Effective Date: January 1, 2020
This Privacy Notice applies to all ddc Group, Inc. controlled subsidiaries and affiliates in the U.S., including ddc Group, Inc., Minotti New York, Minotti Miami jointly referred to as “the ddc Group Group Companies,” “ddc Group” or “ddc.”
By using the Site, or sharing your information with us, you accept the privacy practices described in this Privacy Notice.
Unless otherwise indicated herein, our USA websites are governed and operated in accordance with the laws of the United States and are intended for the use of residents of the United States.
If you have any questions about this Privacy Notice, please contact us at:
ddc Group, Inc.
Attn: Legal Department Privacy Inquiry
134 Madison Avenue
New York, NY 10016
Changes to Our Privacy Notice
We may make changes to this Notice from time to time, in our sole discretion. When we do, we will update this page and display the date of last update at the top of the page. We encourage you to periodically check this Site to learn about the information we collect, use and share. Your continued use of any of the Site after the changes have been made will constitute your acceptance of the changes. If you do not wish to continue using the Site under the new version of the Notice, please uninstall any mobile application and cease using the Site.
Sources of Personal Information
As you interact with ddc Group, we may collect information from or about you from the following sources:
Directly from you
From technology when you visit our Site
From parents, subsidiaries and affiliates within the ddc Group Group Companies
From third parties, such as:
Dealers and Resellers
Data brokers/resellers of data
Social media platforms and networks
What Information Do We Collect and/or Receive from You?
The information we collect from you varies, depending on the way you use our Site or interact with us. The information may include:
Identifiers, such as name, shipping/billing address, telephone number, email address, IP address; browser type and language; operating system; domain server; type of computer or device; and other information about the device you use to access our Site
Commercial information, including records of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
Internet or other electronic network activity information, including, but not limited to browsing history, search history, and information regarding your interaction with our Site or advertisements.
Audio or electronic information, such as recording calls made to our customer service centers
Professional or employment-related information, and other demographic information
Inferences drawn from any of the information above used to create a profile about our customers
How Do We Use Your Information?
We use your information identified above for the following business purposes:
For our own internal business purposes, such as maintaining or servicing accounts, providing customer service, processing or fulfilling order and transactions, verifying customer information, processing payments, providing financing, and performing analytics
Internal research for research, development and product improvement
Verifying or maintaining the quality or safety of a service or product and to improve, upgrade or enhance the service or product
Short-term transient use, such as customization of ads shown as part of the same interaction
Auditing related to a current interaction with the consumer and concurrent transactions
For legal, safety and security reasons
For marketing or advertising
In a de-identified or aggregated format
For services of third parties that you authorize
With Whom Do We Share Your Information?
We may share information collected about you with the following entities or in the following situations:
Affiliated Companies. We may share some or all of your information to our parent companies, subsidiaries, and affiliates within the ddc Group Companies.
Service Providers. We may share your information with service providers to perform functions and services on our behalf, to deliver our products or services and/or to conduct our business, such as product delivery services, payment processors, data hosting and storage providers, customer service, marketing, and data analytics service providers.
Corporate Changes. We might buy or sell businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the information we collect may be part of the transferred assets.
For Legal, Safety and Security Reasons. We may disclose information to others if we are required to do so by law, or whenever we believe that disclosing such information is necessary or advisable to protect and defend our rights, property or the safety of us or others. Note that we may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. We may also disclose your information to detect and/or resolve any fraud or security concerns.
For Targeted Marketing. We may share personal information that we hold about you with non-affiliated third parties for marketing of similar products or services.
Consent. We may share personal information that we hold about you with your consent or at your direction with non-affiliated third parties.
Cookies and Other Tracking Technologies
Our Site does not currently support Do Not Track. Our Site does not respond if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads.
We use or may use third-party analytics services, such as Google Analytics or Facebook Pixels, to evaluate your use of the Site, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information related to the Site. Google Analytics is a web analytics service provided by Google, Inc., (“Google”). Google Analytics places cookies on your computer, to help the website analyze how users use the Site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information regarding Google Analytics please visit Google’s website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html
Facebook Conversion Tracking/Custom Audience
The Site also uses Facebook’s Conversion Tracking or Custom Audience Pixel service. The service allows us to follow the actions of users after they are redirected by clicking on a Facebook advertisement. We are thus able to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data is saved and processed by Facebook. If you previously accepted cookies in our banner and directed us to share your information, you may change your preference by contacting us at firstname.lastname@example.org.
Interest Based Advertising
We belong to ad networks that may use your browsing history across participating websites to show you interest-based advertisements on those websites. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance www.aboutads.info and the Network Advertising Initiative www.networkadvertising.org. Please note that if you choose to opt out, you will continue to see ads on our Site, but they will not be based on how you browse and shop.
Standard Open Authorization and Similar Technology (“OAuth”)
With your permission, in addition to the uses of or access to your Personal Information discussed above, third-party applications and services may access your personal information using OAuth if you choose to log into our Site using your log-in information from those third-party applications. We may also use OAuth to allow us to share information about you that is stored by us without sharing your security credentials.
Your Access and Choices About Your Information
You can access and update most of your account information on our Site by logging into your account.
You may opt-out of receiving certain future email communications from us, by clicking on the unsubscribe link at the bottom of emails you receive from us. We will use commercially reasonable efforts to process such requests in a timely manner. You cannot opt out of receiving transactional emails or communications related to your account with us.
You may also contact us at the email provided in this Privacy Notice.
We are not responsible for the practices employed by third-party websites or services linked to or from our Site, including the information or content contained in such websites or services, and this Privacy Notice does not apply to them. Privacy policies on such linked websites may be different from our Privacy Notice. Your browsing and interaction with any third-party website or service, including those that have a link on our Site, are subject to that third party’s own rules and privacy policies. You access such linked websites at your own risk. You should always read the privacy Notice of a linked website before disclosing any of your information on such website.
ddc Group may have mobile applications that you can download to your mobile device (“ddc Applications”). When you download a ddc Application, there may be an opportunity for you to provide us with or for us to obtain information about you. Each ddc Application will display a Privacy Notice that will inform you about how any new or different information shared via the application will be handled. Otherwise, information collected via ddc Applications will be the information identified above and will be used and shared as stated in this Privacy Notice.
Certain features and functionality of the ddc Applications are based on your location. To provide these features and functionalities, if you consent, we may collect geolocational information from your mobile device, wireless carrier, and/or certain third-party service providers. Collection of such information occurs only when you are using your mobile device. You may decline to allow us to collect such information or disable location services on your mobile device but doing so will restrict certain features and functionalities to you.
How We Protect Your Information
We use reasonable physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment and no security system or measures are impenetrable, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that e-mails and other communications you send to us through our Site are not encrypted, and we strongly advise you not to communicate any confidential information through these means. You should secure your password and not share it with any other individual. Be careful when using your login information on or making purchases from public computers. Always log off when finished.
The Site is not directed or targeted towards, nor intended for use by, persons under the age of 16. If you are not at least 16 years of age, do not access, use, or register on the Site. We do not knowingly collect, use, share or sell Personal Information from persons under age 16. If you believe we have done so in error, please notify us and we will terminate and delete your account and all information contained therein.
YOUR CALIFORNIA PRIVACY RIGHTS
As a California resident, you have certain rights, subject to legal limitations, regarding the collection, use and sharing of your personal information described below.
Right to Opt-Out/Do Not Sell
We do not monetize your information. We may disclose the information identified above to third parties for their targeted marketing purposes and to enhance your experience on our Site. California Consumers have the right to request that we not disclose your personal information to third parties.
You can exercise your Request to Opt Out by emailing email@example.com with Data Subject Right to Opt Out in the subject line or you can call 212.685.0800. We will ask you for your personal information or information about you in order to match you with the data we have collected before executing the request.
To opt-out of online activity tracking and data sharing (through cookies and other tracking technologies), our web properties will offer you an option to set preferences for online data sharing, or you can contact us at firstname.lastname@example.org.
Right to Delete
California Consumers have the right to request that we delete personal information about you that we have collected from you. This right is subject to exceptions that allow us to retain data; for example, to service a contract or for our internal business purposes. We will not delete data subject to an exception. If you make a Request to Delete non-excepted data, we will not delete personal information on archived or backup systems until the archived or backup system is next accessed or used by restoring such data to live systems. We will also maintain a record of the Request to Delete as permitted by law.
You can exercise your Request to Delete by emailing email@example.com with Data Subject Right to Delete Request in the subject line or you can call 212.685.0800. We will seek confirmation of your request.
For a Request to Delete, we will seek certain pieces of information to verify your identity that may include email address and government issued identification. We may use third party verification companies to help us verify your identity. If we are unable to find you in our records, or match the data you provide on this website with what we have in our records, we will notify you.
Right to Know
California Consumers have the right to request that we disclose personal information that we have about you. You can request that we provide you with the categories of personal information we have collected in the 12 months preceding your request, at a minimum, and for each category: the categories of sources from which the personal information was collected; the business or commercial purpose for which we collected the personal information; the categories of third parties to whom we sold or disclosed the category of personal information for a business purpose; and the business or commercial purpose for which we sold or disclosed the category of personal information. You can also request that we provide the specific pieces of personal information that we have about you.
For a Request to Know the specific pieces of information that we have about you, we will seek certain pieces of information to verify your identity that may include email address and government issued identification. We may also ask you to provide a signed declaration, under penalty of perjury, that you are the person whose personal information is the subject of the request. We may use third party verification companies to help us verify your identity. If we are unable to verify your request for specific pieces of information, we will treat it as a request for categories of personal information we have collected from you.
For a Request to Know seeking the categories of information we have collected, we may seek certain pieces of information to verify your identity that may include email address and government issued identification. We may use third party verification companies to help us verify your identity. If we are unable to verify your request for categories of information we have collected, we will direct you to the data handling practices in in our online privacy statements.
You can exercise your Request to Know by emailing firstname.lastname@example.org with Data Subject Right to Know Request in the subject line or you can call 212.685.0800. California Consumers can submit a Request to Know twice in a 12 months period and the report will be provided free of charge.
If you are submitting a request on behalf of a household, we will need to verify each member of the household in the manner set forth above.
Use of Authorized Agent
If you are making any of the requests above through an authorized agent, we will request written authorization from you and will seek to verify your identity in the manners stated above (depending on the request type) or we will accept a legal Power of Attorney under the California Probate Code to the authorized agent. To make a request using an authorized agent call 212.685.0800.
Timing of Response
For a Request to OptOut, we will strive to fulfill your request within 15 days from the date we receive your request. For a Request to Delete or Request to Know, we will strive to fulfill these requests within 45 days from the date we receive your request. If additional time is needed to complete a request, we will notify you that additional time is needed, tell you the reason that we need additional time, and tell you when you can expect your request to be completed.
We will maintain records of requests that are made that include the date of request, nature of request, manner in which the request was made, the date of our response, the nature of our response, and the basis for any denial of the request if it is denied in whole or part.
Contact for More Information
If you have questions about your California Privacy Rights or concerns about our privacy statement and practices, please contact us at email@example.com.
In accordance with applicable law, we will not discriminate against you for exercising your rights.
Under California’s “Shine the Light” law, Civil Code Section 1798.83, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain once a calendar year information about the customer information shared, if any, with other businesses for their own direct marketing uses. As set forth in this Privacy Notice, we do not share customer information with third parties for their own direct marketing uses.
FOR USERS IN THE EUROPEAN ECONOMIC AREA AND SWITZERLAND
General Data Protection Regulations (GDPR) Information
ddc Group as Controller
ddc Group obtains and processes personal information in different capacities. When you provide us with your information through our Site or to use our Services, we serve as a data controller. When we act as a data controller, we determine how personal information will be utilized, in accordance with this Privacy Notice.
Our Legal Basis for Processing Your Personal Data
We process the personal information you provide relating to the services and Site to perform our contractual obligations to provide you products and services. We also process your personal information based on our legitimate interests to provide our products and services and Site to you, to develop and improve our products and services and Site that we provide to you, to prevent fraud, and/or comply with law enforcement requests. Where we ask for consent, we process certain personal information based on your consent.
Data Subject Rights Access and Control of Your Information
We enable you to have control over the accuracy of your personal information. You can access and review your personal information by logging into the Site and visiting your account profile page. You can also exercise your data rights by emailing firstname.lastname@example.org with Data Subject Access Request in the subject line. To protect your privacy, before we give you access to or let you update your information, we may ask you to verify your identity or provide additional information. We will try to update and allow you to access your information for free, but if it would require a disproportionate effort on our part, we may charge a fee. We will disclose the fee before we comply with your request. We may reject a request for any of a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful.
Right to Rectification
You have the right to correct your personal data if incorrect, which also includes the right to have incomplete personal data completed. You can do so by logging into your account and deactivating any incorrect or incomplete information and adding the corrected and/or completed information.
You can also exercise your data rights by emailing email@example.com with Data Subject Access Request in the subject line.
When we process your personal data by automated means that you have provided to us based on consent or through a contract, you have the right to get a copy of that data in a structured, commonly used and machine-readable format and have that transferred to you or to third party.
Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal information:
During the pending period of time where we verify the accuracy of any personal data that you claim is inaccurate
Where the processing of your personal data is unlawful but you oppose erasure and instead request that we restrict the use of your personal data
If we no longer need your personal data but it is required for you to make or defend legal claims
During the pending period of time where we verify our legitimate interest to process your data when you object to such processing
Erasure of Personal Data
You have the right to delete the data collected through our Site and can do so by logging into your account and either deleting your account or deleting the specific personal data. There may be instances where we may not be able to delete your data or where we retain a copy of your data, for example, where we may need it to comply with a legal obligation or to protect the rights of others.
How Long We Keep Your Personal Data
We retain your personal data for as long as necessary to provide the products, services and Site to you. We will retain and use this information as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, and then we will delete it.
How to Exercise Your Rights
In order to exercise the rights stated above, please email firstname.lastname@example.org with Data Subject Access Request in the subject line.
You can also exercise many of your data rights through your account.
Right to Complain to Supervisory Authority
If you believe that ddc Group is processing your personal data in an incorrect or unlawful manner, please exercise your data rights by emailing email@example.com with Data Subject Access Request in the subject line.
For those located in the European Union, you also have a right to file a complaint with a Supervisory Authority in the EU.
INTERNATIONAL TRANSFER OF INFORMATION COLLECTED
Information ddc Group collects from you will be stored and processed in the United States. If you provide us information, it will be transferred to, processed, and accessed in the United States.
EU-US Privacy Shield
We comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce (the “privacy Shield”) regarding the collection, use, and retention of personal information from European Union member countries. ddc Group has certified that it adheres to the Privacy Shield principles of: notice; choice; accountability for onward transfer; security; data, integrity and purpose limitation; access; and recourse, enforcement and liability. If there is any conflict between the policies in this Privacy Notice and Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield, and to view our certification page when available, please visit: https://www.privacyshield.gov. ddc Group is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).
Resolution of Complaints
In compliance with the Privacy Shield Principles, ddc Group commits to resolve complaints about your privacy and our collection or use of your personal information. European Union citizens with inquiries or complaints regarding this privacy Notice should first contact ddc Group at firstname.lastname@example.org. ddc Group has further committed to:
For Non-Human Resources Data, refer unresolved complaints to the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
For Human Resources Data, we have committed to participate in the dispute resolution procedures of the EU Data Protection Authorities (DPA’s). For information on how to contact your jurisdiction’s DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. ddc Group will cooperate with the appropriate EU DPAs during investigation and resolution of complaints concerning human recourses data.
Please also note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Under the Privacy Shield frameworks, ddc Group is responsible for the processing of personal data it receives as well as any such data that it provides to its third-party service providers and/or agents. Any personal information received under the Privacy Shield that we transfer to a third party must also comply with our Privacy Shield obligations, and we will be liable under the Privacy Shield for any failure to do so by the third party unless we prove that we are not responsible for the event giving rise to the damage.