Last Updated: 9/19/22
This Policy does not apply to information that we collect offline unless this Policy is specifically referenced. This Policy also does not apply to information that you provide to or that is collected by any third party, even if you access such third parties through the Services.
- Collecting Personal Information: Definition, Methods, Categories; Purposes; Third-Party Collections
- Personal Information: When you access our Services, we collect the information that you provide to us, along with certain information about your device and interaction with the Services. In this Policy, we refer to any information that relates to an identified or identifiable living individual as “personal information.” See below for more information about our means of collecting personal information, the categories of personal information we collect, the purposes of our collections, and to whom we may disclose this information and why. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. This Policy does not restrict or limit our use of non-personally identifying aggregate data.
- Information you provide to us: Personal information that you provide to us is collected directly from you for the business purposes of providing the Services. You may provide us with your personal information when you apply for our products or Services, create an account, subscribe to our Services or publications, give us feedback, or contact us, complete forms, correspond with us, or pay for Services. If you elect to provide us with your personal information, you consent to its transfer and storage on our servers.
Categories of personal information we may collect directly from you include:
Examples of personal information we collect indirectly related to your device include the version of the web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Services.
- Unique Identifiers: When you use or access the Services, we may access, collect, monitor, store on your device, and/or remotely store one or more “Unique Identifiers,” such as a universally unique identifier (UUID). A Unique Identifier may remain on your device persistently, to help you log in faster and enhance your navigation through the Services. Some features of the Services may not function properly if the use or availability of Unique Identifiers is impaired or disabled.
- Tracking and Mobile Data: In order to perform our Services, when you use certain features of the Services, we may receive, collect, store, and process different types of information about your location, including not only general information (e.g., your IP address and zip code), but also more specific location-related information (e.g., precise geolocation).
- Analytics: We use services like Google Analytics to help us understand how our Services are used. You can read more about how Google uses your personal information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- Third-Party Collection: Certain third parties may use automatic information collection technologies, including cross-site tracking technologies, to collect personal information about you or your device. These third parties may include but are not limited to, your internet service provider, your web browser, your mobile service provider, your mobile device manufacturer, online advertisers, and data analytics companies. We do not control these third parties or how they collect, use, or disclose your personal information. As stated above, this Policy is not applicable to the third-party collection, use, or disclosure of your personal information. If you have any questions about the privacy practices of any third party, you should contact the responsible third party directly.
- Implications of refusal to provide personal information: Where we need to collect personal information by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products or the Services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
- Sharing Personal Information: Categories, Purposes
- Employees and staff: We share personal information with our employees, staff, and other agents who are required to protect and secure the information.
- Subsidiaries, Affiliates, and Business Partners
- Service Providers and Contractors: We may share your personal information with service providers and contractors to help us provide our Services and fulfill obligations to you. These service providers and contractors may include database and cloud service providers, billing systems, customer management services, payment processors, shipping companies, installation and cybersecurity services, professional services such as legal and accounting, and advertising and marketing.
We may disclose the personal information you share with us to our vendors, contractors, or service providers for legitimate business purposes such as processing your payments, conducting a background check, or shipping your products to you. We may disclose the personal information we collect indirectly from you to our vendors, contractors, or service providers for legitimate business purposes such as for search engine optimization, processing of our Services, and performance and analytics of our Services.
- Asset Transfer: We may share your personal information with a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets being transferred. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Policy.
- Legal Requests: We may share your personal information when required to do so by law enforcement, court order, or other legal process such as a subpoena. We generally do not disclose personal information unless we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. We may share your personal information when we believe it is necessary to comply with applicable laws, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the services or using our name, or to protect the safety of any person. This may include sharing personal information with other companies, lawyers, agents, or government agencies. Nothing in this Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
- Sharing with Consent: We may share your personal information at your direction or any time we have your consent to do so, including implicit and tacit consent. This includes sharing your personal information as we have disclosed in this Policy.
- Depersonalized Information: We may share your personal information after it is aggregated or otherwise depersonalized such that it is no longer considered personal information.
- Use of Personal Information: Purposes for Which We Will Use your Personal Information
- Use of personal information: We will use your personal information consistent with applicable laws. Most commonly, we use your personal information in the following circumstances:
- To contact you to offer our products and services after you register on our site.
- To provide you with the requested products and Services.
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we maintain legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
- Lawful Bases: We process personal information according to the applicable legal basis, where applicable or required by law. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Generally, we do not rely on consent as a legal basis for processing your personal information, but we may do so with certain data uses when appropriate. Please contact us if you need details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.
- Your Choices and Rights: Sharing Choices, U.S. Law, European Economic Area, International Transfers
- Your Choices: We respect your privacy and seek to provide you with options to manage the personal information collected about you while you are using our Services. We abide by the privacy laws applicable to you based upon your jurisdiction.
- Emails and Newsletters: You may opt out of receiving marketing messages from us and any of our affiliates by unsubscribing through the unsubscribe or opt-out link in an email or by emailing us at email@example.com. We will try to comply with your request(s) as soon as reasonably practical. Please note that even if you opt out of receiving marketing-related emails from us, we will still send you important account, purchase confirmation, and administrative messages.
- Managing Cookies: You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact the functionality of the Services and your experience accessing our Services. Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information, please see allaboutcookies.org.
- Do Not Track: Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
- Notice to California Residents: Each capitalized term used, but not defined, in this section shall have the meaning given to such term in the California Consumer Privacy Act of 2018 (“CCPA”). Personal information as defined in the CCPA shall be included in personal information as used in this Policy. If you are a resident of California, and if CCPA applies to the processing of your information, where applicable, you may have the right to access the personal information we hold about you, to ask that your personal information be corrected, updated, ported, or erased, and to opt-out of the sale of your personal information. If you would like to exercise these rights, please contact us through the means indicated at the end of this Policy. If you would like to designate an authorized agent to submit these requests on your behalf, please contact us through the means indicated at the end of this Policy.
Please note the CCPA contains certain exceptions to applicability with respect to employees, job applicants, and business contacts. Therefore, these rights may not apply to data processed for the purposes of job applications, employment, or business association. Additional upcoming changes in the law may further change the applicability of California laws to you and the information we collect about you. Please contact us with any questions about your data.
- Right of Access to Specific Information: You may have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm a valid verifiable Consumer request, we will disclose:
- The categories of personal information we collected about you;
- The categories of sources for the personal information we collected about you;
- Our business or commercial purpose for collecting, sharing, or selling that personal information;
- The categories of third parties with whom we share that personal information;
- The specific pieces of personal information we collected about you (also called a data portability request) and provide a copy to you in an electronic or paper format; and
- The categories of personal information, if any, we disclosed for a business purpose to a third party.
- Deletion Request Right: You may have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a valid verifiable Consumer request, we will delete (and direct our Contractors and Service Providers to delete) personal information from our (and their) records, unless an exception applies (as described below).
As permitted by CCPA we may delete personal information by (a) permanently and completely erasing the personal information on our existing systems with the exception of archived or backup systems; (b) de-identifying the personal information; or, (c) aggregating the personal information.
We may deny a deletion request if retaining the information is necessary for us or one of our Contractors or Service Providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal, regulatory or law enforcement obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Exercising Access, Data Portability, Correction, and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable Consumer request to us by calling using the contact information at the end of this Policy. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information. You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. To be verifiable, the Consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of that person and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable Consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon receiving data access, correction, data port, or deletion request from you, we will verify your identity based on the information we have on file for you. Upon verification of your identity, we will proceed to process your request (subject to the exceptions stated above).
We endeavor to confirm receipt of your request within ten (10) days of receiving it. We will respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.
We will deliver our written response via email to the email address associated with you or, if we are unable to determine your email address, via mail.
Any disclosures we provide will only cover the 12-month period preceding the verifiable Consumer request receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable Consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
- Non-Discrimination: We will not discriminate against you simply for exercising valid rights under the CCPA.
- Notice to Residents of Non-U.S. Countries: We are a U.S. headquartered company and store and process your information in the United States. The personal information we or our service providers and contractors collect may be stored and processed in servers within or outside of the United States and certain personal information may be accessible by persons or companies outside of the United States who provide services for us. As such, we and our service providers and contractors may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take reasonable steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.
If you are a resident of a country other than the United States, you acknowledge and consent to our collecting, transmitting, transferring, processing, storing, and otherwise using your personal information outside of the country in which you reside. Your acceptance of this Policy or use of our Services constitutes consent, either express, implied, or tacit, to collect, use, and share your personal information as indicated herein.
- Notice to Residents of the European Union and the United Kingdom: If you are a resident of the European Union or the United Kingdom (also referred to as a “Data Subject”), the General Data Protection Regulation (“GDPR”) may provide you with additional rights regarding our use of your personal information. This section is provided pursuant to the GDPR. Each capitalized term used, but not defined, in this section shall have the meaning given to such term in the GDPR. This section describes how we collect, share, disclose, and process the personal information of residents of the European Union and the United Kingdom. “personal information” means any information relating to an identified or identifiable natural person (referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes all “personal information” referred to in this Policy.
- Rights of European Union and United Kingdom Residents: If you are located in the European Union or the United Kingdom, you may have certain rights regarding the personal information that we maintain about you, which in certain circumstances you will be able to exercise. The rights are as follows:
- Access: You may request a copy of the personal information we maintain about you.
- Portability: If we maintain your personal information based on your consent or so that we can enter into or perform under a contract with you, you have the right to obtain your personal information from us that you consented to give us, that is necessary to enter into or perform the contract, or that is necessary to provide member benefits to you. We will give you your personal information in a structured, commonly used and machine-readable format.
- Correction: If you believe your personal information is incorrect, you may request that we correct, amend or delete your personal information that is inaccurate or incomplete.
- Deletion or Restriction of Processing: You may request that we erase or restrict the processing of your personal information.
- Object to Processing: You may object to the processing of your personal information in certain circumstances when we process your personal information for the purposes of our legitimate interests.
- Right to Complain: You have the right to file a complaint with a supervisory authority, in particular in the European member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal information infringes upon your rights.
- Withdraw Consent: If we are processing your personal information based on your consent to do so, you may withdraw that consent at any time.
These rights can be exercised by contacting us using the contact information at the end of this Policy.
- Collection of personal information: We collect personal information that is reasonably necessary for us to provide our Services. Subject to applicable exceptions, we will obtain your consent before collecting, using and disclosing your personal information for the specified purposes. In addition to circumstances in which you consent to the use of your personal information, the personal information we collect may be used or processed where we have a legitimate interest in or other legal basis for processing such data.
The categories of your personal information we collect and the purposes for which we collect such personal information are indicated above in the section entitled “Collecting personal information.” If we use personal information in ways other than described in this Policy, we will provide you with specific notice at the time of collection.
- Sharing personal information: The ways in which we share your personal information and the purposes for which we share it are indicated above in the section entitled “Sharing personal information.” If we use personal information in ways other than described in this Policy, we will provide you with specific notice at the time of collection.
- Processing personal information: We only process personal information when we have a legal basis to do so including:
- When you have consented to the processing of your personal information, including processing your personal information consistent with this Policy, including the advertising purposes disclosed in this Policy;
- When processing is necessary to perform our obligations to you or fulfill a request you have made to us;
- When processing is necessary to comply with a legal obligation that applies to us; or
- When processing is necessary for purposes that are in our legitimate interests and you have given any required explicit or implicit consent to such processing, including protecting the security of our Services, improving the functioning of our Services, or providing you with information about products in which you have expressed interest.
If we need to process your personal information to fulfill our obligations to you, failure to provide that personal information will mean that we cannot perform our obligations. If we collect your personal information for one purpose and need to process it for a second purpose, we will provide you with additional information regarding this secondary purpose to ensure fair and transparent processing before we engage in further processing. Collecting and processing your personal information to create both general and targeted advertising is a primary purpose for collecting your personal information.
- Security of Information
- We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
- We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Retention of Information
- We will only retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
- To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
- In some circumstances, you can ask us to delete your data, as described in this Policy.
- General Disclosures
- Protecting Children: Our Services are for adults and are not intended for children under the age of 18. We do not knowingly collect data relating to children.
- Cybersecurity: We use robust security measures to protect your information from unauthorized access, maintain data accuracy, and help ensure the appropriate use of information. To protect your personal information, we use physical safeguards including secured access to our facilities. We also limit access to your personal information to only those employees and service contractors that have a need to access it. Additionally, when the Services are accessed using the Internet, we use Transport Layer Security (TLS) technology to protect the information using both server authentication and data encryption. We also implement other advanced technology measures to prevent interference or access from outside intruders. We offer enhanced security features within the Services that permit users to configure security settings to the level they deem necessary, such as forced password changes and IP restrictions.
- The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password and/or username for access to certain parts of our Service, you are responsible for keeping such information confidential. We ask you not to share your password or username with anyone. We ask you to select unique and secure passwords when setting up profiles in our Service.
- Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your information, we cannot guarantee the security of your information transmitted to our Service. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service.
- Changes to this Policy: We may update this Policy from time to time. The current version of this Policy can be accessed here.
- Contact Information: If you have any questions about this Policy or our privacy practices, please contact our data privacy manager in the following ways:
Full name of legal entity: LP-USA LLC dba/ Light Progress USA
Email address: firstname.lastname@example.org
Postal address: 5004 Bee Creek Rd Ste 320, Spicewood, TX 78669
Toll-free phone number: (888) 580-8738