Privacy Policy

Effective date: June 29th, 2018.

 

This Privacy Policy sets forth how we collect and process your personal data, and seeks to comply with the European Union's ("EU") new privacy law known as the General Data Protection Regulation ("GDPR").

 

COLLECTION OF PERSONAL DATA

When you engage in a transaction on our Website, we may collect directly from you the following personal data for the reasons set forth. For user accounts, we collect your first name, last name, e-mail address and last login date and time, for purposes of keeping record of our customers. For a sale on our Website, we collect the last four digits of your credit card, the name on the credit card, and the date and time of the transaction, for purposes of troubleshooting sales transactions with the payment processor. For items put in your shopping cart but not purchased, which after deleted after 1 to 2 months, we send you reminders that there are items remaining in your shopping cart, for purposes of studying purchasing behaviors and the reasons why checkouts are abandoned. With respect to contact messages sent by you to us through the form on our Website, we collect your e-mail and the time of your message. Anonymous session keys are collected through cookies for the purpose of providing users to our Website with a consistent visit. With respect to your clicking on out of stock items, we collect your user account, the item in question, and the date and time of the attempted transaction, for purposes of studying the demand for items not in our inventory. With respect to requests for out of stock reminders, we collect your user account and your e-mail address, for purposes of sending you a reminder when an item is back in stock. For orders, we collect your full mailing address for purposes of billing and shipping, and other related data such as your organization for purposes of delivery. For personal profiles, we collect only from those customers who wish to share such data, your age, size for clothes, location and interests. With respect to professionals, in addition to personal data that we may collect from all of our customers, we also collect your description of your job and documents proving your professional identity. With respect to reviews, we keep and publish reviews of our products by our customers. The aforementioned personal data is also collected for purposes of making sales, improving after sale support, attracting new customers or motivating existing customers to place new orders, and checking the functionality of all of our mechanisms. We also collect your IP address on a country level for purposes of regulating traffic for the EU to the proper language version of our Website and, in the future, intend on doing so to a city level for purposes of greater personalization by customizing what you see on the homepage of our Website.

 

The first layer of storage of the data is our database. Some of the data is stored temporarily in a log file to assist with troubleshooting bugs. These log files are deleted after 1 to 2 months. The second layer of storage is by our hosting provider, Amazon Web Services (AWS). For our website (www.xplor8r.com), we use AWS servers in the US-West-1 region located in California. We keep monthly backups of our databases for up to one (1) year. We keep weekly backups of our databases which are retained for four (4) weeks. We keep daily backups of our databases which are retained for thirty one (31) days.

 

We are processing this information based upon your consent to our doing so, our legitimate interests such as marketing and, with respect to the data necessary to process your purchases and payments, because it is necessary for the performance of your contract with us. With respect to data that may transferred from the EU to the United States, such transfer would only occur so long as it was necessary for the purpose of carrying out our contractual obligations to you or based upon the fact that you have granted us your consent to do so. The only people who may have access to your personal data, in addition to parties acting as data processors or data controllers disclosed elsewhere herein, are our e-commerce officer, our head developers, our system administrator, the management of XPLOR8R (only upon request), employees of Full Circle (the software company that handles our ERP software) with respect to data that is transferred to ERP, and other XPLOR8R employees who are required to have access to the data in order to perform their jobs.

 

This information will only be retained for as long as it is necessary to carry out the purpose for which it is collected, to fulfill our contractual obligations, or as long as it is required by law, but no longer than fifteen (15) years. Of course, we will delete your personal data quickly upon request. We will not sell, share or rent your personal data to any third party. Unless you are in the EU, by exploring and using this Website, and by submitting information to XPLOR8R, you agree to XPLOR8R's use of such information as described herein as well as the terms and conditions set forth in our Terms of Use.

 

In order for us to be able to provide the services available on our Website, and to meet any of our related business obligations, you must provide the personal data that is required to do so. Without that data, we are not in a position to do so.

 

SECURITY

Security of all personal data of our users is a primary concern of ours. Thus, we have adopted reasonable security measures to protect the security of our users' information. We use, where appropriate, industry standard encryption technology, multiple computer server firewalls, entry point VPN, and deep resource segmentation when transferring and receiving consumer data exchanged with this Website. Credit card information is sent to Authorize.Net, which processes the payments. Nevertheless, we cannot guarantee complete security of your information inasmuch as no security systems are foolproof. It is also important for you to protect against the unauthorized access to your information as well as to your computer.

 

DISCLAIMER

Unless you are in the EU, this privacy policy and all statements contained on this Website about privacy and how we deal with data supplied by visitors to this Website are not intended to be a contractual obligation of any kind and any such obligation is hereby disclaimed in its entirety. These statements merely constitute the present policy of XPLOR8R, which we will take reasonable measures to implement. Similarly, this privacy policy is not intended to be "advertising" or "advertising claims". Rather, it is merely intended to set forth our policy, including our practices and intentions, as to how we conduct our business.

 

PROMOTIONAL AND E-MAIL NOTIFICATIONS

When you sign up to our Website, you agree to receive promotional e-mails and e-mail notifications including, but not limited to, customer service related e-mails pertaining to sales such as order confirmations, notifications that an item has shipped, returns and requests for reviews. If you change your mind and no longer wish to receive our promotional e-mails, you may opt out at any time simply by sending us an e-mail or by clicking on the unsubscribe link.

 

COOKIES

When you interact with our Website, we attempt to make your experience as easy and meaningful as possible. Therefore, like many websites, we may use cookies and other technologies to track user activity and collect Website data. Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser for record keeping purposes. We use cookies to track information about your activities on our Website. We also use cookies to store your preferences and to allow you to remain logged in as you use our Website. The types of cookies used include session cookies, permanent cookies, and third-party cookies. We use session cookies for the proper functionality of our Website so that users of our Website can be recognized through their visit to it. We use permanent cookies in order to recognize returning customers and to make it possible to automatically show them their cart.

 

When you first access our Website, you should receive a message informing you that cookies are in use. By your continuing to browse our Website, you agree to our use of cookies as described herein. You do not have to accept our cookies. You may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser's preferences by following its instructions. You can also delete cookies once they have been placed on your hard drive. If you choose to disable or delete our cookies, you may still browse our Website but many of the features either will not work or may take more time to work.

 

LINKS

This Website may, from time to time, contain links to other sites. This is especially true with respect to our foreign customers who, during the checkout process, are redirected to our own branded page at zonos.com in order to complete the forms for a specialized checkout including, but not limited to, international shipping services and import tax calculations. Following checkout, the customers and their data return to our Website. We are not responsible for the privacy practices of any such sites. They may also use cookies and other technologies. However, we do not have access to, or control over, cookies or other technologies that they may use. As such, the information practices of these sites are not covered by our policy, but rather are covered by their respective privacy policies. Thus, you should be aware of when you are leaving this Website and take the time to read the privacy statements of any such sites if they are in the habit of collecting your personal data.

 

PROMOTIONS AND CONTESTS

We may, from time to time, host a promotion or contest on this Website or on another website that is sponsored or co-sponsored by a third party. In connection therewith, you may be asked to provide personal information or permit the transfer to a third party of your personal information. XPLOR8R has no control over the third party's use of this information. Depending on the situation, you will be informed as to who is collecting or transferring the information and whose privacy statement applies, and it will be your discretion as to whether or not you want to permit the collection or transfer of your personal information to a third party.

 

DATA PROCESSORS AND JOINT DATA CONTROLLERS

We do not own or control any servers or databases. We use Amazon Web Services (AWS). For our US website, we use AWS servers in the US-West-1 region located in California. We keep monthly backups of our databases for up to one year. We keep weekly backups of our databases which are retained for four (4) weeks. We keep daily backups of our databases which are retained for thirty one (31) days.

 

Email-Checker acts as a data processor with respect to verifying our e-mails, but no personal data is stored with them. Gender API is a Germany based company that acts as a data processor with respect to determining the gender of our customers, but no personal data is stored with them. GlockApps acts as a data processor with respect to our using their seed list to track delivery of our e-mail marketing campaigns, but no personal data is stored with them.

 

In addition to AWS, personal data is only stored on third-party servers acting as either data processors or data collectors. Yotpo acts as a data processor with respect to personal data which it processes for purposes of contacting customers in order to generate reviews. SendGrid acts as a data processor with respect to personal data which it processes for purposes of managing our e-mail lists and contacts. Hortjar acts as a data processor with respect to personal data which it processes for purposes of statistics, allowing us to run experiments on page design, page heat maps and session recording. According to Facebook, they act as both a data controller and data processor with respect to personal data which it collects and processes purposes of marketing. Facebook's privacy policy can be found here, to which you can object as well as objecting to Facebook's services. According to Microsoft, it acts as a data controller with respect to personal data which it collects in connection with Bing Ads, which it collects for purposes of marketing. Microsoft's privacy policy can be found here, to which you can object as well as objecting to Microsoft's services. According to Criteo, it acts as a data controller with respect to personal data which it collects for purposes of marketing. Criteo's privacy policy pertaining to the GDPR can be found here, to which you can object as well as objecting to Criteo's services. According to Quantcast, it acts as a data controller with respect to personal data which it collects for purposes of marketing. Quantcast's privacy policy can be found here, to which you can object as well as objecting to Quantcast's services. Adwords acts as a data processor with respect to personal data which it processes for purposes of marketing. Roots Rated acts as a data processor with respect to personal data which it processes for purposes of marketing. Buffer acts as a data processor with respect to personal data which it processes for purposes of managing our customers' messages and comment replies from Facebook, Twitter and, in the near future, Instagram. Help Scout acts as a data processor with respect to personal data which it processes while acting as our customer service inbox manager. Qubit acts as a data processor with respect to personal and non-personal data for the purposes of personalization.

 

TERMINATION OF CONSENT

You have the right, at any time, to withdraw your consent to the processing of your personal data. The withdrawal of your consent will not affect or invalidate the lawfulness of any data processing based upon your original consent that occurred prior to your withdrawal of that consent.

 

CORRECTION, AMENDMENT OR DELETION OF INFORMATION

You have the right, in certain situations, to have your personal data corrected, erased, to terminate the further dissemination of your personal data, or to have third parties cease processing your personal data. In the event that you desire to revoke your previously granted consent to our Website collecting any personal data, and/or wish to have such information corrected, amended or deleted, and/or to terminate the further dissemination of your personal data or to have third parties cease processing your personal data, you can do so by contacting the following: customerservice@xplor8r.com.

 

RIGHT TO YOUR PERSONAL DATA

You are entitled to receive a copy of your personal data free of charge so long as your request is not manifestly unfounded or excessive. We must provide the requested information within one month of our receipt of your request, which time period can be extended by two additional months if necessary, so long as we inform you of the extension within one month of receiving your request and of the reasons for the delay.

 

RIGHT TO OBJECT TO PROFILING AND DIRECT MARKETING

To the extent that we may collect your personal data for the purposes of conducting profiling or direct marketing, you have the right to object to the processing of your personal data for those purposes. In the event that you object to processing for those purposes, we will no longer process your personal data for those purposes.

 

DATA PORTABILITY

You have the right to receive your personal data in a commonly used and machine-readable format and to have your personal data transmitted to another information technology environment if it is technically feasible to do so.

 

RESPONSE TO "DO NOT TRACK" REQUESTS

We do not respond to web browser "do not track" signals. As a result thereof, any navigation of our Website may be tracked as part of the gathering of quantitative user information described above. If you arrive at our Website through the use of a link originating from a third party site that responds to "do not track" requests, the recognition of any "do not track" request you may have initiated will end upon your reaching our Website.

 

NOTIFICATION OF DATA BREACH

In the event of a data breach that is likely to result in a risk to your rights and freedom, within 72 hours of our becoming aware of the breach we are required to report it to you and the appropriate authorities.

 

CHILDREN'S PERSONAL DATA

Our Website is not directed to children under the age of 13, or 16 if located in the EU, and we do not have actual knowledge that we have collected personal data from children under those ages. However, in the event that we learn that we do collect personal data from children under the age of 13 in the U.S., under the age of 18 in California or Delaware, or under the age of 16 if located in the EU, we will endeavor to comply with the Children's Online Privacy Protection Act (COPPA), California's Online Eraser Law, and the Delaware Online Privacy and Protection Act (DOPPA) as well as the GDPR. In the event that we discover that we have unknowingly collected such personal data, we will either immediately attempt to utilize that information in order to obtain parental consent or destroy all of the data collected.

 

Parents have the right to review the personal data that we may have collected about their children. Parents can, at any time, refuse to permit us to collect any more personal data about their children, and can request that we delete from our records all of the personal data that we have collected about their children. Parents should keep in mind that a request to delete such information about their children means that their children will not be able to utilize our Website. In order to request access to, change or delete their child's personal data, parents can send an e-mail to us at customerservice@xplor8r.com. It will be necessary for you to authenticate yourself as the child's parent in order to receive any information about that child. A valid request to delete personal data will be undertaken within a reasonable period of time. We will also delete, within a reasonable time period, any personal data collected from a child under the age of 13 when the service that the child was using becomes inactive, or a subscription lapses or is cancelled, or when their account with us is closed.

 

Minors under the age of 18 residing in California and Delaware may remove, or may request the removal of, any information that they have posted on our Website. This can be accomplished by contacting us as follows: customerservice@xplor8r.com. Any removal of posted information does not ensure the complete or comprehensive removal of the information posted on our Website.

 

COMPLAINTS

You have the right to lodge a complaint with the appropriate supervisory authority (Data Protection Authority) of a member state of the EU that is your habitual residence, your place of work, or the place of the alleged infringement of your rights.

 

NOTICE

XPLOR8R may change this privacy policy from time to time. Unless you are in the EU, all material changes to this policy are effective immediately upon its posting on this section of our Website. If you are in the EU, you will have to provide your consent to any such changes. We may also post these changes in the Terms of Use section of this Website and/or by sending an e-mail to users who have provided us their e-mail address for this notification purpose.