SusieCakes California Consumer Privacy Act Notice
SusieCakes California Consumer Privacy Act Notice
Effective Date: 01/01/2021, Updated 2/1/23
In the event of a conflict between this CCPA Notice and any of our other privacy policies, this CCPA Notice shall control only with respect to Consumers and their personal information.
Information collected and sources
We collect personal information from you when you interact with us online through our website www.susiecakes.com or mobile application (collectively the “Site”) or offline. This includes information that you provide to us directly, information we collect from you automatically, information that we collect when you interact with us such as through your online postings, and information that we may collect from third parties such as service providers, affiliated companies, marketing or data partners, or other third parties with whom you interact. It also includes information that we collect about employees and business partners and vendors from those individuals directly or from references, referrals or consumer reporting agencies. Not all information is collected from everyone who interacts with us.
During the past 12 months we may have collected the following categories of personal information:
- Identifiers such as contact information (your name, address, phone number, email or postal address), Unique Personal Identifiers (that may include but are not limited to your legal name or preferred alias and online identifiers like user account names or persistent identifiers in cookies), an encrypted version of your password, communications. We may collect additional information from suppliers, vendors, or employees including business contact information, phone number, email and postal addresses and titles.
- Sensitive information such as financial and payment information like your credit or debit card information, or PayPal account email address.
- Commercial information such as your transaction histories, billing and shipping information, and product preferences.
- Inferences we make about you, or your interests based on analysis of other information we have collected.
- Geolocation information.
- Audio or video information such as call center recordings or monitoring records from our customer support centers and security video recordings at our facilities.
- Employment, education and professional related information, protected classification information, biometrics (collected from current and prospective employees, contractors, service providers, vendors and suppliers, and students).
- Other types of personal information that we may disclose to you prior to the point of first collection.
Business Purposes for Collecting Personal Information
We collect personal information in order to operate and grow our business, improve our Site, and to offer our or third-party products or services that we think you may find of interest. More specifically, we collect personal information for the following business purposes:
- Provide the products, services and information you have requested from us and notices relating thereto including processing and fulfilling your orders, collecting payment, and providing customer support.
- Verify your identity when you create or log into an online account or join or access our loyalty program.
- Provide information to you about our products and third-party products and services that we think may be of interest to you.
- Provide you with marketing communication and information.
- Analyze, improve, and customize our products and business operations including measuring the effectiveness of advertising and internal research on users’ interests and behaviors to better serve our users.
- Administer the website, web platform and Services and for internal operations, including troubleshooting, data analysis, testing, research, security, statistical and survey purposes.
- Respond to your inquiries about posted job positions and evaluate employment applications.
- For legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud.
- Internal and external audit requirements, information-security purposes, and as we otherwise believe to be necessary or appropriate to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, to enforce our terms and conditions or other agreements; and to protect our rights, privacy, safety, or property, or those of other persons.
Disclosing Personal Information
Information shared for a business purpose
During the past 12 months we have disclosed the following categories of personal information to the following types of third parties for a business purpose.
- Our affiliated companies: We may have shared your information such as identifiers, commercial information, and inferences within our company and our affiliated companies for the purposes of decision making, reporting, management, analysis, administering programs, promoting service offerings and other business purposes.
- Service providers: We may have shared your information such as identifiers, commercial information and financial information with our service providers who provide us support services such as hosting our Site, processing payments, legal and accounting professional services, postal delivery and electronic mail, mobile messages, product delivery, conducting analysis to improve our products and Site, fulfilling requests you make, managing payments and answering your questions. Service providers only use the information they receive from us for the purposes we hired them for; we don’t allow them to retain, use or otherwise handle the data for their own purposes.
- Marketing Partners: We may have shared your information such as electronic network activity, identifiers, commercial information and inferences with marketing partners to display online, mobile or other advertising based on your activity on websites and mobile apps, and preferences you share with us so we can provide you with promotions and special offers that may interest you. We may also share information with marketing partners to help us analyze data, sometimes combined with other sources, so that we can send more relevant communications to you.
- With Third Parties, including governmental authorities and law enforcement, for legal or compliance purposes: We may share any or all categories of your information where we believe the disclosure is required by law or otherwise necessary to comply with the law, regulatory requirements, requests from public authorities, or to enforce our agreements or policies or protect or defend the rights and property of our customers, the company, our partners or the public (including for fraud prevention purposes).
Your CCPA Rights
Verified California residents have the right to:
- Request and receive disclosure of our Information Collection Practices during the prior 12 months, including the categories of personal information we collect, the categories of sources of such information, our business purpose for collecting or sharing such information, and the categories of third parties with whom we share such information.
- Request and receive a copy of the specific personal information we have collected about them during the prior 12 months.
- Request and receive disclosure of our Information Sharing Practices during the prior 12 months, including a list of the categories of personal information sold with the category of third-party recipients and a list of the categories of personal information that we disclosed for a business purpose.
- Request that we not sell personal information about them and
- Request that we delete (and direct our service providers to delete) their personal information subject to certain exceptions.
The CCPA rights described above do not apply to information collected in the employment context about our current, former or prospective employees or contractors (who receive separate disclosures under the CCPA) or to information collected about California business contacts (employees, owners, directors, officers, or contractors of companies, sole proprietorships, and other entities collected in the context of conducting due diligence regarding, or providing or receiving a product or service to or from, such companies, sole proprietorships, or entities). California business contacts have the right to tell us not to sell their information; please see below for how to exercise this right.
How to Exercise Your Rights. In order to make a request for disclosure California residents may contact us by either by calling 800-730-2253 or by emailing us at CCPA@susiecakes.com. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days and will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time. Please understand that we cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.
You may make a request for disclosure of our information collection practices, the specific information we collected about you, or our sharing practices up to twice within a 12-month period. You may make a request that we not sell information or for deletion of your information at any time.
For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.
For requests for deletion of your information through THIS FORM please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged to delete your information as well.
We will not discriminate against you as a result of your exercise of any of these rights.
Selling Information. We do not sell you information for monetary consideration, but we may transfer your information to a third party that provides us with services such as helping us with advertising, data analysis and security, which may fall under the definition of for “other valuable consideration” which may be considered a ‘sale’ under the CCPA. During the past 12 months we disclosed Identifiers and Electronic Network Activity with third parties such as advertising and analytics providers for a business purpose which falls within the definition of a ‘sale’. If you are a California resident over the age of 16 and would like to instruct us not to sell your personal information, please call us Toll-free at 800-730-2253 or visit our Do-Not-Sell web page here www.susiecakes.com/do-not-sell. We do not sell personal information of individuals we actually know are less than 16 years of age. If you request that we not sell your information we will honor your request within 15 days.
Using an Authorized Agent. You may submit a request through someone holding a formal Power of Attorney. Otherwise, you may submit a request using an authorized agent only if (1) the person is registered with the Secretary of State to do business in California, (2) you provide the authorized agent with signed written permission to make a request, (3) you verify directly with us that you have authorize the person to make the request on your behalf, (4) you verify your own identity directly with us and (5) your agent provides us with proof that they are so authorized. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.
If you have questions or concerns, please contact us by phone at calling 800-730-2253 or emailing us at CCPA@susiecakes,com or by postal mail at 5610 Ward Road, Suite 300, Arvada, CO 80002
Do-Not-Sell My Info Request Form
Requests for deletion of your information should be done through THIS FORM