Privacy Policy
Last updated July 26th, 2024
This “Privacy Policy” outlines how your personally identifiable information (your “Visitor Information”) may be collected, used, and shared in connection with your access to and/or visitation or use of our website: https://store.fandango.com. This Privacy Policy also describes your choices and rights regarding the use, access, and correction or deletion of your Visitor Information. This website, including the mobile version and any successor site(s) regardless of how accessed (collectively, the "Website"), is owned and operated solely by Snow Commerce, Inc., its subsidiaries, and affiliates, including but not limited to Printful Inc., (herein collectively referred to as “Snow”, "we," "us" or "our"), an Ohio Corporation with place of business at 1340 Clay Street, Cincinnati, OH 45202. Snow has a limited license to use certain copyrighted material owned or provided through Fandango FanStore (together with its affiliated entities, “Partner Entities”) in connection with the Website and the products sold herein. Snow may share personal data that we collect from you–or you provide to us–in connection with your use of the Website with Partner Entities. Partner Entities are independent data controllers under applicable data privacy laws. For more information regarding the privacy practices of Partner Entities, and to raise any privacy inquiries or to exercise your privacy rights with respect to Partner Entities’ use or access to your personal data, please visit: https://www.fandango.com/policies/terms-and-policies. Snow is the controller of the Website, the supplier of the products, and is solely responsible for all transactions on the Website. By visiting our Website, you consent to the use of your Visitor Information in accordance with this Privacy Policy.
This Privacy Policy applies to Visitor Information obtained by Snow in connection with or related to your use of the Website. Snow respects the privacy of its users and is fully committed to protect their personal data and use it in accordance with data privacy laws. This Privacy Policy describes how we collect, use, and process any personal data that we collect from you—or you provide to us—in connection with your use of our Website (https://store.fandango.com) and the services offered on the website (collectively, “Services”). By accessing or using our Services, you signify your understanding of the terms set out in this Privacy Policy. This Privacy Policy does not apply to information collected by us offline or through other means, including on any other website operated by us or any third party (including our affiliates and subsidiaries), including through any Application or content (including advertising) that may link to or be accessible from, or on, our Website. Please read this Privacy Policy carefully to understand our policies and practices regarding your personal information and how we may treat it. By accessing or using this Website you agree to this Privacy Policy. This Privacy Policy may change from time to time and your continued use of this Website means that you are consenting to be bound by the most recently updated version of this Privacy Policy.
If you are a resident of the United Kingdom or the European Economic Area, please see ‘Additional Disclosure for European Residents’ below.
If you are a Canadian resident, please see ‘Additional Disclosures for Canadian Residents’ below.
If you are a California resident, please see ‘Additional Disclosures for California Residents’ below.
If you are a resident of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nevada, New Jersey, Ohio, Oregon, Tennessee, Texas, Utah, Virginia, or any other state that enacts a materially similar privacy law to the states referenced, please see ‘Additional Disclosures for Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nevada, New Jersey, Ohio, Oregon, Tennessee, Texas, Utah, and Virginia Residents’ below.
We do not knowingly collect, maintain, disclose, or sell personal information about users under the age of eighteen (18). If you are under the age of 18, please do not use our Services, or provide any information on our Website or through any of their features, use any of the interactive features of our Website, or provide any information about yourself to us, including your name, address, telephone number or email address. If you are under the age of 18 and have used our Services, please contact us at the email address below so that we may delete your personal information.
1. Background
Snow provides Services directly to the end users.
For the purposes of Data Protection Laws, if you use our Services, and/or access, visit or use our Website, you are considered a “User”, and, depending on the circumstances, we are either the data “Controller”, “Processor”, or “Covered Business”, as such terms are defined in applicable Data Protection Laws.
The term “Data Protection Law(s)” shall include any applicable international, federal, state or local data privacy or security laws, including but not limited to the General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (as defined by the UK Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the California Consumer Protection Act, the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, the Florida Digital Bill of Rights (FDBR), Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, the Nevada Revised Statutes Chapter 603A, New Jersey’s Senate Bill 332, Ohio Data Protection Act (ODPA), Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, and all applicable amendments and regulations related to the foregoing.
2. Information Collected About Users How We Use It
Your Visitor Information may be collected, used, and shared. As detailed below, the type of Visitor Information collected may vary based on how it was gathered, but may include, among other things, information that you voluntarily submit (e.g., when you submit information via our ‘Contact Us’ plug-in or when you subscribe to our newsletter), information automatically collected about your usage of our Website that does not include personally identifiable information (e.g., the content that you choose to view and how you interact), and information about you that third parties may share with us if such third parties have previously received your consent to do so. In general, your Visitor Information means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. It does not include (i) publicly available information from government records; (ii) de-identified or aggregate information; or (iii) certain other personal data protected by other sector-specific state or federal laws. The following section provides the categories of information we may collect about you, and such categories are used in accordance with the disclosures in ‘How We Use Your Data’ below.
- Identifiers. Such information includes your name, postal address, shipping address, email address, and telephone number.
- Payment Information. Such information includes information relating to billing and payment details (including the first and last digits of your payment card).
- Commercial Information. Such information includes information about Services you have purchased or considered, and your preferences.
- Device and Unique Identifiers. Such information includes internet or other electronic network activity information, such as IP addresses, the device and browser you use, referring pages, time stamps, and cookies. This information is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes.
- Geolocation Data. Such information includes non-precise location information that permits us to determine your location based on information provided in your IP address.
- Audio Information. Such information includes recorded phone calls that we or our representatives participate in as allowed under applicable law.
- Government Issued Identification. Such information includes images and data, which may appear on government-issued identity documents or identification cards.
- Content. Information such as your communications with us and any other content you provide, such as social media profiles, images, videos, survey responses, comments, reviews, and testimonials.
Snow does not collect or process any data on the Website regarding the following: race or ethnic origin; political opinions; religious or philosophical beliefs; trade union memberships; genetic or biometric data; health or mortality; or sexual orientation.
3. How We Collect Your Data
We may collect data in a variety of manners as disclosed in this section.
- Directly from You. We may collect personal information you provide, such as when you make a purchase; register for an account or create a profile; contact us; respond to a survey; participate in a sweepstakes, contest, or other similar campaign or promotion; sign up to receive emails or newsletters, or otherwise engage in direct communication with us. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. You always have the option not to provide the information we request. If you choose not to provide the information we request, you can still visit the Website, but you may be required to provide your information by other means if we need such information to provide our services to you.
- Using Online Tracking Technologies and Other Automatic Data Collection Technologies. When you visit our websites, use our Services, open or click on emails we send you, or interact with our advertisements, we or third parties we work with may automatically collect certain information using online tracking technologies such as cookies. For more information, please see our cookies policy by clicking here.
- From Social Media Platforms and Networks. If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (including Instagram, Facebook, Twitter, Google, LinkedIn, and Pinterest) in connection with our websites, we may collect information that you disclose to us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.
- From Other Sources. We may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.
4. How We Use Your Data
We collect, process and disclose your data only for specific and limited purposes. Our primary goal in collecting, using, and sharing Visitor Information is to enhance your experience on the Website, support the Website, and improve its features, performance, and other elements. We will not use your Visitor Information without a valid legal basis to do so, and we will only process your Visitor Information in a way that is compatible with and relevant to the purpose for which it was collected and authorized. This section explains how we use your Visitor Information and identifies the categories of information we collect and process in connection therewith.
Providing our Services. Where you are a User of our Services, we will use Visitor Information collected as is necessary to fulfill our contract with you for the purposes of providing, maintaining, or improving our products and Services (including, to the extent permitted by applicable law, any matters in our legitimate interests with respect to the Services), we will confirm your identity, contact you, provide customer support (including via chat, in the comment section of our blog, or other platforms, where you may reach us), operate your account with us and invoice you.
We may occasionally hire other companies to provide limited services on our behalf, such as handling the processing of information submitted on any contact form on the Website, the delivery of any mailings or correspondence, processing transactions, or performing statistical analysis of our services (the “Provided Services”). We provide those companies the information they need to deliver the service. In some instances, these companies may collect information directly from you and you will be notified of the involvement of the external service provider. Such companies are subject to agreements that require them to maintain the confidentiality of your information and they are prohibited from using that information for any other purpose. We reserve the right to not track how you interact with any of the Provided Services.
For the aforementioned purposes, we collect and process Identifiers, Payment Information, and Commercial Information.
Legal Obligations. We may request some of the personal data indicated above to comply with applicable laws and in furtherance of our legal obligations and legitimate interest in ensuring that users and end customers are not the target of trade, financial, and economic sanctions, and do not appear on a sanctions-related list, including lists maintained by the U.S. Department of Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of State, the U.S. Department of Commerce, the European Union, or His Majesty’s Treasury of the United Kingdom. In addition, we may use such information to establish and exercise our rights, and to defend against legal claims.
Consent. There are instances where we may collect specific information for a specific purpose based on your consent. This includes when you have given your consent when registering your account, when subscribing to our newsletter or blog, or shared your email address or other personal data with us to receive any other information (for example, our list of sub-processors). In such instances, we will process identifiers such as your email address as necessary to send you the informative and/or promotional materials, to which you have subscribed to, for example, newsletters, advertisements of our Services and other information about our Services that you have requested.
For information about how to unsubscribe to any emails, newsletters or other communications, please see ‘Your Choices in Connection With Our Services’ below.
Conduct Analytics and Personalization. We may use your Visitor Information to conduct research and analytics, including to improve our Services. We also use your Visitor Information to understand your interaction with our advertisements, Services, and our communications with you. We may also use your information to personalize your experience, to save you time when you visit our websites and use our Services, to better understand your needs, and to provide personalized recommendations for our Services.
We may obtain the location information you provide in your profile or your IP address. We use and store information about your location to provide features and to improve and customize the Services, for example, for Snow’s internal analytics and performance monitoring; localization, regional requirements, and policies for the Services; for local content, search results, and recommendations; for delivery and mapping services; and (using non-precise location information) marketing.
By using cookies and similar technology on our website, we may collect data such as information on your device, your preferences and information filled in while visiting our website, your interaction with the website, and other information used for analytical, marketing, and targeting activities (including unique visits, returning visits, length of the session, actions carried out in the webpage). Learn more about how we use cookies on with our Services by clicking here.
For the aforementioned purposes, we collect and process Device and Unique Identifiers.
Communications with you. We may use your Visitor Information to engage in communications with you, such as to respond to your requests, inquiries, issues, and feedback, to provide customer service.
When you interact with our customer support through email or chat features, which may be offered via third-party software, we, or our Service Providers, may monitor or record the conversation to ensure the quality of our customer support. If you have an account with the Website, we will retain the recording for as long as you have an account. If you do not have an account, we will delete the recording within 12 months or retain it if it is needed to protect our legal interests or resolve disputes between you and us.
For the aforementioned purposes, we collect and process Identifiers, Device and Unique Identifiers, and Content.
Security and Fraud Prevention. As it is in our legitimate interests to ensure our network security, we may use your Visitor Information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions. We may also use your information to enforce our terms and procedures, prevent against security incidents, and prevent the harm to other users of our Services.
Improving the Services, Websites or Developing Other Products. We may process certain information about the use of our Services and Website to better understand how it is accessed, to improve our Services, and to develop new products and services. Such processing requires the collection of technical information, including information about how and when you access your account, the device and browser you use and the IP address and device data. Additionally, your Visitor Information may be used to present the Website and its content to you, request feedback, and for any other purpose with your consent.
For the aforementioned purposes, we collect and process Device and Unique Identifiers.
Marketing and Advertising. We may use your Visitor Information for marketing and advertising purposes, including sending marketing, advertising, and promotional communications to you by email. We may also use your Visitor Information to show you advertisements for Services and to administer our sweepstakes and other contests.
For the aforementioned purposes, we collect and process Identifiers, Device and Unique Identifiers, Commercial Information, and Geolocation Data.
6. Retention Periods
We may retain your personal data for as long as you have a Website account or any of the above-mentioned legal bases for personal data processing still exists. For example, if you unsubscribe from our marketing, newsletter, or blog emails, we will stop the processing of the personal data for such purposes.
If you have used our Services without creating a Website account, we will keep your personal data as long as necessary to comply with our legal obligation to retain information relating to provision of Services, for example, for tax purposes.
After terminating your relationship with us by deleting your Website account or otherwise ceasing to use our Services, we may continue to store copies of your personal data as necessary to comply with our contractual obligations with Partner Entities and legal obligations, as well as to resolve disputes between you and us, to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests (to the extent that we are permitted by the applicable law to continue to store copies to protect our legitimate interests).
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. We will actively review the personal data we hold and delete it securely, or in some cases, anonymize it when there is no longer a legal, business, or consumer need for it to be retained.
We reserve the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws.
7. Information Security
Snow takes the security of your Visitor Information very seriously. We take every effort to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. Our measures include implementing appropriate access controls, investing in the latest information security capabilities to protect the IT environments we leverage, and ensuring we encrypt and anonymize personal data wherever possible. Access to your Visitor Information is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third parties.
Your Visitor Information may be stored on servers owned and operated by Snow, its Partner Entities, their respective subsidiaries, and affiliates or by cloud/software service providers (“SaaS Services”) located in the United States. Our SaaS Services are committed to: (i) using industry-standard physical, electronic, and organizational safeguards to protect information against loss or theft as well as unauthorized access and disclosure; (ii) protecting individuals’ privacy; and (iii) employing security techniques to protect such data from unauthorized access. We follow generally accepted industry standards to protect the Visitor Information submitted to us, both during transmission and once we receive it. When entering Visitor Information on the Website, look for the secure icon (typically an image of a lock) and ‘https’ designation in the address box of your browser window that indicates you are on a secure page.
However, it must be noted that “perfect security” does not exist today. We encourage you to take care of the personal data in your possession that you process online and set strong passwords for your Website Account, limit access to your computer and browser by signing out after you have finished your session, and avoid providing us with any sensitive information.
If you are concerned that your privacy may have been breached, please contact us using the contact information provided at the bottom of this Privacy Policy.
8. Your Choices In Connection With Our Services
A. Account.
You may access, update, or remove certain information that you have provided to us through your Website account (login here) or by sending an email to the email address set out in Contact Information below. We may require additional information from you to allow us to confirm your identity.
Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
B. Communications.
- Emails.You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link or emailing us at the email address set out in Contact Information below with the word 'UNSUBSCRIBE' in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or Snow’s ongoing business relations.
C. Cookies and Tracking Technologies.
- Cookies. See our Cookie Policy here for information about how to control cookies and similar tools.
- Log Files. Our servers log information about your IP address, your browser type, and the current URL you are requesting. This information is always provided by your browser and automatically logged. These log files are stored in a secure location and used in our internal analysis of traffic patterns.
- Do Not Track. Most web browsers, and some mobile operating systems and mobile applications, include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy. For more information on “Do Not Track,” visit http://www.allaboutdnt.com
D. Analytics.
Services providing analytic tools (“Analytic Services”), including without limitation Google Analytics®, may be used with the Website which transmit website traffic data to servers in the United States. Analytic Services do not collect personal information, identify individual users, or associate your IP address with any other data. We do not share any personally identifiable information with our Analytic Services in connection with their performing of any services on our Website. We use reports provided by Analytic Services to help us understand website traffic and webpage usage. Just as we provide you with the ability to exercise certain controls and choices about how we collect, use, share, and store your information, Google also provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Please note that your opt-out will only apply to the specific browser or device from which you opt-out.
E. Legal Privacy Rights.
You may have additional legal privacy rights under certain applicable laws, including but not limited to the California Consumer Privacy Act and other similar laws that may come into effect. For more information about your rights under these respective laws, please see the following sections where applicable:
- Additional Disclosures for European Residents
- Additional Disclosures for Canadian Residents
- Additional Disclosures for California Residents
- Additional Disclosures for Additional Disclosures for Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nevada, New Jersey, Ohio, Oregon, Tennessee, Texas, Utah, and Virginia Residents
For more information about how to exercise applicable legal rights, please see the section titled ‘How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws’ below.
9. Payment Card Industry Data Security Standard (PCI-DSS)
We follow the Payment Card Industry Data Security Standard (PCI-DSS) when handling credit card data. Snow currently accepts VISA, MasterCard, Discover, American Express, and PayPal Credit cards as authorized payment methods for our services. All payment transactions are processed by our third-party payment processor, Shopify, through their online payment programs, in adherence to PCI-DSS, and other applicable standards. Snow at its sole election may discontinue support for any payment method or it may support additional payment methods (i.e., Apple Pay, Google Wallet or Amazon Payments). For more information on how Shopify handles your information, visit their privacy policy here: https://www.shopify.com/legal/privacy.
10. Additional Disclosure for European Residents
If you are a User or data subject located in the European Economic Area or the United Kingdom, you have certain rights with respect to your personal data. This Privacy Policy and its enumerated policies are intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the Privacy and Electronic Communications Directive, as implemented in EU Member States, the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (collectively the “General Data Protection Regulation” or “GDPR”) and provide appropriate protection and care with respect to the treatment of all of our Visitor’s Information in accordance with the GDPR.
A. Roles
GDPR distinguishes between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). As described in the Section entitled “Background” above, we may either be a controller or a processor depending on the circumstances.
Snow as Controller: We are the data “controller” when we process information directly from Users to provide our Services to such User, where no third party controls such processing.
Snow as Processor: We are the data “processor” when we process User information at the direction of a third party data controller.
B. Lawful Basis
The GDPR requires a “lawful basis” for processing personal data. Our lawful bases include where: (i) you have given consent to the processing for one or more specific purposes, either to us or to our Service Providers or Partner Entities; (ii) processing is necessary for the performance of a contract with you; (iii) processing is necessary for compliance with a legal obligation; or (iv) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, provided that your interests and fundamental rights and freedoms do not override our interests.
C. Data Transfers
All the information you provide may be transferred or accessed by our parent company in the United States and our affiliate companies and subsidiaries in other countries, such as Latvia, Poland, Spain, and the UK and our Service Providers (as described above) for the provision of our Services as described in this Privacy Policy. Additionally, the information you provide may be transferred or accessed by Partner Entities (as described above) in relation to your use of the Services. When we transfer your information globally, we take necessary measures to ensure appropriate protection of your information, including, as applicable, entering into the European Commission’s Model clauses for the transfer of personal data to third countries (i.e., the standard contractual clauses) and any equivalent clauses issued by the relevant competent authority of the UK.
D. Your Data Subject Rights
If you are a data subject according to the GDPR, subject to certain conditions you have the right to:
- access, rectify, modify, or erase any personal data we process about you;
- data portability, meaning the ability to receive your personal data in a structured, commonly used machine-readable format and ability to transfer such data to another third party of your choice;
- restrict or object to our processing of personal data we process about you;
- not be subject to a decision based solely on automated processing; and
- where applicable, withdraw your consent at any time for any data processing.
For more information about how to exercise applicable legal rights, please see the section titled ‘How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws’ below.
GDPR Complaints
If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#member-pl.
If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
If you have a complaint about our use of your personal data or response to your requests regarding your personal data, please see the section entitled “Complaints” below for more information.
In addition to the contact information in the Section “Contact Information” below, please contact our:
European Representative
privacy@printful.com
Data Protection Officer
consumerdataprivacy@snowcommerce.com
If you have a complaint about our Partner Entities use of your personal data or response to your requests regarding your personal data, please refer to our Partner Entities’ privacy policy at: https://www.fandango.com/policies/terms-and-policies
11. Additional Disclosures for Canadian Residents
If you are a User or data subject located in Canada, you have certain rights under the Personal Information Protection and Electronic Documents Act (“PIPEDA”).
We are an “Organization” under PIPEDA, since we may collect information from you. Under PIPEDA, residents are afforded certain rights about the Personal Information (as such capitalized term is defined under the PIPEDA) we have collected about them, which we have described in more detail below.
Your Data Subject Rights
If you are a data subject according to PIPEDA, subject to certain conditions you have the right to:- access, rectify, modify, or erase any personal data we process about you; and
- where applicable, withdraw your consent at any time for any data processing.
When we collect information from you, you may inform us if you do not wish to be contacted for marketing/market research purposes in accordance with Canadian Anti-Spam Legislation. If you do not want to receive promotional information from us or our representatives, please use the unsubscribe option in your user account or the email you received, or email us at consumerdataprivacy@snowcommerce.com to update your personal contact preferences.
For more information about how to exercise applicable legal rights, please see the section titled ‘How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws’ below.12. Additional Disclosures for California Residents
All terms and phrases used under this section have the same meaning as those phrases are defined under the California Consumer Privacy Act and its implementing regulations, as amended (collectively, the “CCPA”). Except as described otherwise, the definitions of: “controller” includes “Business”; “processor” includes “Service Provider”; “data subject” includes “Consumer”; “personal data” includes “Personal Information”; in each case as defined under the CCPA.
Under the CCPA, California residents are afforded certain rights about the Personal Information (as such capitalized term is defined under the CCPA) we have collected about them, which we have described in more detail below.
We are both a “Business” and a “Service Provider” under the CCPA, depending on how you interact with us. This section applies only to personal information we collect in our role as a Business, however, you may still have rights when we act as a Service Provider. Under the CCPA, we are a Business when we process information directly from Users to provide our Services to such User, where no third party controls such processing, and we are a Service Provider when we act on a Partner Entities’ behalf to fulfill an order with regard to the Partner Entities’ direct customer. Please read the Partner Entities’ privacy policy (https://www.fandango.com/policies/terms-and-policies) for further information on how to exercise your rights under the CCPA. The Partner Entity is your contact for any questions you have about how it handles your Personal Information.
A. Notice at Collection
To learn more about the categories of personal information we collect about California residents, please see ‘Information Collected About Users’ above.
For more information about how we use those categories of personal information, please see ‘How We Use Your Data’ above.
For more information about how we collect categories of personal information, please see ‘How We Collect Your Data’ above and our cookies policy found here.
To learn more about how we disclose categories of personal information, and the categories of third parties with whom we disclose such information, please see ‘Categories of Personal Information Disclosed and Categories of Recipients’ below.
To learn more about how long we keep your information, please see ‘Retention Periods’ above.
B. Categories of Personal Information Disclosed and Categories of Recipients
The following disclosure describes the categories of information that we disclose to the categories of recipients of such disclosure. For more information about the third parties we disclose information to, please see ‘Sharing Personal Data With Third Parties’ above.
Service Providers. The type of data we share depends on the type of service provider. The below summary details the types of service providers and related information shared:
- Legal Advisors, Legal Process, and Protection. Any collected information identified in Information Collected About Users that is reasonably required to be disclosed and does not violate any legal or contractual obligation may be disclosed in accordance with such request and/or requirement.
- Affiliates. We may disclose any of the information identified in Information Collected About Users with our Affiliates so where it is necessary for the legitimate interest including appropriate business purposes of Snow and its Affiliates in accordance with Data Protection Laws.
- Partner Entities.We may disclose Identifiers and Commercial Information.
- In a Business Transfer. We may disclose any of the information identified in Information Collected About Users and business customers in connection with a business transfer where it is necessary for the legitimate interest including appropriate business purposes of Snow and its Affiliates.
- In a Website Control Change. We may share or transfer your information in connection with Snow transferring control of the Website to Partner Entities or a new operator.
- Facilitating Requests. We may disclose or make appropriate information identified in Information Collected About Users to facilitate your requests reasonably in accordance with the CCPA. With respect to social networking requests, categories of information shared are Identifiers, Device And Unique Identifiers, Geolocation Data, and any applicable Content associated with the request.
C. Your Legal Rights Under the CCPA
If you are a California resident, the processing of certain personal information about you may be subject to the CCPA. Where the CCPA applies, this section provides additional privacy disclosures and informs you of key additional rights as a California resident. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.
Right to Know Request. Under the CCPA, California residents have a right to request information about our collection, use, and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you free of charge with the following information:
- Right to Access. You have a right to access the personal information that we collected from you in accordance with the applicable law.
- Right to Delete Request. Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions.
- Right To Correct. Under the CCPA, you have the right to ask us to correct, or make available a means to correct, the personal information we have collected about you, subject to certain exceptions.
- Right To Restrict. Under the CCPA, you have the right to restrict use and disclosure of your sensitive personal information.
- Right to Opt-Out of the Sale or Sharing of Personal Information. You may request that we not sell your Personal Information. Please note, however, that CCPA defines “sale” very broadly, and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California consumer’s Personal Information by the business to another business or third party for monetary or other valuable consideration.” We use services that help deliver interest-based ads to you and may transfer Personal Information to business partners for their use. Making Personal Information (such as online identifiers or browsing activity) available to these companies is considered a “sale” under the CCPA.
You may also opt-out by using an opt-out preference signal, such as the Global Privacy Control (GPC) on your browser.
These rights may be limited in some circumstances. For more information about how to exercise your legal rights and limitations that may apply, please see ‘How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws’ below.
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us using the contact information provided at the bottom of this Privacy Policy.
D. Notice of Disclosure for a Business Purpose
To learn more about the categories of personal information we have disclosed for a business purpose, and the categories of third parties with whom we’ve disclosed such information, please see ‘How Do We Disclose Your Information?’ above.
E. Notice of Use of Sensitive Personal Information
We do not use California resident sensitive personal information for any purpose other than is permissible under the CCPA. Specifically, we do not use sensitive personal information of California residents to derive characteristics about California residents.
F. Notice of Financial Incentives
We offer our Users certain discount opportunities that may be considered a “financial incentive” or “bona fide loyalty program” under applicable Data Protection Laws (the “Program”). Such a Program may include discounts or coupons provided when you sign up to receive such discounts or coupons, which typically requires you to provide your name and contact information (such as email address), or participation in a survey. We consider the value of your personal information to be related to the value of the discounted products or services, or other benefits that you obtain or that are provided in connection with the Program, less the expense we incur offering such opportunity.
You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Please review any applicable terms and conditions provided in connection with such Program.
13. Additional Disclosures for Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nevada, New Jersey, Ohio, Oregon, Tennessee, Texas, Utah, and Virginia Residents
Under the state laws including the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, the Florida Digital Bill of Rights, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, the Nevada Revised Statutes Chapter 603A, New Jersey Senate Bill 332, Ohio Data Protection Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, Virginia Consumer Data Protection Act, and other similar laws that may be enacted in the future (each a “Heightened U.S. Privacy Law”) applicable residents may be afforded certain rights regarding the data we have collected about them. This notice describes how we collect, use, and share your Personal Data under such respective Heightened U.S. Privacy Law, and the rights that you have with respect to your Personal Data, including sensitive personal data. For purposes of this section, “Personal Data” and “sensitive data” have the meanings given in the respective Heightened U.S. Privacy Law and do not include information excluded from such respective Heightened U.S. Privacy Law’s s respective Heightened U.S. Privacy Law general, personal data is information reasonably linkable to an identifiable person.
A. Notice of Collection
To learn more about the categories of personal information we collect about you and how we use it, please see ‘Information Collected About Users’ and ‘How We Use Your Data’ above. To learn more about the categories of third parties with whom we may share your personal information, please see ‘How We Sharing Personal Data With Third Parties’ above.
In addition, we may collect and/or use additional types of information after providing notice to you and obtaining your consent to the extent such notice and consent is required by Heightened U.S. Privacy Laws.
B. Your Rights Under Heightened U.S. Privacy Laws
If you are a resident of a state with a Heightened U.S. Data Privacy Law, the processing of certain personal information about you may be subject to the respective Heightened U.S. Data Privacy Law. Where the Heightened U.S. Data Privacy Law applies, this section provides additional privacy disclosures and informs you of key additional rights as a resident of such state. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the Heightened U.S. Data Privacy Law.
- Right to Access Information/Correct Inaccurate Personal Data. You may have the right to request access to Personal Data collected about you and information regarding the purposes for which we collect it, and the third parties and service providers with whom we share it. Additionally, you may have the right to correct inaccurate or incomplete Personal Data. You may submit such a request as described below.
- Right to Deletion of Personal Data. You may have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. You may submit such a request as described below. We may have a reason under the law why we do not have to comply with your request, or why we may comply in a more limited way than you anticipated. If we do, we will explain that to you in our response.
- Right To Correct. You may have the right to ask us to correct, or make available a means to correct, the personal information we have collected about you, subject to certain exceptions.
- Right to Opt-Out of Sale of Personal Data to Third Parties. You may have the right to opt out of any sale of your Personal Data by Snow to third parties. We do not sell Personal Data to third parties for their own direct marketing purposes. Further, you may have the right to request a list of categories of third parties to which personal data has been disclosed.
- Right to Portability. You may have the right to request a copy of the Personal Data that you previously provided to us as a Controller in a portable format. Our collection, use, disclosure, and sale of Personal Data are described in our Privacy Policy.
- Right to Opt-In to Processing of Sensitive Data. Before we collect and process sensitive personal information, we will obtain your opt-in consent as required under applicable law.
- Right to Opt-Out of Targeted Advertising. You may have the right to opt-out of Targeted Advertising based on your Personal Data obtained from your activities over time and across websites or applications.
- Right to Opt-Out of Profiling. You may have the right to opt-out of having your Personal Data processed for the purpose of profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you.
- Right to Appeal. If we decline to take action on any request that you submit in connection with the rights described in the above sections, you may ask that we reconsider our response by sending an email to consumerdataprivacy@snowcommerce.com that you receive the decision. You must ask us to reconsider our decision within 45 days after we send you our decision.
These rights may be limited in some circumstances. For more information about how to exercise your legal rights and limitations that may apply, please see ‘How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws’ below.
14. How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws
If you are an applicable resident to whom the Data Protection Laws apply to, you may contact us to exercise your rights in accordance with the below procedures:
A. Verification Requirements
For certain requests, we may require specific information from you to help us verify your identity and process your request. Depending on your request, we will ask for information such as your name, tax mailing address, phone number and account number (to the extent available) used in connection with your account or applicable purchases, and may ask for government-issued ID, or date of birth. If we are unable to verify your identity, we may deny your requests to know or delete.
B. Requests to Know, Access and Delete Information
If the Data Protection Laws apply to you, you may exercise your right to know, access or delete information through any of the following means:
- Account Settings: As provided in the ‘Your Choices in Connection with Our Services’ above, you can access the majority of your personal information through your account within the Services by logging in to your Website account.
- Online Form: You may make a request by completing this form.
- Email Us: You may make a request by emailing us at consumerdataprivacy@snowcommerce.com
C. Correction Requests
You can correct information related to your account through the following means:
- Account Settings: As provided in ‘Your Choices in Connection with Our Services’ above, you can access the majority of your personal information through your account within the Services by logging in to your Website account.
- Email Us: You may make a request by emailing us at consumerdataprivacy@snowcommerce.com
D. Right to Opt-Out of Sale, Profiling, and Context-Based Behavioral Advertising
The use of certain third-party providers and their cookies or other tracking technologies for such third parties’ commercial use or profiling or cross-context behavioral advertising must be capable of opt-out. However, as stated in this Privacy Policy, we do not sell or share your information to third parties for these purposes, and therefore, we do not offer any opt-out right.
If you believe that we are forwarding personal information to a third party and it is using it in a manner that exceeds such third party’s processing on our behalf as a service provider or processor (as those terms are understood under applicable law), please contact us at consumerdataprivacy@snowcommerce.com so that we may look into the matter further.
E. Right to Portability
If you wish to receive your personal data in a machine-readable format, please contact us at consumerdataprivacy@snowcommerce.com. We may provide you instructions on how to access your own information and download it yourself, or otherwise will work with you to provide you your personal data in accordance with applicable Data Protection Laws.
If applicable Data Protection Laws do not provide you with the right of portability, we may deny your request.
F. Authorized Agents
Residents of California, Colorado, and Connecticut may designate an authorized agent to submit a request on your behalf to access, delete, or opt-out of certain aspects of how we handle your personal information. Use of an authorized agent must comply with the CCPA and other Heightened U.S. Privacy Laws as applicable, including that you must provide the authorized agent written and signed permission to submit such request. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will still have to verify your identity directly with us in accordance with the applicable law.
G. Responding to Requests as a Controller or Covered Business
Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly within the time period allowed under the applicable law. We aim to fulfill all verified requests within 45 days pursuant to the to the CCPA and most Heightened U.S. Privacy Laws, unless required to respond sooner, however, we are not required to do so. For example, if you live in Europe, we aim to respond within 30 days as required by law. If necessary, extensions as allowed under applicable law (generally for an additional 45 days) may be required and will be accompanied by an explanation for the delay.
Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by applicable law.
H. Responding to Requests as a Processor or Service Provider
If your personal data has been processed by us on behalf of a Partner Entity and you wish to exercise any rights you have with such personal data, please inquire with such Partner Entity directly. If you wish to make your request directly to us, please provide the name of the Partner Entity on whose behalf we processed your personal data. We will refer your request to that Partner Entity, and will support them to the extent required by applicable Data Protection Laws in responding to your request.
15. Links to Third-Party Sites
Our Services may contain links to other websites or services. We do not have any control over these third-party websites and do not endorse them. We do not control these third party websites or services and we make no representations or warranties concerning, and will not in any way be liable for, any content, products, services, software, or other materials available through third parties. These links are provided for your own convenience and information, and the websites and services are governed by and subject to their own terms and conditions and privacy policy notices, which we strongly suggest you review.
16. Privacy Policy Changes
We reserve the right to amend and update this Privacy Policy at our discretion at any time. Any changes we make to this Privacy Policy in the future will be posted on this page and will be effective as soon as made available, as reflected by the revised “Last updated” date. Therefore, we encourage you to check this page frequently from time to time. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
17. Complaints
If you are a User that has directly purchased our Services from us and believe that we have unlawfully processed your personal data, you have the right to submit a complaint to the contact information provided below, or to your respective data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.
If you are a customer of a Partner Entity (an end user of our Services), please direct your concern to the relevant Partner Entity in the first instance.
18. Contact Information
To request to review, update, delete your personal information, or exercise any of your rights in accordance with this Privacy Policy, or if you have any additional questions regarding this Privacy Policy or how to remove or modify your user information or related consents, please feel free to contact us by email at consumerdataprivacy@snowcommerce.com, or by using the contact details below:
Users outside of the European Economic Area:
Snow Commerce
Attn: Data Protection Officer
Address: 1340 Clay Street,
Cincinnati, OH 45202
United States
Users of the European Economic Area:
AS “Printful Latvia”
Attn: Data Protection Officer
Address: Raina Bulvaris 25
Riga, LV-1050
Latvia
Snow will use commercially reasonable efforts to promptly respond and resolve any problem or question.
© Copyright 2024, Snow. All Rights Reserved.