Who is the Data Controller for your personal data?
Smith & Fong Co., an organization established under the laws of the State of California, the United States of America, with offices located at 394 Bel Marin Keys Blvd., Ste. 6, Novato, California, USA, 94949, is the data controller, including with respect to the requirements of the General Data Protection Regulation (“GDPR”), Regulation (EU) 2016/679.
The data controller’s legal representative in and for the European Union is Smith & Fong Ltd., an organization established under the laws of the United Kingdom, with offices located at Clay Barn, Ipsley Court, Berrington Close, Redditch, UK, B890TD.
What Information Does S&F Collect?
Information you share with us. We have access to information that you voluntarily provide us, including via email, while using our Site or services, or other contacts initiated by you. This may include information you disclose to us when signing up for email newsletters or charitable solicitations, event registrations, webinars, meetings or conferences. Information you share with us may include your personally identifiable information such as name, address, or other contact information, as well as various other information pertaining to your use of our products and services. Your personal data is collected and processed intending to deliver various products and services, including information and news, to you.
Information we learn from your use of our Site or services. We may use browser session data to store your session data while you browse our site. Though your data is typically only stored for that browser session, certain information may be saved by browser session and stored on our servers with a session ID.
Like many companies, we monitor the use of our Site and services, by collecting information pertaining to functional features such as browser type, operating system, IP address, and the like. This information may include data pertaining to you and your use of our products and services. This information is used to improve usability, performance and effectiveness of the Site, and may be disclosed to third parties as aggregate data.
We also use device information gleaned from cookies, log files, and various other online identifiers such as cookies to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Cookies and related data identifiers. In some instances, we may collect device information through cookies, pixel tags, web beacons, and other anonymous identifiers. We use this data in aggregate form without access to any personally identifying information. Although web browsers typically accept cookies and similar files by default, you can usually prevent this by selecting the appropriate privacy settings on your browser. However, if you do so, some functionality of our site may be impaired or lost, particularly any site customization features.
The Site does not use any tracking cookies or advertising cookies which enable targeted or behavioral advertising solicitations. The following functional and analytical cookies may be placed via the website without your prior consent when accessing or using our Site:
We predominantly use Google Analytics to help us understand how our clients use our Site, and to help us improve your user experience while accessing and using our Site. You can read more about how Google uses your personal information at https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics at https://tools.google.com/dlpage/gaoptout.
By connecting with us on social media, or accessing various Site features, you may visit third party websites that deploy other data identifiers beyond the control of S&F. To learn more about such third party websites’ privacy policies, and to take appropriate action to protect your personal data accessed through those third party websites, please visit the following links:
For Facebook: https://www.facebook.com/legal/FB_Work_Privacy
For Tweeter: https://twitter.com/en/privacy
For Pinterest: https://policy.pinterest.com/en/privacy-policy
For YouTube: https://policies.google.com/privacy?hl=en&gl=us
You can also find more information about cookies on various websites, including www.allaboutcookies.org.
Publicly Accessible Information. When you provide information to be published or displayed on public areas of the Site, or transmitted to other users of the Site or third parties (collectively, “User Contributions”), your User Contributions are posted on and transmitted to others at your own risk. For example, if you submit a product review or use a public posting feature on any Site, you should be aware that any information you share is visible to other users, can be read, collected, or used by other individuals to send you unsolicited messages. S&F is not responsible for the User Contributions you choose to submit. If you delete your User Contributions from the Site, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by others.
How Does Smith & Fong Use This Information?
We use the information we collect to provide the Site and its contents to you, to enable the interactive features of our Site, to provide any service or transaction you requested, and importantly, to maintain and improve the services we provide, including for example by providing you with a better user experience when accessing our Site. We only use or process your information in a way that is compatible with and relevant to the purpose for which it was collected or authorized for use, for example to fulfill any purpose for which you provide information, including to meet our obligations and enforce our rights arising from any contracts entered into between you and us (including for billing and collection purposes.)
We may share your personally identifiable information with authorized third-parties such as data processors, vendors, or contractors in order to provide you with a requested service or transaction. For example, to provide you with email newsletters we must share your personally identifiable information with our email newsletter service provider. We also use information collected from cookies and other anonymous identifiers to improve your user experience and the quality of our services.
We may collect and share personally identifiable information when we have a good faith belief that access to, or the use or disclosure of such information is reasonably necessary to satisfy any applicable law, rule, regulation, or enforceable governmental or administrative request, to enforce our applicable Terms of Service, including to detect, prevent, or address fraud, security or technical issues, or protect against harm to the rights, property or safety of S&F, our users or the public.
Our use of information other than for the purpose of completing a requested transaction or service is on an opt-in basis. This means that you will not receive communications from us regarding, for example special events, promotions, or new certified products, unless you have given us affirmative permission to receive such communications. You may at any time update your email subscriptions, including to completely opt-out of receiving any further email solicitations from us. Our email communications all include various links enabling you to modify or update your contact preferences, including to completely opt-out of further unsolicited contact, or you may contact us with your comments and inquiries at email@example.com.
We may use your information to contact you about our goods and services. If you do not want your information used for such commercial solicitations, please check the relevant box located on the form on which we collect your data, or send us an e-mail stating your opt-out request to firstname.lastname@example.org. If we have sent you a promotional e-mail, you may also send us a return e-mail asking to be omitted from future e-mail distributions. Note, these opt outs do not apply to information provided to S&F via the Site as a result of a product purchase, warranty registration, or other transactions.
We may also use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences, as well as for auditing, research, and analysis to improve S&F’s products and services and the Site.
Is My Information Shared With Other Companies?
At our discretion, we may share aggregated information about our users, which information does not identify any individual, such as aggregate information regarding visitor demographics, traffic patterns and site usage with our partners, advertisers or sponsors.
We may share personally identifiable information with third parties as necessary to render services you have requested or authorized, for example to trusted business partners who process information on our behalf, to our subsidiaries and affiliates, as well as contractors and service providers used to support our business.
We may also share your personally identifiable information with third parties if we have a good faith belief that access to or use of this information, or the preservation or disclosure of this information is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request; to enforce our Terms of Service, including for investigation of possible violations; detect, prevent, or otherwise remedy fraud, security threats or breaches, or other technical issues; and to prevent harm to the personal or property rights of C2CPII, or other third parties, as permitted by applicable laws.
How Do I Access Or Change My Personal Information?
To provide our products and services, and for you to gain the optimum benefits of our products and services, we need to store and provide you with access to your personal information. You can review, and update the personal information that we retain for your account by using the appropriate links provided in our email communications, or by contacting us at email@example.com.
We may ask you to verify your identity before we update your personal information. At our discretion, we may reject requests that are unreasonably repetitive, require disproportionate technical efforts, are impractical, or risk the privacy rights of other users. We may not immediately delete copies of your outdated information from our servers and may not remove all outdated information from our backup systems after you delete this information. This residual retention period is intended to protect our information servers from accidental or malicious loss of data.
Specific Information for Data Collected from International Users
S&F Sites and services are hosted and operated entirely within the United States of America, and any information you submit to us is presumed to be hosted on servers located within the USA, and you consent to this transfer of your personal information to United States jurisdiction by accessing or using our services. Please note that United States laws may vary from your national laws, and may not offer the same privacy protections as your national laws.
EU-Specific Safeguards and Procedures. For transfers of data outside the EU, S&F makes sure that there is an adequacy decision from the European Commission for the receiving party, and in the absence of such an adequacy decision, that there are appropriate safeguards to protect your personal data, which safeguards are commensurate with the requirements of the GDPR. You can contact firstname.lastname@example.org to obtain information on the safeguards.
Processing personal data of persons in the European Union will always be carried out in compliance with the GDPR, EU Regulation 2016/679. This means that you have several rights as a person in the European Union with regard to the processing of your personal data.
The following is a general overview of your EU-specific rights:
Access: You have the right to request information about your own personal data collected or processed by, or on behalf of, S&F.
Rectification: You have the right to request corrections when your own personal data is inaccurate or incomplete.
Objection and Erasure: You have the right to object to the processing of your personal data and to request an erasure of your personal data.
Restriction of processing: You have the right to request a restriction on the processing of your personal data in the situations regulated by Art. 18 of the GDPR.
Data portability: When the processing is carried out by automated means and is based on your consent, your personal data shall be presented to you in a structured, commonly used and machine-readable format. You further have the right to transmit the collected data to another controller.
Withdrawal of consent: You may withdraw your consent for the processing of your personal data.
For a complete overview please refer to the text of the GDPR, and upon your request, S&F will endeavor to provide you more specific information based on the specific facts of your request.
All requests can be submitted via email@example.com and will be processed within reasonable time. Your request will be followed up, except when S&F has a legitimate reason not to do so.
You may submit such complaints to your national data protection authority, or to binding arbitration provided through a neutral dispute resolution provider. For persons from the European Union, S&F may refer unresolved privacy complaints to the independent BBB Privacy Shield Program as administered by the Council of Better Business Bureaus.
What Are S&F’s Information Security & Compliance Practices?
For site security purposes, and to ensure that our Site and services remain publicly accessible, the platform for which the Site resides on utilizes software tools and programs intending to assure its confidentiality, integrity, and availability. Tools which are currently in use, or are to be deployed if necessary for the security of the Site include, but are not limited to, network security and monitoring tools (e.g., network firewalls, web application firewalls, routers, switches, intrusion detection systems, etc.), network Performance (e.g., monitoring tools to assess Site performance, uptime, etc.), as well as a variety of physical, electronic and procedural safeguards to help achieve Site safety and security. All information accessed through the Site is compliant with the requirements of Art. 32 of the GDPR.
We store your personal data on secure servers that are password protected and shielded from outside access by a firewall. We practice safety procedures intended to ensure, as far as possible, the security and integrity of all our information, including your personally identifying information. However, no system or information can ever be fully protected against every possible hazard. As a result, we cannot assure or warrant the security or privacy of any information you provide to us and, accordingly, you do so at your own risk.
The Children’s Online Privacy Protection Act (COPPA) was created to protect children under the age of thirteen from unsuspecting practices related to collecting, using, or disclosing any information about them. Our services are neither intended nor directed for use by children under the age of thirteen. C2CPII does not knowingly accept, collect, maintain or use any information from any child under the age of thirteen, and if a child whom C2CPII knows or suspects to be under the age of thirteen sends personal information to us online, we will only use that information to respond directly to that child, notify the parents, or seek parental consent.
Who Do I Contact With Other Questions?