DBT WORKS, LLC PRIVACY STATEMENT
Last Updated: November 6, 2023
INTRODUCTION
This Privacy Statement describes the types of information gathered by DBT Works, LLC (“DBT Works,” “us,” or “we”) in the process of providing this website and its related services, including email, text and electronic messaging between you and this website (the “Site”), how we use it, with whom the information may be shared, what choices are available to you regarding collection, use and distribution of information and our efforts to protect the information you provide to us through the Site.
By accessing or using the Site, you hereby consent to allow us to process information in accordance with this Privacy Statement. Please also refer to our Terms of Service, which are incorporated into this Privacy Statement as if fully recited herein. Terms defined in the Terms of Service that are not defined herein shall have the same definition as in the Terms of Service.
We may revise or update this Privacy Statement by posting an amended version through the Service and making you aware of the revisions, which may be through posting to the Site or otherwise. When we post changes to this Privacy Statement, we will revise the “Last Updated” date at the top of this Privacy Statement. If we make any material changes to the way we collect, use, store and/or share your personal information, we will notify you on our website. We recommend that you check this page from time to time to inform yourself of any changes. Your continued access to or use of the Site following our notice of changes to this Privacy Statement (or other acceptance method) means you accept such changes.
SECTION 1 – TERRITORIALITY
Regardless of where our servers are located, your personal data may be processed by us in the United States, where data protection and privacy regulations may or may not be to the same level of protection as in other parts of the world. BY VISITING THE SITE AND USING THE SERVICES, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF AMERICA OF ANY INFORMATION COLLECTED OR OBTAINED BY US THROUGH VOLUNTARY SUBMISSIONS, AND THAT THE LAW OF THE UNITED STATES OF AMERICA GOVERNS ANY SUCH COLLECTION AND PROCESSING.
If you are an individual and reside in the United Kingdom, the European Union, Switzerland, or elsewhere in the European Economic Area (collectively, and for the purposes of this Privacy Statement, the “EEA”), then the General Data Protection Regulation ("GDPR") shall apply to our practices regarding your “Personal Data” and you are considered a “Data Subject” as those terms are defined by the GDPR. For the purposes of the GDPR, we may act as are both a data “Controller” and a data “Processor.” Similarly, if you are an individual and reside in California, the California Consumer Privacy Act (“CCPA”) shall apply to our practice regarding your “personal information”, and you are a “consumer”, with certain rights in your personal information and we are a “third party”, as those terms are defined in the CCPA. Personal Data, together with personal information, and all similar information shall be “Personal Information” for the purposes of this Privacy Statement. We will take commercially reasonable steps to maintain compliance with GDPR (including, without limitation, ensuring that all data processing agreements to which we are a party as subject to the appropriate Standard Contractual Clauses) and CCPA requirements.
SECTION 3 – WHAT INFORMATION WE COLLECT
A. Personal Information Collected
We collect certain personal information that can identify you, which may be supplied when you order products or sign up for subscriptions or contract us for any other reason. The personal information that may be collected includes:
• Name;
• Address;
• Phone Number;
• Date of Birth;
• Gender;
• Employment Information;
• Username;
• Email address;
• Likeness/image/photograph
• First party cookies;
• Third party cookies; and
• Location information; and
• Your internet protocol address.
We may record photos, audio, and video you provide. We may also make phone calls or send text messages if you permit such access in connection with orders of products, subscriptions or other communications between you and Us.
B. Non-Personal Information Collected
We also collect non-personally identifiable, public or anonymous information about you (“Non-Personal Information”), including but not limited to keystrokes and clicks while using the Site, the pages accessed most frequently, time spent on a page, how pages are used, previous page and referring page URLs, location information, and similar non-personal data. If you can be identified from this information, for example by combination with other pieces of information, then we will treat this information as Personal Information.
Non-Personal Information Automatically tracking Internet Protocol (“IP”) addresses is one method of automatically collecting information about your activities online and information volunteered by you. An IP address is a number that is automatically assigned to your device whenever you surf the internet. Further, the Site may utilize web beacons, pixel tags, cookies, embedded links, and other commonly used information-gathering tools.
One of the features of the Site is communication with other users. Anything that you publicly post or communicate will not be considered Personal Information.
SECTION 4 - WHAT DO WE DO WITH YOUR INFORMATION?
A. Internal Use by DBT Works
We collect information in order to extend to you the product offerings and subscriptions on the Site, and to communicate with you about our company and products and other offerings.
We may also use this information to help us develop and improve our Site and other offerings, fulfill your requests, track usage trends, conduct surveys and customer outreach, and perform research and analytics, send you or your device push notifications related to the Site from time-to-time, communicate with you regarding the Site, our products and offerings, or other matters, communicate promotional materials to you, promote and drive engagement with our Site and products, improve our service, for security measures, for troubleshooting, error resolution and Site improvement, tailor our Site and offerings to meet your interests and those of others, and for other purposes permitted or required by law, including compliance with reasonable requests of law enforcement.
We may use anonymized and/or aggregate information, of which your information may be a part, without restriction.
B. Sharing Collected Information with Third Parties, Consultants and Affiliates
We may share information with our business associates, consultants, service providers, advisors and affiliates in order for them to provide services to Us that enable Us to operate the Site and the offerings it contains.
Further, we may disclose your personal collected information to the extent we believe it necessary to comply with the law, such as in response to a subpoena or court order, to defend a legal claim or otherwise as permitted by applicable law. We may disclose any information in our possession in the event that we believe it necessary or appropriate to prevent criminal or illegal activity, personal injury, property damage or bodily harm.
Additionally, we may transfer or disclose your information, including any and all Personal Information to a third party or our successor in interest, in connection with, or as the result of, an acquisition, sale, asset sale, merger, reorganization, or bankruptcy involving DBT Works.
SECTION 5 - E-MAIL AND ELECTRONIC NEWSLETTERS
We may offer electronic newsletters and e-mails concerning promotions, new products and services, or other marketing materials as a service to our users. You may receive newsletters and e-mails concerning promotions and marketing of ours, after you have elected to receive such promotional materials. If, after you have received a message, you no longer wish to receive such materials, you may opt-out by following the unsubscribe instructions included in each electronic newsletter and e-mail, or by emailing us at hello@dbtworks.com.
Text marketing (if applicable): With your permission, we may send text messages about our store, new products, and other updates. Updates include Checkout Reminders.
SECTION 6 - LINKS
Our Site may contain links to other websites. We are not responsible for the privacy practices of such other sites. When you leave our Site to visit another website or application, please read the privacy statements of websites that may collect Personal Information. This Privacy Statement applies solely to information collected by us through the Site or any applications we may provide.
SECTION 7 - HOW DO WE USE COOKIES AND OTHER NETWORK TECHNOLOGIES?
A. Cookies
To enhance your online experience with us, our web pages may presently or in the future use "cookies." Cookies are text files that our web server may place on your hard disk to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other Personal Information unless you choose to provide this information to us. Once you choose to provide Personal Information, however, this information may be linked to the data stored in the cookie. Although it may be possible to turn off the collection of cookies through your device or browser, certain features of the Site may not function properly without the aid of cookies.
B. Google Analytics
Our Site uses Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”). Google Analytics uses cookies and similar technologies to collect and analyze information about use of the Site and report on activities and trends. This service may collect information regarding the use of other websites, apps and online resources. For more information on how Google uses data when you use our Site or Service, please follow this link: https://policies.google.com/technologies/partner-sites. You may be able to opt-out of some or all of Google Analytics features by downloading the Google Analytics opt-out browser add-on, available at, https://tools.google.com/dlpage/gaoptout. For more information about interest-based ads, or to opt-out of having your web browsing information used for behavioral advertising purposes, please visit http://optout.aboutads.info .
C. Pixel Tags
DBT Works, or our service providers may also use "pixel tags," "web beacons," "clear GIFs" or similar means (collectively, "Pixel Tags") in connection with the Site and HTML-formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count users who have visited certain pages of the Site, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.
D. Social Media Widgests
We may use “social media widgets,” which are links to Facebook, Instagram, Twitter, YouTube and LinkedIn (that might include widgets, such as the “share this” button or other interactive mini-programs). These features may collect your IP address, which page you are visiting on the Site and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on the Site. Your interactions with these features are governed by the privacy policy of the company providing it.
E. Clickstream Data
As you use the internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as "clickstream data”, can be collected and stored by a website's server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to the Site. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Site, how visitors navigate through the Site, and how we may tailor our web pages to better meet the needs of visitors. We will only use this information to improve our Site.
SECTION 8 - CONSENT
When you provide us with personal information to complete a transaction, verify your credit card, place an order, contact our helpdesk, arrange for a delivery or return a purchase, you then give consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent or provide you with an opportunity to say no.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at hello@dbtworks.com or by mailing us at:
DBT Works, LLC
575 Virginia Road
Concord, MA 01742
SECTION 9 - SQUARESPACE
Our store is hosted on Squarespace Inc. They provide us with the online platform that allows us to sell our products and services to you.
Your data is stored through Squarespace’s data storage, databases, and the general application. They store your data on a secure server behind a firewall. This information can be scrubbed upon request to Squarespace.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Squarespace’s Terms of Service here or Privacy Policy here.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
We have worked closely with our processors to be sure of full compliance and have confirmed this with all of our current processors.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Statement or our website’s Terms of Service.
SECTION 10 - THIRD-PARTY SERVICES
We employ physical, organizational, and technical safeguards to secure your Personal Information against loss, theft, alteration, and unauthorized access, use and disclosure. We also employ security procedures to protect your information from unauthorized access by others, both inside and outside the company.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. We follow all PCI-DSS requirements and implement additional generally accepted industry standards
Regardless of the precautions we take, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect personal information, we cannot ensure or warrant the security of any information you transmit to us.
If you are using the Site from outside of the United States, you understand that your connection will be through and to servers located in the United States and that any information you provided will be stored in the United States, and, because of this, may become subject to local laws.
We store your Personal Information until the earlier of your request that we remove it from our servers, or the end of Service with respect to your Personal Information. Following termination or expiration of the Services for you, we may retain your personal data for a commercially reasonable time, and for as long as we have a valid purpose to do so. In particular, we will retain your information for the purpose of complying with its legal and audit obligations, and for backup and archival purposes.
SECTION 11 - SECURITY
SECTION 12 – EUROPEAN UNION PRIVACY RIGHTS
If you currently reside in the European Economic Area (“EEA”), the GDPR applies to your Personal Data and you are a Data Subject. The GDPR requires that We have a legal basis to process your Personal Data.
A. We process your Personal Data under one or more of the following legal bases:
· To perform the contract that we are about to enter with you (e.g. Our Terms of Service);
· Processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
· To comply with a legal obligation; and/or
· If we have your consent to do so, which you may revoke at any time.
B. Under the GDPR, as a Data Subject you have certain rights. They are:
· The right to be informed. This is your right to be informed about what personal information we or our authorized vendors they are processing, why, and who else the data may be passed to.
· The right of access. This is your right to see what personal data about you is held by us.
· The right to rectification. This is the right to have your personal data corrected or amended if what is held is incorrected in some way.
· The right to erasure. This is the right to have your personal data to be deleted in the event that such data is no longer required for the purposes it was collected for, your consent for the processing of the data is withdrawn, or the data is being unlawfully processed.
· The right to restrict processing. This is the right to ask for a temporary halt to processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
· The right to data portability. This is the right to ask for your personal data to be provided to you in a structured, commonly used, and machine-readable format.
· The right to object. This is the right to object to further processing your personal data if such processing is inconsistent with the primary purposes for which it was collected.
· Rights in relation to automated decision making and profiling. This is the right to not be subject to a decision based solely on automated processing. The service does not engage in automated decision making and profiling.
You can find instructions for enforcing some of these rights elsewhere in this Privacy Statement. Otherwise, if you wish to find out more about these rights, please contact Us at hello@dbtworks.com.
In the event that you contact Us regarding Personal Information for which We are acting as a Data Processor, We may refer you to the appropriate Data Controller which has responsibility for your data and for fulfilling your request, or We may handle the request ourselves.
SECTION 13 – CALIFORNIA PRIVACY RIGHTS
To the extent that the California Consumer Privacy Act (“CCPA “) applies to our practices with respect to personal information and you currently reside in California, the CCPA provides California consumers with certain rights.
A. Consumers Rights Under the CCPA
California consumers have the right under the CCPA to request that we disclose personal information we have collected about them in the previous twelve months including, but not limited to, the categories of information collected by us, the source(s) of such information by category, and the purpose for collecting such information. This right may not be exercised more than twice in a twelve-month period. In the previous twelve months, we have collected the following categories of personal information about consumers:
Identifiers. Identifiers can be your name, unique personal identifiers (device identifier, IP Address, cookies, beacons, pixel tags, mobile ad identifiers), email, phone number, and similar information;
Personal Information Under the California Customer Records Law (Cal. Civ. Code §1798.80) (“CCRLPI”), which is similar in nature to Identifiers;
Commercial Information. Commercial information includes records of personal property, products or services purchased, obtained or considered, or other purchased or consuming histories or tendencies;
Characteristics of Protected Classifications. This category includes race, national origin, age, and gender;
Internet/Network Activity. Internet Activity Information includes browsing history, cookies, search history and a consumer’s interaction with a website;
Additional Consumer Information. Additional Consumer Information
encompasses any and all information that a Customer adds about their patrons to the Customer’s Account which may be CCPA personal information, but does not otherwise fit into another category; andInferences drawn from any other category of personal information.
We collect personal information in the above categories only from our customers for the purposes described in this Privacy Statement, and as required to comply with applicable law.
As a California consumer, you also have the right to request that we tell you which of your personal information we have disclosed for a business purpose, or sold, in the previous twelve months. With respect to personal information being disclosed for a business purpose, the consumer shall receive the categories of information disclosed and the types of entities they have been disclosed to. This right may not be exercised more than twice in a twelve-month period. For personal information being sold, this includes the categories of information being sold and the categories of third parties to whom it is being sold. In the past twelve months, we have disclosed personal information falling under the following categories of personal information:
Identifiers;
CCRLPI;
Characteristics of Protected Classifications;
Commercial Information;
Additional Consumer Information; and
Inferences drawn.
We disclose Personal Information in the preceding categories to the consumers themselves, to third parties as the consumer may direct, service providers, Customers, third parties that we have a business relationship with, potential/actual successors in interest, and government/law enforcement agencies for either the purpose it was provided/provision of Services, to comply with applicable law, or as otherwise described above in this Privacy Statement.
IN THE PAST TWELVE MONTHS WE HAVE NOT SOLD, AND DURING THE PERIOD OF TIME WHICH THIS PRIVACY STATEMENT IS POSTED WE SHALL NOT SELL THE PERSONAL INFORMATION OF ANY CONSUMER, INCLUDING MINORS UNDER THE AGE OF 16.
Under the CCPA, California consumers have the following rights:
i. The right to opt out of the processing, selling and sharing of information;
ii. The right to op in (for minors)
iii. The right to data portability
iv. The right to non-discrimination in connection with your exercise of rights under CCPA;
v. The right to stop us from disclosing your personal data to third parties;
vi. The right to know what personal data has been collected and is being held;
vii. The right to access personal data we have collected and stored;
viii. The right to correct errors in your personal data;
ix. The right to opt out of automated decision-making with respect to your personal data
x. The right to limit the use of sensitive personal information; and
xi. The right to request deletion of personal data.
The full scope of these rights is set forth under the CCPA and court decisions and regulations interpreting them and may be limited in certain circumstances. For example, the right to deletion may be limited in situations where, for example only, the data for which deletion is requested is necessary to be maintained for us to comply with applicable laws.
B. How to Exercise Your Rights Under the CCPA
You may submit your requests to exercise your rights under the CCPA by emailing us at hello@dbtworks.com with “CCPA Request” in the subject line. When submitting a request via email, please indicate which CCPA right you wish to exercise and provide sufficient information to allow us to locate your file.
We will acknowledge receipt of your request within 10 business days of receiving it and will use commercially reasonable efforts to respond within 45 calendar days of receipt of your request, and in no event will our response come more than 90 days after receiving your request. If we are unable to provide our response within the first 45-day window, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond.
Before we respond to any CCPA based requests relating to your personal information, we will take steps to reasonably verify the identity of the person making the request (“Requestor”) to make sure it’s you, or your authorized agent. We do this to avoid disclosing your information to third parties and bad actors, not to inconvenience you in any way. To do this, we will ask the Requestor to confirm at least two pieces of information that we have in our files. As the sensitivity of the information being requested goes up, we will ask the Requestor to confirm more pieces of information. If an agent is acting on behalf of the consumer, we will need to also verify the agent’s identity and their authority to act on the consumer’s behalf. For requests to delete information, after verification, we will confirm the consumer’s desire to delete one final time before actually deleting the information. If the identity of the Requestor cannot be reasonably verified, either as the consumer or their agent, then in order to protect that consumer, we shall not disclose the personal information requested.
SECTION 14 – FLORIDA LAW
We endeavor to comply with the Florida Telemarketing Act and the Florida Do Not Call Act as applicable to Florida residents. For purposes of compliance, you agree that we may assume that you are a Florida resident if, at the time of opt-in to Program, (1) your shipping address, as provided is located in Florida or (2) the area code for the phone number used to opt-into the Program is a Florida area code. You agree that the requirements of the Florida Telemarketing Act and the Florida Do Not Call Act do not apply to you, and you shall not assert that you are a Florida resident, if you do not meet either of these criteria or, in the alternative, do not affirmatively advise us in writing that you are a Florida resident by sending written notice to us. Insofar as you are a Florida resident, you agree that mobile messages sent by Us in direct response to mobile messages or requests from You (including but are not limited to response to Keywords, opt-in, help or stop requests and shipping notifications) shall not constitute a “telephonic sales call” or “commercial telephone solicitation phone call” for purposes of Florida Statutes Section 501 (including but not limited to sections 501.059 and 501.616), to the extent the law is otherwise relevant and applicable.
SECTION 15 – WASHINGTON STATE LAW
To the extent the law is relevant and applicable to the Program, we endeavor to comply with the commercial telephone solicitation requirements pursuant to the Revised Code of Washington (RCW) (including but not limited to sections 80.36.390, 19.158.040, 19.158.110 and 19.158) as applicable to Washington residents. For purposes of compliance, you agree that we may assume that you are a Washington resident if, at the time of opt-in to the Program, the area code for the phone number used to opt-into the Program is a Washington area code.
SECTION 16 - DO NOT TRACK
At this time, the Site does not specifically respond to do-not-track signals.
SECTION 17 – CHILDREN AND PRIVACY
We do not knowingly permit users to register for our Site if they are under 13 years old, and therefore do not request Personal Information from anyone under the age of 13. If we become aware that a customer is under the age of 13 and has registered without prior verifiable parental consent, we will remove his or her personally identifiable registration information from our files. If you are the parent or guardian of a person under the age of 13 who has provided Personal Information to us without your approval, please inform us by contacting us at hello@dbtworks.com and we will remove such information from our database.
SECTION 18 - QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at hello@dbtworks.com or by mail at:
DBT Works, LLC
575 Virginia Road
Concord, MA 01742