When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, YouTube account and/or video details or other details to help you with your experience and deliver our services. We also collect other information upon submitting a form on our website including your IP address and device information for market research and fraud prevention.
Personal Data – any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person.
Data Subject – a natural person whose personal data is processed by a Data Controller.
Data Controller – the entity that determines the purposes, conditions, and means of the processing of personal data.
Consent – Any freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of the personal data by the user “Data Subject”.
Processing – any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
We collect information from you when you place an order, fill out a form or enter information on our site. We have implemented the Facebook Pixel to track marketing performance upon visiting our website.
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
To improve our website in order to better serve you.
To allow us to better service you in responding to your customer service requests.
To quickly process your transactions.
To ask for ratings and reviews of services or products.
To follow up with you after correspondence (live chat, email or phone inquiries)
To prevent payment fraud and assist payment with disputes.
We do not sell the information we store on you. We do share the following information:
Your YouTube video or channel link is shared with our partnered suppliers to deliver your services.
Your YouTube video or channel link, name, email address, order details, IP address, and data associated with your IP address is shared with Stripe to prevent fraud.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
We use an SSL certificate via GoDaddy to encrypt the transfer of data to our servers.
Credit Card and payment details are all completed on Cardinity’s servers
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
If users do not want to receive any emails from us then they have the option to opt-out from receiving any emails regarding new updates, promotions, newsletters etc. Users will have the option to not opt for newsletter subscription upon their visit to our website. Also, even after subscription if a user decides to opt-out he or she can simply opt-out by clicking to an unsubscribe button which would allow the users to unsubscribe at any time. Users can find this unsubscribe button on the footer of any email received from our official email address.
Furthermore, if users want to withdraw consent of receiving any emails from us then they would have to inform us directly by sending us an email in writing about their decision.
General Data Protection Regulation (GDPR) is introduced to harmonize and unify one data protection regulation among all European States. The purpose is to protect EU citizens from organizations that use their personal data irresponsibly and hence passed this regulation to bound organizations to maintain standards for the protection of user’s personal data by taking explicit consent from the users. We understand the importance of this regulation and thereby have drafted and revamped our policies to comply with it.
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: We will notify you via email within 72 hours.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
As per the nature of the business, it is required to keep the details of users. However, we do not sustain it for any personal gains. We will ask for consent from our clients to retain the information indefinitely or at least for 6 years. However, users will have the choice to ask for removing their data from our servers. Users can contact us through our contact form if they want us to remove their personal data from our website etc.
To request the data we store about you at any time please contact us via our contact form. We will be able to provide all the data stored about you from our GoDaddy databases, MailChimp email service, and ZenDesk support software within 48 hours of receiving your request. Please specify which data you would like to receive, or if you would like to see all data stored about you when contacting us.
To access the data stored by Facebook, CloudFlare, and Cardinity please contact them individually to request access to your data.
If you would like us to remove the data stored about you please contact us via our contact form. We will delete all data we store about you from our servers hosted on our GoDaddy databases and MailChimp email service within 48 hours.
We do not control the data collected or stored by Facebook, GoDaddy, Google and Stripe. You will need to contact them individually if you would like them to remove any data stored about you.
We have not faced any data breach or hacking until now. However, we will report any unlawful data breach of this website’s database to all the relevant individuals (users) and authorities within the prescribed time period 72 hours of the breach under GDPR, only if it is obvious that personal information or data stored in an identifiable manner has been stolen or breached.