Shelf Privacy Policy

Last updated October 1st, 2020

INTRODUCTION

GemShelf Inc. dba Shelf (“Shelf” or “we” or “us” or “our”) respects the privacy of our users (“user” or “you”). This Privacy Policy describes the information we collect from you, how we use that information, and our legal basis for doing so. It also covers whether and how that information may be shared and your rights and choices regarding the information you provide to us. Please read this privacy policy carefully.  


IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE SITE.

Shelf is committed to meet all European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA or CaCPA) requirements.


CHANGES TO THE SHELF PRIVACY POLICY

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. We will notify you of changes to the data processing activities described in this Privacy Policy by email or by posting a prominent notice on the Site. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted.

The INFORMATION WE COLLECT AND RECEIVE

In order to create a Shelf account and use our services, we need to collect and process certain information. We collect and receive this information in a variety of ways and may include:

  • Personal Data

Personally identifiable information, such as your name, shipping address, email address, and telephone number, and demographic information, such as your age, gender, hometown, and interests, that you voluntarily give to us when you register with the Site or when you choose to participate in various activities related to the Site, such as online chat and message boards. You are under no obligation to provide us with personal information of any kind, however, your refusal to do so may prevent you from using certain features of the Site.

  • Derivative and Usage Data

Information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site; Information about the ways people visit and interact with our Site, in the form of traffic analytics. You can opt out of being included in Google Analytics here.

  • Financial Data

Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Site. Shelf partners with Stripe for payment processing and the payment you submit is collected and used by them in accordance with their privacy policies, which are available here. Shelf does not store your payment information apart from the type of credit or debit card, the last four digits of the card, the expiration date of the card, and the name associated with the card.

  • Data From Social Networks

User information from social networking sites, such as LinkedIn and Facebook including your first and last name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks.

  • Mobile Device Data

Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the Site from a mobile device.

  • Communications

Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem); and Information that you submit on or to Shelf in the form of comments, contributions to discussions, or messages to other users.

USE OF YOUR INFORMATION

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Site to:

  • Assist law enforcement and respond to subpoena.
  • Compile anonymous statistical data and analysis for use internally or with third parties.
  • Create and manage your account.
  • Email you regarding your account or order.
  • Enable user-to-user communications.
  • Fulfill and manage purchases, orders, payments, and other transactions related to the Site.
  • Generate a personal profile about you to make future visits to the Site more personalized.
  • Increase the efficiency and operation of the Site.
  • Monitor and analyze usage and trends to improve your experience with the Site.
  • Notify you of updates to the Site.
  • Perform other business activities as needed.
  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
  • Process payments and refunds.
  • Request feedback and contact you about your use of the Site.
  • Resolve disputes and troubleshoot problems.
  • Respond to product and customer service requests.

DISCLOSURE OF YOUR INFORMATION

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

  • By Law or to Protect Rights
    If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
  • Third-Party Service Providers
    We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance,etc. 

Third-Party Subprocessors list

THIRD PARTY SERVICE/ VENDOR

PURPOSE

WEBSITE

Auth0Identity Managementhttps://auth0.com/
AWS AmazonInfrastructure serviceshttps://aws.amazon.com/artifact/
StripePayment processinghttps://stripe.com/
IntercomCustomer support platformhttps://www.intercom.com/
MongoDB AtlasDatabase hosting serviceshttps://www.mongodb.com/cloud/atlas
Elastic CloudDatabase Hosting serviceshttps://www.elastic.co/
DatadogMonitoring and centralized logginghttps://www.datadoghq.com/
Google AnalyticsWeb Analytics serviceshttps://analytics.google.com/analytics/web/provision/#/provision
PardotMarketing Automation Solutionhttps://www.pardot.com/

 

If you are in the EU, have users of your Shelf account based in the EU, have customers in the EU, or need to be GDPR compliant, you may additionally contact privacy@shelf.io to sign Shelf’s Data Processing agreement (DPA). 

  • Marketing Communications

With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law. Marketing emails from Shelf give you the ability to “opt out”. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you that are necessary for fulfilling our obligations to our customers.

  • Interactions with Other Users

If you interact with other users of the Site, those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.

  • Third-Party Advertisers

We may use third-party advertising companies to serve ads when you visit the Site. These companies may use information about your visits to the Site and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.

  • Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

  • Business Partners

We may share your information with our business partners to offer you certain products, services or promotions.

  • Other Third Parties

We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.

  • Sale or Bankruptcy

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline honor commitments we made in this Privacy Policy.

We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

 

DATA RETENTION

Shelf securely stores your data at AWS file system storage and databases, which are encrypted by Transparent Data Encryption standard (TDE) and Advanced Encryption Standard (AES) technologies in accordance.

We will retain your personal information for no longer than is necessary to fulfill the purposes for which the information was originally collected unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.

Where we have no ongoing legitimate business need to process your personal information, we will either delete, aggregate or otherwise anonymize it.

 

TRACKING TECHNOLOGIES

 

Cookies and Web Beacons

We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site to help customize the Site and improve your experience. When you access the Site, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Site. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.

Website Analytics

We may also partner with selected third-party vendors, such as Google Analytics, and Mixpanel and others, to allow tracking technologies and remarketing services on the Site through the use of first-party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Site, determine the popularity of certain content and better understand online activity. By accessing the Site, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, you can visit the third-party vendor or the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.

You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.

 

THIRD-PARTY WEBSITES


The Site may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.

 

SECURITY OF YOUR INFORMATION


We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps,
including contractual restrictions and physical, electronic and administrative safeguards such as firewalls, data encryption, SSL and other up-to-date technologies, to secure the personal information you provide to us.

Please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.  Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

Regardless of that, Shelf takes reasonable and appropriate measures to protect data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

 

POLICY FOR CHILDREN


We do not knowingly solicit information from or market to children under the age of 16. If you become aware of any data we have collected from children under age 16, please contact us using the contact information provided below.

 

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

 

OPTIONS REGARDING YOUR INFORMATION

Account Information

You may at any time review or change the information in your account or terminate your account by:

  • Logging into your account settings and updating your account
  • Contacting us using the contact information provided below

Upon your request to terminate your account, we will deactivate your account. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

Emails and Communications

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by:

  • Logging into your account settings and updating your preferences.
  • Contacting us using the contact information provided below

If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

Personal Information

You may send requests about personal information privacy@shelf.io. You can request to change contact choices, opt-out of our sharing with others, and update your personal information.

We strive to provide you the tools to update your personal information. If you are unable to correct inaccurate information on your own, you may request our assistance to update such information by contacting privacy@shelf.io.

 

Notice for Residents of the European and Swiss Economic Areas, Privacy Shield and Contractual Terms

Shelf is relying on SCCs (Standard Contractual Clauses) as a framework for allowing lawful export of personal data from European Economic Area, Switzerland and the U.K. to the U.S.

You can obtain Shelf’s current Data Protection Agreement, including the Standard Contractual Clauses by sending an email to privacy@shelf.io. If you need to have a DPA signed, please reach out to the very same address noted above. Please allow up to 72 hours for us to respond to your request.

Shelf continues to closely monitor the situation in the EU with regard to personal data transfers.

 

CONTACT US

If you have questions or comments about this Privacy Policy, please contact us at privacy@shelf.io.

 

GemShelf Inc.

Attn: Data Protection Officer

Address: 175 Atlantic St., Stamford, CT 06901, USA

Email: privacy@shelf.io

Phone number: + 1(833) 200 8222 (toll free)