FSA Store Privacy Notice for California Residents
Last updated on December 30, 2019
PREAMBLE
This Privacy Notice for California Residents supplements the
information contained in FSA Store’s Privacy Policy available at
fsastore.com/Help/Privacy-Policy.aspx
and applies solely to all visitors, users, and others who reside in the
State of California (”consumers” or “you”). We adopt this
notice to comply with the California Consumer Privacy Act of 2018
(CCPA) and any terms defined in the CCPA have the same meaning when
used in this notice.
1. Information We Collect
Our Website collects information that identifies, relates to, describes,
references, is capable of being associated with, or could reasonably be
linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, FSA Store’s Website has collected the following
categories of personal information from its consumers within the last twelve
(12) months:
Category |
Examples
|
Collected
|
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online
identifier, Internet Protocol address, email address, account name,
Social Security number, driver’s license number, passport number, or
other similar identifiers.
|
YES
|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
|
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
|
YES
|
C. Protected classification characteristics under California or federal law.
|
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|
YES
|
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|
YES
|
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
NO
|
F. Internet or other similar network activity. |
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. |
YES
|
G. Geolocation data. |
Physical location or movements. |
YES
|
H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
NO
|
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
NO
|
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
NO
|
K. Inferences drawn from other personal information. |
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
NO
|
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, includes: (i) health or medical
information covered by the Health Insurance Portability and Accountability Act
of 1996 (HIPAA) and the California Confidentiality of Medical Information Act
(CMIA) or clinical trial data; and (ii) personal information covered by
certain sector-specific privacy laws, including the Fair Credit Reporting Act
(FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information
Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following
categories of sources:
- Directly from you. For example, from forms you
complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our website.
2. Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason
you provided the information. For example, if you share your name and contact
information to request a price quote or ask a question about our products or
services, we will use that personal information to respond to your inquiry. If
you provide your personal information to purchase a product or service, we
will use that information to process your payment and facilitate delivery. We
may also save your information to facilitate new product orders or process
returns.
- To provide, support, personalize, and develop our Website,
products, and services.
- To create, maintain, customize, and secure your
Account with us.
- To process your requests, purchases, transactions, and
payments and prevent transactional fraud.
- To provide you with support and to
respond to your inquiries, including to investigate and address your concerns
and monitor and improve our responses.
- To personalize your Website
experience and to deliver content and product and service offerings relevant
to your interests, including targeted offers and ads through our Website,
third-party sites, and via email or text message (with your consent, where
required by law).
- To respond to law enforcement requests and as required by
applicable law, court order, or governmental regulations. • As described to
you when collecting your personal information or as otherwise set forth in the
CCPA.
- To evaluate or conduct a merger, divestiture, restructuring,
reorganization, dissolution, or other sale or transfer of some or all of FSA
Store’s assets, whether as a going concern or as part of bankruptcy,
liquidation, or similar proceeding, in which personal information held by FSA
Store about our Website users is among the assets transferred.
FSA Store will not collect additional categories of personal information or use the personal
information we collected for materially different, unrelated, or incompatible
purposes without providing you notice.
3. Sharing Personal Information
FSA Store may disclose your personal information to a third party for a business
purpose. When we disclose personal information for a business purpose, we
enter into a contract that describes the purpose and requires the recipient to
both keep that personal information confidential and not use it for any
purpose except performing the contract.
We share your personal information with the following categories of third parties:
- Service providers.
- Product supply partners.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, FSA Store has disclosed the following
categories of personal information for a business purpose:
- Category A: Identifiers.
- Category B: California Customer Records personal information
categories.
- Category C: Protected classification characteristics under
California or federal law.
- Category D: Commercial information.
- Category F:
Internet or other similar network activity.
- Category G: Geolocation data.
We disclose your personal information for a business purpose to the following
categories of third parties:
- Service providers.
- Product supply partners.
4. Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to
request that FSA Store disclose certain information to you about our
collection and use of your personal information over the past 12 months. Once
we receive and confirm your verifiable consumer request (see Exercising
Access, Data Portability, and Deletion Rights subsection below), we will
disclose to you:
- The categories of personal information we collected about
you.
- The categories of sources for the personal information we collected
about you.
- Our business or commercial purpose for collecting or selling that
personal information.
- The categories of third parties with whom we share
that personal information.
- The specific pieces of personal information we
collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing the following: (i) sales, identifying the personal information
categories that each category of recipient purchased; and (ii) disclosures for
a business purpose, identifying the personal information categories that each
category of recipient obtained.
Deletion Request Rights
You have the right to request that FSA Store delete any of your personal information that we
collected from you and retained, subject to certain exceptions. Once we
receive and confirm your verifiable consumer request (see Exercising Access,
Data Portability, and Deletion Rights subsection below), we will delete (and
direct our service providers to delete) your personal information from our
records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information,
provide a good or service that you requested, take actions reasonably
anticipated within the context of our ongoing business relationship with you,
or otherwise perform our contract with you.
- Detect security incidents,
protect against malicious, deceptive, fraudulent, or illegal activity, or
prosecute those responsible for such activities.
- Debug products to identify
and repair errors that impair existing intended functionality.
- Comply with
the California Electronic Communications Privacy Act (Cal. Penal Code § 1546
et. seq.).
- Enable solely internal uses that are reasonably aligned with
consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information
that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, dataportability, and deletion rights described above, please submit a verifiable
consumer request to us by either:
Only you, or a person registered with the
California Secretary of State that you authorize to act on your behalf, may
make a verifiable consumer request related to your personal information. You
may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability
twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the
person about whom we collected personal information or an authorized
representative.
- Describe your request with sufficient detail that allows us
to properly understand, evaluate, and respond to it.
We cannot respond to your
request or provide you with personal information if we cannot verify your
identity or authority to make the request and confirm the personal information
relates to you.
Making a verifiable consumer request does not require you to
create an Account with us. However, we do consider requests made through your
password protected account sufficiently verified when the request relates to
personal information associated with that specific Account.
We will only use
personal information provided in a verifiable consumer request to verify the
requestor’s identity or authority to make the request.
For instructions on
exercising sale opt-out rights, see Personal Information Sales Opt-Out and
Opt-In Rights subsection below.
Response Timing and Format
We endeavor to
respond to a verifiable consumer request within forty-five (45) days of its
receipt. If we require more time (up to 90 days), we will inform you of the
reason and extension period in writing.
If you have an Account with us, we
will deliver our written response to that Account. If you do not have an
Account with us, we will deliver our written response by mail or
electronically, at your option.
Any disclosures we provide will only cover the
12-month period preceding the verifiable consumer request’s receipt. The
response we provide will also explain the reasons we cannot comply with a
request, if applicable. For data portability requests, we will select a format
to provide your personal information that is readily useable and should allow
you to transmit the information from one entity to another entity without
hindrance.
We do not charge a fee to process or respond to your verifiable
consumer request unless it is excessive, repetitive, or manifestly unfounded.
If we determine that the request warrants a fee, we will tell you why we made
that decision and provide you with a cost estimate before completing your
request.
Personal Information Sales Opt-Out and Opt-In Rights
We will not sell
your personal information to any party. If in the future, we anticipate
selling your personal information to any party, we will provide you with the
opt-out and opt-in rights required by the CCPA.
5. Non-Discrimination
We will
not discriminate against you for exercising any of your CCPA rights. Unless
permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different
level or quality of goods or services.
- Suggest that you may receive a
different price or rate for goods or services or a different level or quality
of goods or services.
6. Other California Privacy Rights
California’s “Shine
the Light” law (Civil Code Section § 1798.83) permits users of our Website
that are California residents to request certain information regarding our
disclosure of personal information to third parties for their direct marketing
purposes. To make such a request, please contact us either by mail to FSA
Store Inc., 240 West 37th Street, 6th floor, New York, NY 10018; Attn: Privacy
Policy, or email to privacy@fsastore.com and we will endeavor to deal with
your request as soon as possible.
7. Changes to Our Privacy Notice
FSA Store reserves the right to amend this privacy notice at our discretion and at any
time. When we make changes to this privacy notice, we will post the updated
notice on the Website and update the notice’s effective date. Your continued
use of our Website following the posting of changes constitutes your
acceptance of such changes.
8. Contacting Us
If you have any questions or
comments about this notice, the ways in which FSA Store collects and uses your
information described below and in the Privacy Policy, your choices and rights
regarding such use, or wish to exercise your rights under California law,
please do not hesitate to contact us either by:
We will endeavor to deal
with your request as soon as possible. This is without prejudice to your right
to launch a claim with your data protection authority or follow the dispute
process set forth in the Terms and Conditions.