Privacy Policy
Privacy Policy — Effective Date: September 21, 2020
Christopher Karam LLC. and its affiliates (collectively “SSI”, “we”, “our”, or “us”) provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use and disclosure of personal information we receive via our website (the “Site”) and through the use of any services provided by us through the Site (the “Services”). This Privacy Policy may be updated from time to time. We will notify you of any material changes by posting the new Privacy Policy on the Site. Your use of the Site and/or any of our Services following any such notice will signify and constitute your assent to and acceptance of such revised Privacy Policy. Unless otherwise defined in this Privacy Policy, capitalized terms used herein have the same meanings as in our Terms of Service.
1. Information We Collect. Our primary goals in collecting information are to provide and improve our Service, to administer your orders, to communicate with you, and to enable users of the Site to enjoy and easily navigate the Site. When you wish to contact us, create an account on the Site, edit account details, purchase products or services via the Site, use some of our Services, or when you join our mailing lists, we will ask you for certain Personal Information. When we refer to your “Personal Information” in this Privacy Policy, we mean information that identifies, describes, relates to, references or is capable of being associated with, or could reasonably be linked, directly or indirectly, to you. We may also collect other information generated when you use our Site or Services that is not linked or otherwise associated with you, and such information is not subject to the terms of this Privacy Policy. Depending on how your use our Site and/or our Services, we may directly collect the following types of Personal Information from you:
your name;
e-mail address;
shipping address;
billing address;
credit card account number;
IP address;
telephone number; and
online identifiers you use, such as your username, social media handles, and other similar types of identifiers.
2. Information from Social Networking Sites. Our Service may include interfaces that allow you to connect with social networking sites (each an “SNS”). If you connect to a SNS through the Site, you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.
3. Information Automatically Collected. When you visit our Site, some information is automatically collected. For example, when you visit our Site your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, and the Site you visited before our Site are logged automatically (“Usage Information”). We also collect information about your usage and activity on our Site.
A. Cookies. We may automatically collect information using “cookies.” Cookies are small data files stored on your hard drive by a Site. Among other things, cookies help us improve our Site and your experience. We use cookies to see which areas and features are popular and to count visits to our Site. We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Services; and (2) third party cookies, which are served by service providers on our Services, and can be used by such service providers to recognize your computer or mobile device when it visits other sites. Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit https://www.allaboutcookies.org/ and, if you are in the UK or European Union (EU), https://www.youronlinechoices.com/uk/ if you are in the UK or European Union (EU).
B. Web Beacons. We may collect information using Web beacons. Web beacons are electronic images that may be used on our Site or in our emails. We use Web beacons to deliver cookies, count visits, understand usage and to tell if an email has been opened and acted upon.
C. Local Shared Objects. We may use local shared objects, also known as Flash cookies, to store your preferences such as volume control or to display content based upon what you view on our Site to personalize your visit. Third party partners provide certain features on our Site and Services and display advertising based upon your Web browsing activity using Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and way in which data is stored. Cookie management tools provided by your browser usually will not remove Flash cookies.
D. Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), to better assist CKE in understanding how the Site is used. Google Analytics will place cookies on your computer that will generate information that we select about your use of the Site, including your computer’s IP address. That information will be transmitted to and stored by Google. The information will be used for the purpose of evaluating consumer use of the Site, compiling reports on Site activity for CKE’s use, and providing other services relating to Site activity and usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. You may refuse the use of cookies by selecting the appropriate settings on your browser. Please note that by doing so, you may not be able to use the full functionality of the Site. The use of cookies by Google Analytics is covered by Google’s Privacy Policy, available at: https://policies.google.com/privacy.
4. Information Collected from Other Third Parties. We may receive your Personal Information from third party business partners, such as social media sites, ad networks and analytics providers. We may also receive your Personal Information from others that refer you to our Sites and/or Services.
5. Use of Information. We use your Personal Information collected for the purposes described in this Policy. Specifically, we may use your Personal Information to:
operate and improve our Site and Services;
understand you and your preferences to enhance your experience;
track, collate, and analyze your use of our Site and Services;
process and deliver contest entries and rewards;
respond to your comments and questions and provide customer service;
provide and deliver products and Services you request;
to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
facilitate your participation in participate in surveys, promotional offers, contests or sweepstakes;
communicate with you about new contests, promotions, rewards, upcoming events, and other news about products and Services offered by us and our selected partners; and
link or combine it with other Personal Information we get from third parties, to help understand your needs and provide you with better service.
6. Sharing of Information. We do not share your Personal Information with third parties except in the following circumstances:
Affiliates and Subsidiaries. We may share your Personal Information with our affiliates and subsidiaries with the understanding that they will treat such information consistent with this Privacy Policy.
Third Party Service Providers. We may share your Personal Information with our third party vendors, consultants and other service providers who work for us and need access to your information provide you with products, services, or information that you request. For example, we use Mailchimp (https://mailchimp.com/legal/privacy/) to facilitate our email communications, ZenDesk (https://www.zendesk.com/company/customers-partners/privacy-policy/) to provide customer support.
Other Third Parties. We may share your Personal Information with appropriate third parties if we believe it is necessary, in our reasonable discretion, to (i) comply with laws or to respond to lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (ii) protect the rights and property of us, our agents, customers, members, and others including to enforce our agreements, policies and terms of use; or (iii) in an emergency to protect the personal safety of CKE, its customers, or any person.
Corporate Restructuring. We may share your Personal Information in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another entity.
With Your Consent. We may share your Personal Information with third parties where you have provided consent to such sharing.
We may also share aggregated anonymous or de-identified information. When we use the term “anonymous data”, we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party. We may create anonymous data from the Personal Information we receive about you and other individuals whose Personal Information we collect. Anonymous data might include analytics information and information collected by us using cookies. We make Personal Information into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze usage patterns in order to make improvements to our Services.
7. Payment Card Information. We do not collect, store, or process any payment card information. Instead, we rely on Stripe to facilitate any payment card transactions.
8. Email Opt-Out and Disabling Cookies.
A. Email Opt-Out. You may opt out of receiving promotional emails from us by following the instructions in those emails or sending a message with your request and the subject line “EMAIL OPT OUT REQUEST” to [email protected]. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations.
B. Disabling Cookies. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Site and Services.
9. Third Party Sites and Links. Our Site and Services may contain links to third party sites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their sites, features or policies. Please read their privacy policies before you submit any data to them.
10. Children’s Information. Our Site and Services are not directed children under the age of 13. If you are under 13, you may not access, attempt to access, or use our Site or Services. We do not knowingly collect or allow the collection of Personal Information via the Site or Services from persons under the age of 13, pursuant to applicable law and regulations. If we learn that we have collected the Personal Information of someone under the age of 13, we will take appropriate steps to delete this information. If you are a parent or guardian of someone under the age of 13 and discover that your child has submitted Personal Information to us, you may contact us at [email protected] and ask us to remove your child’s Personal Information from our systems.
11. Information Security. We take reasonable organizational, technical and administrative steps to help protect Personal Information against loss, misuse, unauthorized access or disclosure. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure.
12. Your California Privacy Rights. If you are a California resident, you have the right to request information from us regarding the manner in which CKE shares certain categories of personal information with third parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address listed below to receive the following information:
The categories of information we disclosed to third parties for their direct marketing purposes during the preceding calendar year;
the names and addresses of the third parties that received the information; and
if the nature of the third party’s business cannot be determined from their name, examples of the products or services marketed.
Additionally, if you are a California resident and are under the age of 18 and you have posted content or information to our Site or Services, you can request that we remove content or information that you have posted to our Site or Services. Note that fulfillment of the request may not ensure complete or comprehensive removal (e.g., if the content or information has been reposted by other individual).
Also, please note that we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals in light of industry developments or legal changes.
13. European Users’ Rights. If you are located in the EU or Switzerland, you have certain rights with respect to your Personal Information. Following is a summary of those rights and additional information applicable to our collection and use of your Personal Information.
A. Data Controller. When you provide us with your Personal Information through the Site and/or our Services, we serve as a data controller. When we act as a data controller we determine how your Personal Information will be utilized, in accordance with this Privacy Policy.
B. Legal Basis for Processing Information
If you are located in the EU or Switzerland, we rely on several legal bases to process your Personal Information. These legal bases include where:
The processing is necessary to perform our contractual obligations, such as to provide you with our Services;
You have given your prior consent, which you may withdraw at any time (such as for marketing purposes or other purposes we obtain your consent for from time to time);
The processing is necessary to comply with a legal obligation, a court order or to exercise or defend legal claims; and
The processing is necessary for the purposes of our legitimate interests, such as in improving, personalizing, and developing our Site and Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
If you have any questions about or would like further information concerning the legal bases on which we collect and use your Personal Information, please contact us by emailing [email protected].
C. Rights Under the General Data Protection Regulation
If you are located in the EU or Switzerland, you have the following rights in respect of your Personal Information that we hold:
Right of access. The right to obtain access to your Personal Information.
Right to rectification. The right to obtain rectification of your Personal Information without undue delay where that Personal Information is inaccurate or incomplete.
Right to erasure. The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or processed.
Right to restriction. The right to obtain the restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the Personal Information is contested by you, for a period enabling us to verify the accuracy of that Personal Information.
Right to portability. The right to portability allows you to move, copy or transfer Personal Information easily from one organization to another.
Right to object. You have a right to object to processing based on legitimate interests and direct marketing.
If you wish to exercise one of these rights, please email us at [email protected]. You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
D. Retention of Personal Information. When reserve the right to retain any Personal Information as long as it is needed to: (1) fulfill the purposes for which we collected the Personal Information; and (2) comply with applicable law.
E. Transfers of Personal Information. If you are located in the EU, the personal information we collect may be stored and processed in any country in which we or our affiliates, suppliers, third party electronic payment processors and/or financial institutions or agents maintain facilities, including, but not limited to, the United States of America. YOU CONSENT TO ANY AND ALL PERSONAL INFORMATION YOU PROVIDE AND SUBMIT VIA THE SITE AND SERVICES BEING SENT TO THE UNITED STATES OF AMERICA. The United States of America has not sought nor received a finding of “adequacy” from the EU under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. YOU ARE ALSO INFORMED THAT THE UNITED STATES OF AMERICA PRESENTLY DOES NOT HAVE AN ADEQUATE LEVEL OF PERSONAL DATA PROTECTION AS DETERMINED BY THE EUROPEAN COMMISSION’S ADEQUACY DECISION ON OCTOBER 6, 2015 (CASE C-362/14) AND ARTICULATED IN THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION AND HAS NOT RECEIVED A SIMILAR DESIGNATION OF ADEQUACY BY ANY OTHER FOREIGN DATA PROTECTION AUTHORITY. YOU AGREE TO THE TRANSFER OF YOUR DATA AND PERSONAL INFORMATION TO THE UNITED STATES OF AMERICA, HOWEVER, TO BE USED IN ACCORDANCE WITH THIS PRIVACY POLICY.
F. Obligations to Data Protection Authorities (DPAs)
We will respond diligently and appropriately to requests from DPAs about this policy or compliance with applicable data protection privacy laws and regulations. We will, upon request, provide DPAs with names and contact details of the individuals designated to handle this process. With regard to transfers of Personal Information, we will (1) cooperate with inquiries from the DPA responsible for the entity exporting the data and (2) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.
G. Contacting Our Data Protection Officer
To contact our designated Data Protection Officer, please send an email to: [email protected]
14. EU-U.S. and Swiss-U.S. Privacy Shield.
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of July 12, 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the EU to the United States of America.
On September 8, 2020, the Swiss Data Protection Authority, the Federal Data Protection Commissioner (“FDPIC”), announced that it no longer considers the Swiss-U.S. Privacy Shield adequate for purposes of transfers of personal data from Switzerland to the United States of America. As a result of that announcement, the Swiss-U.S. Privacy Shield is no longer a valid mechanism to comply with Swiss data protection requirements when transferring personal data from Switzerland to the United States of America.
Despite the invalidation of the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, CKE remains committed to adhering to applicable Privacy Shield Principles with respect to Personal Information transferred from the EU or Switzerland to the United States of America as further described below.
If you are providing your information from the EU or Switzerland, CKE (including its affiliates) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the EU and Switzerland to the United States. CKE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit https://www.privacyshield.gov/. Our participation in the Swiss-U.S. Privacy Shield applies to all Personal Information that is received from the European Union, European Economic Area, and Switzerland.
SSI remains responsible and liable under the Privacy Shield Principles for onward transfers if third-party agents that we engage to process Personal Information on our behalf do so in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, CKE commits to resolve complaints about our collection or use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CKE at: [email protected].
We have further committed to refer unresolved Privacy Shield complaints to JAMS (Judicial Arbitration and Mediation Services, Inc.), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles. For details, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
SSI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
15. Changes to This Policy. We may change this Policy from time to time. If we make any changes to this Policy, we will change the “Effective Date” date above. If we make any material change(s) to the Policy, we will post a notice on our Site prior to such changes(s) taking effect. Your continued use of the Site and/or any of our Services after the changes have been made will constitute your acceptance of the changes. Therefore, please read any such notice carefully. If you do not wish to continue using the Site or our Services under the new version of this Privacy Policy, please stop using the Site and our Services.
16. Contacting Us. If you have any questions about this Privacy Policy, please contact us at [email protected].