What Types of Information Do We and Our Third-Party Service Providers Collect from You?
Personal Information is information such as your name, your address, telephone number, email address, and date of birth, or other data that, when taken together, can uniquely identify you. Personal Information also includes certain sensitive information related to your finances, such as a bank card number (in the event we accept bank cards) or other payment account number (including the three (3) or four (4) digit validation code for your bank card). In order for you to take advantage of the services provided through the Sites, we may require that you furnish Personal Information. We and our third-party service providers collect your Personal Information when you voluntarily provide it to us.
Non-Personal Information or Non-Personal Identifiable Information (“Non-PII”) is aggregated information, demographic information and any other information that does not uniquely identify you. We and our third-party service providers may collect your Non-Personal Information, including information about the device you are using in accessing and/or using the Sites, information from referring websites, and your interaction with the Sites. We and our third-party service providers may also aggregate Personal Information in a manner such that the end-product does not uniquely identify you or any other user of the Sites, for example, by using Personal Information to calculate the percentage of our users who have a particular telephone area code. This collective information constitutes Non-Personal Information.
Cookies and Other Technology
How Do We Respond to Do Not Track Signals?
We do not track you over time and/or across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, you can modify the preferences on your browser to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. Please consult your browser for instructions on how to change the preferences to “Do Not Track.”
This means that we may use latent information about your online activities to improve your use of our Sites consistent with this policy.
IP Addresses are the Internet Protocol addresses of the computers that you are using. Your IP Address is automatically assigned to the computer that you are using by your Internet Service Provider (ISP) and is identified and logged automatically in our server log files whenever you visit the Sites, along with the time(s) of your visit(s) and the page(s) of the Sites that you visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many websites.
We may obtain information about your physical location, such as by use of GPS and other geolocation features in your device, or by inference from other information we collect. For example, your IP Address indicates the general geographic region from which you are connecting to the Internet.
How Do We and Our Third-Party Service Providers Use Information Collected From You?
We and our third-party service providers may use your Personal Information and any third party’s Personal Information that you may provide, as applicable:
Because your Non-Personal Information does not personally identify you, we and our third-party service providers may use such information for any purpose. For example, we may work with third parties for the purpose of advertisement delivery on the Sites, including online behavioral advertising (“OBA”) and multi-site advertising. The Non-Personal Information collected about your visits to the Sites may be used by third parties in order to provide advertisements about goods and services of interest to you. These third parties may also set cookies or web beacons to assist with advertisement delivery services.
In addition, we reserve the right to share your Non-Personal Information with our affiliates and with other third parties, for any purpose. In some instances, we and our third-party service providers may combine Non-Personal Information with Personal Information. If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information hereunder (as long as it is so combined).
How Do We and Our Third-Party Service Providers Share Your Personal Information with Others?
We and our third-party service providers may disclose Personal Information:
Other Important Notices Regarding Our Privacy Practices.
Forums and Profiles.
We and our third-party service providers may make available through the Sites certain services (for example, message boards, chat functionality, “profile pages” and blogs) to which you may be able to post information and materials. Please note that any information you provide in connection with such services may become public and may be available to visitors to the Sites and to the general public, including without limitation the ratings and reviews that accompany many listings and the comments section of our blog posts. We urge you to exercise discretion and caution when deciding to disclose your Personal Information, and/or any other information and/or materials, on the Sites. NEITHER WE, NOR ANY OF OUR THIRD-PARTY SERVICE PROVIDERS, NOR ANY OTHER PERSON OR ENTITY DULY AUTHORIZED BY US AND/OR BY OUR THIRD PARTY SERVICE PROVIDERS, IS OR SHALL BE RESPONSIBLE FOR ANY USE BY ANY UNAUTHORIZED PERSON OR ENTITY OF ANY PERSONAL INFORMATION YOU DISCLOSE THROUGH THE SITES.
Third Party Sites.
We and our third-party service providers use reasonable organizational, technical and administrative measures to protect Personal Information under our control. However, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Please do not send us bank card information and/or other sensitive information through email. If you have reason to believe that your interaction with us is not secure (for example, if you feel that the security of any account you might have with us has been compromised), you must immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.
If you do not wish to receive marketing-related emails from us, you may unsubscribe from receiving them by clicking on the “unsubscribe” link at the bottom of any of those emails.
Changing Personal Information.
You may review, correct and/or update certain elements of your Personal Information by adjusting your preferences in the “My Account” section of www.thesanctuaryca.com. We and our third-party service providers are not responsible for altering Personal Information from the databases and/or other records of third parties with whom we and our third-party service providers have shared your Personal Information.
Note Regarding the Use of the Site by Children.
The Sites are intended for adults only and require that users be no less than twenty-one (21) years of age. Please check the applicable terms and conditions for such Sites for further information. Individuals under the age twenty-one (21) are prohibited from creating a User Account and profile, accessing the Sites and/or purchasing products on the Sites.
If you choose to access the Sites, you do so at your own risk, and are responsible for complying with all applicable laws, rules and regulations. We may limit the availability of the Sites, in whole or in part, to any person, geographic area and/or jurisdiction we choose, at any time and in our sole discretion. By using the Sites and submitting any Personal Information, you consent to the transfer of Personal Information to other countries, which may provide a different level of data security than your country of residence provides.
California Privacy Rights.
If you are a user of the Sites and a California resident, California’s “Shine the Light” law (California Civil Code § 1798.83) permits you to request and obtain from us once a year, free of charge, information regarding our disclosure of your Personal Information (if any) to third parties for direct marketing purposes. If this law applies to you and you would like to make such a request, please submit your request in writing to the address provided below.
Regarding Use of Personal Information.
The CCPA broadens the definition of “sale” and “personal information” beyond how you might commonly interpret those terms.
Under the CCPA, “personal information” includes information that is not necessarily directly tied to an individual’s identity but may be associated with a device. This includes identifiers such as IP addresses, web cookies, web beacons, and mobile AdIDs. In many cases, this type of information is not associated with you, but they are unique identifiers that could be. Similarly, the term “sell” is defined to include not just selling in exchange for money, but also sharing or transferring personal information (including information that does not directly identify an individual as described above) in exchange for anything of value, which is not limited to the exchange of money. Certain things are not considered “sales,” including when (1) personal information is shared with a service provider that is contractually prohibited from using the personal information for any purpose beyond the service specifically requested (“service provider exception”), or (2) when the consumer has directed a company to disclose the personal information (“consumer directed exception”).
However, the CCPA’s broad definitions of “sale” and “personal information” may deem the common flow of information in the digital analytics and advertising ecosystem to be a sale. Like most companies that operate commercial websites and apps, The Sanctuary utilizes online analytics to measure the ways users engage with our websites and apps. These analytics, in turn, inform how we perform online advertising. In order to provide these analytics and facilitate online advertising, The Sanctuary uses third-parties that collect device identifiers and place tags, cookies, beacons, and similar tracking mechanisms on our websites/apps and on third-party websites/apps. For instance, we may request that a third-party facilitate the placement of The Sanctuary ads on a particular website after a consumer has previously visited The Sanctuary Sites. The third-parties we use for these purposes generally do this by placing a cookie on a user’s browser so it can identify that the same browser visited other websites. Similarly, where our webpages or apps provide space for advertisements, these third-parties may use identifiers such as cookies for websites, or the device’s mobile AdID for apps, to facilitate real-time bidding by advertisers.
Where we can reasonably ensure via contract that the third-parties described above can and will use a device identifier solely to provide the specific service we have requested, and will not use or share the data for other purposes, we will not deem that sharing a “sale.” In most cases, we’ve determined that our data analytics providers that measure the ways users engage with our websites and apps meet this standard and, accordingly, we will not block the sharing of an identifier with those entities even when you choose to opt-out through the “Do Not Sell” link.
In some cases, though, The Sanctuary does not ultimately control how such identifiers are used by some third-parties (particularly in some cases in the online advertising ecosystem), and so we can’t determine that all sharing with third-parties in these cases fall within the service provider exception under the law. As a result, we are currently treating our sharing with some of these third-parties as a “sale” under the CCPA.
When a user of our websites/apps makes the “Do Not Sell” choice, we will attempt to block further sharing of the covered identifiers with the third-parties we engage on those digital properties or any other entity that does not fall within the service provider exception or the consumer directed exception.
The implementation of your choice to block the sale of your personal information is complex and will vary between The Sanctuary brands, websites, and apps. As general rule, however, when you click the “Do Not Sell” link, you will be provided two choices: (1) set a “Do Not Sell” preference using a cookie for the particular web domain (such as thesanctuaryca.com or an app setting for a particular mobile app that is not tied to your account, or (2) if you have an account with us, you can sign in to your account and set a persistent “Do Not Sell” preference that we can store as part of our customer records.
For The Sanctuary websites, if you do not log in to your account (or do not have an account with us) and instead set a “Do Not Sell” preference that is specific to the site that you are visiting, please be aware that the setting will only work if your browser is set to accept cookies. Likewise, if you clear your browser cookies, the cookie-based “Do Not Sell” setting will be erased, and you will need to reset the setting for that web domain. For The Sanctuary apps, the local setting should remain until you specifically change it or clear app data on your device— but you should check the setting regularly to ensure it reflects your current choice.
If you choose to sign in and set a “Do Not Sell” setting tied to your account, The Sanctuary will attempt to identify and honor that setting whenever you are logged into an app or website. This persistent setting will have no effect, however, when you have not signed in to The Sanctuary website(s) or app(s). In that case, only the setting set for a particular website or app, if one exists, will apply. Please note that when you set a “Do Not Sell” setting in your account, we will attempt to also set your setting for the website or app you are using at that time— but again, that setting may not work if your browser does not accept cookies or if you later delete cookies or delete data on your app.