Gabrielawray (“Gabrielawray,” “we” or “us,”) has created the following Privacy and Security Policy (“Privacy Policy”) to inform you of the following: what information we collect, when we collect it, how and why we collect it, how we use it, how we protect it, how we share it and what choices you have regarding our collection and use of this information.
If you are a resident of a state that has specific privacy requirements, please see the State Privacy Law Addendum below to read additional disclosures required by state privacy laws.
Sensitive personal information means personal information that reveals information pertaining to the individual such as: social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation,racial or ethnic origin, religious or philosophical beliefs, or union membership,contents of a consumer’s mail, email and text messages,genetic data,biometric information used for the purpose of uniquely identifying an individual,health information,or sex life or sexual orientation. “Sensitive personal information” does not include “publicly available” information that is lawfully made available to the general public from federal, state, or local government records, except for the collection of an individual’s biometric information without the individual’s knowledge.
WE COLLECT INFORMATION WHEN
We obtain the categories of personal information listed above from the following categories of sources.
(1)Directly from you (for example):
You purchase, order, return, exchange or request information about our products and services from the Sites or mobile applications.
You create a Gabrielawray account or an account with any of the Sites.
You sign up for a private label or co-branded credit card.
You connect with us regarding customer service via our customer service center, chatbot, other chat features, or social media platforms.
You visit the Sites or participate in interactive features of the Sites or mobile applications.
You use a social media service, for example, our Facebook page or YouTube channel.
You sign up for e-mails, mobile messages, or social media notifications from us.
You enter a contest or sweepstakes, respond to one of our surveys, or participate in a focus group.
You provide us with comments, suggestions, or other input.
You interact with any of the Sites through your computer, tablet or mobile device.
(2)Indirectly from you (for example):
Observing your actions on our Sites.
Collection from third parties (where applicable).
HOW AND WHY WE COLLECT INFORMATION
Technologies Used
We may use tracking pixels/web beacons, cookies and or other technologies to receive and store certain types of information. This information includes Internet Protocol (IP) addresses, browser information, Internet Service Provider (ISP), operating system, date/time stamp and clickstream data. This information helps us customize your website experience and make our marketing messages more relevant. It also allows us to provide features such as storage of items in your cart between visits. This includes our content presented on other websites or mobile applications. In order to provide the best customer experience possible, we also use this information for reporting and analysis purposes, such as how you are shopping our website, performance of our marketing efforts, and your response to those marketing efforts.
Third Party Cookies
We allow third-party companies to collect non-personally identifiable information when you visit the Sites and to use that information to serve ads for our products or services or for products or services of other companies when you visit the Sites or other websites. These companies may use non-personally identifiable information (e.g. navigational, click stream information, browser type, time and date, subject of advertisements clicked or scrolled over, etc.) during your visits to the Sites and other websites in order to provide advertisements about our goods and services likely to be of interest to you. These parties may use a cookie or a third party web beacon, or other technologies, to collect this information. To opt out of third-party vendors’ cookies, see the “What Choices Do You Have?” section of this Privacy Policy for instruction how to do so.
User Experience Information
In order to improve customer online shopping experience, help with fraud identification, and to assist our customer care representatives in resolving issues customers may experience in completing online purchases, we use tools to monitor certain user experience information, including, but not limited to, login information, IP address, data regarding pages visited, specific actions taken on pages visited (e.g. information entered during checkout process), and browser information.
Information from Other Sources
We may also obtain information from companies that can enhance our existing customer information to improve the accuracy and add to the information we have about our customers (e.g. adding address information). This may improve our ability to contact you and improve the relevancy of our marketing by providing better product recommendations or special offers that we think will interest you.
Public Forums
Any information you submit in a public forum (e.g. a blog, chat room, or social network) can be read, collected, or used by us and other participants, and could be used to personalize your experience. You are responsible for the information you choose to submit in these instances.
Mobile Privacy
We offer mobile applications (commonly known as “apps”) that allow you to shop online, check product availability, learn about sales events, or receive other information from us. All information collected by us via our mobile application is protected by this Privacy Policy. You may share location information with us if you opt in through our mobile application. Although you do not have to provide your location information to us to use our mobile applications, our services require a zip code to function. If you have questions about location and notification privacy, please contact your mobile service provider or the manufacturer of your device to learn how to adjust your settings, including those relating to precise geolocation.
How we use the information we collect
Product and Service Fulfillment
Fulfill and manage purchases, orders, payments, returns/exchanges, or requests for information, or to otherwise serve you.
Provide any requested services.
Administer sweepstakes and contests.
Marketing Purposes
Deliver coupons, mobile coupons, newsletters, receipt messages, e-mails, and mobile messages.
Send marketing communications and other information regarding products, services and promotions.
Administer promotions.
Targeted Advertising.
Internal Operations
Improve the effectiveness of the Sites, mobile experience, and marketing efforts.
Conduct research and analysis, including focus groups and surveys.
Perform other business activities as needed, or as described elsewhere in this policy.
Fraud Prevention
To prevent fraudulent transactions, monitor against theft and otherwise protect our customers and our business.
Legal and Tax Compliance
To assist law enforcement and respond to subpoenas.
As otherwise required by state or federal law.
HOW WE PROTECT THE INFORMATION WE COLLECT
Security Methods
We maintain technical, administrative, physical, electronic and procedural safeguards to protect the confidentiality and security of information transmitted to us. To guard this information, the Sites use Transport Layer Security (TLS) where we collect personal and sensitive information. SSL encrypts your credit card number, name and address so only we are able to decode the information.
E-mail Security
Please note that e-mail may not be encrypted and is not considered to be a secure means of transmitting credit card information. “Phishing” is a scam designed to steal your information. If you receive an e-mail that looks like it is from us asking you for certain information, do not respond. Though we might ask you your name, we will never request your password, credit card information or other information through e-mail.
Additional Security
We also ask customers to carefully review their accounts and immediately report any unexpected activity to us and their issuing bank or credit card company. We ask all our customers to take measures to help protect information in their online accounts, including the following:
Install the latest security updates and anti-virus software on your computer to help prevent malware and viruses.
Reset your e-mail account passwords frequently.
Use complex passwords or passphrases
Do not use the same password on more than one website.
Do not share your password with others.
Sign out/log off website sessions so that your session is closed and cannot be accessed by another user on the same computer, especially when using a public computer or terminal.
HOW WE SHARE THE INFORMATION WE COLLECT
General Policy
In general, we may use, sell, share, or disclose the personal information we collect for one or more of the following business purposes:
(1)To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
(2)To provide, support, personalize, and develop our Sites, products, and services.
(3)To create, maintain, customize, and secure your account with us.
(4)To process your requests, purchases, transactions, and payments, and to prevent transactional fraud.
(5)To provide you with customer service and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
(6)To personalize your experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Sites, third party sites, and via email or text message (with your consent, where required by law).
(7)To help maintain the safety, security, and integrity of our Sites, products and services, databases and other technology assets, and business.
For testing, research, analysis, and product development, including to develop and improve our Sites, products, and services.
(8)To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
The Gabrielawray Family
We may share information we collect with the Gabrielawray family, which includes all of our subsidiaries and affiliates. The Gabrielawray family may use this information to offer you products and services that may be of interest to you.
Service Providers
We may share information with companies that provide support services to us (such as a printer, e-mail, mobile marketing, logistics, or data enhancement providers) or that help us market our products and services. These companies may need information about you in order to perform their functions. These companies are not authorized to use the information we share with them for any other purpose.
Legal Requirements
We may disclose information you provide to us when we believe disclosure is appropriate to comply with the law, including to meet national security or law enforcement requirements; to enforce or apply applicable terms and conditions and other agreements; or to protect the rights, property or safety of our company, our customers or others.
When You Direct Us
At your direction or request, we may share your information.
Business Transfers
If some or all of our business assets are sold or transferred, we generally would transfer the corresponding information regarding our customers. We also may retain a copy of that customer information.
International Data Transfers
To the extent that we are deemed to transfer personal information cross-border, we rely on the following legal bases to transfer your information in accordance with legally-provided mechanisms to lawfully transfer data across borders:
Consent (where you have given consent)
Contract (where processing is necessary for the performance of a contract with you; for example, to process an online payment or deliver a purchased product)
Legitimate interests (as outlined in this Privacy Policy)
Retention
As to each category of information we collect, we will retain personal information for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use personal information to the extent necessary to comply with legal and tax obligations, resolve disputes, prevent fraud, and enforce policies. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
PRIVACY POLICY REVISIONS
By accessing the Site or interacting with us, you consent to our use of information that is collected or submitted as described in this Privacy Policy. We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Site and update the notice’s effective date. Your continued use of the Site following the posting of changes constitutes your acceptance of such changes.
State Privacy Law Addendum
This State Privacy Law disclosure page (“Disclosure”) supplements the Gabrielawray Privacy Policy and is effective as of the date on the Privacy Policy. The Gabrielawray Privacy Policy describes the personal information we collect, the sources from which we collect it, the purposes for which we use it, the limited circumstances under which we share personal information, and with whom we share it. These additional disclosures are required by state privacy laws.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose, or sell or share your personal information, subject to your right to opt out of those sales as outlined herein. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We share your personal information with the following categories of third parties.
Service Providers (legal entities that “process information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract”)
Contractors (legal entities to whom the business makes available a consumer’s personal information for a business purpose)
Disclosure of Personal Information for a Business Purpose
In the preceding twelve 12 months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: Customer Records personal information categories.
Category C: Protected classification characteristics under state or federal law.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category K: Inferences drawn from other personal information.
We disclose your personal information for a business purpose to the following categories of third parties (as defined in various state privacy laws):
Service providers.
Contractors.
Sales or Sharing of Personal Information
In the preceding twelve 12 months, we have sold or shared (as those terms are defined in the state privacy laws to include selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating in any means) the following categories of personal information:
A. Identifiers.
B. Customer Records personal information categories.
C. Protected classification characteristics under state or federal law.
D. Commercial information.
F. Internet or other similar network activity.
G. Geolocation data.
K. Inferences drawn from other personal information.
We sell or share (as those terms are defined in the state privacy laws) your personal information to the following categories of third parties:
Data aggregators.
Request to Opt Out of Sale or Sharing of Personal Information
If you are 16 years of age or older, you have the right to direct us to not sell or share your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. You may also limit the use or disclosure of your sensitive personal information to only those uses and disclosures allowed by your state’s privacy laws.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page link:
https://corporate.Gabrielawray.com/corporate/privacyrequest.
Once you make an opt-out request, we will wait at least twelve 12 months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time or consent to the use or disclosure of sensitive personal information for additional purposes.
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
Request to Receive or Correct Information
You also have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
(1)The categories of personal information we collected about you.
(2)The categories of sources for the personal information we collected about you.
(3)Our business or commercial purpose for collecting or selling that personal information.
(4)The categories of third parties with whom we share that personal information.
(5)The specific pieces of personal information we collected about you.
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
Sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You may also request that we correct your personal information.
Request to Delete Personal Information
You also have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete or obfuscate (and direct our service providers to delete or obfuscate) your personal information from our records and commit not to re-identify data that has been deleted or obfuscated, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Automated Decision Making
We may use portions of your personal information for automated decision making as needed. You may request that we stop using your data for automated decision making in the following categories:
Behavior
Economic situation
Health
Interests
Location or movements
Performance at work
Personal preferences
Reliability
Upon receipt of a request, we will either confirm we do not use your personal information for this reason, confirm we will stop using it for this reason, or explain why we are unable to accommodate this request for some legal or other compliance-related reason.
Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. We will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.