Last updated: November 23, 2021
For the purposes of the General Data Protection Regulation (GDPR) and other applicable laws globally, SamCart Inc. is the entity responsible for your personal information (the data controller).
What information do we collect?
When you use or access our Services or otherwise interact with us, we may collect a variety of personal information about you and others, as described below. “Personal information” is any information that enables us to identify you, either directly or indirectly in conjunction with any other information we hold, by reference to an identifier such as name, address, date of birth or government identification number.
–Personal information you provide to us
We collect personal information when you visit our Site, register to receive our Services, place an order, request a demo, subscribe to our newsletter, respond to a survey, fill out a form, attend an event, apply for a job, or otherwise interact with us.
The types of personal information may include:
- Personal details, such as information that identiﬁes you or your personal characteristics, including your name, user ID, e-mail address, mailing address, phone, or your date of birth.
- Credentials, such as passwords, password hints or similar security information used for authentication and account access.
- Marketing data, such as your preferences in receiving marketing from us, or information about your use of our Services.
- Event data, such as your contact data and a record of your participation in our events as an attendee or presenter.
- Payment information, that you provide when you purchase our Services, such as your payment card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not store your credit card information.
- Candidate data, such as employment history, qualifications, academic qualifications and education records, and any other information that you provide to us when applying for a job with us, for example in your curriculum vitae, a covering letter, on an application form or during an interview, or that we have received from a recruitment agency or background check provider.
–Information you provide to our customers
–Information we collect automatically
When you use the Services, we use persistent and session cookies (for information on cookies, please see below) and other tracking technologies such as log files, clear GIFs, and Flash technologies to: (a) store your username and password; (b) analyze the usage of the Services; (c) customize the Services to your preferences; and (d) control the advertising displayed by the Services. We also may include clear GIFs in HTML-based emails sent to our users to determine whether the message has been opened. As we adopt additional technology, we may also gather additional information through other methods.
We use these automated technologies to collect and analyze certain types of information, including: (a) information related to the devices or browsers you use to access or interact with the Services, such as: IP addresses, geolocation information, unique device identifiers and other information about your mobile phone or other mobile device(s), browser types, browser language, and unique numbers or codes in cookies; and (b) information related to the ways in which you interact with the Service, such as: referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Service, and other similar information. We may also capture other data, such as search criteria and results.
We may collect different types of information about your location, including general information (e.g., IP address, zip code) and more specific information (e.g., GPS-based functionality on mobile devices used to access the Service), and may use that information to customize the Services with location-based information and features. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this.
- security service providers who provide us with information to secure our systems, prevent fraud and help us protect the security of our Services;
- payment service providers who provide us with payment or balance information, or updates to that information, based on their relationship with you;
- online and offline data providers, from which we obtain aggregated demographic, interest based and online advertising related data; and
- publicly available sources such as publicly available databases and social media platforms.
A cookie is a small text file stored by a website in a user’s web browser (e.g. Internet Explorer, Safari, Firefox or Chrome) that helps us in many ways to make your visit to our Site more enjoyable and meaningful to you. Among other things, cookies avoid you having to log in every time you come back to our Site. They also allow us to tailor our Site or advertisement to better match your interests and preferences. For more information about our practices in this area, and for a list of the cookies we use, please see our Cookie Notice.
SamCart itself does not respond to “do not track” signals (“DNT”), and we do not control whether third parties do. If you turn on the DNT setting on your browser, our Services are not currently capable of following whatever DNT preferences you set. For more information about DNT, visit www.donottrack.us.
How do we use information we collect?
We will use your personal information for the following purposes as is necessary for the performance of our obligations under our customer terms, or to answer questions or take steps at your request prior to entering those term:
- To create and maintain your account
- To enable your use of our Services
- To process transactions
- To send technical alerts, updates, security notifications, and administrative communications
- To assist with the resolution of technical support issues or other issues relating to our Services
- To verify your identity, investigate and prevent fraudulent activities, unauthorised access to our Services, and other illegal activities
We use your personal information for the following purposes as is necessary for certain legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time):
- For internal administrative and technical operations to keep our Services, network and information systems updated, patched and secure
- To personalize your experience (your information helps us to better respond to your individual needs)
- To improve our Services (we continually strive to improve our Service offerings based on the information and feedback we receive from you)
- To confirm, update and improve our records, and to analyse and develop our relationship with you
- To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
- To administer a contest, promotion, survey or other site feature
- To send periodic emails
- To promote our business and send you marketing communications relating to our Services or carefully selected third parties which we think may be of interest to you
- To (i) comply with legal obligations, (ii) respond to requests from competent authorities; (iii) protect our interests; (iv) protect our rights, safety or property, and/or that of our partners, you or others; and (v) enforce or defend our legal rights.
If you apply to work for SamCart, we will use your personal information in the following ways as necessary in our legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time, subject to restrictions permitted by such law) and to decide whether to enter into a contract with you:
- To assess your skills, qualifications, and suitability for the role you have applied for
- To carry out background and reference checks, where applicable
- To communicate with you about the recruitment process
- To keep records related to our hiring processes
- To comply with legal or regulatory requirements
When SamCart is acting as a data processor, we will process your personal information in compliance with the instructions of our customers, who ultimately choose how and why to use your person information.
How do we use your email address?
When you submit your email address on the Site, we will send you marketing communications relating to our Services, provided you have consented to receiving such communications to the extent required by applicable law. If you no longer wish to receive such marketing communications from us, you can cancel your participation at any time by clicking on the opt-out link or other unsubscribe option that is included in the respective email.
We only send emails to people who have authorized us to contact them, either directly, or through a third party. We do not send unsolicited commercial emails, because we hate spam as much as you do.
We will use your email address for customer audience targeting on sites like Facebook, where we display custom advertising to specific categories of people.
Email addresses submitted only through the order processing page will be used for the sole purpose of sending you information and updates pertaining to your order. If, however, you have provided the same email to us through another method, we may use it for any of the purposes stated in this Policy.
Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
How do we share your information?
There are circumstances where we wish to share or are compelled to disclose your personal information to third parties. This will only take place in accordance with the applicable law and for the purposes listed in this Policy.
SamCart may share your information with third party service providers for the purpose of providing the Services to you, such as payment processors, email service providers, and providers of technical infrastructure (such as servers or databases co-located with hosting providers), engineering, or other support.
As we develop our business, we may buy or sell assets or business offerings. Customer, email, and visitor information are generally among the transferred business assets in these types of transactions. We may also transfer or assign such information in the course of corporate divestitures, mergers, or dissolution.
We may share or disclose your information with your consent, such as if you choose to sign on to the Services through a third-party service. We cannot control third parties’ use of your information.
We may disclose your information if we are required to do so by law, or if we believe in good faith that it is reasonably necessary to (i) respond to claims asserted against us or to comply with legal process (for example, subpoenas or warrants), (ii) enforce or administer our agreements with users, such as the Terms of Service; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes, or (iv) protect the rights, property or safety of SamCart, its users, or members of the public.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Our Services are hosted and operated in the United States by SamCart and its service providers. By using our Services, you acknowledge that your personal information may be accessed by us or transferred to us in those jurisdictions and to our affiliates, partners, and service providers who are located in the US and around the world.
Where required by applicable laws, we will take appropriate measures to ensure adequate protection of your personal information when transferred internationally and, if necessary, seek your prior consent. Such measures may include use of data transfer agreements or official transfer mechanisms such as data authority approved contractual clauses. For instance, if you are located in the European Economic Area (“EEA”), we may store your personal information as described in this policy outside the EEA. Where we transfer EEA personal information to a third party located in a country not recognised by the European Commission, or another relevant body, as ensuring an adequate level of protection, we will take appropriate steps, such as implementing Standard Contractual Clauses recognised by the European Commission, to safeguard such personal information.
How long do we store your information?
We will store your personal information, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the personal information is processed. We and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically and reasonably feasible to remove it. Otherwise, we will seek to delete your personal information within a reasonable timeframe upon request.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.
After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be kept on file for more than 60 days.
We cannot, however, ensure or warrant the absolute security of any information you transmit to SamCart or guarantee that your information on the Services may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or managerial safeguards.
Choices you can make about your information
You may choose not to share information through the Service, in which case SamCart may not be able to provide services to you.
You may opt out of email communications. To opt-out, all you need to do is click the “Unsubscribe” link at the bottom of any email you receive from us.
You can also contact our Support Desk (https://help.samcart.com) and request to be removed from our mailing list.
Protecting the privacy of young children is especially important. SamCart does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register with the Service. If we become aware that we have collected personal information from a child under the relevant age without parental consent, we take steps to remove that information. Our Site, products and services are all directed to people who are at least 13 years old or older.
Third party links
Occasionally, at our discretion, we may include or offer third party products or services on our Site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Terms and Conditions
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our Site.
Your California Privacy Rights
California residents with an established business relationship with us are permitted by California law once a year to request information about the manner in which we shared certain categories of information with others for their marketing purposes during the prior calendar year.
We do not share your personal information with third parties for their direct marketing use unless we have your permission. To withdraw permission previously granted please email us at firstname.lastname@example.org. Once we receive your instruction, we will cease sharing your information, but this will not affect previously shared information.
The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Verified California residents have the right to:
- request and receive disclosure of our information collection practices during the prior 12 months, including the categories of personal information we collect, the categories of sources of such information, our business purpose for collecting or sharing such information, and the categories of third parties with whom we share such information;
- request and receive disclosure of our information sharing practices during the prior 12 months, including a list of the categories of personal information sold with the category of third-party recipients and a list of the categories of personal information that we disclosed for a business purpose;
- request and receive a copy of the specific personal information we have collected about them during the prior 12 months;
- request that we not sell personal information about them; and
- request that we delete (and direct our service providers to delete) their personal information subject to certain exceptions.
For purposes of the CCPA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
The CCPA rights described above do not apply to information collected in the employment context about our current, former or prospective employees or contractors (who receive separate disclosures under the CCPA) or to information collected about California business contacts (employees, owners, directors, officers, or contractors of companies, sole proprietorships, and other entities collected in the context of conducting due diligence regarding, or providing or receiving a product or service to or from, such companies, sole proprietorships, or entities). California business contacts have the right to tell us not to sell their information; please see below for how to exercise this right.
Information collected, sources, and business purpose for collecting information. During the past 12 months we may have collected the following categories of personal information. This includes information that individuals provide to us directly, information we collect from automatically through the website, information that we collect when individuals interact with us such as through online postings, and information that we may collect from third parties such as service providers, affiliated companies, marketing, staffing, or data partners, or other third parties. It also includes information that we collect about employees and business partners and vendors from those individuals directly or from references, referrals or consumer reporting agencies. Not all information is collected from everyone who interacts with us. Information we collect is used for the business purposes described above in “How do we use information”.
- Identifiers such as contact information (name, address, phone number, email or postal address), unique personal identifiers (that may include but are not limited to a legal name or preferred alias and online identifiers like user account names), and an encrypted version of your password. We may collect additional information from suppliers, vendors, or employees including business contact information, phone number, email and postal addresses and titles.
- Sensitive information such as financial and payment information like credit or debit card information, or PayPal account email address.
- Commercial information such as transaction histories, billing and shipping information, and product preferences.
- Inferences we make about individuals or their interests based on analysis of other information we have collected.
- Geolocation information.
- Audio or video information such as call centre recordings or monitoring records from our customer support centres and security video recordings at our facilities.
- Employment, education and professional related information, protected classification information, biometrics (collected from current and prospective employees, contractors, service providers, vendors and suppliers).
- Other types of personal information that we may disclose to you prior to the point of first collection.
Exercising your CCPA rights. To make a request for disclosure California residents may contact us by calling us at 737-242-6703 or emailing us at email@example.com. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days and will endeavour to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 business days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.
You may make a request for disclosure of our information collection practices, the specific information we collected about you, or our information sharing practices up to twice within a 12-month period. You may make a request that we not sell information or for deletion of your information at any time.
For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavour to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.
For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged to delete your information as well.
We will not discriminate against you as a result of your exercise of any of these rights.
Using an Authorized Agent. You may submit a request through someone holding a formal Power of Attorney. Otherwise, you may submit a request using an authorized agent only if (1) the person is registered with the Secretary of State to do business in California, (2) you provide the authorized agent with signed written permission to make a request, (3) you verify directly with us that you have authorize the person to make the request on your behalf, (4) you verify your own identity directly with us and (5) your agent provides us with proof that they are so authorized. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.
We may transfer personal information for monetary consideration. If you would like to tell us not to sell your information in the future please email us at firstname.lastname@example.org with your name, postal address, telephone number and email address with “Nevada do not sell” in the subject line.
Your European Privacy Rights
For European residents only. In certain circumstances, you have rights under the GDPR in relation to your personal information that we hold about you – specifically:
- Request access to your personal information. You may have the right to request information regarding our processing of your personal information and access to the personal information which we hold about you.
- Request correction of your personal information. You may have the right to request that we correct your personal information if it is inaccurate or incomplete.
- Request erasure of your personal information. You may have the right to request that personal information held about you is deleted in certain circumstances.
- Request restriction of processing your personal information. You may have the right to prevent or restrict processing of your personal information.
- Request transfer of your personal information. You may have the right to request transfer of personal information directly to a third party where this is technically feasible.
If you visit or make a purchase from one of our customer’s SamCart-powered webpages, that customer legally controls your personal information. As a result, SamCart doesn’t, for example, decide how long your information is retained because that decision is made by our customer. This means SamCart can’t help you access, correct, erase, or port your information without being directed to by our customer. To make a request about your personal information, contact the specific customer directly. If you make a request to us, we will forward your request to the relevant customer and help them fulfil your request.