Last Revised: September 11th, 2021
We may collect and use Personal Data provided by people who visit the References website located at www.references.nyc and all pages and subdomains thereof (the “Website”) and any person who uses our Services. By our “Service” or “Services,” we mean the Website and other services provided by us as described in the Terms and Conditions (the “Terms”) located at www.references.nyc/terms-and-conditions.
- “Employee” means an employee of Company.
- “Personal Data” means any information relating to an identified or identifiable natural person or considered personally identifiable information by law.
- “Public Area” means those portions of the Website that can be accessed both by Users and Visitors, without needing to log in.
- “Restricted Area” means those portions of the Website that can be accessed only by logging in as a registered user.
- “Third Parties” means any actual or prospective customer, distributor, reseller, vendor, supplier, consultant, professional adviser, business partner, consignee or any other third party that does or may do business with References.
- “User Data” means Personal Data a User provides to use the Service.
- “User” means a person or entity that registers with the Website and uses the Service.
- “Visitor” means an individual other than a User, who uses the public area, but has no access to the Restricted Area of the Website or Service.
2. Information We Collect
2.1 User Provided Information. We collect information to provide and improve our Services to you. We sometimes collect Personal Data including:
- “Cookie Data”: References also uses “cookies” to collect certain information from all Users and Visitors, including those who do not directly interact with our Website. A cookie is a string of data our system sends to your computer and then uses to identify your computer when you return to our Website, as further described below. Cookies give us usage data, like how often you visit, and where you go on the site. References’ script, once embedded in the website, will accept browser cookie information for all Users and Visitors to our Website. Collecting data for all Users and Visitors allows us to provide targeting options for marketing and advertising purposes.
- “Marketing Information“: From time to time, we may gather information about our Users and prospective users during marketing events and other functions for follow up marketing purposes.
- “Registration Information”: In providing Services, we collect personally identifiable information, including a User or User’s name, e-mail address, telephone number, birth date, address, and other personally identifiable information that may be required to use the Services.
- “Usage Data“: We may also collect information that your browser sends whenever you visit our Service. This may include information such as your computer’s Internet Protocol address (i.e. IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and the like. Usage Data may also include data about your purchasing patterns, your contact details, and your profile information.
When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
- “User Activities Information“: We may record and retain the records of some user activities when you use the Service. We may associate information about you with the pages you may have viewed recently at our Website, any uploads to our Website and/or a history of any communications you may have had with any of our representatives, including any problems with the Service you may have reported and other non-personally identifiable information.
2.2 Collected Information. By “Collected Information” we mean Registration Information, Cookie Information, Usage Data, User Activities Information, Marketing Information, and any information we may collect from you, from our affiliates, or from other parties or through any other means.
3. How we Use Collected Information
We use the Collected Information for purposes of improving our Service and as more fully described below:
3.2 Registration Information: We may use your Registration Information or other Collected Information to provide services that you request or to contact you regarding additional services if we think that you might be interested in them. Specifically, we may use your email address, mailing address, or phone number to contact you regarding notices, product alerts, new service or product offerings and communications relevant to your use of our Website. We may also generate reports and analysis based on Registration Information for internal analysis, monitoring, and marketing decisions.
You can determine if and how a cookie will be accepted by configuring your browser, which is installed in the device you are using to access the Website. If you desire, you can change those configurations in your browser to accept all cookies, to be notified when a cookie is sent, or to reject all cookies. If you reject all cookies you may be required to re-enter your information on our Website more often and certain features of our Website may be unavailable.
Examples of Cookies we may use:
- Session Cookies. We may use Session Cookies to operate our Service.
- Preference Cookies We may use Preference Cookies to track your preferences.
- Security Cookies. We may use Security Cookies for security purposes.
3.4 Usage Data: We may use Usage Data to provide value-added services to our Users, affiliates, or related entities, including without limitation to providing pattern and behavioral data to facilitate marketing initiatives and decision-making.
3.5 User Activities Information: We use User Activities Information to provide the Services that you request. We may also generate reports, statistics and analysis based on User Activities Information to enhance and improve our Services.
3.6 Statistical Information: We use statistical information to help diagnose problems with and maintain our computer servers, to manage our Services, and to enhance our Services based on the usage pattern data we receive. We also may generate reports and analysis based on the statistical information for internal analysis, monitoring and marketing decisions. We may provide statistical information to third parties. We also may provide general statistical information on the Website, such as the amount of clothing items Company picked up per month. When we provide statistical information to third parties or on the Website, we depersonalize or anonymize any Personal Data to prevent disclosure of personally identifying information without your permission.
3.7 Disclosed Personal Information: Uses of any Personal Data by any of our Users are subject to privacy laws in each of their respective jurisdictions. Each of our Users, Employees, Visitors and Vendors are solely responsible for observing applicable laws and regulations in its respective jurisdictions to ensure that all use of the Website and Services are in compliance with the same. Each of our Users, Visitors, Vendors and Employees are expressly prohibited from using any Personal Information for illegal activities.
4. Disclosure of Data
4.1 Unrestricted Information. Any information included in a Public Area of the Service will be available to any Visitor or User who has access to that content.
4.2 Disclosure to Service Providers. We give certain third-party vendors and partners access to Personal Data, and we reserve our right to disclose your information to Third Parties for promotional or other business purposes. These Third Parties assist us with data storage, analytics, web hosting, and other related technology services, and additionally provide logistical support in broadcasting Videos to satellite channel(s). We also may disclose PII to attorneys, collection agencies, or law enforcement authorities to address potential Acceptable Use Policy (AUP) violations, other contract violations, or illegal behavior. And we disclose any information demanded in a court order or otherwise required by law or to prevent imminent harm to persons or property. We may disclose personal information to our past, current or future subsidiaries and affiliates. We may also provide PII to contractors, service providers and other Third Parties that we use to support our business and who are bound by contractual obligation to keep PII confidential and use it only for the purposes for which we disclose it to them. Finally, we may share PII in connection with a corporate transaction, like a merger or sale of our Company, or a sale of all or substantially all of our assets or of the product or service line you received from us, or a bankruptcy or liquidation where the business is not continuing as a going concern. This site may contain content and plugins from social media platforms. These plugins allow you to share information from our website to your social media account. When you use these social media services, third parties may store and/or access data which we do not control. If you are logged into one of your social media accounts while visiting a webpage on this Site that contains a social media plugin, the social media plugin may allow the relevant social media platform to receive information that you visited this Site and link it to your social media account. We do not control these third-party platforms, and information collected is governed by the privacy statement of the third party that provides the relevant platform. We encourage you to review these platforms’ privacy statements for more information.
As noted above, we compile Website usage statistics from data collected through cookies. We may publish those statistics or share them with third parties, but they do not include PII.
4.4 Disclosure for Law Enforcement. Under certain circumstances, References may be required to disclose or make public Collected Information, including Personal Data. For example, we may disclose Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation, for example in response to a subpoena or other judicial order or when we reasonably believe that such disclosure is required by law, regulation or administrative order of any court, governmental or regulatory authority.
- To protect and defend the rights or property of Company, including to identify, contact or bring legal action against someone who may be infringing or threatening to infringe, or who may otherwise be causing injury to or interference with, the title, rights, interests or property of Company, our Users, Clients, partners, affiliates, Visitors, or anyone else who could be harmed by such activities.
- To prevent or investigate possible wrongdoing in connection with the Service.
- To protect the personal safety of users of the Service or the public.
- To protect against legal liability.
- To pursue a claim or prevent further injury to Company or others If we have reason to believe that a User is in breach of the Terms and Conditions or any other agreement with us.
5. Retention of Personal Data
References has a bring your own device policy (i.e. employees are allowed to use their own devices) to store References data. We do not use mobile device management nor do we maintain disaster recovery or back up data.
The GDPR and similar regulations identify some PII that places “special categories” of data, also known as “sensitive information.” Sensitive information is information or data revealing (i) racial or ethnic origin; (ii) political opinions; (iii) religious or philosophical beliefs; (iv) trade-union membership; (v) genetic information; (vi) biometrics; health; (vii) sex life or sexual orientation; (viii) criminal convictions and related information. References does not collect or process sensitive information on our Website.
We may also retain Usage Data for internal analysis purposes. While Usage Data is generally retained for a shorter period of time, it may be retained for a long period of time if it is used to strengthen the security or to improve the functionality of our Service, or if we are legally obligated to retain this data for longer time periods.
6. Deletion of Personal Data
References does not have a written data retention or data deletion policy. References may delete PII data at its sole discretion. References does not automatically delete data after a certain period of time.
7. Transfer of Data
We are a business with Users in the United States, and your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your city, state or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
8. Security of Data
We employ the following data security tools to protect PII: access to User data is limited to References employees or personnel within the References organization or References’ agents, vendors, contractors or service providers; and References encrypts data that it stores or retains through its shopping cart software and its CRM. Individuals outside the References organization or not associated with References do not have access to PII. Even with these measures, we cannot absolutely guarantee the security of PII against all potential intrusions or every human error. By using our Service, you accept any and all risks that accompany the transmission of PII. Further, Company is not responsible for the consequences arising from the circumvention of its privacy settings or security measures contained on the website.
References does not employ a data protection officer nor does it maintain a register or database of data processing activities in a format that the data protection officer can access and review. However, References will take reasonable measures to secure the data.
- Children’s Privacy
Our Service does not address and is not directed towards anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent or other legal justification, we will take steps to remove that information from our servers.
10. Your Rights
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
10.1 Modifying Personal Data. Whenever made possible, if you have registered to use our Service, you can update your Personal Data by contacting us to make the required changes. Requests for changes to your Personal Data can be submitted via email to firstname.lastname@example.org.
10.2 Removing Personal Data. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please submit your inquiry to email@example.com.
10.3 Data Portability. You have the right to data portability for the information you provide to Company. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it. We will provide such data as it may be reasonably available and technologically feasible to obtain or segregate from other data.
10.4 Other Data Subject Rights. In certain circumstances, you have the right:
- To access and receive a copy of the Personal Data we hold about you
- To rectify any Personal Data held about you that is inaccurate
- To request the deletion of Personal Data held about you
Please note that we may ask you to verify your identity before responding to such requests. For any requests in which you are not an account holder with References, please initially contact the User that provided the survey to which you responded or who otherwise collected or processed your Personal Data.
12. Contact Us
Privacy Notice for California Residents
Last Revised: September 11th, 2021
Any terms defined in the California Consumer Privacy Act (“CCPA”) have the same meaning when used in this CA Privacy Notice. California residents with disabilities may access this notice in an alternative format by emailing us at firstname.lastname@example.org. Company will continue to revise our CA Privacy Notice to reflect the development of the CCPA and our understanding as to how it relates to our data practices.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include publicly available information from government records, or deidentified or aggregated consumer information. In particular, we have collected the following categories of personal information from our consumers, where indicated “YES” below, within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).||
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||NO|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
Use of Personal Information
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (as further defined below in Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or using that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- Sales, identifying the personal information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at email@example.com. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period. The “verifiable consumer request” must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Changes to Our CA Privacy Notice
We reserve the right to amend this CA Privacy Notice at our discretion and at any time. When we make changes to this CA Privacy Notice, we will post the updated notice on the Website. Your continued use of the Website following the posting of changes constitutes your acceptance of such changes.