Bean Box, Inc. Detailed US Privacy Notice
Information for US Residents
We collect Personal Data from US residents and comply with the consumer privacy laws of California, Colorado, Connecticut, Utah, and Virginia (“US Privacy Laws”). In addition to our general Privacy Notice available at https://beanbox.com/privacy, this Detailed US Privacy Notice applies to US residents (“users,” “you,” or “your”).
For the purposes of this Detailed US Privacy Notice, “Personal Data” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data:
- Publicly available information;
- Deidentified or aggregated data; or
- Information otherwise excluded from the scope of US Privacy Laws.
This Privacy Notice provides the following information to US residents:
- Categories of Personal Data we collect;
- Purposes for which we use Personal Data;
- Categories of Personal Data we disclose to third parties;
- Categories of third parties to which we disclose Personal Data; and
-
How US residents can exercise their rights under US Privacy Laws:
- The rights to access, correct, or delete Personal Data;
- The right to obtain a portable copy of Personal Data;
- The right to limit the use of sensitive Personal Data in certain circumstances;
- The rights to opt out of targeted advertising, sales of Personal Data, or profiling; and
- The right to appeal our decisions about your requests.
Categories of Non-Sensitive Personal Data
The table below outlines the non-sensitive categories of Personal Data Bean Box, Inc. collects about US residents and whether and how they are disclosed to third parties.
We collect Non-Sensitive Personal Data from the following sources:
- Directly from our users
Category of Personal Data:
|
Examples |
Identifiers may contain the following: Basic account information such as name, email, address, phone number; cookie and other tracking identifiers. |
Purpose(s) for Collection |
Personalizing our Web site and mobile app experience, and delivery targeted offers to customers and visitors. |
Targeted Advertising |
We may disclose this information with advertising partners for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors. We disclose Identifiers To support fulfillment of products. |
Retention Period |
Until a customer closes their account with us. |
Category of Personal Data:
|
Examples |
Internet/Electronic Activity may contain the following: Cookie IDs and hashed email addresses. |
Purpose(s) for Collection |
Personalizing our Web site and mobile app experience, and delivery targeted offers to customers and visitors. |
Targeted Advertising |
We may disclose this information with advertising partners for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors. We disclose Internet/Electronic Activity To support fulfillment of products. |
Retention Period |
We retain this data until the user deletes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud |
Category of Personal Data:
|
Examples |
Imprecise Geolocational Data may contain the following: If the user opts in, we collect imprecise geolocational data in order to make address autocomplete more relevant. |
Purpose(s) for Collection |
If the user opts in, we collect imprecise geolocational data in order to make address autocomplete more relevant. |
Targeted Advertising |
We may disclose this information with advertising partners for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information is not otherwise disclosed to third parties |
Retention Period |
We retain this data until the user deletes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud |
Categories of Sensitive Personal Data
The table below outlines the categories of Sensitive Personal Data Bean Box, Inc. collects about US residents and whether they are disclosed to third parties. Bean Box, Inc. obtains affirmative consent from US residents to process Sensitive Personal Data to the extent required by US Privacy Laws.
We collect Sensitive Personal Data from the following sources:
- Directly from our users
Category of Sensitive Personal Data:
|
Examples |
Financial Data may contain the following: Credentials that could allow purchases. |
Purpose(s) for Collection |
Allowing customers to authenticate and purchase products without re-entering credit card information. |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information is not otherwise disclosed to third parties |
Retention Period |
Credentials to allow future purchases are retained until a customer closes their account. |
Use of Personal Data
We use Personal Data for the purposes described in our general Privacy Notice (see https://beanbox.com/privacy). Personal Data may also be used or disclosed as otherwise permitted or required by applicable law.
Disclosing Personal Data
We share Personal Data with the following categories of third parties:
- Processors: We use processors to securely handle Personal Data on our behalf and only on our instructions. These companies may not use your Personal Data for their own purposes.
- Our Analytics and Advertising Partners: We use analytics services to collect and process certain data and to provide you with relevant advertising. These services may also collect information about your use of certain other websites, apps, and online resources.
- Our Business Partners: We may disclose relevant personal data to our business partners to provide you with exclusive offers for products and services that may interest you.
See the tables above for more details about how different categories of Personal Data are disclosed.
We do not sell Personal Data to anyone.
Exercising Your Personal Data Rights
US residents have the following rights under US Privacy Laws:
- The rights to access, correct, or delete Personal Data;
- The right to obtain a portable copy of Personal Data;
- The right to limit the use of Sensitive Personal Data in certain circumstances;
- The rights to opt out of targeted advertising, sales of personal data, or profiling;
- The right not to receive discriminatory treatment for exercising your privacy rights; and
- The right to appeal our decisions about your requests if you disagree with them.
If you are a US resident, you can submit a request to exercise your personal data rights under US Privacy Laws by visiting our online portal at https://www.requesteasy.com/63d2-2243 or calling our toll-free number at +1-888-923-8596. Bean Box, Inc. also processes opt-out requests sent by Universal Opt-Out Mechanisms (also referred to as “Opt-Out Preference Signals”) frictionlessly in compliance with US Privacy law. You can send an Opt-Out Preference Signal for our business to process frictionlessly by visiting our website using a device or browser that broadcasts commonly used and recognized Opt-Out Preference Signals, such as the Global Privacy Control. We will apply the Opt-Out Preference Signals we receive to the browser or device that sent the signal.
To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will verify your identity by sending an email to your email address on file with a link to click. If you do not complete the verification process, we may be unable to process your request. Any information you provide to authenticate your identity will only be used to process your rights request and not for any other purpose. Please be aware that we do not accept or process rights requests submitted through other means.
We will respond to your rights request within 45 days, though in certain cases we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also note that each of the rights are subject to certain exceptions.
We reserve the right to decline to process, or charge a reasonable fee for, requests from a US resident that are manifestly unfounded, excessive, or repetitive.
Notice of Right to Opt-Out of Sale/Sharing for Targeted Advertising
US privacy laws give US residents the right to direct a business that “sells” or “shares” their Personal Information to stop selling and/or sharing their Personal Information at any time. As used here, “selling” means exchanging Personal Data with a third party for money or anything of value, and “sharing” means disclosing Personal Data to a third party for use in conducting “cross-context behavioral advertising,” also referred to as “targeted advertising.” An example of targeted advertising is displaying advertisements to a person where the advertisement is selected based on Personal Data obtained from their activities over time and across non-affiliated websites or applications to predict their preferences or interests. In certain situations and as detailed above, we share for targeted advertising Personal Data with third parties. You can opt out of the sharing of your Personal Data by visiting our online portal at https://www.requesteasy.com/63d2-2243 or calling our toll-free number at +1-888-923-8596.
Notice of Right to Limit the Use of Sensitive Personal Information
You have the right to limit some uses of Sensitive Personal Data. In particular, you may direct companies not to use Sensitive Personal Data except as necessary to provide goods or services you have requested or other exempt purposes.
However, we only use Sensitive Personal Data for purposes that are exempt from this right, such as to provide you with goods or services you have requested, to detect and prevent security incidents, or verifying the quality of our goods and services. The full list of these exempt purposes are specified in California Code of Regulations, Title 11, Section 7027(m).
Children’s Data
We do not knowingly collect or use the Personal Information of children under 13. If you believe that we have collected the Personal Information of a child under 13, please contact us at privacy@beanbox.com.
Authorized Agent Requests
You may designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above in the section titled Exercising Your Personal Data Rights. We may require verification of your authorized agent’s authority in addition to the information we require for verification of your identity.
Contact Us
If you have any questions or concerns regarding this Detailed US Privacy Notice, contact us at privacy@beanbox.com.
Last updated: October 04, 2023