What information do we collect and for what purpose?
The following chart shows the categories of personal information that we have collected during the past twelve (12) months, the sources of such information, and the business or commercial purposes for which we may use such information. For all categories of personal information collected, we may disclose data to our service providers and other third parties to help us accomplish the business purposes described below.
The table below is intended to be illustrative and not exhaustive.
|Categories of Personal Information||Sources of Personal Information||Business and Commercial Purposes|
|Personal identifiers (e.g. name, address, e-mail address, phone number(s))||Website or services (information collected directly from the user)Industry affiliates vendors||Customer support and feedback process, fulfillment, and maintenance Delivery of marketing communicationsAnalyticsAccount administration|
|Commercial information (e.g. precious metals purchased, obtained, or inquired about)||Website or services (information collected directly from the user)Industry affiliates vendors||Customer support and feedback process, fulfillment, and maintenance Delivery of marketing communications analytics|
|Internet or Network Activity (e.g. IP address, browser and operating system, referral URL, pages viewed, date/ time of visit)||Website or services (information collected directly from the user)Third-party advertisers/ promotersVendors||Delivery of marketing communications analytics|
|Inferences are drawn from any of these personal information categories (e.g. interest based on analytics)||Website or services (information collected directly from the user)Vendors||Customer support and feedback process, fulfillment, and maintenance Delivery of marketing communications analytics|
|Financial information (e.g. credit card information, bank account information)||Website or services (information collected directly from the user)||Process, fulfillment, and maintenance Account administration|
Keeping your information safe
We care about the security of your information and use commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information collected through our Service. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
Your specific rights in respect of your personal information if you are located in California
If you are located in California, per the CCPA you have the following rights in respect of your personal data that we hold:
- Right of access. You may request access to the personal information that we have collected and maintained about you (along with information regarding its use and disclosure) over the past twelve (12) months upon appropriate verification of identity. You may only make such requests twice (2) per every (12) month.
- Right to deletion. You have the right to request that we delete personal information collected and maintained about you, subject to certain exceptions. Once your request is verified and we have determined that we are required to delete that information in accordance with applicable law, we will delete your personal information accordingly. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. Please note that a record of your deletion request may be kept pursuant to our legal obligations.
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such a request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf (e.g. previous transactions of the person to whom the request relates).
We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated above, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable processing fee or refuse to act on a request if the request is excessive, repetitive, or manifestly unfounded.
If you wish to exercise one of these rights, please contact us at firstname.lastname@example.org and write in the subject line: “CCPA PRIVACY REQUEST – [INSERT NAME]”.
Pursuant to Section 1798.83 of the California Civil Code “Shine the Light” law on data privacy (a separate law from the CCPA), residents of California have the right to obtain certain information about the types of personal information that companies with whom they have established a business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those parties.
If you wish to exercise one of these rights, please contact us at email@example.com and write in the subject line: “SECTION 1798.83 PRIVACY REQUEST – [INSERT NAME]”.
Your specific rights in respect of your personal information if you are located in the EU or Switzerland
For the purposes of EU data protection laws, Hero Bullion is a data controller (i.e., the company who is responsible for, and controls the processing of, your personal data). If you are located in the EU or Switzerland, per the GDPR you have the following rights in respect of your personal data that we hold:
- Right of access. The right to obtain access to your personal data.
- Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
- Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
- Right to object. You have a right to object to processing based on legitimate interests and direct marketing.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you wish to exercise one of these rights, please contact us at firstname.lastname@example.org and write in the subject line: “GDPR PRIVACY REQUEST – [INSERT NAME]”.
Your rights outside of California, European Union and Switzerland
While you do not have the same extensive rights of data access and deletion you may still make a privacy request and we will do our best to comply with your request, provided it is no more egregious than the rights given in the GDPR or CCPA.