Updated July 23, 2020
A. PURPOSE AND SCOPE/SUBJECT TO CHANGE
B. RUBY HAS’ PRIVACY PRINCIPLES
All Personal Data Processed by Ruby Has will be done in accordance with the Policy and in accordance with all applicable laws. Specifically, all Personal Data will be Processed: (i) fairly and lawfully; (ii) for specified and legitimate purposes and for no other purpose; (iii) adequately, relevantly and not excessively with respect to the purpose(s) for which it was collected; (iv) accurately and maintained as such; (v) and protected against unauthorized access and using appropriate technical and organizational security measures and controls: (vi) for as long as necessary for the purpose(s) for which it was collected.
C. COLLECTION OF PERSONAL DATA
Ruby Has collects Personal Data from you when you use the Website, register for an account, provide Ruby Has information on a web form, update or add information to your account, or otherwise correspond with Ruby Has. While provision of your Personal Data is typically voluntary, it may be necessary to use the Website, to register for an account with Ruby Has, and for the provision of the fulfillment services (“Services”) provided by Ruby Has. Ruby Has does not collect any Sensitive Personal Data as defined under applicable data protection laws.
D. METHODS OF COLLECTION
Personal Data provided voluntarily. Ruby Has may collect Personal Data provided voluntarily when you, for example, register for an account to access the Services, attempt to resolve issues relating to the Website or Services, submit other feedback, or request information via web forms. The types of Personal Data we collect, and the reasons we collect it will be disclosed at the time Ruby Has asks for such Personal Data.
a. Automatically Collected Personal Data. Ruby Has collects certain information automatically, such as information concerning your interaction with the Website, your advertising preferences, and your communications with Ruby Has. We receive this information from devices (including mobile devices) you use when you inquire about or access our Services. This information could include IP address, geographical information, demographics, device type, unique device identification numbers, browser type, referral URL, browsing activity, and other technical information (collectively “Technical Information”). In some countries and regions, including the European Economic Area (“EEA”) Technical Information may be considered Personal Data under the General Data Protection Regulation (“GDPR”) and other applicable data protection laws. Collection of Technical Information enables Ruby Has to better understand those who visit the Website and where such visitors come from. It is also used for internal analytics purposes to improve the quality of the Website.
b. Cookies and similar technologies. When you visit the Website, Ruby Has may use cookie and similar technologies for storing information to help provide you with a better experience on the Website. A “cookie” is a small text message that the Website stores on your computer or other device containing information regarding your navigation of the Website. For example, when you make a change to your account preferences, a cookie is stored in your browser cache, enabling the Website to remember your preferences next time you return. Cookies enable Ruby Has to personalize your experience, facilitate navigation, display material more efficiently on the device you are using, estimate patterns of use, and provide more precise search results. Cookies may be disabled via your web browser’s settings. However, by disabling or rejecting cookies, some features and services on the Website may not work properly.
c. Personal Data Received from our Vendors. Ruby Has may receive Personal Data from its Vendors in performance of the Services Ruby Has provides.
d. Publicly Available Sources. Ruby Has may obtain Personal Data from publicly-available sources such as government databases.
E. LEGAL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA
Ruby Has Processes Personal Data for a variety of different business and legal purposes, as described herein. The purpose for which Ruby Has Processes Personal Data may change at any time from the original purpose for which it was Processed. An explanation of the legal basis upon which Ruby Has relies for the Processing of Personal Data is available upon request.
a. Consent. Personal Data may be Processed with your consent to:
- Market Ruby Has Services via email or Text Message
- Provide targeted advertisements from other parties while using the Website
- Provide targeted advertisements from Ruby Has or other parties while using third-party websites
- Allow third party partners to profile your activities to provide a better experience on the Website and third-party websites
Consent may be withdrawn at any time by contacting firstname.lastname@example.org
b. Fulfillment of a contract and provision of Services. Personal Data may be Processed to fulfill a contractual obligation and for the following:
- Manage user registration on the Website
- Provide the Services including providing Personal Data to Ruby Has shipping partners
- Process payments.
- Provide customer service support
- To provide Order Fulfillment updates
- To ask you to review your experience on the Website
c. Compliance with legal obligations. Personal Data may be Processed to comply with:
- All relevant tax and financial reporting requirements and regulations
- All legal proceedings
- To respond to Data Subject Access Requests (as herein defined)
- Cooperation in the investigation and prosecution of any crime or offense
- To protect users on the Website
d. Legitimate Interest. Personal Data may be Processed to pursue Ruby Has’ legitimate interests in the event that they are not outweighed by your personal rights and freedoms. Such Legitimate Interests include:
- Improving provision of the Services
- Improving provision of advertising based on user activity on the Website
- Communicating with customers and end users via the Website relating to provision of the Services performed by Ruby Has
- Analyzing marketing targeting, prospecting, and overall effectiveness
- Analyzing user behavior on the Website
- Improving the Website
- Communicating with Website users regarding updates and other communications relating to the functionality of the Website or provision of the Services when reasonably necessary
- Providing customer service on the Website and third-party sites
- Assessing Ruby Has employee performance
- Internal management and audit of business operations and financials
- Exercising, establishing or defending Ruby Has’ legal rights
- In contemplation of the transfer of ownership or control of Ruby Has, in any manner, provided that any potential transferee agrees to use such Personal Data in compliance with applicable law.
F. PERSONAL DATA SHARING
Ruby Has may share your Personal Data with third-party vendors with whom Ruby Has maintains a business relationship for a variety of reasons. Such sharing of Personal Data may be based on your consent, or for the fulfillment of the provision of the Services. Further, Ruby Has may be required to share Personal Data in response to a lawful request by a competent public authority, or to any other third party if necessary, for a Legitimate Ruby Has Interest.
G. GDPR INDIVIDUAL DATA SUBJECT RIGHTS
Under the General Data Protection Regulation, residents and nationals of the European Economic Area (“EEA”) have the following Individual Data Subject Rights:
- The right to be informed. You have the right to know what Personal Data Ruby Has collects from you and the purposes for which it is Processed. This information is contained within the Policy.
- The right of access. You have the right to access a copy of your Personal Data as well as any other supplementary information. This information helps you understand how and why Ruby Has is Processing your Personal Data, and ensure that it is being done lawfully.
- The right to rectification. You have the right to have any inaccurate Personal Data rectified. You may also be allowed to have incomplete Personal Data completed, depending on the purposes for which it is being Processed.
- The right to erasure or the right to be forgotten. You may have the right to have your Personal Data erased if (i) the Personal Data is no longer necessary for the purpose for which it was collected; (ii) Ruby Has is Processing Personal Data based on your consent; (iii) Ruby Has’ legitimate interests are outweighed by your personal rights and freedoms; or (iv) such Personal Data was Processed in contravention of applicable law. Requests for erasure may be rejected in certain circumstances.
- The right to restrict processing. As an alternative to erasure, you may request that Ruby Has limit the way it Processes your Personal Data in certain circumstances, such as when you believe that Personal Data is inaccurate (until Ruby Has can verify its accuracy), and when Ruby Has no longer requires the Personal Data but you request that it maintain a record to establish, exercise or defend a legal claim.
- The right to data portability. You have the right to receive a copy of your Personal Data in a structured, commonly used and machine-readable format, and you also have the right to request for Ruby Has to transfer it directly to another Controller (as defined under the GDPR).
- The right to object. You may have the right to object to the Processing of Personal Data in certain circumstances, depending on the legal basis for which it was collected.
- Rights in relation to automated decision making and profiling. You have the right not to be subject to solely automated decisions, including profiling, which have a legal or similarly significant effect on you. In specific instances, you have the right to request human intervention and an explanation of the automated decision, and you may be able to challenge that decision.
EEA residents and nationals may exercise their individual data subject rights by contacting:
Ruby Has Compliance
5 Inez Dr.
Bay Shore, NY 11706
H. CALIFORNIA CONSUMER PRIVACY RIGHTS.
The California Consumer Privacy Act (“CCPA”) grants California residents certain rights with respect to Personal Data Processed by Ruby Has.
a. The right to be informed regarding (i) categories of Personal Data which Ruby Has Processes; (ii) categories of sources from whom Personal Data is collected; (iii) the commercial purpose for Processing or selling Personal Data; and (iv) categories of third parties with whom Ruby Has shares Personal Data.
b. The right to request deletion of Personal Data provided that Ruby Has does not require such Personal Data for legitimate legal or business purposes.
c. The right to opt out of the sale of personal information. Ruby Has does not sell Personal Data to any third party.
d. The right to equal services and prices. Ruby Has does not discriminate against individuals for exercising their CCPA privacy rights.
California residents may exercise their CCPA rights by contacting:
Ruby Has Compliance
5 Inez Dr.
Bay Shore, NY 11706
I. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Although Ruby Has offers its Services to companies and individuals worldwide, Ruby Has does not transfer or store Personal Data ACROSS INTERNATIONAL BORDERS.