GDPR Policy can be found here
1. Collection of Information
We may gather personal information about you, which refers to data that can uniquely identify you, from different sources. These sources may include:
- Directly from you when you use our Services, such as registering for an account, accessing certain features or content, or making purchases; and
- From our affiliates, subsidiaries, service providers, business partners, and other third-party sources.
Types of Information Collected
The personal information we may collect about you includes, but is not limited to:
- Contact details, such as your name, email address, postal address, and phone number;
- Demographic information, such as your Social Security number or TIN, and postal code;
- Login details, such as your username and password; and
- Payment and financial information, such as payment card number, expiration date, authentication code, billing address, and bank account number.
We may also gather certain information about you automatically when you use our website and services, using tools such as cookies and web beacons. A “cookie” is a file that websites send to a visitor’s computer or device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also called an Internet tag, pixel tag, or clear GIF, is used to transmit information about user actions back to a web server. We may also use third-party analytics tools (such as Google Analytics) to collect information about user traffic and usage of our services. The information we collect automatically may include, but is not limited to:
- Information about the devices you use to access our Services (such as your IP address, device type, operating system, and web browser);
- Dates, times, and duration of your use of our Services (including whether you are a repeat or first-time visitor); and
- Information on actions taken while using our Services (such as page views, website navigation patterns, and items added to cart but not purchased).
The information we collect automatically is statistical data, which may include personal information. It helps us to improve and personalise our Services by enabling us to identify and authenticate users.
2. Do Not Track
3. How We Use Information Collected
We may utilise the information we gather regarding you in the following ways:
- Process your orders and fulfil other transactions you have requested through the Services, and provide you with the products and services you have asked for.
- Send you the information or materials you have requested.
- Keep a record of your purchases and other transactions made using the Services.
- Address your questions and comments and offer customer support.
- Communicate with you about products, services, offers, and promotions.
- Manage, evaluate, and enhance our business and the products and services we provide.
- Analyse and upgrade our marketing communications and strategies.
- Examine trends and statistics regarding the use of the Services and transactions executed using the Services.
- Prevent and safeguard against fraud, unauthorised transactions, claims, and other liabilities, as well as manage risk exposure, which includes identifying potential hackers and other unauthorised users.
- Enforce our Terms of Sale and other agreements.
- Comply with relevant legal requirements and industry standards.
4. Disclosing Information
We may share non-identifiable, aggregated information about our users without any restrictions. However, we may disclose personal information about you to third parties under the following circumstances:
- To contractors, affiliates, service providers, and other third parties who support our business operations.
- To comply with a court order, law, or legal process, including government or regulatory requests.
- To enforce our Terms of Sale and other agreements.
- If we believe it is necessary to protect the rights, property, or safety of Square Media Ltd, our affiliates, our users, or others.
- To market products or services of third parties to you, unless you have opted out of such promotions.
- With your consent.
We have taken steps to safeguard your personal information against unauthorised access, accidental loss, alteration, and disclosure. We store all the information you provide us on secure servers that are protected by firewalls. Additionally, any payment transactions you make are encrypted using SSL technology. However, it’s important to note that electronic transmission of information is not entirely secure. We cannot guarantee that the security measures we have implemented will never fail or be defeated. Therefore, any transmission of personal information is at your own risk, and we cannot ensure that our security measures will always be sufficient or effective.
6. Your Choices
We provide the following options for you to manage the information we collect from you and how we communicate with you:
You can adjust your browser settings to stop accepting new cookies, receive notifications when you receive a new cookie, and disable existing cookies. Please note that not allowing cookies may limit your access to all the features of our services.
To opt-out of receiving marketing emails from us, you can adjust your user preferences in your account profile or follow the instructions contained in the promotional email.
You can choose not to allow Google Analytics to collect and analyse data about you on our website by downloading and installing Google Analytics Opt-out Browser Add-on.
To prevent us from sharing your personal information with third parties for their promotional purposes, you can adjust your user preferences in your account profile if you are a Square Media Ltd account holder. If you are a customer, you can opt out by accessing your specific order number through the site. However, opting out will not affect personal information already shared with third parties before the opt-out date.
Although we have no control over third parties’ collection or use of your information to serve targeted content, many of these parties provide options to opt-out of having your information collected or used in this manner.
7. Changing Information
You can change the personal information associated with your account by logging into your account and managing your personal information through your account or by sending an email request to firstname.lastname@example.org. We reserve to refuse a request if any change is contrary to any legal requirement or would cause the information to be incorrect.
Our focus on privacy and security is of utmost importance in the development of our products and business practices. We continually assess all our procedures to ensure that your personal information is safeguarded as effectively as possible. Our adherence to the General Data Protection Regulation (GDPR) ensures that we comply with its regulations and assist our users in complying to the extent that the GDPR requires.
Our business is based in Malta, and we transfer personal information across borders to conduct our operations. We have implemented additional safeguards, such as the use of Standard Contractual Clauses (SCCs), which provide guidelines for the exchange of personal information between EU and non-EU countries. These SCCs have been determined to be acceptable for the international transfer of data by the European Commission.
Retention of Data
We will retain your personal information only for as long as it is necessary to provide the requested services or as required by applicable law.
Under the GDPR, you have the right to access, correct, update, and/or delete your personal information, object to further processing of your personal information, and request portability of your personal information. You may also withdraw your consent to the collection, storage, and processing of your personal information at any time. In addition, you have the right to lodge a complaint with a data protection authority. Any requests to us can be made to address.
We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce for the transfer of personal information from the European Union and Switzerland to the United States. We have certified that we adhere to the Privacy Shield Principles and are subject to regulatory enforcement powers of the U.S. Federal Trade Commission. You have the right to opt-out of disclosures of your personal information to third parties not identified at the time of collection or uses of your personal information for purposes different from those disclosed at the time of collection. In the event of unresolved privacy concerns, we have committed to resolving complaints and disputes through JAMS, an alternative dispute resolution provider.
See Data Processing GDPR Addendum.
9. California Users
We adopt a further Privacy Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act of 2020, also known as Proposition 24 (“CPRA”). This website collects information that identifies, relates to, otherwise references, and or is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular consumer/household (“Personal Information”). The website has collected the following categories of Personal Information from sources and for the business or commercial purposes described below (in particular over the last 12-months):
|Category||What we Collect||Source||Business / Commercial Purpose|
|IDENTITY DATA||Data provided by user when filling in contact form or subscribing to newsletter||Consumer||Email newsletter purposes|
|CUSTOMER RECORD DATA||Data provided by user when filling in contact form or subscribing to newsletter||Consumer||Email newsletter purposes|
|LOCATION DATA||Location and timezone||IP Address||Website improvement & Conversion optimization|
|COMMERCIAL DATA||Data provided by user when filling in contact form or subscribing to newsletter||Consumer||Email newsletter purposes|
The definition of Personal Information does not include certain types of information, such as publicly available government records, deidentified or aggregated consumer information, and information that is excluded from the scope of the CCPA and CPRA, including certain types of health and medical information covered by HIPAA and CMIA, as well as personal information covered by sector-specific privacy laws such as FRCA, GLBA, FIPA, and DPPA.
In the past 12 months, we have collected all categories of Personal Information for various purposes, such as processing transactions and preventing fraud, providing customer support, customising, and securing accounts, testing, and developing products, and delivering personalised content and advertising. We will continue to collect personal information for these purposes and may also use it to respond to law enforcement requests, as required by law or regulations, or in the event of a merger or sale of assets. We will not collect additional categories of personal information or use it for purposes that are materially different, unrelated, or incompatible without giving notice.
The following categories of third parties may receive your Personal Information from us for business purposes:
- Our Affiliates
- Service providers
Whenever we share your Personal Information, we make sure to sign a contract that outlines the specific business purpose for which your information is being disclosed. Additionally, the contract limits the service provider’s use of your information solely for purposes related to the business purpose outlined in the contract. Over the past 12 months, we have shared the following categories of Personal Information with third parties for business purposes.
- Customer Records Data
- Commercial Data.
- Internet Use Data.
- Location Data.
In the last 12 months, we have not sold Personal Information to any third party.
Deletion: You may request the erasure of any of your Personal Information that we have obtained and maintained, with a few exceptions. Once we have received and authenticated your verifiable consumer request, we will delete your Personal Information from our records and those of our service providers, unless an exception applies. We may refuse to honour your request for deletion if retaining the information is crucial for us or our service providers to:
- Finalise the transaction for which we collected your Personal Information, meet the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service that you have requested, carry out actions reasonably expected within the context of our ongoing business relationship with you, or otherwise execute our agreement with you.
- Uncover security incidents, safeguard against malicious, deceptive, fraudulent, or unlawful activity, or prosecute those responsible for such activities.
- Fix affiliate products to identify and repair errors that impair the existing intended functionality.
- Exercise free speech, ensure another consumer’s right to exercise that consumer’s free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Conduct public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other relevant ethics and privacy laws, if the deletion of the information is likely to make the research impossible or seriously impair its achievement, if you had given informed consent previously.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Access: You may demand that we reveal specific information to you regarding our acquisition and utilisation of your Personal Information during the previous 12 months. Once we obtain and authenticate your verifiable consumer request, we will disclose to you:
- The categories of Personal Information that we obtained about you.
- The categories of sources from which we obtained the Personal Information about you.
- Our business or commercial intention for obtaining or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information that we obtained about you (also known as a data portability request).
- If we revealed your Personal Information for a business purpose or sold it, two separate lists that pertain to:
- Disclosures for a business purpose, which identify the categories of Personal Information that each category of recipient obtained.
- Sales, which identify the categories of Personal Information that each category of recipient purchased.
Execute Right: To execute the access, data portability, and deletion rights explained above, please send a verifiable consumer request via email to: email@example.com .
A verifiable consumer request related to your personal information can only be made by you, or by someone legally authorised to act on your behalf. You can also make a verifiable consumer request for your minor child. You can only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide adequate information that enables us to reasonably verify that you are the person about whom we collected Personal Information or an authorised representative.
- Describe your request with sufficient detail that enables us to properly comprehend, assess, and respond to it.
- If we are unable to verify your identity or authority to make the request, we cannot respond to your request or provide you with Personal Information to confirm that it pertains to you.
Creating an account with us is not necessary to make a verifiable consumer request, but we may need to authenticate the consumer in a reasonable manner, based on the nature of the Personal Information requested. We will only use Personal Information provided in a verifiable consumer request to verify the identity or authority of the requestor to make the request
We will strive to respond to your verifiable consumer request within 45 days of receipt. In case we need more time, we will notify you in writing and provide a reason for the extension period, which can be up to 90 days. If you have an account with us, we will deliver the written response to that account. If you do not have an account with us, we will deliver the written response via regular mail or email, as per your preference. Our response will cover only the Personal Information collected and used in the 12-month period preceding the receipt of the verifiable consumer request. If we cannot comply with your request, we will explain the reasons for our inability to do so. For data portability requests, we will provide your Personal Information in a format that is usable and that should allow you to transfer the data to another entity without any obstacle. We do not charge you any fee for processing or responding to your verifiable consumer request, except when the request is excessive, repetitive, or manifestly unfounded. If we find your request to be chargeable, we will let you know the reason and provide you with a cost estimate before we proceed with your request. Alternatively, we may decline to respond to your request and will notify you of the reason for our decision.
Opt-Out: If you are 16 years old or older, you have the option to tell us not to sell your personal information at any time. We do not sell the Personal Information of consumers whom we know are under 16 years old, except if we have received positive authorisation from either the consumer if they are at least 13 years old and under 16 years old, or the parent or guardian if the consumer is under 13 years old. Consumers who have opted-in to the sale of Personal Information may opt-out of future sales at any time.
To exercise the Right to Opt-out, you (or your authorised agent) may submit a request to us by emailing us (address). If an authorised agent submits a request on your behalf, they must provide either: (1) a copy of your written permission for them to submit a request on your behalf and enough information to verify their identity, or (2) a power of attorney pursuant to California’s Probate Code.
You do not need to create an account with us to exercise your Right to Opt-out. We will only use Personal Information provided in a Request to Opt-out to review and comply with the request. After making a Request to Opt-out, we will wait at least 12 months before requesting you to reauthorise Personal Information sales. However, you may change your mind and opt back in to Personal Information sales at any time by submitting a request via email to address.
Non-Discrimination: We will not treat you unfairly or differently for exercising any of your CCPA / CPRA rights. We will not:
- Refuse to provide you with goods or services
- Charge you different prices or rates for goods or services, including by providing discounts or imposing penalties
- Provide you with a different level or quality of goods or services, including denying you goods or services
- Suggest or imply that you may receive a different price, rate, level, or quality of goods or services
However, we/our affiliate may offer certain financial incentives that are permitted under CCPA / CPRA, which may result in different prices, rates, levels, or quality of goods or services. If we/they offer such an incentive, it will be reasonably related to the value of your Personal Information, and we/they will provide written terms that describe the incentives’s material aspects. To participate in a financial incentive program, you must give your prior opt-in consent, which you can withdraw at any time.
Civil Code 1798
California Civil Code Section § 1798.83 permits users that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. Please email any such request to firstname.lastname@example.org.