Effective Date: July 20, 2021
Notice Version: 1.0
Data Controller Contact Information
Good Start Packaging
10 Corporate Drive, Suite 201
Bedford, NH 03110
Our privacy notice governs the privacy practices of our website www.goodstartpackaging.com. Our privacy notice tells you what personal data and nonpersonal data we collect from you, how we collect them, how we protect them, how we share them, how you can access and change them, and how you can limit our sharing of them. Our privacy notice also explains certain legal rights that you have concerning your personal data. Any capitalized terms not defined herein will have the same meaning as where they are defined elsewhere on our website.
‘NONPERSONAL DATA’ (NPD) is information that is in no way personally identifiable.
‘PERSONAL DATA’ (PD) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. PD is in many ways the same as Personally Identifiable Information (PII). However, PD is broader in scope and covers more data. (GDPR) means General Data Protection Regulation. (CaCPA) means the California Consumer Privacy Act. (LGPD) the means Brazilian General Data Protection Law.
Topics Covered in Our Privacy Notice
INFORMATION WE COLLECT AND HOW WE COLLECT IT
HOW YOUR INFORMATION IS USED AND SHARED
RETAINING AND DESTROYING YOUR PD
UPDATING YOUR PD
PROTECTING THE PRIVACY RIGHTS OF THIRD PARTIES
DO NOT TRACK SETTINGS
LINKS TO OTHER WEBSITES
PROTECTING CHILDREN’S PRIVACY
OUR EMAIL POLICY
OUR SECURITY POLICY
USE OF YOUR CREDIT CARD
TRANSFERRING PD FROM OTHER COUNTRIES
CHANGES TO OUR PRIVACY NOTICE
Contact us using the information at the top of this privacy notice to exercise any of your legal rights contained within this privacy notice.
Our policy is that we do not sell our users and customers PD except in the sale or merger of our business. See the section about “Disclosures to Successors” in this privacy notice. The provision below is only here because it is required by law that we include it.
You have the right to request that we do not sell any of your personal information. Personal information for this section means but is not limited to a natural person’s first name or first initial and last name in combination with any one or more of the following data elements when they are not encrypted: driver’s license number, driver authorization card number, or identification card number. Account number, credit card, or debit card number, in combination with any required security code, access code, or password that would permit access to the person’s financial account. If you wish to make this request, you can email us at firstname.lastname@example.org telling us that you do not want to have any of your personal information sold. Include enough personal information so that we can reasonably verify your identity. We will respond to your request within 30 days after receiving it.
Your Privacy Rights Under the GDPR
When using our website and services, and submitting PD to us, you may have certain rights under the GDPR if you reside or are in any of the countries of the European Union. Depending on the legal basis for processing your PD you may have some or all of the following rights:
- The Right to Be Informed - You have the right to be informed about the PD that we collect from you and how we process them.
- The Right of Access - You have the right to get confirmation that your PD are being processed and you have the ability to access your PD.
- The Right to Rectification - You have the right to have your PD corrected if they are inaccurate or incomplete.
- The Right to Erasure (right to be forgotten) - You have the right to request the removal or deletion of your PD if there is no compelling reason for us to continue processing them.
- The Right to Restrict Processing - You have the right to ‘block’ or restrict the processing of your PD. When your PD are restricted, we are permitted to store your data, but not to process them further.
- The Right to Data Portability - You have the right to request your PD that you provided to us and use them for your own purposes. We will provide your data to you within 30 days of your request.
- The Right to Object - You have the right to object to us processing your PD for the following reasons: a.processing was based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); b.direct marketing (including profiling); c. processing for purposes of scientific/historical research and statistics;
- Automated Individual Decision-Making and Profiling - You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects regarding you or similarly significantly affects you.
- Filing a Complaint with Authorities - You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the General Data Protection Regulation. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.
Your Privacy Rights Under the (CaCPA)
Californian consumers have certain rights under the California Consumer Privacy Act (CaCPA). For us to comply with some of these rights, we must be able to reasonably verify a consumer’s identity. These rights include:
- The right of Californians to know what personal information is being collected about them.
- The right of Californians to know whether their personal information is sold or disclosed and to whom.
- The right of Californians to say no to the sale of their personal information.
- The right of Californians to access their personal information.
- The right to data portability. Californians have the right to request their personal information that they provided to us and use them for their own purposes. We will provide Californians their personal information within 30 days of their request.
- The right of Californians to the deletion of their personal information.
- The right of Californians to equal service, price, and not being discriminated against even if they exercise their privacy rights.
- One or more designated means for Californian consumers to submit requests under the CaCPA including (at minimum) a toll-free telephone number, and if the business maintains an Internet website, a website address.
- The right of Californians to designate an authorized agent to request on their behalf. When designating an authorized agent, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification.
Personal information includes: categories of personal information that a business collected about the consumer; categories of sources from which the personal information was collected; specific pieces of personal information that the business has collected about consumers; categories of third parties with whom the business shares personal information; the business or commercial purpose of collecting or selling personal information
Your Privacy Rights Under the Brazilian General Data Protection Law
Under the LGPD, any natural person (data subject) in Brazil has certain rights. The data subject has the right to obtain from the controller, in relation to his data processed by the controller, at any time and upon request, the following rights:
- confirmation of the existence of processing;
- access to the data;
- correction of incomplete, inaccurate, or outdated data;
- anonymization, blocking or deletion of unnecessary, excessive or processed data in violation of the provisions of this Law;
- portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, subject to commercial and industrial secrets;
- deletion of personal data processed with the consent of the data subject, except in the cases provided for in art. 16 of this Law;
- information on public and private entities with which the controller made shared use of data;
- information about the possibility of not giving consent and about the consequences of the refusal;
- revocation of consent, according to § 5 of art. 8 of this Law.
INFORMATION WE COLLECT AND HOW WE COLLECT IT
Generally, you control the amount and type of information that you provide to us when using our website.
Our Legal Basis for Collecting and Processing PD
Our legal basis for collecting and processing your PD when you buy our products or services is based on and the necessity for the performance of a contract or to take steps to enter into a contract.
We automatically receive information from your web browser or mobile device. This information may include the IP address of your computer/the proxy server you use to access the Internet, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use all this information to analyze trends among our users to help improve our website.
When Entering and Using Our Website
When you enter and use our website and agree to accept cookies, some of these cookies may contain your PD.
- Strictly Necessary Cookies - These cookies are necessary for the proper functioning of the website, such as displaying content, logging in, validating your session, responding to your request for services, and other functions.
- Performance Cookies - These cookies collect information about the use of the website, such as pages visited, traffic sources, users’ interests, content management, and other website measurements.
- Functional Cookies - These cookies enable the website to remember users’ choices, such as their language, usernames, and other choices while using the website. They can also be used to deliver services, such as letting a user create a blog post, listen to audios, or watch videos on the website.
- Media Cookies - These cookies can be used to improve a website’s performance and provide special features and content. They can be placed by us or third parties who provide services to us.
- Advertising or Targeting Cookies - These cookies are usually placed and used by advertising companies to develop a profile of your browsing interests and serve advertisements on other websites that are related to your interests. You will see less advertising if you disable these cookies.
- Session Cookies - These cookies allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes, such as remembering what a user has put in their shopping cart as they browse a website. Session cookies also permit users to be recognized as they navigate a website so that any item or page changes they make are remembered from page to page. Session cookies expire after a browser session; they are not stored long term.
- Persistent Cookies - These cookies are stored on a user’s device between browser sessions, which allows the user’s preferences or actions across a website or across different websites to be remembered. Persistent cookies may be used for several purposes, including remembering users’ choices and preferences when using a website or target advertising to them.
We may also use a technology called web beacons to collect general information about your use of our website and your use of special promotions or newsletters. The information we collect by web beacons allows us to statistically monitor the number of people who open our emails. Web beacons also help us to understand the behavior of our customers and users.When Buying Products or Services
If you buy products or services from us, we collect your email address, an account password, first name, last name, shipping address, billing address, phone number, credit card, or other payment information.Hotjar.com
Our website contains chat software or contact forms that enable visitors to communicate with us live online or offline by email. In some cases, visitors can communicate with us without buying our products and services. When you use our chat software or contact forms, we may collect some or all the following information: your email address, first name, last name, location, and any other information you willingly choose to give us. You should limit the information you give to us to one that is necessary to answer your questions.Google Ad and Content Network
Our website uses Google Analytics to collect information about the use of our website. Google Analytics collects information from users such as age, gender, interests, demographics, how often they visit our website, what pages they visit, and what other websites they have used before coming to our website. We use the information we get from Google Analytics to analyze traffic, improve our marketing, advertising, and website. We do not combine the information collected using Google Analytics with PD. You can prevent Google Analytics from using your information by opting out here.Google Remarketing
Third parties, including Facebook, may use first-party cookies, third-party cookies, web beacons, and other storage technologies to collect or receive information from our services and elsewhere on the Internet, and use that information to provide measurement services and target ads. With Facebook remarketing, you may see our ads on Facebook after you have used our services. For this to happen Facebook uses unique cookies that are activated and placed in a visitor’s browser when they land on a webpage. To opt-out of Facebook’s collection and use of information for ad targeting here.What Happens If You Don’t Give Us Your PD
If you do not provide us with enough PD, we may not be able to provide you with all our products and services. However, you can access and use some parts of our website without giving us your PD.
HOW YOUR INFORMATION IS USED AND SHARED
We use the information we receive from you to:
- provide our products and services you have requested or purchased from us;
- personalize and customize our content;
- make improvements to our website;
- contact you with updates to our website, products, and services;
- resolve problems and disputes;
- contact you with marketing and advertising that we believe may be of interest to you.
Communications and Emails
When we communicate with you about our website, we will use the email address you provided when you registered as a user or customer. We may also send you emails with promotional information about our website or offers from us or our affiliates unless you have opted out of receiving such information. You can change your contact preferences at any time through your account or by contacting us using the contact information at the top of this privacy notice.Sharing Information with Third Parties
We do not sell or rent your PD to third parties for marketing purposes. However, for data aggregation purposes we may use your NPD, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your PD. At times we give your PD to third-party service providers whom we hire to provide services to us. These third-party service providers may include but are not limited to payment processors, web analytics companies, advertising networks, call centers, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies.Sharing Your PD for Lookalike or Similar Audience Marketing
We may share your PD with third parties for similar audience marketing purposes. Similar audience marketing is also called lookalike audience marketing. The third parties we share your PD with for this type of marketing include Facebook and/or Google. Using your PD for similar audience marketing or lookalike audience marketing helps us find new audiences (users and customers) based on similar interests to yours. This helps us improve our marketing services. Your PD is only shared with Facebook and Google for this type of marketing. By using our website and agreeing to our privacy notice you are giving consent for your PD to be used for the marketing purposes described within this section.Text Messaging, SMS, Push Notifications, Telephone Calls, and Email
If you provide an email address, mobile telephone number, or landline telephone number to us, you are giving your express consent and authorize us or a third party to contact you by using any of these communication methods. You are not required to give us your consent to contact you through these communication methods. However, withholding your consent may interfere or prevent us from providing some or all of our services to you. You can stop receiving emails, text messages, push notifications, and telephone calls at any time by contacting us or using one of our opt-out methods.Legally Required Releases of Information
We may be legally required to disclose your PD if such disclosure is (a) required by subpoena, law, or other legal processes; (b) necessary to assist law enforcement officials or government enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our terms and conditions; (d) necessary to protect us from legal action or claims from third parties, including you and or other users; or (e) necessary to protect the legal rights, personal and or real property, or the personal safety of our company, users, employees, and affiliates.Disclosures to Successors
If our business is sold or merges in whole or in part with another business that would become responsible for providing the website to you, we retain the right to transfer your PD to the new business. The new business would retain the right to use your PD according to the terms of this privacy notice as well as to any changes to this privacy notice as instituted by the new business. We also retain the right to transfer your PD if our company files for bankruptcy and some or all of our assets are sold to another individual or business.RETAINING AND DESTROYING YOUR PD
We retain information that we collect from you (including your PD) only for as long as we need it for legal, business, or tax purposes. Your information may be retained in electronic, paper, or a combination of both forms. When your information is no longer needed, we will destroy, delete, or erase it.UPDATING YOUR PD
You can update your PD using services found on our website. If no such services exist, you can contact us using the contact information found at the top of this privacy notice and we will help you. However, we may keep your PD as needed to enforce our agreements and to comply with any legal obligations.PROTECTING THE PRIVACY RIGHTS OF THIRD PARTIES
If any postings you make on our website contain information about third parties, you agree to make sure that you have permission to include that information. While we are not legally liable for the actions of our users, we will remove any postings about which we are notified if such postings violate the privacy rights of others.DO NOT TRACK SETTINGS
Some web browsers have settings that enable you to request that our website not track your movement within our website. Our website does not obey such settings when transmitted to and detected by our website. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.LINKS TO OTHER WEBSITES
Our website may contain links to other websites. These websites are not under our control and are not subject to our privacy notice. These websites will likely have their own privacy notices. We have no responsibility for these websites, and we provide links to these websites solely for your convenience. You acknowledge that your use of and access to these websites are solely at your risk. It is your responsibility to check the privacy notices of these websites to see how they treat your PD.
PROTECTING CHILDREN’S PRIVACY
Even though our website is not designed for use by anyone under the age of 18, we realize that a child under the age of 16 may attempt to access our website. We do not knowingly collect PD from children under the age of 16. If you are a parent or guardian and believe that your child is using our website, please contact us. Before we remove any information we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child is accessing our website, we will delete his/her information within a reasonable period of time. You acknowledge that we do not verify the age of our users nor have any liability to do so.
OUR EMAIL POLICY
You can always opt-out of receiving email correspondence from us or our affiliates. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission except in the sale or transfer of our company, or if our company files for bankruptcy.
OUR SECURITY POLICY
We have built our website using industry-standard security measures and authentication tools to protect the security of your PD. We and the third parties who provide services to us also maintain technical and physical safeguards to protect your PD. Unfortunately, we cannot guarantee the prevention of loss or misuse of your PD or secure data transmission over the Internet because of its nature. We strongly urge you to protect any password you may have for our website and not share it with anyone.
USE OF YOUR CREDIT CARD
You may have to provide a credit card to buy products and services from our website. We use third-party billing services and have no control over them. We use commercially reasonable efforts to ensure that your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorized use. However, you understand and agree that we are in no way responsible for any misuse of your credit card number.
TRANSFERRING PD FROM OTHER COUNTRIES
PD that we collect from you may be stored, processed, and transferred among any countries in which we operate. The European Union has not found the United States and some other countries to have an acceptable level of protection of PD under Article 45 of the GDPR. Our company relies on derogations for specific situations as defined in Article 49 of the GDPR. If you are a European Union user, or a user from another country, with your consent your PD may be transferred to the United States or other countries when you request information from us. When you buy goods or services, we will use your PD for the performance of a contract with you; or to fulfill a compelling legitimate interest for us in a manner that does not outweigh your rights and freedoms. Wherever we transfer, process, or store your PD, we will attempt to apply reasonable safeguards to protect it. We will use the information we collect from you by following the practices described in our privacy notice. Also, we enter into data processing agreements and standard contractual clauses when appropriate. By using our website, services, or products, you agree to the transfers of your PD described within this section.
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to change this privacy notice at any time. If our company decides to change this privacy notice, we will post those changes on our website so that our users and customers are always aware of what information we collect, use, and disclose. If at any time we decide to disclose or use your PD in a method different from that specified at the time it was collected, we will provide advance notice by email sent to the email address on file in your account. Otherwise, we will use and disclose our users’ and customers’ PD in agreement with the privacy notice in effect when the information was collected. In all cases, your continued use of our website, services, and products after any change to this privacy notice will constitute your acceptance of such change. If you have questions about our privacy notice, please contact us through the information at the top of this privacy notice.