Privacy & Cookies Policy
Last Updated: August 30, 2021
Please read carefully.
PERSONALLY IDENTIFIABLE INFORMATION COLLECTED
The categories of personally identifiable information we may collect and have collected within the past 12 months from you include:
- Identifiers - Including without limitation your real name, alias, account name, online identifier, Internet Protocol address, unique identifiers, email address, postal address, billing address, phone number, birthdate, social media handle or moniker, or other similar identifiers.
- Payment Data – Including without limitation your credit card information, billing address or any financial information you provide in connection to your purchase of our products.
- Legally Protected Characteristics – Including without limitation, your age and gender.
- Commercial Information - Including without limitation our products you purchased, obtained, considered, or returned and promotions, sweepstakes, contests, and other Programs (as defined below) you participated in.
- Audio and Visual Information – Including without limitation images or recordings of you if you attend one of our promotional and marketing offline events and any voice recordings that you voluntarily leave on voice mailboxes or that we may collect when you call customer services.
- Inferences Drawn About Your Preferences – Including without limitation your beauty and related preferences and interests, characteristics, behaviors on and offline, purchase patterns, and other inferences drawn from other types of information we collect from you.
- Other Categories of Personally Identifiable Information that Relates to or is Reasonably Capable of Being Associated with You - Including without limitation the messages and other content you send us (e.g., feedback and reviews of our products or questions and information you provide to our staff and customer services) and information we collect from you if you interact with us on other Platforms, such as Facebook, Instagram, Twitter, and other social media or interactive pages.
- Data About Others – Including without limitation personally identifiable information of individuals for whom you refer to us or purchase an item or gift for, such as their real name, email address, phone number, and postal address. Please do not share personally identifiable information of other individuals with us unless you have their permission to do so.
HOW INFORMATION IS USED
We use personally identifiable information and non-personally identifiable information in a variety of ways, including without limitation to:
- Operate and improve our Sites, customer service, or product and service offerings;
- Text marketing (if applicable): With your permission, we may send text messages about our store, new products, and other updates. Updates include Checkout Reminders. Webhooks will be used to trigger the Checkout Reminders messaging system.
- Personalize and improve your experience on our Sites (e.g., your information helps us to better respond to your individual needs);
- Respond to comments and questions and provide customer service (e.g., your information helps us to effectively respond to your customer service requests and support needs);
- Operate and maintain our promotions, contests, sweepstakes, and Programs;
- Provide products and tailored content, services, advertisements, and offers to you;
- Administer and manage your account or membership to one or more of our Programs;
- Verify your identity and prevent fraud;
- Perform our contractual obligations to you, including without limitation fulfilling product orders and Prato Auto Replenishments;
- Conduct research and analytics and create aggregated, pseudonymized, or anonymized information for statistical purposes;
- Post your content and consumer reviews on the Sites, our social media pages, Platforms, and related third party sites that retail or feature our brand and products;
- Enable you to interact with third-party content service providers, whether by linking to their sites, viewing their content within our online environment, or by viewing our content within their online environment;
- Conduct audits related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
- Detect security incidents, protect you against malicious, deceptive, fraudulent, or illegal activity and prosecute those responsible for that activity;
- Debug to identify and repair errors that impair existing intended functionality; and
- Fulfilling any other business or commercial purposes at your direction or with your consent.
We collect certain aggregate and non-personally identifiable information when you visit our Sites. Aggregate and non-personally identifiable information does not relate to a single, identifiable visitor. It tells us how many users visited our Sites or the pages accessed. By collecting this information, we learn how to best tailor our Sites to our visitors. We collect this information through a “cookie” and other technologies, as explained below.
The types of cookies and similar technologies we use:
- Strictly necessary cookies that are required for the operation of our Sites, such as cookies that enable you to log into your account or make purchases, or cookies that enable us to comply with the law (for example, to keep your information safe). We would not be able to operate our Sites without using “strictly necessary” cookies.
- Performance cookies which recognize and count the number of users to our Sites and help us see how users move around our Sites. These cookies do not collect information that personally identifies a visitor. We only use such information to improve our Sites. This information helps us to find out how well our Sites are working and highlights where it can be improved.
- Functionality cookies which are used to recognize when you return to our Sites and assist us to personalize your content and Site experience by remembering your preferences. By using our Sites, you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings (please see below).
- Targeting cookies and web beacons/tracking pixels which are used to record your visit to our Sites, the pages you have visited and the links you have followed. These cookies and tracking pixels are used by operators of third-party advertising networks such as Google and Facebook to advertise relevant products to you on the internet, based on the products and categories you looked at or purchased on our website. Our website currently uses tracking pixels with third parties such as Google and Facebook for marketing and remarketing purposes. This technology allows those third parties to collect information when you access our Sites, including the products on our Sites you have viewed, whether you have made a purchase and, if you make a purchase, the details of the transaction including products bought and amount of the sale. The third-party providers are able to identify specific users of their platforms through the ID number used in their tracking pixels. This information allows those providers to tailor what marketing material you are shown through those platforms and when browsing the internet. We also receive aggregated reports from those third parties in relation to our advertising campaigns, including de-identified information about the number of users who were shown our advertising campaigns and subsequently purchased our products. These reports use aggregated information and do not allow Prato to identify specific individuals from those transactions. If you do not want to allow such information sharing between Prato and those third party advertising networks by using targeting cookies and tracking pixels on your device, you can deactivate targeting cookies and tracking pixels through your user settings in your internet browser or in the respective third party platforms directly.
SHARING OF PERSONALLY IDENTIFIABLE INFORMATION
The categories of entities to whom we disclose and have shared information within the last 12 months, include:
- Service Providers - Prato shares information with entities that help us with maintaining and operating our Sites. Our service providers include without limitation our payment processors, IT vendors, advertising networks, internet service providers, data analytic providers, marketing providers, transportation and logistics providers, external auditors and advisors and other third parties that support our business. These companies may only use such information to perform those functions and may not use it for any other purpose, although we may permit them to use aggregate information which does not identify you or de-identified data for any purpose except as prohibited by applicable law.
- Vendors - We may share information with vendors and other entities in connection with tailoring advertisements, measuring, and improving our Sites and advertising effectiveness, processing your specific requests, and enabling other enhancements to our products, services, and offline events. These companies may act as our service providers, or in certain contexts, independently decide how to process your information.
- Promotional Partners - If you voluntarily enroll in one of our Programs (e.g., our newsletters), we share information to third parties to help us provide and operate our Program offerings. This includes without limitation sharing your information with our service providers that maintain our e-newsletters, our third party partners (or their service providers) participating in our promotions, or other third parties for administrative purposes.
- Social Networks – We may obtain your information from a Platform if you interact with us on such Platforms (e.g., you like our Instagram or Facebook post) and may share any posts or content that you have tagged us on or relate to our products and services in our own Platform accounts and Sites.
- Affiliates - We may share information with our related entities including without limitation our parent, subsidiaries and sister companies, or to their employees, agents, contractors, representatives, legal counsel and/or accountants, for: operational, management and administrative purposes; internal audit, legal, regulatory, security, insurance, financial, processing and other similar purposes; or as otherwise permitted or required by law.
- Third Parties in Connection with a Merger, Acquisition or Other Business Transaction - We may share information if Prato is involved in a merger, acquisition, sale of all or a portion of its assets, financings, joint ventures, reorganization, dissolution, liquidation, or other event where we sell or transfer all or a portion of our business assets or equity. We will not provide you with notice before disclosure in such cases.
- Third Parties for Security and Compelled Disclosure Purposes - Prato must disclose information about you in response to lawful requests by public authorities, including but not limited to meet national security or law enforcement requirements. We may share information about you in connection with legal requirements, such as in response to an authorized subpoena or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud. Such disclosures may be carried out without notice to you.
- Third Parties that You Direct Us to Share With - We share information at your request or direction, such as when you purchase a gift card and direct us to send it to a certain recipient. We may also share your information with notice and as required by applicable law, with your consent.
THIRD PARTY LINKS
We may use third party companies to serve advertisements, measure the performance and engagement with our ads, provide analytic, preference, and interest information, and administer some of our offerings (e.g. our Recycling Program and Ambassador Program). In some instances, these ad network providers, social platforms, sponsors, and/or service providers may use their own tracking technology to capture information about your device, use and engagement online.
We may recognize your information across different devices that you use or log in from (e.g., computers or mobile devices). We may recognize that one cookie ID (e.g., from a computer) may be connected to another device (e.g., smart phone) by the device ID or log in. This may result in you searching for one of our products on one device but seeing an advertisement later for that product on another device. By knowing what devices are being used by a person or household helps us limit the number of times you may see the same advertisement across different devices.
You can specify your preferences over the use of some of these technologies by changing your preferences regarding cookie collection via changes to your web browser. Additionally, you can manage third party advertising preferences for some of the third parties we work with that serve advertising across the internet by using the choices available at www.networkadvertising.org/managing/opt_out.asp and www.aboutads.info/choices. We do not guarantee that all of the third parties we work with will honor the elections you make using those options, but we strive to work with third parties that do. Some Platforms (i.e., Facebook) allow you to exercise ad choices, limit data collection and clear your history on that Platform as well.
Our Sites are intended for general audiences and is not directed to children under 13. We do not knowingly collect personally identifiable information from children under 13. If you become aware that a child has provided us with personally identifiable information without parental consent, please contact us at firstname.lastname@example.org. If we become aware that a child under 13 has provided us with personally identifiable information without parental consent, we will take reasonable steps to remove such information and terminate the child’s account.
HOW WE PROTECT YOUR PERSONALLY IDENTIFIABLE INFORMATION
Prato implements reasonable practices to protect your personally identifiable information from unauthorized access, use, disclosure, or destruction. No data transmission or electronic storage is infallible. Therefore, Prato cannot guarantee or warrant the security of the personally identifiable information that you transmit to Prato.
WHAT CHOICES DO YOU HAVE OVER HOW YOUR INFORMATION IS USED?
In this section, we describe the rights and choices available to all users.
- Access or Update Your Account Information - If you registered for an account with us, you may review and update certain personally identifiable information in your account profile by logging into your account and editing your account and billing information.
- Opt Out of Marketing Communications - You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions located at the bottom of the email. You may continue to receive service-related and other non-marketing emails (e.g., emails confirming your online orders). If you receive marketing text messages from us, you may opt out of receiving further marketing text messages from us by replying STOP to our marketing message.
- Cookies - Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings.
- Do-Not-Track - Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
- Privacy Settings and Location Data - Users of our Sites can disable our access to their device’s precise geolocation in their electronic device settings.
- Choosing Not to Share Your Personally Identifiable Information - We do not require you to register or provide personally identifying information to view our Sites or access much of its content. However, there are certain instances where we need your information to provide you with certain services or provide you access to certain features of our Sites (e.g., to process your online orders). In addition, if you terminate your account or membership to one or more of our Programs, or if you choose not to join, you may not be able to benefit from the discounts, free sample, gifts, free shipping or other benefits offered to customers through such Programs.
CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
California residents have specific rights regarding their personally identifiable information as described below. These rights are subject to certain exceptions. When required, we will respond to most requests within 45 days, unless it is reasonably necessary for us to extend our response time.
- Right to Know About Personally Identifiable Information That is Collected or Disclosed - You have the right under the California Consumer Privacy Act (“CCPA”) to request that we disclose certain information regarding our practices with respect to your personally identifiable information. If you submit a valid and verifiable request and we confirm your identity and/or authority to make the request, we will disclose to you any of the following at your direction:
- The categories of personally identifiable information we have collected about you in the last 12 months.
- The categories of sources for the personally identifiable information we have collected about you in the last 12 months.
- Our business or commercial purpose for collecting personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personally identifiable information we collected about you.
- If we disclosed your personally identifiable information to a third party for a business purpose, a list of the personally identifiable information types that each category of recipient received.
- Right to Request Deletion of personally identifiable information - You have the right under the CCPA to request that we delete any of your personally identifiable information that we collected from you and retained, subject to certain exceptions. If you submit a valid and verifiable request and we can confirm your identity and/or authority to make the request, we will delete all information that we are not allowed to maintain under applicable law.
- How to Exercise the Above Rights - To exercise your rights described above, please submit a verifiable consumer request by contacting us. You may make a verifiable consumer request no more than two times within a 12 month period. The verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personally identifiable information or an authorized representative. Such verification process will involve you confirming at least three pieces of personally identifiable information we have collected about you, and will increase in scope in the event the nature of your request relates to the disclosure of sensitive personally identifiable information or the deletion of any personal information;
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it; and
- Include a statement that you “declare under penalty of perjury that you are the person about whom the Right to Know/Delete request has been made.”
- Right to Appoint an Authorized Agent - You are also permitted to designate an authorized agent to submit the above requests on your behalf. For an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity according to the above method before processing the authorized agent’s request.
- Right to Non-Discrimination for Exercising Privacy Rights - You may exercise your rights under the CCPA without discrimination.
- Notice of Financial Incentive - We may offer price discounts, coupons, services and other perks for members of our mailing and/or texting list, Prato and Ambassador Program (collectively “Programs”). In order to participate in such Programs, we may ask you to disclose certain personally identifiable information (e.g., your name, email address, and mailing address) and may share such information to our service providers who help administer our Programs. While membership to these Programs is optional (you must opt-in on our Sites and can terminate at any time by contacting us), the collection of personally identifiable information to create and maintain accounts and communications and to monitor and administer program-related activities, could be characterized as a “financial incentive” under the CCPA given that we provide member-only benefits. To the extent California law requires that a value be assigned to the personally identifiable information collected from such Programs, we value the personally identifiable information collected and used in connection to our Programs as the equivalent to our good-faith estimate of the cost of administering the relevant Program for which the information was collected, the details of which we maintain as a trade secret. This description is without waiver of any proprietary or business confidential information, and it does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.
- Sale of Personal Data - We do not believe that we sell your personally identifiable information as defined under the CCPA, and we will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law.
- Direct Marketing and Do Not Track Signals - Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personally identifiable information we shared with other businesses for their own direct marketing purposes. Such a notice will include a list of the categories of personally identifiable information that were shared (if any) and the names and addresses of all third parties with which the personally identifiable information was shared (if any). The notice will cover the preceding calendar year. To obtain such a notice, please contact us as described below. In addition, under this law you are entitled to be advised how we handle “Do Not Track” browser signals. Prato does not personally track its users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party websites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such websites, most web browsers (like Safari) allow you to set the DNT signal on your browser so third parties (particularly advertisers) know you do not want to be tracked.
NEVADA RESIDENTS: YOUR NEVADA PRIVACY RIGHTS
Nevada law (SB 220) requires website operators to provide a way for Nevada consumers to opt-out of the sale of certain information that the website operator may collect about them. Prato does not sell your personally identifiable information to third parties as defined in Nevada law, and will not do so without providing you with notice and an opportunity to opt-out of such sale as required by law. If you have any questions regarding our data privacy practices or our compliance with Nevada data privacy law, please contact us via the methods listed under “HOW TO CONTACT US” below.
EUROPEAN ECONOMIC AREA AND UNITED KINGDOM (“EEA”) RESIDENTS: YOUR EEA PRIVACY RIGHTS
Data protection laws in Europe and the United Kingdom require a “lawful basis” for processing “personal data” (as defined by GDPR). Our legal basis to process your personal data, includes without limitation:
- Necessity – We will process your personal data as necessary to perform our responsibilities under our contact with you (e.g., processing your order and delivering the products you purchase);
- Consent – If you provide us with your consent to perform a specific processing activity, we will process your personal data to perform such activity (e.g., sending you marketing emails);
- Legal Obligation – In some cases, we will process your personal data as necessary for compliance with our legal obligations (e.g., responding to a court order).
For further details on how we may process your personal data, please see the section entitled “How We Use Your Personal Information” above.
If you are in the EEA and certain requirements are fulfilled, you may have the following data protection rights:
- Right to Access - You have the right to request copies of your personal data from Prato. We may charge you a small fee for this service.
- Right to Rectification - You have the right to request that Prato correct any information you believe is inaccurate. You also have the right to request Prato complete information you believe is incomplete.
- Right to Erasure - You have the right to request that Prato erase your personal data, under certain conditions.
- Right to Restrict Processing - You have the right to request that Prato restrict the processing of your personal data, under certain conditions.
- Right to Object to Processing - You have the right to object to Prato’s processing of your personal data, under certain conditions.
- Right to Data Portability - You have the right to request that Prato transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- Right to Withdraw Consent - You also have the right to withdraw your consent at any time where Prato relied on your consent to process your personal data.
If you wish to exercise one of the above-mentioned rights, please contact us via the methods set forth below in the section entitled “ How to Contact Us.” We will have one month to respond to you. Please note that we may ask you to verify your identity before responding to such requests.
You have the right to file a complaint regarding your personally identifiable information with a data protection authority, if you believe that the use or handling of your personally identifiable information does not comply with legal requirements. We would, however, appreciate the opportunity to address your concerns before you approach a data protection authority, and would welcome you directing an inquiry first to us by contacting us through the below email address.
We may limit the availability of our Sites to any person or geographic area at any time. If you access our Sites from outside the United States, you do so at your own risk.
IF YOU ARE A USER ACCESSING OUR SITES FROM ANY OTHER COUNTRY WITH LAWS OR REGULATIONS GOVERNING PERSONAL DATA COLLECTION, USE AND DISCLOSURE THAT DIFFER FROM THE LAWS OF THE UNITED STATES, PLEASE BE ADVISED THAT THROUGH YOUR CONTINUED USE OF OUR SITES, YOU ARE TRANSMITTING YOUR PERSONAL DATA TO THE UNITED STATES AND YOU CONSENT TO THAT TRANSMISSION. ADDITIONALLY, YOU UNDERSTAND THAT YOUR PERSONALLY IDENTIFIABLE INFORMATION MAY BE TRANSMITTED TO AND PROCESSED IN COUNTRIES (INCLUDING THE UNITED STATES) WHERE LAWS REGARDING PROCESSING PERSONALLY IDENTIFIABLE INFORMATION MAY BE LESS STRINGENT THAN IN YOUR COUNTRY.
SMS/MMS MOBILE MESSAGING MARKETING PROGRAM
If you choose, you can provide your mobile phone number to receive text message alerts from us to receive product and/or event information, tips or promotions (the “SMS Program”). You agree that by providing your mobile phone number you expressly consent to receive automated marketing text messages from us to the mobile phone number provided. We will only use information you provide through the SMS Program to transmit your mobile messages and respond to you, if necessary. This includes, but is not limited to, sharing information with platform providers, phone companies, and other vendors and service providers who assist us in the delivery of mobile messages. Text messages are distributed via third party mobile network providers and, therefore, we cannot control certain factors relating to message delivery. Depending on the recipient’s mobile carrier, it may not be possible to transmit the text message to the recipient successfully; nor is content available on all carriers. We do not claim or guarantee availability or performance of the SMS Program’s services, including liability for transmission delays or message failures. WE DO NOT SELL, RENT, LOAN, TRADE, LEASE, OR OTHERWISE TRANSFER FOR PROFIT ANY PHONE NUMBERS OR CUSTOMER INFORMATION COLLECTED THROUGH THE SMS PROGRAM TO ANY THIRD PARTY. Nonetheless, we reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect our rights or property. When you complete forms online or otherwise provide us information in connection with the SMS Program, you agree to provide accurate, complete, and true information. You agree not to use a false or misleading name or a name that you are not authorized to use. If, in our sole discretion, we believe that any such information is untrue, inaccurate, or incomplete, or you have opted into the SMS Program for an ulterior purpose, we may refuse you access to the SMS Program and pursue any appropriate legal remedies.
You can opt out from further text marketing communications by texting STOP to the SMS number used by Prato, or its third party service provider, to contact you.
In the event that we determine that a data security incident rising to the level of a breach has occurred, we will notify you as set forth in relevant laws.
CONSUMERS WITH DISABILITIES
HOW TO CONTACT US
Attn: Website Administrator