WEBSITE PRIVACY POLICY

PRIVACY POLICY

Last Updated: 6/28/2024

PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR PERSONAL INFORMATION AS WELL AS YOUR CHOICES AND RIGHTS. IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, YOU SHOULD NOT ACCESS OR USE THE SITE.

INTRODUCTION

The Carlstar Group (also referred to herein as “we,” “us,” and “our”) is committed to protecting the privacy and security of the personal information we collect, use, share, and otherwise process as part of our business. We also believe in transparency, and we are committed to informing you about how we treat the data we collect and process.

When does this Policy apply? This Policy describes our practices for the personal information for which we are a “data controller” under applicable law. This includes information collected when you visit the websites we operate that link to this Policy (collectively, the “Site”). You may obtain an accessible version of this Policy by contacting us via the methods identified in the “Contact Us” section of this Policy.

HOW DO WE COLLECT, USE, AND DISCLOSE PERSONAL INFORMATION?

What Personal Information Do We Collect? We collect the following types of personal data for the purposes listed below. You may choose not to provide us with any personal information, but you will not be able to access portions of the Site that require personal information. For purposes of the EU General Data Protection Regulation, 2016/679 (the “GDPR”) and certain other applicable law, we act as a data controller with respect to the personal information described below.

Category	Description and Purpose
Contact Information	If you contact us, we may collect your name, address, email address, and phone number. We process Contact Information to operate our Site and business; to provide our products and services to you; to provide customer support; to ensure the privacy and security of our Site, products, and services; to administer promotions, contests, surveys, and other customer engagement features; to maintain our databases and back-ups; to manage our relationships with you; to serve you the content and functionality you request; to enhance your experience and provide you with a more personal and interactive experience; to communicate with you; and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. CCPA Categories: Identifiers, Categories Described in the Customer Records Statute
Communications and Inquiries	If you contact us, sign up for one or more of our mailing lists, submit a question or review, send us a message, or otherwise inquire about our products or services, in addition to your Contact Information, we will receive the subject matter of your message and any comments, content, or other information that you choose to provide. We process Communications and Inquiries to operate our Site and business; to provide our products and services to you; to provide customer support; to ensure the privacy and security of our Site, products and services; to administer promotions, contests, surveys, and other customer engagement features; to maintain our databases and back-ups; to manage our relationships with you; to serve you the content and functionality you request; to enhance your experience and provide you with a more personal and interactive experience; to communicate with you; to keep records of our communications with you; to determine user interests; and to develop new products and services. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. CCPA Categories: Identifiers, Categories Described in the Customer Records Statute, Commercial Information, Audio, Electronic, Visual, or Similar Information
Account Information	When you create an account with us, in addition to your Contact Information, we collect your username or account ID and the password that you choose to create. We don’t require you to register or provide personal information to view our Site or access much of its content. However, you may be required to create an account to use certain features, order products, register your products, or receive certain offers. We use Account Information to operate our Site and business; to provide our products and services to you; to provide customer support; to ensure the privacy and security of our Site, products, and services; to administer promotions, contests, surveys, and other customer engagement features; to maintain our databases and back-ups; to manage our relationships with you; to serve you the content and functionality you request; to enhance your experience and provide you with a more personal and interactive experience; to communicate with you; to keep records of our communications with you; to determine user interests; to develop new products and services; and for usage analytics purposes. The legal basis for this processing is our legitimate interests in the proper administration of our Site and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. CCPA Categories: Identifiers, Categories Described in the Customer Records Statute, Commercial Information
Order and Payment Information	If you purchase products from us, our payment processor will receive your credit/debit card number, security code, and expiration date; other applicable financial information; and your billing information and address. We will also receive your shipping details. We keep records of the products purchased along with your Contact Information. We use Order and Payment Information to operate our Site and business; to provide our products and services to you; to provide customer support; to ensure the privacy and security of our Site, products, and services; to administer promotions, contests, surveys, and other customer engagement features; to maintain our databases and back-ups; to manage our relationships with you; to serve you the content and functionality you request; to enhance your experience and provide you with a more personal and interactive experience; to communicate with you; to keep records of our communications with you; to determine user interests; to develop new products and services; for usage analytics purposes; to process and complete payments and other transactions, including refunds or returns; and to detect fraud and prevent loss. The legal basis for this processing is our legitimate interests in the proper administration of our Site and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. CCPA Categories: Identifiers, Categories Described in the Customer Records Statute, Commercial Information, Audio, Electronic, Visual, or Similar Information, Audio, Electronic, Visual, or Similar Information, Sensitive Information
Job Applicant Information	If you apply for a job position with us, we collect the information disclosed in our Job Applicant Privacy Notice, which supplements this Policy. We process job application information for the purposes disclosed in the Job Applicant Privacy Notice. CCPA Categories: As listed in the Job Applicant Privacy Notice
Business Information	If you join our affiliate program or testing panel, are engaged to assist us in our marketing efforts, or otherwise enter or seek to enter a business or contractual relationship with us, we will collect your Contact Information and other information necessary for such engagement. We process Business Information to operate our Site and business; to provide our products and services to you; to provide customer support; to ensure the privacy and security of our Site, products, and services; to administer promotions, contests, surveys, and other customer engagement features; to maintain our databases and back-ups; to manage our relationships with you; to serve you the content and functionality you request; to enhance your experience and provide you with a more personal and interactive experience; to communicate with you; to keep records of our communications with you; to determine user interests; to develop new products and services; and for usage analytics purposes. In addition, if you are engaged to assist in our marketing efforts, we may also process Business Information to manage the applicable marketing and advertising platform and provide related electronic commerce products and services; to monitor, process, and support transactions; to comply with legal or regulatory obligations applicable to the processing and retention of payment data; and to improve products and services. The legal basis for this processing is our legitimate interests in the proper administration of our Site and business, and, where applicable, taking steps, at your request, to enter into a contract. CCPA Categories: Identifiers, Categories Described in the Customer Records Statute, Commercial Information, Audio, Electronic, Visual, or Similar Information, Audio, Electronic, Visual, or Similar Information
Cookies and Similar Technologies	Our Site uses cookies and similar technologies. Please see the “Cookies and Similar Technologies” section of this Policy for more information. If you choose to disable cookies and similar technologies, some areas and features of the Site may not work properly. We process Cookies and Similar Technologies to operate our Site and business; to provide our products and services to you; to provide customer support; to ensure the privacy and security of our Site, products, and services; to administer promotions, contests, surveys, and other customer engagement features; to maintain our databases and back-ups; to manage our relationships with you; to serve you the content and functionality you request; to enhance your experience and provide you with a more personal and interactive experience; to communicate with you; to keep records of our communications with you; to determine user interests; to develop new products and services; and for usage analytics purposes. Where required by law, we rely on your express opt-in consent for the use of marketing, performance, and analytic cookies and similar technologies. The legal basis for processing of strictly necessary cookies is our legitimate interests in the proper administration of our Site and business. CCPA Categories: Identifiers, Internet or Other Electronic Network Activity Information, Geolocation Data
Device and Usage Information	When you visit the Site, we automatically collect information from your browser and your device, including the date and time of access; information about what pages you visit and how you navigate the Site; and your location, Internet Protocol (IP) address, device identifier, device type, operating system, and browser type. We process Device and Usage Information to operate our Site and business; to provide our products and services to you; to provide customer support; to ensure the privacy and security of our Site, products, and services; to administer promotions, contests, surveys, and other customer engagement features; to maintain our databases and back-ups; to manage our relationships with you; to serve you the content and functionality you request; to enhance your experience and provide you with a more personal and interactive experience; to communicate with you; to keep records of our communications with you; to determine user interests; to develop new products and services; and for usage analytics purposes. The legal basis for this processing is our legitimate interests in the proper administration of our Site and business. CCPA Categories: Identifiers, Internet or Other Electronic Network Activity Information, Geolocation Data

 

Other Processing Activities. We may also process personal information when necessary for the following:

• Accomplishing another purpose described to you when you provide the information, for which you have consented, or for which we have a legal basis under law.
• The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for this processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.)
• Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (The legal basis for this processing is our legitimate interest in the proper administration of our business.)
• Purposes that are consistent with, related to and/or ancillary to the purposes and uses described in this Policy for which your personal information was provided to us.

We may process your personal information in connection with any of the purposes and uses described in this Policy on one or more of the following legal grounds:

• Because it is necessary to perform the services you have requested or to comply with your instructions or other contractual obligations between you and us;
• To comply with our legal obligations as well as to keep records of our compliance processes;
• Because our legitimate interests, or those of a third-party recipient of your personal information, make the processing necessary, provided those interests are not overridden by your interests or fundamental rights and freedoms;
• Because you have chosen to publish or display your personal information on a public area of the Site, such as a comment area;
• Because it is necessary to protect your vital interests;
• Because it is necessary in the public interest; or
• Because you have expressly given us your consent to process your personal information in a particular manner.

We do not use personal information for making any automated decisions affecting or creating profiles other than as described herein.

Location of Processing. We have operations in the United States, and personal information may be transferred to, stored, and processed in the United States as well as other countries in which we or our, affiliates, partners, service providers, or agents maintain facilities. By sending us personal information or using the Site, you agree and consent to the processing of your personal information in locations such as the United States, which may not offer the levels of protection required in other countries. We rely on recognized legal bases to lawfully conduct cross-border/international transfers of personal information, such as express consent, when transfer is necessary for us to deliver services pursuant to an agreement, or when the transfer is subject to safeguards that assure the protection of the personal information.

Data Privacy Framework.

The Carlstar Group, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  The Carlstar Group, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  The Carlstar Group, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit HERE.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, The Carlstar Group, LLC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to American Arbitration Association (“AAA”), an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit HERE for more information or to file a complaint.  The services of the AAA are provided at no cost to you.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, The Carlstar Group, LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of both human resources data, as well as non-human resources data, received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

These services are provided at no cost to you. You may contact the respective authorities as follows:

EU or EEA: https://edpb.europa.eu/about-edpb/board/members_en

Swiss: https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows/transfer-of-data-to-the-usa.html

We also commit to cooperate with the EU/EEA data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to comply with the advice given by a panel of the data protection authorities or by the Commissioner with regard to data transferred from the EU, EEA, or Switzerland, respectively. In certain circumstances, each Data Privacy Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework.

The Federal Trade Commission has jurisdiction over our compliance with the Data Privacy Framework. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In any onward transfer of Personal Data, The Carlstar Group is responsible for the processing of any Personal Data it receives under the DPF Principles and any subsequent transfers to a third party acting as an agent on its behalf. We shall therefore remain liable under the DPF Principles, if any third party engaged by us processes any such Personal Data in any manner inconsistent with the DPF Principles, unless we prove we are not responsible for the event causing the damage.

Cookies and Similar Technologies

What are first and third-party cookies? A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your device and remain there until they expire at the end of your browsing session. “Persistent” cookies remain stored on your device until they expire or are deleted by you. Local shared objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you are visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.

What are “similar technologies”? In addition to cookies, there are other data collection technologies, such as Internet tags, web beacons, pixels (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as you navigate through and interact with a website. For example, web beacons are tiny graphics with unique identifiers that are used to understand browsing activity. UTM codes are strings that can appear in a URL when you move from one web page or website to another. The string can represent information about your browsing, such as which advertisement, page, or publisher sent you to the receiving website.

What Cookies and Similar Technologies Are in Use and Why Do We Use Them?

• Information we automatically collect. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Carlstar uses Google Analytics to understand how visitors use our site. Cookie data about your use of this website (including your IP address) will be transferred to and stored on a Google server. We use an anonymized Google Analytics application that truncates your IP address. In other words, Google shortens your IP address prior to transferring it to Carlstar. Google uses this information to evaluate your use of this website, compile reports on website activity and provide other services. Google may also transfer this information to third parties where required to do so by law, or where such third parties process this information on Google’s behalf. The IP address transmitted from your browser through Google Analytics will not be associated with other data held by Google.
  • You can prevent the storage of cookies by selecting the appropriate settings on your browser software. However, please note that if you do this you may not be able to make full use of all the functions of this website.
  • You may opt out of the collection and storage of data by Google at any time with future effect by downloading and installing a deactivation add-on for your browser. This will prevent Google Analytics from collecting and processing data about your website visits.
  • You can also prevent the collection of data by Google Analytics by clicking on the link below. An opt-out cookie will be set that prevents the future collection of your data when visiting this website: Disable Google Analytics.

Other third-party technologies. Some third parties may use data collection technologies to collect information about you when you browse the Internet. We do not control these third parties’ technologies or how they may be used. If you have questions about targeted content, you should contact the responsible party directly or consult their privacy policies.

Choices about cookies and similar technologies. Most web browsers are set by default to accept cookies. If you do not wish to receive cookies, you may set your browser to refuse all or some types of cookies or to alert you when cookies are being stored. These settings may affect your enjoyment of the Site’s functionality. Adjusting the cookie settings may not fully delete all of the cookies that have already been created. To delete them, you should review your web browser settings after you have changed your cookie settings. The links below provide additional information about how to disable cookies or manage the cookie settings:

Google Chrome:          https://support.google.com/chrome/answer/95647?hl=en

Firefox:                       https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Microsoft Edge:           https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09 

Safari:                         https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac  and https://support.apple.com/en-us/HT201265

For more information about how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/. You may learn more about internet advertising practices and related consumer resources at https://youradchoices.com/control, https://thenai.org/about-online-advertising/faq, and http://www.networkadvertising.org/choices.

How Do We Share Your Personal Information? When we are acting as the data controller or where permitted by applicable law, we may share your personal information in the following contexts.

Category	Description
Affiliates	We may share your information with our subsidiaries and affiliates and with their respective officers, directors, employees, and agents.
Distribution Partners	We may share your information with our trusted distribution partner(s), including when you contact us to obtain products or services and you are located in an area in which we use a distribution partner to service the area.
Corporate Transactions	We may disclose your information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of our company or some or all of our assets. If our business is acquired by or merged with another company, your information may be transferred to the new owners.
Legal Obligations and Rights	We may disclose information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws, including to meet national security or law enforcement requirements. We may also share information in order to establish or exercise our legal rights or claims; to defend against a legal claim; and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our contracts or terms. We may also disclose personal information as needed to protect vital interests.
Service Providers and Advisors	We may share information with our service providers and professional advisors (accountants, attorneys, etc.) that need access to information to provide services on our behalf.
Disclosures with Your Consent	We may ask if you would like us to share your personal information with unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your personal information in this context with your consent.
Deidentified and Aggregated Data	We may share with third parties aggregated information and anonymous or de-identified that does not identify any specific individual, such as groupings of demographic data or user preferences.

HOW LONG DO WE PROCESS YOUR INFORMATION?

We will keep your information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to operate our business, and to enforce our agreements.

We take reasonable steps to delete the personal information we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, and (3) if you ask us to delete your information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your personal information if we believe it is incomplete, inaccurate, or that our continued storage of your personal information is contrary to our legal obligations or business objectives. When we delete data, it will be removed from our active servers and databases, but it may remain in our archives when it is not practical or possible to delete it.

We may retain and use anonymous, de-identified, or aggregated information for as long as is permitted under applicable law.

HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

We have adopted security measures that are designed to protect the personal information under our control. From time to time, we review our security procedures and consider new technologies and methods.

But, no security system is perfect, and no data transmission is 100% secure. Although we strive to protect personal information, we cannot guarantee or warrant the security of any information transmitted to or from the Site. Your use of the Site is at your own risk. We cannot guarantee that your data will remain secure in all circumstances.

If a data breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.

YOUR RIGHTS AND CHOICES

Please use the “Contact Us” details at the end of this Policy to exercise your rights and choices under this Policy.

Email Preferences. We may send you emails about our Site, products, and services. If you do not want to continue receiving emails from us, you may opt-out by clicking the “unsubscribe” button at the bottom of our emails or by contacting us at privacy@carlstargroup.com. Please provide your name and contact information in your request, and we will respond to your request in accordance with applicable law. Please note that registered users cannot opt out of receiving transactional e-mails related to their account.

Accuracy and Updating Your Personal Information. Our goal is to keep your personal information accurate, current, and complete. If any of the personal information you have provided to us changes, please update it in your user/account profile, or let us know via the “Contact Us” details at the end of this Policy. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

Complaints. If you believe your rights relating to your personal information have been violated, please contact us via the “Contact Us” details provided at the end of this Policy.

Individual Rights. You may have certain rights relating to your personal data under local data protection laws, and we discuss the rights provided in various jurisdictions below. We honor individuals’ rights where required under applicable law, and, depending on the applicable laws, these rights may include the right to:

• Access or receive a copy of your personal information;
• Know more about how we process your personal information;
• Rectify inaccurate personal information and, taking into account the purpose of processing the personal information, ensure it is complete;
• Erase or delete your personal information;
• Restrict our processing of your personal information;
• Transfer your personal information to another controller, to the extent possible;
• Object to certain processing of your personal information;
• Opt-out of certain disclosures of your personal information to third parties, including the right to opt-out of targeted advertising, profiling, and the sale of your personal information;
• If you’re under the age of 16, or such other applicable age of consent, opt-in to certain disclosures of your personal information to third parties;
• Not be discriminated against for exercising your rights described above;
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
• Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.

All requests should be sent to the contact details noted in the “Contact Us” section of this Policy. Your personal information may be processed in responding to these rights. If you are exercising a right that is the responsibility of a third party, including one of our customers, we will direct you to contact the appropriate data controller who is responsible for responding to your request.

Nevada Residents

Nevada residents may submit a verified request to us at privacy@carlstargroup.com to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request, and we will respond to your request in accordance with Nevada law.

California Residents

All terms used in this section shall have the meanings given in the California Consumer Privacy Act, as amended (“CCPA”), when applicable.

CCPA Notice at Collection. We collect and process personal information for as described in the “How Do We Collect and Use Personal Information” section of this Policy. The relevant CCPA categories for this information are indicated above. We may provide a separate notice at collection if we collect additional information or intend to use information for additional purposes.

Data Practices During the Last 12 Months: The disclosures below describe our data practices during the last twelve months:

• Personal Information Collected: We have collected the categories of personal information listed below during the preceding 12 months:
  • Identifiers
  • Categories of Personal Information described in the California Customer Records statute
  • Commercial Information
  • Internet or Other Electronic Network Activity Information
  • Professional or Employment-related Information
  • Education Information
  • Geolocation Data
  • Audio, Electronic, Visual, thermal, or Similar Information
  • Sensitive Information
• Categories of Sources: We have collected the personal information identified in this Policy from you.
• Business and Commercial Purposes for Collecting: We have collected the categories of personal information listed above for the following purposes:
  • to operate our Site and business;
  • to provide our products and services to you;
  • to provide customer support;
  • to ensure the privacy and security of our Site, products, and services;
  • to administer promotions, contests, surveys, and other customer engagement features;
  • to maintain our databases and back-ups;
  • to manage our relationships with you;
  • to serve you the content and functionality you request;
  • to enhance your experience and provide you with a more personal and interactive experience;
  • to communicate with you;
  • to keep records of our communications with you;
  • to determine user interests;
  • to develop new products and services;
  • for usage analytics purposes;
  • to process and complete payments and other transactions, including refunds or returns;
  • to detect fraud and prevent loss;
  • to assess and document your qualifications for the requirements of your role;
  • for recruitment or human resources purposes;
  • to carry out our obligations under employment law, for the performance of the employment relationship, or as permitted by applicable law;
  • to facilitate reimbursements and to prevent fraudulent payments;
  • to confirm your identity and your entitlement to work in the applicable country;
  • to manage the applicable marketing and advertising platform and provide related electronic commerce products and services;
  • to monitor, process, and support transactions;
  • to comply with legal or regulatory obligations applicable to the processing and retention of payment data; and
  • to improve products and services.
• Personal Information Sold or Shared: We have sold or shared the categories of personal information listed below during the preceding 12 months. We have disclosed each category of personal information to the following categories of third parties: (1) subsidiaries and affiliates; (2) distribution partners; (3) advisors (accountants, attorneys); (4) service providers and contractors (data analytics, data storage, mailing, marketing, shipping fulfillment, payment processing, Site administration, technical support); and (5) operating systems and platforms. We do not knowingly sell or share the personal information of consumers under 16 years of age.
  • Identifiers
  • Categories of Personal Information described in the California Customer Records statute
  • Commercial Information
  • Internet or Other Electronic Network Activity Information
  • Professional or Employment-related Information
  • Education Information
  • Geolocation Data
  • Audio, Electronic, Visual, thermal, or Similar Information
• Business and Commercial Purposes for Selling/Sharing: We have sold or shared to the identified categories of third parties the categories of personal information listed above for the following purposes:
  • to operate our Site, and business;
  • to provide our products and services to you;
  • to provide customer support;
  • to ensure the privacy and security of our Site, products, and services;
  • to administer promotions, contests, surveys, and other customer engagement features;
  • to maintain our databases and back-ups;
  • to manage our relationships with you;
  • to serve you the content and functionality you request;
  • to enhance your experience and provide you with a more personal and interactive experience;
  • to communicate with you;
  • to keep records of our communications with you;
  • to determine user interests;
  • to develop new products and services;
  • for usage analytics purposes;
  • to process and complete payments and other transactions, including refunds or returns;
  • to detect fraud and prevent loss;
  • to assess and document your qualifications for the requirements of your role;
  • for recruitment or human resources purposes;
  • to carry out our obligations under employment law, for the performance of the employment relationship, or as permitted by applicable law;
  • to facilitate reimbursements and to prevent fraudulent payments;
  • to confirm your identity and your entitlement to work in the applicable country;
  • to manage the applicable marketing and advertising platform and provide related electronic commerce products and services;
  • to monitor, process, and support transactions;
  • to comply with legal or regulatory obligations applicable to the processing and retention of payment data; and
  • to improve products and services.
• Personal Information Disclosed for a Business Purpose: We have disclosed for a business purpose the categories of personal information listed below during the preceding 12 months. We have disclosed each category of personal information to the following categories of third parties: (1) subsidiaries and affiliates; (2) distribution partners; (3) advisors (accountants, attorneys); (4) service providers and contractors (data analytics, data storage, mailing, marketing, shipping fulfillment, payment processing, Site administration, technical support); and (5) operating systems and platforms.
  • Identifiers
  • Categories of Personal Information described in the California Customer Records statute
  • Commercial Information
  • Internet or Other Electronic Network Activity Information
  • Professional or Employment-related Information
  • Education Information
  • Geolocation Data
  • Audio, Electronic, Visual, thermal, or Similar Information
  • Sensitive Information
• Business and Commercial Purposes for Disclosing: We have disclosed to the identified categories of third parties the categories of personal information listed above for the following purposes:
  • to operate our Site, and business;
  • to provide our products and services to you;
  • to provide customer support;
  • to ensure the privacy and security of our Site, products, and services;
  • to administer promotions, contests, surveys, and other customer engagement features;
  • to maintain our databases and back-ups;
  • to manage our relationships with you;
  • to serve you the content and functionality you request;
  • to enhance your experience and provide you with a more personal and interactive experience;
  • to communicate with you;
  • to keep records of our communications with you;
  • to determine user interests;
  • to develop new products and services;
  • for usage analytics purposes;
  • to process and complete payments and other transactions, including refunds or returns;
  • to detect fraud and prevent loss;
  • to assess and document your qualifications for the requirements of your role;
  • for recruitment or human resources purposes;
  • to carry out our obligations under employment law, for the performance of the employment relationship, or as permitted by applicable law;
  • to facilitate reimbursements and to prevent fraudulent payments;
  • to confirm your identity and your entitlement to work in the applicable country;
  • to manage the applicable marketing and advertising platform and provide related electronic commerce products and services;
  • to monitor, process, and support transactions;
  • to comply with legal or regulatory obligations applicable to the processing and retention of payment data; and
  • to improve products and services.

 

No Financial Incentive. We do not offer financial incentives or any price or service difference in exchange for the retention or sale of your personal information.

Notice of Right to Opt-out of Sale/Sharing. As a California resident, you have the right to direct us to stop selling or sharing your personal information to third parties and to refrain from doing so in the future You may submit a request to opt-out of the selling or sharing of your personal information using the Submission Process identified below or by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). If you do not have an account with us or you are not logged into your account, the signal sent by your browser will be linked to your browser only and will not be linked to your account, as we do not have a way to associate the browser with your account.

Limited Use of Sensitive Information. We only use or disclose sensitive personal information for purposes permitted by the CCPA and to which the right to limit does not apply.

CCPA Individual Rights. California consumers have the rights described below. However, these rights do not apply in all instances and are subject to certain exceptions as a matter of law. By way of example, these rights do not apply where we collect or sell a consumer’s personal information if: (1) we collected that information while the consumer was outside of California, (2) no part of a sale of the consumer’s personal information occurred in California, and (3) no personal information collected while the consumer was in California is sold.

Request to Know. As a California resident, you have the right to request: (1) the specific pieces of personal information we have collected about you; (2) the categories of personal information we have collected about you; (3) the categories of sources from which the personal information is collected; (4) the categories of personal information about you that we have sold or shared and the categories of third parties to whom the personal information was sold or shared; (5) the categories of personal information about you that we disclosed for a business purpose and the categories of third parties to whom the personal information was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, selling, or sharing personal information; and (7) the categories of third parties to whom we disclose personal information. Our response will cover the 12-month period preceding our receipt of a verifiable request unless a longer period is requested by you.

Request to Delete. As a California resident, you have a right to request the erasure/deletion of certain personal information collected or maintained by us. As described herein, we will delete your personal information from our records and notify any service providers and contractors (as defined under applicable law) to delete your personal information from their records. However, we are not required to honor a deletion request if an exemption applies under the law.

Right to Correct. As a California resident, you have a right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes for which we process the personal information. We will use commercially reasonable efforts to correct the inaccurate personal information as directed by you.

Right to Limit Use and Disclosure. As a resident of California, you have the right to limit our use and disclosure of your sensitive personal information to that use which is necessary to perform our services and provide our goods as requested by you, or as otherwise permitted by law. We only use or disclose sensitive personal information for purposes permitted by the CCPA and to which the right to limit does not apply.

Right to Opt Out. As a resident of California, you have the right to direct us to stop selling or sharing your personal information to third parties and to refrain from doing so in the future. For purposes of this right, we do not sell or share personal information as defined under applicable law.

Submission Process. You may submit a request to exercise your rights by calling our toll-free telephone number 1-615-503-0231, by emailing privacy@carlstargroup.com, or by submitting your request through our  . If a request is submitted in an incorrect manner or if it is deficient, we will either (1) treat the request as if it had been submitted via the designated manner, or (2) provide you with specific directions on how to submit the request or remedy any deficiencies, as applicable.

Verification Process. We are required to verify the identities of those who submit requests to exercise certain of the above rights. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the personal information that we already maintain about you. As a part of this process, you will be required to provide your name, email address, address, and/or telephone number. We will inform you if we cannot verify your identity.

• If we cannot verify the identity of the person making a request for categories of personal information, we may deny the request. If the request is denied in whole or in part for this reason, we will provide a copy of, or direct you to, our privacy policy.
• If we cannot verify the identity of the person making the request for specific pieces of personal information, we are prohibited from disclosing any specific pieces of personal information to the requestor. However, if denied in whole or in part for this reason, we will evaluate the request as if it is seeking the disclosure of categories of personal information about the consumer.
• If we cannot verify the identity of the person making a request to delete, we may deny the request.
• If there is no reasonable method by which we can verify the identity of the requestor to the degree of certainty required, we will state this in our response and explain why we have no reasonable method by which we can verify the identity of the requestor. In such cases we may not be required to comply with the request or may request additional information reasonably necessary to verify the request.

Authorized Agents. Authorized agents may submit requests via the methods identified in this Policy. If you use an authorized agent to submit a request to know or a request to delete, we may require: (1) the authorized agent to provide proof that you gave the agent signed permission to submit the request; (2) you to verify your identity directly with us; and (3) you to directly confirm with us that you provided the authorized agent permission to submit the request. However, we may not require these actions with respect to confirmed guardianship, conservatorship, power of attorney, or other protective arrangement in accordance with applicable law.

Excessive Requests. If requests from a consumer are manifestly unfounded or excessive, in particular because of their repetitive character, we may either (1) charge a reasonable fee, or (2) refuse to act on the request and notify the consumer of the reason for refusing the request. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.

Non-Discrimination. You have the right not to receive discriminatory treatment by us due to your exercise of the rights provided by the CCPA. We do not offer financial incentives and price or service differences, and we do not discriminate against consumers, employees, applicants, or independent contractors for exercising their rights under the CCPA

California Shine the Light. Under California Civil Code Section 1798.83, California residents who provide personal information in obtaining products or services for personal, family, or household use may be entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for direct marketing uses. At present, we do not share your personal information with third parties for those third parties’ direct marketing purposes. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing, if any, will be included in our response. As part of the California Online Privacy Protection Act, all users of our Site may make any changes to their information at any time by contacting us at privacy@carlstargroup.com.

EU/EEA Residents

Right of Access. To the extent required by law, you have the right to receive confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; and the recipients or categories of recipient to whom the personal data have been or will be disclosed. We will provide a copy of your personal information in compliance with applicable law.

Right of Rectification. Our goal is to keep your personal information accurate, current, and complete. Please contact us if you believe your information is not accurate or if it changes.

Right to Erasure. In some cases, you have a legal right to request that we delete your personal information when (1) it is no longer necessary for the purposes for which it was collected; (2) consent has been withdrawn in certain instances; (3) you have objected to the processing in certain instances; (4) the personal information has been unlawfully processed; (5) the personal information has to be erased for compliance with a legal obligation; and (6) the personal information was collected in relation to the offer of information society services. However, the right is not absolute. When we delete personal information, it will be removed from our active servers and databases; but, it may remain in our archives when it is not practical or possible to delete it. We may also retain your personal information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.

Right to Restrict Processing. You have the right to restrict the processing of your data when (1) the accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose erasure and request a restriction instead; (3) we no longer need the personal data, but you need us to keep it for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing the personal information, pending resolution of the objection.

Right to Object. In certain circumstances, you have the right to object to the processing of your personal information where the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object where personal data are processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.

Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your personal information, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal information for the provision of our services.

Right to Complain. If you believe we have not processed your personal information in accordance with applicable law, we encourage you to contact us at privacy@carlstargroup.com. You may also have the right to make a complaint to an applicable Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities for residents of the EU or EEA is available at: https://edpb.europa.eu/about-edpb/board/members_en. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law.

Data Privacy Framework Certification. Please see the “Data Privacy Framework” section of this Policy for more information.

THIRD-PARTY SITES AND SERVICES

This Policy only applies to our Site. It does not apply to any websites, applications, or services from third parties.

The Site may include links to, or content from, third parties. These links are to external resources and third parties that have their own privacy policies. It may not always be clear which links are to external, third-party resources. If you click on a third-party link, you will be redirected away from the Site. You can check the URL to confirm whether you have left the Site.

We cannot and do not (1) guarantee the privacy or security practices of third parties or any content provided by third parties; (2) control third parties’ collection or use or your information; or (3) endorse any third-party information, products, services, applications, or websites.

Any information provided by you or collected from you by a third party will be governed by that party’s privacy policy and terms of use. You should review their privacy policy and terms of use carefully.

CHILDREN

Our Site, products, and services are not directed to children under the age of 13, and we do not knowingly collect information from children under the age of 13. No one under the age of 13 may access, browse, or use the Site or provide any information to us. If we learn that we have collected or received personal information from a child under the age of 13 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and to delete it. If you believe we have received information from a child under the age of 13, please contact us using the “Contact Us” details provided below.

For more information about the Children’s Online Privacy Protection Act, please visit the Federal Trade Commission’s website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.

UPDATES AND CHANGES

We may update this Policy from time to time. If we change this Policy, we will post the revised version on our Site. Any changes, updates, and modifications will be effective immediately upon posting. If we make material changes, we may also notify you through a notice on the Site’s homepage, and/or we may send you an email regarding the updates.

You should read this Policy carefully before using the Site, and you should review it from time to time so that you are aware of its current terms. Your continued use of the Site after the “Last Updated” date will constitute your acceptance of and agreement to any changes and to our collection, use, and sharing of your information according to the then-current Policy. If you do not agree with this Policy, you should not use the Site.

CONTACT US

If you have any questions or concerns, wish to exercise your rights, or want to submit a complaint, please contact us using the information below, and we will do our best to assist you.

            Mail:    The Carlstar Group

Attn: Max Narancich

725 Cool Springs Blvd., Suite 500

Franklin, TN 37067

            Email: privacy@carlstargroup.com

            Phone: 1-615-503-0231