Effective Date: December 13, 2019
All capitalized terms and phrases used herein but not otherwise defined shall have the same meanings given to them in LMG’s Terms of Service.
1. What Information is Collected by LMG And How Is It Used?
Customer Orders: When you initiate an Order, whether the Order is completed or not, and whether the order is to buy, rent, or borrow outdoor gear, or other services offered by LMG (e.g., gear set-up or repair services), LMG may request and store:
- Contact information: Customer phone & email
- Transactional Information: Information about Item(s), e.g., detailed product specifications of Item(s), condition of Item(s), oral and written statements about Item(s), before and after photos, etc.
- Credit or Debit Card Information: Address, and credit card numbers are collected to process payment. LMG does not store this information ourselves in our servers. We work with a third party provider, Stripe and/or Square (collectively, the "Card Processors"), and save only a token they provide back to us, in order to guarantee the security of your information (see Section 2).
Subscribe to Mailing List or Request Additional Information: Users may optionally provide their email address to subscribe to our mailing list or to request additional information regarding our products and services. All Users may unsubscribe at any time through the opt-out link contained within those communications or by contacting LMG at [email protected].
Sweepstake Entries: When you participate in a LMG-sponsored sweepstakes, we will collect and store entrants’ names and emails. This information will be collected even if you initiate, but do not complete, a sweepstakes entry. Entrants may also optionally elect to opt-in to join our mailing list. Information collected will be used to notify potential winners and to maintain a winner’s list as required by applicable law. LMG is required to provide to any third party, upon request, the name of LMG sweepstakes winners.
Other interactions with LMG: Additionally, data may be collected and stored when you:
- Email, call, text, or interact with LMG and any of its representatives in person. We will collect your email & phone in order to respond to your customer service needs; and/or
- Voluntarily respond to surveys based on your experience with LMG. Information provided will be used to better improve our services. If we were to release any insights or analytics information from these surveys, we would report data only in its anonymous and aggregate form, without any personally identifiable information or reference to individual User.
2. Is Information Collected By Or Disclosed To Third Parties?
LMG does not sell, trade, rent, or lease Personal Data to any third parties. LMG utilizes and shares Personal Data with the following data processors:
Hosting Services: LMG stores all data generated on or through the Platform on Heroku to facilitate its cloud hosting services. Users should click on the hyperlink for more information on its data collection and privacy practices.
Marketing Services: We use MailChimp & SendPulse as our marketing platforms for various marketing communications, such as our email newsletter. By subscribing, you acknowledge that your information will be transferred to these entities for processing. Learn more about MailChimp's privacy practices here, and SendPulse's practices here
Mandatory Disclosure of Sweepstakes Winner Information Upon Request: LMG is required, under applicable law, to provide to a list of winners’ names for of any LMG sponsored sweepstakes to any third party who requests identification of such winners.
Other Potential Third Party Disclosures: Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if LMG is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.
3. How Does LMG Comply With The Children’s Online Privacy Protection Act and GDPR Regulations Relating to Children?
Only persons age 18 or older are authorized to establish an account or initiate an order. We do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that his or her child (a) under the age of 16 in applicable EU Member Countries, or (b) under the age of 13 in the U.S. and applicable EU Member Countries, has provided us with Personal Data without parental consent, he or she should contact LMG at [email protected]. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s country of residence.
4. How Long Does LMG Retain Personal Data Collected?
We will retain account and order data as long as it is necessary to facilitate Customer’s use of the Platform and related services. Personal Data obtained from Site Visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a Visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as LMG determines such data is commercially necessary for it legitimate business interests.
5. EU General Data Protection Regulation (“GDPR”) Notices
Data Controller. The information that we collect, process and/or use through the Platform is controlled by Catchbright, LLC., 563 Sutter Street, San Francisco, CA 94102. Users may also contact us at any time by emailing us at [email protected].
We will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract for services with you), and “legitimate interests.” Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at [email protected].
Users within the EU may email LMG at [email protected] in order to exercise their GDPR rights to:
- Access, review, restrict processing of, or otherwise request erasure of your Personal Data;
- Obtain the identity of the source of any Personal Data collected;
- Request correction of any errors contained within your Personal Data;
- Request transfer your Personal Data to another service provider;
- Object to the manner in which your Personal Data is processed; or
- Lodge a complaint with a supervisory authority.
For all GDPR-based requests made pursuant to this section, LMG will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.
6. Transfer of Data to Servers in the United States
You may ask to review and correct the personal information that we maintain about you, or submit a complaint about our collection or use of your personal information, by sending a request to [email protected].
7. Your California Privacy Rights
California law permits California-resident to request and obtain from LMG once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
8. What is LMG’s Security Policy?
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. LMG utilizes activity logs to identify any unusual activity, from authorized or unauthorized individuals accessing our systems or making changes to stored information. We regularly perform preventative system maintenance and monitoring to ensure the security of our data systems. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.
9. How Does The Platform Respond To “Do Not Track” Signals?
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-Platform user tracking. At present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.
11. Contact Us
If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: LMG, Attention: Privacy Department, 563 Sutter Street, San Francisco, CA 94102 or at [email protected]