Effective as of October 4, 2021
ACCESSIBILITY—IF YOU ARE HAVING ANY TROUBLE ACCESSING THIS PRIVACY POLICY OR THE WEBSITE, PLEASE CONTACT US AT WWW.CANDY.COM/CONTACT OR COMPLIANCE@CANDY.COM, 24HOURS A DAY, 7 DAYS A WEEK.
Candy.com is owned and operated by Candy Digital, Inc., a Delaware corporation, and/or its affiliates(“Company,” "we," "us," “our,” or “Candy Digital”).
We know you care about what information may be collected from and about you, how such information is used and shared, and the choices you have.
Accordingly, this policy ("Privacy Policy") explains how we collect, use, and disclose your personal and other information through this website, www.candy.com, including the mobile version (collectively, the "Website"),and our mobile application (the "App") if applicable (collectively, our “Properties”), and any other websites, apps, communications or services we provide (collectively, our “Services”). We will treat your information in a manner consistent with this Privacy Policy unless you have consented otherwise. Also, you may opt-out of certain uses and disclosures of your information, as further explained in this Privacy Policy.
Your Consent
By accessing and using the Properties, you consent to the collection, use, and disclosure of your information in accordance with this Privacy Policy and you agree to be legally bound by its terms. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF THIS PRIVACY POLICY, YOU MAY NOT ACCESS OR USE THE PROPERTIES.
1. Sources of Personal InformationWe collect personal information about you from the following sources:
a. Directly From You. We may collect personal information during your access or use of the Properties and through other online and offline interactions, such as when you sign up for marketing, make purchases, create an account, contact us for customer service or other assistance, and participate in promotions.
b. From Your Friends. If you consent, your friends and contacts may provide personal information about you in connection with a “friend” referral program and for other purposes. You should only provide us with information about another person if you have the right to provide that person’s information.
c. Cookies and Tracking Technologies. When you access or use the Properties, we may collect data about your device, internet usage, location, website activity, and other details about your use of theProperties through cookies and other tracking technologies. For further information on these practices, see Section 5 – “Cookies and Other Tracking Technologies.”
d. Service Providers. We may collect personal information from service providers who are assisting us in the supply of our products or services and carrying out our business, such as to provide a platform to sell third party products and services, and provide customer assistance.
e. Other Third Parties and Publicly Available Information. We may collect personal information from other third parties that provide information to us, such as Business Partners, advertising networks, data brokers, government and other public sources, and social media platforms and networks. “BusinessPartners” are third parties with whom we share personal information for their (or their service providers’)own purposes, such as for marketing purposes, and from whom we may receive personal information.For more information about Business Partners, see Section 4.f, below.
We may combine information that we receive from the various sources described in this Privacy Policy, including third-party sources, and use or disclose it for the purposes identified below.
Types of Personal Information Collected
We may collect the following types of information about you:
a. Identifiers, characteristics, and other information you provide, such as your contact information(including your name, email address, postal address, and telephone number), gender and other demographic information, payment method and payment information, authentication information you create (such as account password), birthdays, professional and educational information, and device identifiers (such as advertising IDs, pixel and cookie IDs, IP address, ICCID).
b. Internet and other electronic activity that is gathered automatically when you visit our Properties or interact with our App or advertisements, such as browsing and search history, browser information, device type, app, and OS version.
c. Geolocation information, such as IP-based or precise geolocation information. This may be collected automatically (such as through our App) or based on information you provide.
d. Commercial information and preferences, such as purchase information, favorite teams and players, non-fungible tokens and virtual collectibles (“NFTs”), and other preferences.
e. Audio, visual, and similar information, such as when you call us or provide pictures or other content.
f. Inferences drawn from any of the information we collect to create a profile about you reflecting your preferences and characteristics.
3. How We Use Your Personal InformationWe may use your personal information for the following purposes:
a. To provide you with products and services, such as to respond to your inquiries, process transactions and payments, fulfill your order, communicate with you, authenticate users, verify your eligibility for certain programs or benefits, and otherwise facilitate your relationship with us.
b. For marketing, such as to market Candy Digital goods and services or goods and services of those of our affiliates, Business Partners, and other third parties. You can always unsubscribe to Candy Digital email marketing via a link in the email. We may make additional methods available to you from time to time for you to unsubscribe from marketing. In addition, if you have provided us with a mobile phone number and we have separately obtained your consent to participate in our SMS marketing campaigns on behalf of ourselves or our affiliated entities, we may use such information in accordance with that separately obtained consent.
c. For insights, such as to identify trends and make inferences about you and your interactions with us or our affiliates and Business Partners, such as to analyze your behavior and preferences, and to evaluate and improve the products and services of our affiliates and Business Partners.
d. To comply with legal obligations, including keeping records required by law or to evidence our compliance with laws or to provide information to law enforcement.e. For internal business and operational purposes, such as:i. For our internal business administration, such as to manage customer accounts, including keeping general records of customers, sales, customer care, and other interactions;ii. Auditing related to our interactions with you;iii. For security purposes, such as to protect genuine customers and our business from fraud, to minimize the risk of false details being used, and to avoid abuse by fraudsters;iv. To manage competitions or other promotions that you have chosen to participate in;v. To comply with contractual obligations;vi. To improve or develop our products and services (including our marketing activity more generally), including operating our Properties and improving or personalizing your experience(such as building profiles about you or how you interact with us); andvii. For internal research and quality assurance.We may use de-identified, anonymized, or aggregated versions of your personal information for any purpose.
4. How We Share Your Personal Information
We, our affiliates, and Business Partners may share your information with each other. We may also share your personal information with third parties in the ways that are described in this Privacy Policy.
a. Affiliates: We may share your personal information with our affiliates, parents, and subsidiaries.
b. Service Providers: We may permit our vendors and subcontractors to access your personal information in connection with performing services for us. For example, in order to process your transactions, we may share your personal information with certain third parties, such as your credit card issuer, a third party credit verification company, the product handler, the delivery service, and vendors who may ship product to you directly from their warehouse (called drop-ship vendors). Other service provider examples include IT providers, internet service providers, and data analytics providers. We also use service providers to help us anticipate, prevent, and detect fraud. Before personal information is disclosed to such a party, we endeavor to require the party to agree to protect the privacy and confidentiality of your personal information.
c. With Third Parties to Provide You with Services or Communications: We may disclose your information to third parties to provide you with services or benefits. For example, if you participate in our auction programs, we may share your personal information with Business Partners and other third parties to operate the program.
d. With others for Legal, Security, or Safety Purposes: We may share your personal information: (i) as required by law or legal process; (ii) to prevent or investigate suspected or possible fraud, harassment, or other violations of any law, rule, or regulation; and (iii) to prevent or investigate suspected or possible violations of any terms or policies applicable to the Properties or the services provided by us or our third party providers or affiliates.
e. In Connection with a Corporate Transaction: We also may transfer your personal information in connection with a sale, merger, change of control, bankruptcy, or similar transaction.
f. With Business Partners for their Own Purposes: We may share your personal information withBusiness Partners. In many cases, such sharing is related to our operation of the Properties, such as sharing your personal information with a Business Partner (or their service providers), when you purchase that Business Partner's products or services (e.g., a brand, sports league, team or university/college/athletic department). Other examples of Business Partners that might receive your information include social networks, partners who work with us on promotional or sponsorship opportunities available on our properties, data analytics companies and other companies that may use the data to help us drive advertising-related revenue (including those who may have registered in California as a“data broker”), and partners who advertise on our sites to measure advertising effectiveness. We do not control how Business Partners use and share your information once they receive it. You will need to contact such Business Partners directly for information about their privacy practices or to exercise rights you may have (including if you would like to opt-out of receiving future emails from a BusinessPartner).
g. With other third parties with your consent.
5. Cookies and Other Tracking Technologies
Like many other websites and applications, we may automatically collect certain information regarding ourProperties' users. Such information may include, without limitation, the Internet Protocol ("IP") address (which may be used to determine your geographic location) of your computer/internet service provider, your device ID, your zip code, the date and time you access the Properties, the Internet address of a referring website, the operating system you are using, the sections or pages of the Properties that you visit, and the images and content viewed. Some of the ways in which we or the Properties may collect and use such information are further described below.
Clickstream Data. As you use the Internet, a trail of electronic information is left at each website you visit. This information, sometimes referred to as "clickstream data," can be collected and stored by a website's server.For example, clickstream data can tell the type of computer and browsing software you use and the address of the website from which you linked to the Properties. The Properties may collect and use clickstream data for the purposes described in this Privacy Policy and also as a form of aggregate information to anonymously determine how much time visitors spend on each page of our Properties, how visitors navigate throughout theProperties, and how we may tailor our Properties to better meet the needs of visitors. This information often will be used to improve our Properties and our services.
Cookies, Tracking Pixels, and Similar Technologies. The Properties may use cookies, a type of technology that installs a small amount of information on a user's computer or other device when they visit a website. Cookies permit a website to, for example, recognize future visits using that computer or device. The Properties may use other similar technologies (including, without limitation, tracking pixels, as described further below, and other identifiers) to gather information. The Properties also may use cookies and similar technologies on theProperties to customize your visit, to enable us to enhance our service, or for other purposes. For example, information provided through cookies is used to recognize you as a previous user of the Properties so you do not have to enter your personal information every time and to offer personalized content. We may also use and share such information to personalize marketing (for Candy Digital or for our affiliates, Business Partners, and other third parties, as further described in this policy), including as described in the section below regardingInterest-Based Advertising. You may choose to decline cookies by adjusting your browser preferences, but doing so may affect your use of the Website and your ability to access certain features of the Properties or engage in transactions through the Properties. If you delete your cookies, change browsers or change devices, cookies that the Properties may use (or an opt-out cookie) may no longer work. Cookies and similar technologies also may be used by our affiliates, a tracking utility company, and other parties to, for example, make it easier for you to navigate our Properties and other purposes, or to serve advertisements. We do not have access to or control over these cookies and technologies and we cannot state whether these parties will comply with this Privacy Policy.
Additionally, we may employ, either directly or through trusted third parties, tracking pixels. Tracking pixels are tiny, transparent graphics with a unique identifier, similar in function to cookies, and are used to provide analytical information concerning the user experience as well as to support custom marketing activities for users of the Properties. In contrast to cookies, which are stored on a user's computer hard drive, tracking pixels are embedded invisibly on web pages. The Properties may use tracking pixels to help us better manage content, such as by improving the user interface or improving our marketing programs or the marketing of our affiliates, Business Partners, and other third parties (including for Interest-Based Advertising as described below). The Properties may use information to create aggregate tracking information reports regarding user demographics, traffic patterns and purchases. We may also link tracking information with personal information.
Location Information; Push Notifications. The Properties may be collecting your location, geo-IP, and other similar data. We use this information to help us maintain and enhance the efficiency and usefulness of theProperties and for other purposes described in this Privacy Policy (such as marketing). Additionally, we may also receive location data from other third parties. The Properties may obtain the user's precise location for operational purposes such as fraud prevention. We may determine your zip code from the location data received from the mobile device of an App user, and users of the Properties also may elect to provide us with their zip code directly. We also may enable our App to offer automatic (or "push") notifications. We will provide push notifications only to those users who permit such notifications. If you would like to opt out of location based advertising and push notifications, please see the Choices section below.
Cross Device Matching. We may now or in the future have the ability to match your devices using the data collected, making educated predictions, and, in some cases, using deterministic data (e.g., unique identifiers)or other content across devices. We may then, subject to the limitations otherwise set forth in this PrivacyPolicy and applicable law, display targeted advertisements to you across your devices unless it is an OptedOut Device (as defined below) as further described in the Interest-Based Advertising Section below.
Device fingerprinting. We or our third-party service providers may analyze and combine sets of information elements from your device to identify it as a unique device. Information elements may include IP address, device identifier, browser type, operating system, data regarding network-connected hardware, login method, and information about your use of the Properties. To the extent that we or our third-party service providers combine this information with your personal information, we will treat the combined information as personal information under this Privacy Policy. Certain information elements such as IP address may, by themselves, constitute personal information under applicable law.
How We Use Information. Information collected by cookies and other tracking technologies may be collected and shared for the purposes described in this Privacy Policy, such as for system administration purposes, analytics, and to improve the Properties and our marketing efforts. We may also use the data to build a better picture of the type of offers and products that you might be interested in, for "Interest-BasedAdvertising" (described below) and push notifications. We also may use general location data, preferences, or other information received from the Properties, including through your mobile device such as through the App, to send you tailored marketing messages, including making product recommendations. Additionally, we may use information to engage in interactive, real-time discussions with users, which we or the users may initiate.We may also anonymize or aggregate any information collected using cookies and other tracking technologies and may use and share such data for any lawful purpose.
6. Blockchain DataIf you use Candy Digital NFT products, some information is publicly available information and may be seen by other users of the Candy Digital blockchain. Publicly available information includes your blockchain address(es), the time and date your transactions are finalized on the Candy Digital blockchain, the amounts and currency denominations of the transactions, and the other blockchain address(es) that are parties to any transactions you have made on the blockchain.
7. Interest-Based AdvertisingWe may use information we collect (alone or in combination with information provided by third parties and service providers) to deliver targeted advertising (about Candy Digital or other third party products and services) to you when you visit our Properties or other websites. Information about you (such as email address) as well as cookies and other tracking technologies (described above) may be used in this process.For example, if you are searching for information on a particular product, we may use that information to cause an advertisement to appear on other websites you view with information on that product. We may, now or in the future, have the ability to engage in “cross-device matching” to display targeted advertisements to you across browsers and devices (as described in Section 5 above).To further clarify, we partner with third parties that collect information across various channels, including offline and online, for purposes of delivering more relevant advertising to you or your business. Our partners may place or recognize a cookie on your computer, device, or directly in our emails/communications, and we may share personal information with them if you have submitted such information to us, such as your name, postal address, email address, or device ID. Our partners use this information to recognize you across different channels and platforms, including but not limited to, computers, mobile devices, and Smart TVs, over time for advertising, analytics, attribution, and reporting purposes.If you would like to opt-out of these interest-based advertisements or “cross-device matching,” please see theOpt-Out Process/Options and Additional Terms below in Section 11.
8. Data RetentionWe will retain your personal information for as long as your account is active (as determined by us) and for a reasonable time thereafter, or such other time period as prescribed by law. We also may retain your personal information for a longer period of time as needed to provide you services or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your personal information, we may continue to retain and use aggregate, anonymous data previously collected and/or anonymize and aggregate your personal information.
9. Contests and PromotionsIf contests or promotions are made available, the applicable contest or promotion rules may include rules regarding the collection, use, and disclosure of personal information. To the extent that those specific rules conflict with this Privacy Policy, the contest or promotion rules will supersede this Privacy Policy with respect to the conflicting terms and the non-conflicting terms of this Privacy Policy and our Terms of Use will continue to apply.
10. Third-Party Websites and Social Media ServicesThird-Party Websites. The Properties may contain links to other websites or Internet resources. When you click on one of those links, you are contacting another website or Internet resource. We have no responsibility or liability for, or control over, those other websites or resources or their collection, use and disclosure of your information. We suggest that you read the privacy policy and terms of use of each such website.Social Media, Widgets and Open Forums. Our Properties may allow you to engage with social media services, such as Facebook, Twitter, Pinterest and Instagram ("Social Networks"), and widgets such as the "Share this"button, or interactive mini-programs that run on our Properties or which link from Social Networks to ourProperties ("Social Functions"). These Social Functions may access, collect, and integrate with your SocialNetwork accounts and information. For example, these Social Functions may collect your IP address, identify which page you are visiting on our Properties, or set a cookie. Social Functions may also be used to register you as a Properties user. For example, if you are not currently registered as a Website user and you use certain Social Functions, you will be asked to enter your Social Network credentials and then be given the option to register and join the Website. If you choose to use these Social Functions, you may be sharing certain Social Network profile elements with us, including your name, birthday (month/day), comments, contacts, email address, photos, or favorite teams. This sharing is subject to each Social Network's own privacy policy and terms of use. We do not control those Social Networks or your profiles on those services.Nor do we modify your privacy settings on those services or establish rules about how your personal information on those services will be used. Social Functions are either hosted by a third party or hosted directly on our Properties. Your interactions with them are governed by the privacy policy of the company providing them. Please refer to the privacy settings in your Social Network account to manage the data that is shared with us through your account. Information you include and transmit online in a publicly accessible blog, chatroom, or Social Network, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without any restrictions. We do not control such uses of your personal information, and by using such services you assume the risk and acknowledge that the personal information provided by you may be viewed and used by us and/or third parties for any number of purposes and that the usage restrictions set forth in this Privacy Policy do not apply to such services.
11. Your ChoicesWe strive to offer you with choices about how information is used and shared. There are several ways in which you may opt out of the various programs and services we provide. Some of the ways in which you may opt out are described below.Opting Out of Our Services. If you receive a marketing email from us, you may unsubscribe from future marketing emails in accordance with our standard unsubscribe process. You may also unsubscribe from SMS messages by communicating with us through SMS. On most devices, App users may opt out of mobile communications from us via their device settings (mobile browser cookies require a separate opt-out, as explained below).Interest-Based Advertising Opt-Out and Do Not Track Signals. With respect to "do not track" (a/k/a “DNT”)signals or similar mechanisms transmitted by web browsers, the Properties do not respond to or honor such signals or mechanisms. This means that third parties, such as ad networks, web analytics companies, and social networking platforms (some of whom are discussed elsewhere in this Privacy Policy), may collect information about your online activities over time and across our Properties and other third-party online properties or services. These companies may use information about your visits to our Properties and other sites, and general geographic information derived from your IP address, in order to provide advertisements about goods and services of interest to you. For more information about third-party advertisers and how to prevent them from using your information, please visit http://www.networkadvertising.org/choices/. This is a site offered by the Network Advertising Initiative ("NAI") that includes information on how consumers can opt out from receiving interest-based advertising from some or all of NAI's members. You can also visit http://www.aboutads.info/choices, which is a site offered by the Digital Advertising Alliance ("DAA") that includes information on how consumers can opt-out from receiving internet-based advertising from some or all of DAA's participating companies. Opting out of interest-based advertising does not mean that you will no longer see any advertisements; rather, you will still see advertisements that are general and not tailored to your specific interests and activities. Further, cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted out on your computer browser, that opt-out will not necessarily be effective on your mobile device. In the event we are performing cross-device matching (as described above), once you have opted out on one device (“Opted-Out Device”), we will not use any new data from the Opted-Out Device to identify you on another device for interest-based advertising purposes and we will not use data from another device for interest-based advertising purposes on the Opted-Out Device.Mobile Application-Based Opt-Outs. To the extent we have launched an App, cookie-based opt-outs are not effective on mobile applications. You may opt out of certain advertisements on mobile applications or reset advertising identifiers via their device settings. To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, click on the following links:iOS - https://support.apple.com/en-us/HT202074Android - https://support.google.com/ads/answer/2662922?hl=enLocation Data Opt-Out. In some cases, such as when using an App, you may also adjust the settings on your mobile device to allow or restrict the sharing of location information. For example, the "location" permissions on your mobile device may allow you to elect whether to never share location information with us, to share location information only while you are using the Properties or always share location information even if you are not using the Properties. If you elect to not share your location information, you may be unable to access some features of our services that are designed for mobile devices. Also, in the event that you prevent the sharing of location information, we may still estimate your general location based on the IP address you use to access our services.12. Changes to Your AccountYou may request that we deactivate your account at any time by contacting us at fans@candy.com. You can help us maintain the accuracy of your information by notifying us of any changes to your personal information.13. Security of Your Personal InformationWhen you enter sensitive information, if applicable, we use reasonable security measures to protect the confidentiality of the personal information submitted to us both during transmission and after we receive it.
14. Children’s Privacy
We are committed to the preservation of online privacy for all of our visitors, including children. We sell services and products intended for purchase by adults (i.e., those age 18 or older). If you make a purchase on our Properties, you are representing that you are an adult. We will not knowingly collect any personal information from children under the age of 18 without the consent of that child's parent or guardian. If you are a child under the age of 18, you are not authorized to use the Properties without consent from your parent or legal guardian. If we become aware that personal information from a child under 18 has been collected without such child's parent or guardian's consent, we will use all reasonable efforts to delete such information from our database. If any parent, guardian or other responsible adult becomes aware that we have collected personal information from a child under the age of 18, please contact us at fan@candy.com.
15. California “Shine the Light”
Under California Civil Code Section 1798.83 (“Shine the Light”), California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address and mailing address and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. If you are a California resident: (i) to request the above information, or (ii) if you do not want your personal information shared with any third party who may use such information for direct marketing purposes and wish to opt out of such disclosures, please contact us by email at fan@candy.com.Please note that under Shine the Light, we are not responsible for removing your personal information from the lists of any third party who has previously been provided with your information, and any elections or privacy choices you may make with respect to receipt of certain types of e-mails or marketing communications from us will not apply to any such third parties. You should directly contact any third parties that send you communications regarding choices that they may make available to you concerning such communications.
16. Nevada Privacy Rights
If you are a Nevada resident, you have the right to request that we do not sell your covered information (as those terms are defined in N.R.S. 603A) that we have collected, or may collect, from you. We do not sell your covered information, however, if you would like to make such a request you may do so by contacting us atfan@candy.com.
17. Your California Privacy Rights
We collect information that identifies, relates to, describes, references, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.The California Consumer Privacy Act of 2018 (“CCPA”) refers to such information as “personal information.” If you are a California consumer, as defined by the CCPA, the CCPA provides you with specific rights regarding your personal information. This section describes the rights that California consumers have and explains how to exercise those rights. For the purposes of this section, personal information does not include: (i) information that is lawfully made available from federal, state or local government records; (ii) de-identified or aggregated data; or (iii) information excluded from the scope of the CCPA. To be clear, these rights are granted only to the extent that you are a California consumer under CCPA. The rights in this section are not intended to grant you additional rights, but only your rights under the CCPA.
Information We Collect; How We Collect It; How We Use It
Information about our data collection during the prior 12 months is described below.
California consumers may access, delete, and control certain uses of their information as set forth in Rights to Your Information. We also may collect information on behalf of our clients (“Clients”) to provide them with our advertising services and in such cases, the Client’s privacy policy, not this Privacy Policy, will apply. Please consult the Client’s privacy policy as applicable for information on your rights over personal information collected in relation to our Clients’ advertising.
In addition to the purposes set forth above and elsewhere in this Privacy Policy, each of these categories of personal information may be collected and used:
● To fulfill or meet the reason you provided the information.
● To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
● To carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including our Terms of Use), such as for billing and fulfillment.
● As described to you when collecting your personal information or as otherwise set forth in the CCPA.
● To help maintain the safety, security, and integrity of our Website, Services, databases and other technology assets, and business.
● For internal research for technological development and demonstration and to improve, upgrade, or enhance our Website and Services.
● For detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
● In emergency situations to protect the personal safety of us, our users, or the public.
● To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Candy Digital’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Candy Digital about ourWebsite and Service users is among the assets transferred.Sharing of Personal InformationCandy Digital may disclose your personal information to a third party for a business purpose or sell your personal information, subject to your right to opt out of those sales (see Personal Information Sales Opt-Out and Opt-In Rights, below). The chart found above under Information We Collect; How We Collect It; How WeUse It lists the categories of third parties with which we may share your personal information.Rights to Your InformationRight to Know About Personal Information Collected, Disclosed or SoldAs a California consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights, below), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:
● The categories of personal information we collected about you.
● The categories of sources from which the personal information is collected.
● Our business or commercial purpose for collecting or selling that personal information.
● The categories of third parties with whom we share that personal information.
● The specific pieces of personal information we collected about you (also called a data portability request).
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (seeExercising Access, Data Portability, and Deletion Rights, below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. However, we maybe retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.
Exercising Access and Deletion Rights
To exercise the access and deletion rights described above, please submit a request to us by contacting us atmydata@candy.com or by visiting www.candy.com/contact.
Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above.
The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative of that person.For more information about verification, see Response Timing and Format immediately below.
Response Timing and Format
We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized accessor deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, in whole or in part, the response we provide will also explain the reasons we cannot comply.Personal Information Sales Opt-Out and Opt-In RightsYou have the right to direct us to not sell your personal information at any time (the "right to opt-out"). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is at least 16 and less than16 years of age, or the parent or guardian of a consumer less than 16 years of age. To our knowledge, we do not sell the personal information of minors under 16 years of age.To exercise the right to opt out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page:"Do Not Sell My Personal Information"Alternatively, you may submit an opt-out request by visiting: candy.com/FAQ.
You may change your mind and opt back in to personal information sales at any time by visiting the followingInternet Web page: OPT-IN INSTRUCTIONSNon-DiscriminationWe will not discriminate against you for exercising any of your CCPA rights, including but not limited to, by:
● Denying you goods or services.
● Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.● Providing you a different level or quality of goods or services.
● Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.18. Additional European DisclosuresIF YOU ARE SITUATED IN THE EUROPEAN ECONOMIC AREA, SWITZERLAND, OR THE UNITED KINGDOM, THIS SECTION APPLIES TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.Legal BasisWe will only use your personal data, as that term is defined under the General Data Protection Regulation(“GDPR”), when the law allows us to. Most commonly, we will use your personal data in the following circumstances:● Where we need to perform the contract we are about to enter into or have entered into with you.
● Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
● Where you have consented to a certain use of your personal data.
● Where we need to comply with a legal or regulatory obligation.To the extent permitted under applicable laws, we will also process, transfer, disclose, and preserve personal data when we have a good faith belief that doing so is necessary.Data controllerCandy Digital is the data controller of all personal data collected through our Services. To contact us, please see the section titled Contact.If you are situated in the EEA, Switzerland, or the UK and have any complaints regarding our privacy practices, you have the right to make a complaint at any time to your local supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority so please contact us in the first instance. If you have a complaint, please contact our privacy manager can be contacted here: fan@candy.com.Provision of personal data and failure to provide personal dataWhere we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may not be able to provide certain services to you.Collection of personal data from third party sources
We may obtain personal data and other information about you, some of which may include personal data collected from public sources, through our third-party partners who help us provide our products and services to you. We will obtain cookie data about you from Google Analytics.Withdrawing your consentIf we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting us at fan@candy.com.
Data Transfer
We may transfer personal data from the EEA, Switzerland, or the UK to the USA and other countries, some of which have not been determined by the European Commission or UK data protection authorities to have an adequate level of data protection. Where we use certain service providers, we may use specific contracts approved by the European Commission or UK data protection authorities which give personal data the same protection it has in the EEA, Switzerland, or the UK. For more information about how we transfer your data, please contact us at fan@candy.com.Use of your personal data for marketing purposesWe strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising:
● Promotional offers from us: We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers maybe relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or used our services and, in each case, you have consented to our use of your personal data for marketing purposes.Data Subject RightsIf you are a situated in the EEA, Switzerland, or the UK, as a data subject, you have the right to:
● Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
● Request correction of the personal data that we hold about you. This enables you to have any in complete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
● Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
● Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
● Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
● Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
● Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
To exercise your rights under the GDPR, please contact us at fan@candy.com. Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.
19. Privacy Policy ChangesWe have the sole discretion to change, modify, add, or remove portions of this Privacy Policy from time to time.New versions of this Privacy Policy will be posted here. Our collection, use and disclosure of your information will be governed by the version of this Privacy Policy in effect at the time of such collection, use or disclosure. If we materially change the way that we collect, use or disclose your personal information, we will notify you through a notice, updated Privacy Policy on the Properties, or by email (sent to the email address specified in your account), prior to or upon the change(s) becoming effective. Accordingly, when you access or use the Properties, you should check the date of this Privacy Policy and be aware of any changes since the last version. Your continued use of the Properties following the posting of any changes to this Privacy Policy means that you accept such changes.
20. Servers in the United States of AmericaOur servers are maintained in the United States of America ("USA"). By using the Properties, you freely and specifically give us your consent to export your personal information to the USA and to store and use it in the USA as specified in this Privacy Policy. You understand that data stored in the USA may be subject to lawful requests by the courts or law enforcement authorities in the USA.21. Terms and ConditionsUse of the Properties is governed by, and subject to, the Terms of Use, and this Privacy Policy is incorporated therein. Your use or accessing of the Properties constitutes your agreement to be bound by the Terms of Use.
22. Contact
If you have any questions about this Privacy Policy, you may contact us at:
Candy Digital
180 Madison Avenue, 21st Floor
New York, NY 10016
or by email at: fans@candy.com
To the extent you believe we have not addressed your concerns or otherwise choose to do so, you have the right to lodge a complaint with a supervisory authority. You may contact the US Federal Trade Commission regarding your concerns.
4009753.2 33626-0001-000
4010696.3 33626-0002-000
Category
A. Personal identifiers.
B. Personal information covered by the California Customer Records statute (Cal.Civ. Code §1798.80(e)).
C. Protected classification characteristics under California or federal law.
D.Commercial information.
F. Internet or other similar network activity.
G. Location data.
H. Sensory data.
I. Professional or employment related information.
J. Non-public education information(per theFamilyEducationalRights andPrivacy Act(20 U.S.C.Section1232g, 34C.F.R. Part99)).
K. Inferences drawn from other personal information for profiling purposes.
Examples
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
Some personal information included in this category may overlap with other categories.
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Age (40 years or older),race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex(including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions),sexual orientation, veteran or military status, genetic information(including familial genetic information).
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
Physical location or movements.
Audio, electronic, visual, thermal, olfactory, or similar information.
Current or past job history or performance evaluations.
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
Used to create a profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Purposes for Which SuchInformationWasCollected in the Preceding 12Months orWill be Used
See Sections3.a-e; 4.a-f; and 7.
See Sections3.a-e; 4.a-f.
See Section3.d, e(ii)-(iii).
See Sections3.a-e; and4.a-e, g.
See Sections3.a-e; 4.a-g; and 7.
See Sections3.a-e; 4.a-g; and 7.
See Sections3.a, c-e; and4. a-b, d-e, g.
See Sections3.a, c-e; and4. a-b, d-e, g.
See Sections3.a-e; and 4.a-b, d-e, g.
See Sections3.a-e; 4.a-g; and 7.
Categories of Sources From Which Personal Information Has Been Collected in the Preceding 12 Months or will be Collected
See Sections1.a-e.
See Sections1.a-e.
See Sections1.d-e.
See Sections1.a, c-e.
See Sections1.c-e.
See Sections1.a, c-e.
See Sections1.a, d-e.
See Sections1.d-e.
See Sections1.d-e.
See Sections1.c-e.
Categories of Third Parties With Whom the Website Shares Personal Information
See Sections4.a-g.
See Sections4.a-g.
See Sections4.a-b, d-e, g.
See Sections4.a-g.
See Sections4.a-g.
See Sections4.a-g.
See Sections4.a-b, d-e, g.
See Sections4. a-b, d-e, g.
See Sections4. a-b, d-e, g.
See Sections4.a-g.
Disclosed by CandyDigital in the Preceding Twelve (12)Months for a Business Purpose
YES
YES
YES
YES
YES
YES
YES
YES
YES
“Sold” (as defined byCCPA) by Candy Digital in the Preceding Twelve (12)Months
YES
NO
YES
YES
YES
NO
NO
NO
YES