service provider will be governed by appropriate contractual requirements prohibiting the use of your information for any purposes beyond those specifically directed by Canary, and requiring that they ensure sufficient administrative and technical security mechanisms are in place to prevent your information from being improperly used, disclosed, or accessed.
As a result of the global scope of our operations, the sharing of your information with other service providers, partners, and customers may result in your data being sent to countries outside of your country of residence, which may have data protection laws that differ from those in your country of residence. Regardless of the source or destination location of your information, Canary will protect your information as described in this Privacy Statement and abide by all applicable data protection laws. Canary remains responsible for information that we share with third parties for processing on our behalf.
For individuals located in the European Economic Area (“EEA”) or Switzerland, when transfers to third parties outside of the EEA or Switzerland occur, Canary will put sufficient protections in place to ensure compliance with the applicable legal requirements, such as use of European Union (“EU”) Model Contracts, or language requiring adherence to the EU-U.S. or Swiss-U.S. Privacy Shield, or other such protocols as may be in place from time to time.
In addition, your personal information may be transferred to a third-party as a result of an asset sale, acquisition, merger, reorganization or other change of control or if we sell, merge or transfer any part of our business. Part of the sale may include your Personal Information.
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security, law enforcement or data privacy requirements.
Access to Personal Information
The amount of personal information that we require you to supply in order to use our services will be limited to that which is relevant to supply such services.
You have the right to request access to, withdraw your consent to the use and processing of, and request the correction of inaccuracies or erasure of your information that we maintain about you, subject to our obligations to maintain your information under applicable laws. We may limit or deny requests that interfere with our legitimate interests, or charge reasonable fees for access, except as prohibited by applicable law.
Because such information is necessary to the performance of the merchandising services that we provide to you, any request to withdraw consent for processing, or request erasure of your information may result in Canary being unable to continue providing its services. In response to a consent withdrawal request, Canary will describe the specific consequences of processing your request, with respect to Canary’s ability to continue providing services.
Canary will only store personally identifiable data about you for as long as it’s reasonably required to fulfill the purposes under which it was first provided by you unless a longer retention period is required or permitted by law.
You may make review, update access, correction, or deletion requests by contacting us at [email protected]; by mail at 2700 Camino Ramon, Suite 110, San Ramon, CA, 94583; or by toll-free telephone at 855-950-0110.
Protection of Personal Information
We take precautions to safeguard your information. Canary uses commercially reasonable technical, administrative and physical controls to protect your data. We use a combination of firewall barriers, data encryption techniques and authentication procedures, among others, to maintain the security of your personal information and our systems from unauthorized access. We also enforce physical access controls to our buildings and files.
Your personal information is stored and located on a secured server behind a firewall. We only authorize access to personal information for those employees, contractors and agents who need to know that information in order to administer, deliver, maintain, develop or improve our services.
Third-Party Sites and Services
Our websites and content may contain links to other websites. As such, Canary does not endorse and is not responsible for the privacy practices or the content of these third-party websites. We exercise no control over how your information is stored, maintained or displayed by third parties or on third-party sites.
To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov
2700 Camino Ramon Suite 110,
San Ramon, CA, 94583
For inquiries or complaints related to personal data, Canary will cooperate with EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner (collectively, “Data Protection Authority”) in the investigation and resolution of complaints brought under the Privacy Shield, including complying with advice given by Data Protection Authorities (as described in the Privacy Shield Principles). Individuals may contact their Data Protection Authority directly to resolve disputes.
Canary has committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to JAMS, an independent recourse mechanism provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Our commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Canary’s service is not directed to children. We do not knowingly collect personally identifiable information from children. If you, as a parent or guardian, become aware that your child has provided us with Personal Information without your consent, please contact us. If we become aware that a user is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
Consumer Rights Under the California Consumer Privacy Act.
This section applies solely to individuals who reside in the State of California (“Consumers”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California laws. Any terms defined in the CCPA have the same meaning when used in this notice.
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if our need to retain the information meets the exception criteria described in the CCPA.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us with the mechanism described in the above section “Access to Personal Information”
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will not discriminate against you for exercising any of your CCPA rights.
Privacy Changes and Questions
Last Updated: 11/1/19