Last Updated: April 21, 2021
Personal Information. We’ll collect certain personally identifiable information (“PII”) that can be used to identify you or is associated with information that can be used to identify you, in connection with your use of the Services. This PII may include: (i) your name, (ii) mailing address, (iii) telephone number, (iv) email address, and, (v) for those purchasing Products, credit card, billing and delivery information. If you create a Grobo account (“Account”), we’ll also collect certain PII to populate your Account. If you create an Account through Grobo, we’ll be able to access and collect your name and email address and other PII that your privacy settings on the Account permit us to access.
Collection and Use of Information. Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services (including your Account, if you are an Account holder), and to enable you to enjoy and easily navigate our Services.
Statistics. We also collect statistics about use of the Services and Products you Purchase through the Website. This information will be kept confidential, however, aggregate statistics that do not personally identify an individual will be kept by us and such aggregate statistics may be made available to other members or third parties.
Information Collected Using Cookies and other Web Technologies
Like many website owners and operators, we use automated data collection tools such as Cookies and Web Beacons to collect certain information.
“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
Information Related to Use of the Services. Our servers automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”), including both Account holders and non-Account holders (either, a “User”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on and other statistics. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may use a person’s IP address to generate aggregate, non-identifying information about how our Services are used.
Information Sent by Your Mobile Device. We collect certain information that your mobile device sends when you use our Services, like a device identifier, user settings and the operating system of your device, as well as information about your use of our Services.
Location Information. When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or coarse location if you enable location services on your device. We may use location information to improve and personalize our Services for you. If you do not want us to collect location information, you may disable that feature on your mobile device.
Sorry, No Users under 18
While we hope your kids will get a chance to experience the wonders of growing in Grobo, it’s not something they should do without adult supervision, and our website is not directed at persons under the age of 18. Consequently, we do not knowingly collect personally identifiable information from children under 18. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under 18 has provided us with any personal information, we will take steps to delete such information. Any account that is created by a person under 18 will be terminated and any content created will be removed from the Site.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. While we do not carry out any automated decision making and in general, Shopify does not engage in fully automated decision-making with your PII, the one exception is Shopify's risk and fraud screening, where Shopify might automatically block a payment card number or IP address after a certain number of unsuccessful payment attempts. Shopify does not believe this has a significant legal effect on customers because the automated blocking lasts only for a short period of time.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
Disclosure of Your Information:
We may disclose aggregated information about our users, and information that identifies no individual.
We may disclose personal information we collect or you provide:
- To our subsidiaries and affiliates.
- To contractors, service providers and other third parties we use to support our business, such as website hosting, cloud service providers, developers and analytics providers.
- To a buyer or other successor if a merger occurs, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by Company about our Website users is among the assets transferred.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
- To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- To enforce our Terms of Service and other agreements, including for billing and collection.
- If disclosure is necessary or appropriate to identify, contact, or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with our rights or property, or safety of Company, our customers or anyone else who may be harmed by such activities. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
We offer you choices regarding the collection, use and sharing of your PII and we’ll respect the choices you make. Please note that if you decide not to provide us with the PII that we request, you may not be able to access all of the features of the Services.
If you opt-in to receiving communications from us, we may periodically send you free newsletters and e-mails that directly promote our Services. When you receive such promotional communications from us, you will have the opportunity to unsubscribe “opt-out” (either through your Account, by contacting our marketing department at email@example.com or by following the unsubscribe instructions provided in the e-mail you receive).
Modifying Your Information.
You can access and modify the PII associated with your Account by contacting us at firstname.lastname@example.org. If you want us to delete your PII and your Account, please contact us at email@example.com with your request. We’ll take steps to delete your information as soon we can, but some information may remain in archived/backup copies for our records or as otherwise required by law.
Responding to Do Not Track Signals
Our Site does not have the capability to respond to “Do Not Track” signals received from various web browsers.
The Security of Your Information
We take reasonable administrative, physical and electronic measures designed to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. When you enter sensitive information on our forms, we encrypt this data using SSL encryption or other technologies. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
Links to Other Sites
Your PII may be transferred to, and maintained on, servers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction (including without limitation outside of the EEA). For example, our servers are located in the United States. If you’re located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there. Accordingly, your PII may be available to governments of both Canada and the United States and their agencies, under lawful request, regardless of the mechanism we have put in place to protect your personal information.
Additional Information for Certain Jurisdictions
We provide additional information about the privacy, collection, and use of personal information of prospective and current customers located in certain jurisdictions.
These additional disclosures are required by the California Consumer Privacy Act:
Your Rights. You may have the right under the California Consumer Privacy Act to request information about the collection of your personal information by us, or access to or deletion of your personal information. If you wish to do any of these things, please contact us (for AWS customers) or contact us at the address under Contacts, Notices, and Revisions above (for AWS customers and non-customers). Depending on your data choices, certain services may be limited or unavailable.
No sale of personal information. In the preceding twelve months, we have not sold any personal information of consumers, as those terms are defined under the California Consumer Privacy Act.
No Discrimination. We will not discriminate against any consumer for exercising their rights under the California Consumer Privacy Act.
European Economic Area
Processing. We process your personal information on one or more of the following legal bases:
• as necessary to enter into a contract with you or a legal entity you represent, to perform our contractual obligations, to provide our Services to you, to respond to requests from you, or to provide customer support;
• as necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
• with your consent.
Your Rights. Subject to applicable law, you have the right to:
• ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
• request that inaccurate personal information is corrected;
• request deletion of personal information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;
• request us to restrict the processing of personal information where the processing is inappropriate;
• object to the processing of personal data;
• request portability of personal information that you have provided to us (which does not include information derived from the collected information), where the processing of such personal information is based on consent or a contract with you and is carried out by automated means; and
• lodge a complaint with our principal supervisory authority.
You can exercise your rights of access, rectification, erasure, restriction, objection, and data portability by contacting us. If you wish to do any of these things please use the “contact us”above.
When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.
Transfers outside of the EEA. When we transfer your personal information outside the EEA we do so in accordance with the terms of this Privacy Notice and applicable data protection law. This may include the transfer of data in accordance with the EU-US and Swiss-US Privacy Shield frameworks (for transfers to the US) or pursuant to data transfer agreements that incorporate the Standard Contractual Clauses approved by the EU Commission.