Last updated September 1st, 2021.
Welcome to the PANTASY Website, www.shop.pantasy.com (the “Website” or “Services”).
Any updates or modifications to this Policy will be posted to our Website on this page. By using or accessing the Platform, you signify that you have read, understand, and agree to be bound by this Policy.
Our Services are operated in the United States but can be accessed worldwide. Residents of the European Economic Area (“EEA”), which includes the member states of the European Union, should consult the sections of this policy relating to the “Rights of EEA Residents” (under the “Your Rights” section below) and “International Data Transfers” for provisions that may apply to them.
California residents should consult the section titled “Your California Privacy Rights” for rights that apply to them.
Information We Collect and How We Use It
Types of Information
We may collect the following types of Information through our Platform:
(1) “Personal Data” such as your name, e-mail address and phone number, account or mailing address, company name (if applicable) and other information that can be used to directly identify and contact you (which, in some cases, may include certain Device Information or information from the signature block of your e-mail);
(2) “Device Information” which is information relating to the computer or device you are using when you access our Platforms, such as your computer’s IP address, your mobile device identifiers (including Apple IDFA or an Android Advertising ID), the type of browser and operating system you are using, the identity of your internet service provider, and your device and browser settings.
(3) “Usage Data” which is data related to your use of the Services such as the pages you visit, the sites you use before or after visiting ours, your actions within the Platform, the type of content or advertisements you have accessed, seen, forwarded and/or clicked on, Wi-Fi connections, date and time stamps, log files, and diagnostic, crash, website, and performance logs and reports.
As described in more detail below, we collect Personal Data only when you provide it to us but may collect other types of information whenever you use our Services through automated means such as software developer kits, cookies, and web beacons (which are discussed in more detail below).
You may enter the Website and browse its content without submitting any Personal Data. However, we will need to collect relevant Personal Data to provide you with certain services offered by the Platform, including if you choose to create an account on our website, contact us or otherwise communicate with us in any way, subscribe or opt into our newsletter, alerts, or other communications, subscribe or opt into SMS messages, sign up for product waitlists, participate in a contest or promotion, order our products, submit product reviews, questions, feedback or user comments, complete an optional survey, contact customer service or otherwise interact with the Platform.
Device Information & Usage Data
Whether or not you submit Personal Data, any time you visit our Platform, we or our service providers may collect, store or accumulate certain Device Information and Usage Data. This information may be used in furtherance of the purposes described above with respect to Personal Data and in aggregate form for internal business purposes, such as optimizing the Platform, evaluating the popularity of the content, generating statistics and developing marketing plans, and otherwise for general administrative, analytical, research, optimization, and security purposes.
Information to and from Social Networks
Sharing of Information
In no event will we disclose, rent, sell or share any of your Personal Data to third parties for direct marketing purposes. We only share your information with third parties for the purposes described below.
We contract with companies or individuals to provide certain services related to the functionality and features of the Platform, including content streaming, email and hosting services, software development, data management, orders, payment processing, management of forms, quizzes and polls, customer service, returns, live chat, marketing, fraud prevention, product review and questions, and administration of contests and other promotions. We call them our “Service Providers.” We may share your information with Service Providers as appropriate for them to perform their services for us and our Service Providers are permitted to use your Information only for such purposes.
Notwithstanding any of the above, we will not share your Personal Data if such sharing is prohibited by applicable privacy and data protection law, including, without limitation, the EEA’s General Data Protection Regulation effective May 25, 2018, and the California Consumer Protection Act (“CCPA”) which will come into effect on January 1, 2020.
Automated Data Collection / Cookies
We may use certain automatic analytics and tracking technologies to assist us in performing a variety of functions, including storing your Information, collecting Device Information and Usage Data, understanding your use of the Services, and customizing the content offered to you on the Platform. We may use platforms like Google Analytics to provide aggregated or anonymized information relating to demographics, geography, interests, or affinities. Other technologies we may use include:
(2) Web Beacons. We may also use “web beacons” or clear GIFs, or similar technologies, which are small pieces of code placed on a web page or in an email, to monitor the behavior and collect data about the visitors viewing a web page or email. For example, web beacons may be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. Web beacons may also be used to provide information on the effectiveness of our email campaigns (e.g., open rates, clicks, forwards, etc.).
(3) Mobile Device Identifiers and SDKs. We also sometimes use, or partner with publishers or app developer platforms that use, mobile Software Development Kits (“SDKs”) that are incorporated into the Services to collect information, such as mobile identifiers (e.g., IDFAs and Android Advertising IDs), geolocation information, and other information about your device or use of the Platform. A mobile SDK may act as the mobile version of a web beacon (see “Web Beacons” above).
By visiting the Platform, whether as a registered user or otherwise, you acknowledge, and agree that you are giving us your consent to track your activities and your use of the Services through the technologies described above, as well as similar technologies developed in the future and that we may use such tracking technologies in the emails we send to you. Please note that no such tracking technologies will collect any Personal Data from you unless you choose to submit it to us and that data relating to you individually is not shared with any third parties.
At your option, you may communicate through SMS messages regarding your orders and our products. Normal text rates apply to such messages. You may withdraw permission to communicate with you by SMS at any time. We do not receive any individualized geographic information from you when you receive or reply to such messages.
Personal Data Retention
Privacy and Security
It is entirely your choice whether or not you provide Personal Data to us. We take reasonable precautions to protect our customers’ Personal Data against loss, misuse, unauthorized disclosure, alteration, and destruction. However, please remember that no transmission of data over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any information that you transmit to us or from us, and you do so at your own risk. You hereby acknowledge that we are not responsible for any intercepted information sent via the Internet, and you hereby release us from any and all claims arising out of or related to the use of intercepted information in any unauthorized manner.
If you believe your Personal Data is being improperly used by us or any third party, please immediately notify us via email at firstname.lastname@example.org
Use of Automated Decision Making and Profiling
We use automated decision-making and profiling. We do this in order to protect our business from harm from fraud during the checkout process via a third-party service provider.
Children Under 18
The Services are intended for and targeted to adults. We do not knowingly collect or solicit Personal Data directly from anyone under the age of 18. If you are under 18, please do not send any Personal Data about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Data from a child under age 18, we will delete that information as quickly as possible. If you are a parent or guardian of a child under 18 years of age and you believe your child has provided us with Personal Data, please contact us at email@example.com
Links to Third Party Platforms
Our Services or communications may contain links to third-party websites, over which we exercise no control, including the form of embedded content, sponsored content, or co-branded content. Except as set forth in this Policy, we do not share your Personal Data with those third parties and are not responsible for the privacy policies of any third party or their management of your Personal Data. Because they may treat your Information differently than we do, we suggest you read the privacy policies on those third-party websites prior to submitting any Personal Data to such sites.
In addition, you may be redirected to a third-party platform for certain functions, including returns, forms, and customer service. See the above section regarding “Sharing of Information.”
Opting Out of Communications
As described above, we may use the Personal Data we collect from you to send you newsletters or other communications from us, including those promotional or marketing in nature. If you do not want to receive such communications, you can opt out by unsubscribing.
You may also at any time opt-out of receiving communications from us by sending an e-mail to firstname.lastname@example.org with the subject line “Opt-Out.”
Disallowing Cookies and Location Data Collection
You can opt-out of the collection and use of certain information, which we collect about you by automated means, by changing the settings in the device you use to access the Platform. In addition, your browser may tell you how to be notified and opt-out of receiving certain types of cookies. Please note, however, that without cookies you may not be able to use all of the features of the Platform.
Your Right to Access, Review, and Delete Personal Data
Under certain laws, including the GDPR or, after January 1, 2020, the CCPA, which is described further below in the section headed “Your California Privacy Rights,” you may have the right to: obtain confirmation that we hold Personal Data about you, request access to and receive information about the Personal Data we maintain about you, restrict the use of the data, receive the data in a portable format, receive copies of the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, object to the continued processing or use of your Personal Data, complain to a supervisory authority, and have the Personal Data blocked, anonymized or deleted, as appropriate. The right to access Personal Data may be limited in some circumstances by local law. If you qualify, in order to exercise these rights, please contact us as set forth below.
We may ask you to provide additional information for identity verification purposes or to verify that you are in possession of an applicable email account.
Please understand, however, that we reserve the right to retain an archive of such Personal Data for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such information.
Your California Privacy Rights
The following section pertains to the rights of individuals or households in California (“California consumers”).
Civil Code Section 1798.83
Under certain circumstances, California Civil Code Section 1798.83 states that, upon receipt of a request by a California consumer, a business may be required to provide detailed information regarding how that business has shared that customer’s Personal Information with third parties for direct marking purposes.
Rights under the CCPA
After January 1, 2020, the CCPA (California Civil Code Section 1798.100 et seq.) will provide California consumers with additional rights regarding Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household. The categories of Personal Information we collect are generally described above but differ for individual consumers depending on the Services used by such consumers.
Under the CCPA, qualifying California consumers may have the following rights:
Right to Know and Right to Delete
A California consumer has the right to request that we disclose what Personal Information we collect, use, disclose and sell. A California consumer also has the right to submit requests to delete Personal Information.
When we receive a request to know or delete from a California consumer, we will confirm receipt of the request within 10 days and provide information about how we will process the request, including our verification process. We will respond to such requests within 45 days.
Right for Disclosure of Information
A California consumer may also submit requests that we disclose specific types or categories of Personal Information that we collect.
Under certain circumstances, we will not provide such information, including where the disclosure creates a substantial, articulable, and unreasonable risk to the security of that Personal Information, customers’ account with us, or the security of our systems or networks. We also will not disclose California consumers’ social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers.
If we receive any request we will use a two-step process for online requests where the California consumer must first, clearly submit the request and then second, separately confirm the request. We will use other appropriate measures to verify requests received by mail or telephone.
In submitting a request, a California consumer must provide sufficient information to identify the consumer, such as name, e-mail address, home or work address, or other such information that is on record with us so that we can match such information to the Personal Information that we maintain. Do not provide social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, medical information, or health information with requests. If requests are unclear or submitted through means other than the outline above, we will provide the California consumer with specific directions on how to submit the request or remedy any deficiencies. If we cannot verify the identity of the requestor, we may deny the request.
California Do Not Track Disclosures
Although some browsers currently offer a “do not track (‘DNT’) option,” no common industry standard for DNT exists. We, therefore, do not currently commit to responding to browsers’ DNT signals.
International Data Transfers
If you are resident outside the United States, including in the EEA, we transfer Personal Data provided by you for processing in the United States, including Personal Information sent via e-mails or when you make an order. Under the GDPR, we are considered a “controller” and a “co-processor” of the Personal Data of EEA Residents. By providing Personal Data to us for the purpose of using the Platform, you consent to the processing of such data in the United States. The transfer of your Personal Data to the United States is necessary for the performance of a contract between you and us for your use of the Platform.
Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.
Rights of EEA Residents
From May 25, 2018, all processing of Personal Data of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Data and on the free movement of such data (“GDPR”).
Under the GDPR, we are both the controller and a co-processor of the Personal Data of EEA Residents. Our purpose for collecting and processing Personal Data from EEA Residents is to provide them with the features and functionalities of our Services and information regarding our Services. The legal basis for collecting Personal Data is because it is necessary for the performance of a contract between us to provide you with the Services and their related features and functionality. We also rely on your consent to receive information about our Platform. You may withdraw consent from receiving marketing and promotional communications by clicking the “Unsubscribe” link on the communication or sending an e-mail to email@example.com with the subject line “Opt-Out.” If EEA Residents do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such residents with certain features or functionalities of the Services or information regarding the Platform, including processing orders. Note that we do not collect any sensitive personal information about you.
EEA Residents may obtain information about the Personal Data that we hold about them by contacting us at firstname.lastname@example.org
We reserve the right to change this Policy at any time. In the event we make changes to this Policy, such policy will be re-posted in the “Privacy” section of our Services with the date such modifications were made indicated on the top of the page. Therefore, please review this Policy from time to time so that you are aware when any changes are made to this Policy. If you have any questions about the changes that were implemented, please contact us at email@example.com and include “Information Regarding Updated Policy” in the subject line. In any event, your continued use of the Services after such change constitutes your acceptance of any such change(s), and if you do not accept any changes, you may choose not to use the Services or opt-out by sending us an appropriate notice.
You represent and warrant that any Personal Data you provide us is true and correct and relates to you and not to any other person.
If you use the Platform, you are responsible for maintaining the confidentiality of your account and for restricting access to your computer or device, and you agree to accept responsibility for all activities that occur under your account.
- Properly collect personal information such as credit card numbers on pages protected by SSL technology
- Under no circumstances will the user’s contact information be sold
- Don’t use the user’s personal information or pictures for advertising without the user’s consent
- The main purpose of the website is not to collect users’ personal information
If you have questions or comments about this Policy, please contact us at firstname.lastname@example.org with “Privacy” in the subject line of your email.