ABOUT THIS NOTICE
CFC, Inc. (also known as “CFC” OR “COMPANY” or “WE”) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection law, including but not limited to the European Union’s General Data Protection Regulation. Please read it carefully.
Data protection law generally says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
In this age of the Internet where privacy has become an increasing concern, we take your privacy very seriously. The privacy and security of your personal data (the “Personal Information”) which we collect from you is important to us. It is equally important that you understand how we handle this data. The Company will not knowingly collect or use Personal Information in any manner not consistent with this policy, as it may be amended from time to time, and applicable laws.
Is Company complying with GDPR?
Yes, Company is complying with GDPR through the information collection disclosures included in this document.
We reserve the right to keep customer data for a period of time adequate to ensure compliance and respond to follow-up inquiries. Pursuant to regulatory, legal, and security requirements in Chapter 2 of the General Data Protection Regulation this timeline is determined based on the type of data, the security implications of storing the data, the legal requirements Company must meet with the data, and the privacy of the individual referenced in the data.
We take the security of our data very seriously and have a responsibility to the individuals we hold data on behalf of on our systems and servers. Please refer to the following headings below to review what kind of data we keep and the process to request, review, change, or remove data we hold.
To see rights if you are an EU subject, please see Rights of GDPR subjects.
Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, and credit card information,
We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web browser cookies
How we use collected information
CFC, Inc. collects and uses Users personal information for the following purposes:
- To improve customer service - Your information helps us to more effectively respond to your customer service requests and support needs;
- To personalize user experience - We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site;
- To improve our Site - We continually strive to improve our website offerings based on the information and feedback we receive from you;
- To process transactions - We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service;
- To administer a content, promotion, survey or other Site feature;
- To send Users information they agreed to receive about topics we think will be of interest to them;
- To send periodic emails - The email address Users provide for order processing, will only be used to send them information and updates pertaining to their order. It may also be used to respond to their inquiries, and/or other requests or questions. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
CFC, Inc. will take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information such as credit card data, that information is tokenized, encrypted and transmitted to us in a secure way.
While we use tokenization and encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service), are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
Our Site is also in compliance with PCI vulnerability standards in order to create as secure of an environment as possible for Users.
Consistent with California’s CaCPA law, CFC, Inc. will review and update this policy at least every twelve months.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
30 E Oakton St Des Plaines, IL 60018
[Rev. Version 01/01/2020]
RIGHTS FOR CALIFORNIA RESIDENTSIf you are a consumer located in California, effective January 1, 2020, these additional rights apply to you. They are subject the limitations set forth in each right.
Right of Access to Specific Information and Data Portability Rights
You have the right to request that CFC, Inc. disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will provide you in an accessible format, normally within 45 days of the request, the following information.
When providing information under the right of access, we will include:
- The categories of personal information we collect about the consumer;
- The categories of sources of the consumer’s personal information;
- The business or commercial purpose for collecting the consumer’s personal information;
- The categories of any third parties with whom we share the consumer’s personal information; and,
- The specific pieces of personal information collected about the consumer.
Right to Deletion
You as a California consumer have a right to request the deletion of personal information that we hold on you, the consumer.
However, this right does not apply where we need to retain the personal information in order to do any of the following:
- Provide goods or services to the consumer;
- Detect or resolve issues security or functionality-related issues;
- Comply with the law;
- Conduct research in the public interest;
- Safeguard the right to free speech; or,
- Carry out any actions for internal purposes that the consumer might reasonably expect.
You have the right not to be discriminated against for having exercised your rights under the CaCPA. In particular, we may not:
- Deny You goods or services;
- Charge You different prices for goods or services, whether through denying benefits or imposing penalties
- Provide You with a different level or quality of goods or services to You; or,
- Threaten You with any of the above.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by contacting us at:
CFC, Inc.. or firstname.lastname@example.org
Attn: Soaper’s Choice
30 E. Oakton St.
Des Plaines, IL 60018
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
YOUR RIGHTS IF AN EU SUBJECT
1.1 If you are EU subject, Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. Under certain circumstances, by law you have the right to:
1.1.1 Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
1.1.2 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
1.1.3 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
1.1.4 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
1.1.5 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
1.1.6 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
1.1.7 Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
1.1.8 Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
1.1.9 Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us at email@example.com.
1.2 No fee usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
1.3 What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
1.4 Time for response. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know
1.5 IMPORTANT NOTICE REGARDING EXERCISING YOUR RIGHTS UNDER THIS SECTION. DATA PRIVACY RULES PROVIDE YOU WITH THESE VARIOUS RIGHTS. AND YOU HAVE THE FULL ABILITY TO EXERCISE THEM IN YOUR DISCRETION. HOWEVER, IN SOME INSTANCES, OUR ABILITY TO ADEQUATELY EXECUTE OUR OBLIGATIONS MAY BE IMPACTED