1.2 Drop operates a community-driven e-commerce platform that allows users to discuss, request and receive updates about specific products and features, and for members to market and sell products requested through the platform, in each case using our website at drop.com (the "Service").
1.5 Drop is the data controller of the personal information we hold about you.
Personal information we collect from you directly
2.1 We collect personal information that you voluntarily submit directly to us when you use our Service. This can include information you provide to us when you register for an account and user profile, fill in a form on our Service, create or edit your user profile on the Service, correspond with us by phone, e-mail or otherwise, subscribe to our mailing lists, newsletters or other forms of marketing communications, respond to a survey, post comments in forums, enter a promotion, or use some other feature of our Service. We may also collect personal information from third parties, such as social networks.
2.2 We will indicate to you where the provision of certain personal information is required in order for us to provide you certain features of the Service. If you choose not to provide such personal information, we may not be able to provide the Service to you or respond to your other requests.
2.3 The list below sets out the categories of personal information we collect about you and how we use that information:
Contact and profile information. Personal information, such as your name, username, phone number, address, e-mail address, profile picture and personal information contained in your bio.
Comments, chat and opinions. When you contact us directly, e.g. by email, phone or when you complete an online form or participate in an online forum or chat, we will record your comments and opinions.
Payment and transaction information. Information such as items purchased, date and time of your transaction, and payment information, such as your credit card or bank account details.
Preferences. Preferences set for notifications, marketing communications, how our website is displayed and how you use the Service.
2.4 We may use this information to:
(a) allow you to log in to and use certain features of the Service, create a profile for you on the Service, and to operate, maintain and provide to you the features of the Service;
(b) facilitate the shipment of products ordered through the Service;
(c) communicate with you including sending service-related communications (such as statements, invoices and solicited marketing communications) and unsolicited marketing communications in accordance with your preferences;
(d) provide customer support and deal with enquiries and complaints made by or about you relating to the Service;
(e) inform our advertising and marketing, and the development of new products and features available through our Service, or to otherwise monitor and improve our Service; and
(f) detect and prevent fraud.
2.5 The processing of the above personal information is necessary for:
(a) the performance of a contract with you and to take steps prior to entering into a contract; and
(b) our legitimate interests, namely administering, tailoring and improving the Service, informing our direct marketing, communicating with users.
Personal information we collect from third parties
2.6 From time to time, we may receive information about you from third parties and other users:
Information obtained from third parties. We may obtain information from third parties to enhance or supplement our existing user information. We may also collect information about you that is publicly available. We may combine this information with the information we collect from you directly. For example, we may obtain information when you log in through a third-party social network or authentication service, such as Facebook or Google.
Information provided by social networks you connect to our Service. If you connect a social network, such as Facebook, to our Service we will collect personal information from the social network in accordance with your privacy settings on that social network. These services will authenticate your identity and provide you the option to share certain personal information with us, which could include your name, email address, address book and contacts, or other information.
Similarly, when you interact with us through a social media site or third-party service, such as when you like, follow, or share our content on Facebook, Twitter, Pinterest, Instagram, or other sites, we may receive information from the social network, including your profile information, picture, user ID associated with your social media account, and any other information you permit the social network to share with third parties.
The data we receive is dependent on your privacy settings with the social network. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.
2.7 We may use this information to:
(a) authenticate your identity, allow you to access and use certain features of the Service and to create a public profile for you; and
(b) inform our advertising and marketing, and the development of new products and features available through our Service, or to otherwise monitor and improve our Service.
2.8 If you permit the third-party social network to share your friends list or address book with us, we may use this information to let you know what your friends are doing on our Service and to let your friends know what you are doing on the Service.
2.9 The processing of personal information we collect about you from third parties is necessary for:
(a) the performance of a contract and taking steps prior to entering into a contract;
(b) our legitimate interests, namely to tailor our Service to the user and to inform our marketing and product development.
Personal information we collect about you automatically
2.10 We also automatically collect personal information indirectly about how you access and use the Service and information about the device you use to access the Service. The list below sets out the categories of personal information we collect about you automatically and how we use that information:
Information about how you access and use the Service. For example, the website from which you came and the website to which you are going when you leave our website, how frequently you access the Service, the time you access our Service and how long you use it for, the approximate location that you access the Service from, whether you access the Service from multiple devices, and other actions you take on the Service.
Information about your device. We also collect information about the computer, tablet, smartphone or other electronic device you use to connect to our Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to our Service through the device, your Internet service provider or mobile network, your IP address and your device’s telephone number (if it has one).
2.11 We may use the information we collect automatically to present the Service to you on your device and to determine products and services that may be of interest to you for marketing purposes. We may also use the personal information we collect from you to monitor and improve the Service and business, and to help us to develop new products and services.
2.12 The processing of the personal information we collect from you automatically is necessary for our legitimate interests, namely: to tailor the Service to the user and to improve the Service generally; to monitor and resolve issues; for marketing purposes; to communicate with users; to contact users; and for the detection and prevention of fraud.
All personal information
2.13 We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.
2.14 We may anonymise and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving our Service and developing new products and features. We may also share such anonymised information with others.
2.15 The processing of personal information in this way is necessary for our legitimate interests, namely to monitor and improve our Service.
3.1 As required in accordance with how we use it, we may share your personal information with the following parties:
(a) Merchants. When you purchase products offered by third parties through our Service, your personal information may be disclosed to such third parties in order to process and fulfil your order.
(b) The community. When you post user content on our Service, such as your profile information, questions or comments, this content will be visible to other users of our Service.
(c) Service providers and advisors. Third party vendors and other service providers that perform services for us or on our behalf, which may include shipping and logistics services, identifying and serving targeted advertisements, providing mailing, email or chat services, tax and accounting services, payments processing, data enhancement services, fraud prevention, web hosting, or providing analytic services.
(d) Select third parties. We may share your personal information with third parties to the extent you have asked or authorised us to do so, such as the social network you connect to our Service or other parties from which you wish to receive information and marketing messages about products or services that may interest you.
(e) Purchasers and third parties in connection with a business transaction. Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
(f) Law enforcement, regulators and other parties for legal reasons. Third parties as required by law or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) enforce our Terms of Service or to protect the security or integrity of our Service; and/or (c) exercise or protect the rights, property, or personal safety of Drop, our users or others.
4.1 Our Service is a community where users can discuss and discover new products or features and receive updates and offers on products. We will provide you with updates about the products you have requested or in which you have shown an interest in accordance with the functionality of our Service. To do this, we will use the personal information we collect about you to send you information and updates about products you have requested or in which you have shown an interest on our Service. Most messages we send will be by email.
4.2 If you are in the European Economic Area ("EEA"), we will only send you marketing messages if you have given us your consent to do so. If you do not want to receive messages from us, you will be able to tell us by selecting certain boxes on forms we use when we first collect your contact details or by refusing or withdrawing your consent.
4.3 You can change your preferences about the notifications you receive by clicking the unsubscribe link at the bottom of our emails or logging into your account on our website and changing your preferences, although this will not unsubscribe you from administrative emails from us.
5.1 Retention periods. We will store payment and transaction information for up to 6 years from the date of your purchase. For all other categories of personal data, we will store it for no longer than necessary for the purposes set out above and in accordance with our legal obligations and legitimate business interests.
5.2 Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our secure servers, and all transfers of personal information will be protected by TLS encryption technology. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.
5.3 International Transfers of your Personal Information. As we are located in the USA, any information you provide will initially be collected and stored in the USA. If you are in the EU or EEA, this may mean that your personal information will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically resident in.
5.5 Privacy Shield. We comply with the EU-U.S. Privacy Shield framework and Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information received from European Union countries and Switzerland (the "Privacy Shield"). We have certified that we adhere to the Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse, enforcement and liability ("Principles"). If there is any conflict between the policies in this policy and the Principles, the Principles shall govern. To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: https://www.privacyshield.gov/. For more information regarding our Privacy Shield certification, please see our Privacy Shield Privacy Statement addendum.
6.1 In accordance with European Union privacy law, if you are in the EEA you have the following rights in respect of your personal information that we hold:
(a) Right of access. You have the right to obtain:
(i) confirmation of whether, and where, we are processing your personal information;
(ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
(iii) information about the categories of recipients with whom we may share your personal information; and
(iv) a copy of the personal information we hold about you.
(b) Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
(c) Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
(d) Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
(e) Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
(f) Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
6.3 You also have the right to lodge a complaint to your national data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
7.1 This section applies to you if you are a resident of the state of California. This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.” For purposes of this section, “personal information” has the meaning provided by the California Consumer Privacy Act (the “CCPA”) and does not include information that is publicly available, that is deidentified or aggregated such that it is not capable of being associated with us, or that is excluded from the CCPA’s scope, such as personal information covered by certain sector-specific privacy laws, such as the HIPAA, the FCRA, GLBA or the Driver's Privacy Protection Act of 1994. This section does not apply to information relating to our employees, contractors, applicants and other personnel.
7.2 Collection and use of Personal Information. For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the Personal Information We Collect About You And How We Use It section above. We collect this information for the business and commercial purposes described in the same, Personal Information We Collect About You And How We Use It section above. We share this information with the categories of third parties described in the Recipients Of Your Personal Information section above. We do not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we do use third-party cookies for our advertising purposes as further described in the Cookies And Similar Technologies and Interest Based Advertising section below.
In the last 12 months, we have collected the following categories of personal information:
(a) Identifiers, such as your name, address, phone number, email address, or other similar identifiers;
(b) California customer records, such as payment information;
(c) Commercial information, such as records of services purchased, obtained or considered;
(d) Internet/Network information, such as device information, logs and analytics data;
(e) Geolocation data, such as precise location data from your device or generated based on your IP address; and
(f) Inferences about your interests and preferences, generated from your use of our sites.
We collect this information directly from you, from our business partners and affiliates, from your browser or device when you visit our websites, or from third parties that you permit to share information with us.
7.3 Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
7.4 Disclosure of Personal Information. We share personal information with the categories of third parties described in the Recipients Of Your Personal Information section above. We do not “sell” personal information as most people would typically understand that term. However, we do allow certain third-party partners and providers to collect information about consumers directly through our services for purposes of analyzing and optimizing our services, delivering ads, providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. To the extent this practice is interpreted to constitute a “sale” under the CCPA, please see our Cookies And Similar Technologies and Interest Based Advertising section below for more information including how to exercise your rights to opt-out of cookies, analytics and personalized advertising.
7.5 California consumers may make a request pursuant to their rights under the CCPA by contacting us at Drop Support. We will verify your request using the information associated with your account, including email address. Government identification may be required.
7.6 Your Rights and Choices. Subject to certain limitations, the CCPA provides California consumers the following rights:
(a) The Right to Know any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
(i) The specific pieces of personal information we have collected about you;
(ii) The categories of personal information we have collected about you;
(iii) The categories of sources of the personal information;
(iv) The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
(v) The categories of personal information we have sold and the categories of third parties to whom the information was sold; and
(vi) The business or commercial purposes for collecting or selling the personal information.
(b) The Right to Request Deletion of personal information we have collected from you, subject to certain exceptions.
(c) The Right to Opt Out of Personal Information Sales to third parties now or in the future.
You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.
7.7 To Submit Your California Consumer Rights Requests. You may submit a request to exercise your California Consumer Rights through one of the mechanisms described below. We will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account, if you have one. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.
(c) To opt out or control the use of your personal information by social media, advertising and analytics partners, please see Cookies And Similar Technologies and Interest Based Advertising.
7.8 Minors. We do not sell the personal information of consumers we know to be less than 16 years of age, unless we receive affirmative authorization (the "Right to Opt In") from either the minor who is between 13 and 16 years of age, or the parent or guardian of a minor less than 13 years of age. Please contact us via Drop Support or email us at firstname.lastname@example.org to inform us if you, or your minor child, are under the age of 16. If you are under the age of 18 and you want to remove your name or comments from our website or publicly displayed content, please contact us directly via Drop Support or email us at email@example.com. We may not be able to modify or delete your information in all circumstances.
7.9 Do Not Track Signals. California law requires us to let you know how we respond to web browser "Do Not Track" (DNT) signals. Because there currently isn't an industry or legal standard to recognizing or honoring DNT signals, we don't respond to them at this time. We await the result of work by the privacy community and industry to determine when such a response is appropriate and what form it should take. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
7.2 Cookies are pieces of code that allow for personalisation of our website experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.
7.3 We use the following types of cookies:
(a) Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
(b) Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. We may use third-party analytics tools such as Google Analytics, to help us measure traffic and usage trends for the Online Services and to understand more about the demographics of our users. You can learn more about Google’s practices at http://www.google.com/policies/privacy/partners, and view its currently available opt-out options at https://tools.google.com/dlpage/gaoptout.
(c) Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
(d) Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose.
(e) Third party cookies. Please be aware that advertisers and other third parties may use their own cookies tags when you click on an advertisement or link on our website. These third parties are responsible for setting out their own cookie and privacy policies.
7.5 We also use clear gifs in HTML-based emails sent to our Customers to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of our Service. You can set your e-mail options to prevent the automatic downloading of images that may contain these technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.
7.6 If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org or the Network Advertising Initiative's online sources at www.networkadvertising.org.
7.7 Deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like Flash objects or HTML5.
7.8 We are unable to respond to Do Not Track signals set by your browser at this time.
8.1 We participate in interest-based advertising and use third party advertising companies to serve you targeted advertisements based on your browsing history. We permit third party online advertising networks, social media companies and other third party services to collect information about your use of our Service over time so that they may play or display ads on our Service, on other websites, apps or services you may use, and on other devices you may use.
8.2 Typically, though not always, the information used for interest-based advertising is collected through cookies or similar tracking technologies. We and our third party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.
8.3 We may also use certain forms of display advertising and other advanced features through Google Universal Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the Doubleclick advertising cookie) or other third party cookies together to inform, optimise, and display ads based on your past visits to the Service. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences or by vising NAI’s online resources at http://www.networkadvertising.org/choices.
8.4 To learn about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit:
(a) the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org/choices;
(b) the DAA’s resources at www.aboutads.info/choices; and/or
(c) Your Online Choices at www.youronlinechoices.com/uk.
Please note that opting-out of receiving interest-based advertising through the NAI’s and DAA’s or Your Online Choices online resources will only opt-out a user from receiving interest-based ads on that specific browser or device, but the user may still receive interest-based ads on his or her other devices. You must perform the opt-out on each browser or device you use.
8.5 Some of these opt-outs may not be effective unless your browser is set to accept cookies. If you delete cookies, change your browser settings, switch browsers or computers, or use another operating system, you will need to opt-out again.
9.1 As part of our participation in the Privacy Shield, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
9.2 You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
9.4 We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the JAMS Privacy Shield Program. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
Our Service may, from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
10.1 Our Service is not directed at persons under 16 years old and we do not knowingly collect personal information from anyone younger than 16 years old. If you become aware that anyone younger than 16 has provided us with personal information, then please contact us using the details below so that we can take steps to remove such information and terminate any related accounts.
Last Updated: January 7, 2020