Privacy Policy
Effective Date: December 13, 2019
This Privacy Policy covers the collection, use, and disclosure of Personal Data/Personally Identifiable Information (as defined by applicable law and hereinafter collectively referred to as “Personal Data”) when visitors and Customers (collectively “Users”) interact in-person, by phone, or otherwise access lastmingear.com or lastminutegear.com (the “Site”) and/or the related mobile applications (collectively the “Platform”) and the software and services made available through the Platform, such as renting camping gear, snowsports apparel, or climbing gear.
The Platform is owned and operated by Catchbright, LLC doing business as Last Minute Gear with offices in the United States. This Policy governs the data collection practices when you interact with Last Minute Gear (hereinafter referred to as “LMG”). LMG collects Personal Data from its Users around the world and processes, transfers and stores data within the United States. By checking the “I consent to the Privacy Policy” box and subject to your opt-in/opt-out preferences, you consent to the collection, use and disclosure practices identified in this Privacy Policy.
All capitalized terms and phrases used herein but not otherwise defined shall have the same meanings given to them in LMG’s Terms of Service.
1. What Information is Collected by LMG And How Is It Used?
Customer Orders: When you initiate an Order, whether the Order is completed or not, and whether the order is to buy, rent, or borrow outdoor gear, or other services offered by LMG (e.g., gear set-up or repair services), LMG may request and store:
- Contact information: Customer phone & email
- Transactional Information: Information about Item(s), e.g., detailed product specifications of Item(s), condition of Item(s), oral and written statements about Item(s), before and after photos, etc.
- Credit or Debit Card Information: Address, and credit card numbers are collected to process payment. LMG does not store this information ourselves in our servers. We work with a third party provider, Stripe and/or Square (collectively, the "Card Processors"), and save only a token they provide back to us, in order to guarantee the security of your information (see Section 2).
Order-related information collected by LMG will be utilized to (i) fulfill an Order and/or (ii) assist in any dispute resolution. Emails will also be utilized to provide technical, service-related and marketing communications regarding our Services; and/or communicate material changes to our Terms of Service and Privacy Policy. Customers may unsubscribe from marketing communications at any time through the opt-out link contained within those communications or by contacting LMG at [email protected].
Subscribe to Mailing List or Request Additional Information: Users may optionally provide their email address to subscribe to our mailing list or to request additional information regarding our products and services. All Users may unsubscribe at any time through the opt-out link contained within those communications or by contacting LMG at [email protected].
Sweepstake Entries: When you participate in a LMG-sponsored sweepstakes, we will collect and store entrants’ names and emails. This information will be collected even if you initiate, but do not complete, a sweepstakes entry. Entrants may also optionally elect to opt-in to join our mailing list. Information collected will be used to notify potential winners and to maintain a winner’s list as required by applicable law. LMG is required to provide to any third party, upon request, the name of LMG sweepstakes winners.
Other interactions with LMG: Additionally, data may be collected and stored when you:
- Email, call, text, or interact with LMG and any of its representatives in person. We will collect your email & phone in order to respond to your customer service needs; and/or
- Voluntarily respond to surveys based on your experience with LMG. Information provided will be used to better improve our services. If we were to release any insights or analytics information from these surveys, we would report data only in its anonymous and aggregate form, without any personally identifiable information or reference to individual User.
IP Addresses, Web Beacons, & Cookies: When a User accesses the Site, our web servers recognize your IP address and certain other information about your computer. This is necessary to facilitate transactions, administer the web server, and track down problems. LMG utilizes web beacon & cookie technology to gather information on Internet use in order to serve Users more effectively. As described in Section 2, LMG also utilizes third party analytics services which may also use tracking cookies to provide information about the use of our Platform. Users can set their browser to remove or reject cookies and/or accept or refuse cookies on the cookie consent banner on the Site itself. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based aboutads.info/choices page or the European Union (“EU”) based Your Online Choices. Please be advised, however, that some Platform features/services may not function properly without cookies.
2. Is Information Collected By Or Disclosed To Third Parties?
LMG does not sell, trade, rent, or lease Personal Data to any third parties. LMG utilizes and shares Personal Data with the following data processors:
Hosting Services: LMG stores all data generated on or through the Platform on Heroku to facilitate its cloud hosting services. Users should click on the hyperlink for more information on its data collection and privacy practices.
Credit or Debit Card Payment: LMG utilizes Stripe & Square (collectively, "Card Processors") to process payments and other fees on the Site. LMG does not itself store debit or credit card information. We only collect this information, send it to Card Processors, and then they send us back a multi-use token that we store in our servers. This token is unique to a specific card with a specific merchant, and ensures only LMG can ever use the token to process subsequent transactions. LMG utilizes this feature for a customer's convenience so you do not have to re-enter credit card information. You should review Stripe’s Privacy Policy & Square's Privacy Policy for more detail about how your credit or debit card information will be stored and maintained.
Marketing Services: We use MailChimp & SendPulse as our marketing platforms for various marketing communications, such as our email newsletter. By subscribing, you acknowledge that your information will be transferred to these entities for processing. Learn more about MailChimp's privacy practices here, and SendPulse's practices here
Courier Services: LMG may use third party courier services to handle delivery or pickup of Customer Item(s). In order to utilize these services, LMG may release Customer contact information (e.g., email, phone, name) and addresses. We enter into contracts with such third parties regarding the services to ensure Personal Data is handled consistent with LMG’s Privacy Policy and applicable law.
Anonymous Data – MixPanel Analytics: LMG utilizes MixPanel for tracking user-driven events such as how much time Users spend within our Platform, trends over time, and aggregate results across accounts. This information will be utilized by LMG to improve our Services. MixPanel collects information in accordance with its Privacy Policy. Users can opt-out of MixPanel’s automatic retention of data collected by clicking here: MixPanel Opt-Out. If you get a new computer, install a new browser, erase or otherwise alter your browser's cookie file (including upgrading certain browsers) you may also clear the MixPanel opt-out cookie.
Sharing Services: Users may follow LMG and/or share information on social media sites such as Google, Facebook, Twitter, LinkedIn, Instagram, and Pinterest. Users who follow/share on such third party sites are subject to the data collection and privacy practices of such third party sites. Users should click on the applicable hyperlink for each share-service to review for more detail about information collected from these services. Users may choose to share information using social plug-ins provided by AddThis, their privacy policy is available here.
Third Party Services – Internal Use: We may share Personal Data with third parties who provide services on our behalf for purposes such as accounting, facilitating the exchange of data between LMG’s employees, internal reporting purposes, etc. We enter into contracts with such third parties regarding the services to ensure Personal Data is handled consistent with LMG’s Privacy Policy and applicable law.
Mandatory Disclosure of Sweepstakes Winner Information Upon Request: LMG is required, under applicable law, to provide to a list of winners’ names for of any LMG sponsored sweepstakes to any third party who requests identification of such winners.
Other Potential Third Party Disclosures: Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if LMG is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.
3. How Does LMG Comply With The Children’s Online Privacy Protection Act and GDPR Regulations Relating to Children?
Only persons age 18 or older are authorized to establish an account or initiate an order. We do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that his or her child (a) under the age of 16 in applicable EU Member Countries, or (b) under the age of 13 in the U.S. and applicable EU Member Countries, has provided us with Personal Data without parental consent, he or she should contact LMG at [email protected]. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s country of residence.
4. How Long Does LMG Retain Personal Data Collected?
We will retain account and order data as long as it is necessary to facilitate Customer’s use of the Platform and related services. Personal Data obtained from Site Visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a Visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as LMG determines such data is commercially necessary for it legitimate business interests.
5. EU General Data Protection Regulation (“GDPR”) Notices
Data Controller. The information that we collect, process and/or use through the Platform is controlled by Catchbright, LLC., 563 Sutter Street, San Francisco, CA 94102. Users may also contact us at any time by emailing us at [email protected].
We will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract for services with you), and “legitimate interests.” Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at [email protected].
Users within the EU may email LMG at [email protected] in order to exercise their GDPR rights to:
- Access, review, restrict processing of, or otherwise request erasure of your Personal Data;
- Obtain the identity of the source of any Personal Data collected;
- Request correction of any errors contained within your Personal Data;
- Request transfer your Personal Data to another service provider;
- Object to the manner in which your Personal Data is processed; or
- Lodge a complaint with a supervisory authority.
Where we rely on your consent to collect Personal Data, you may withdraw your consent either through the opt-out links provided in this Privacy Policy or through the contact information contained within this Section.
For all GDPR-based requests made pursuant to this section, LMG will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.
6. Transfer of Data to Servers in the United States
If you are located outside the United States and are visiting the Platform, you should be aware that Personal Data will be transferred to the United States, the laws of which may be deemed by your country of residence to have inadequate data protection. If you are located in a country outside the United States and voluntarily submit Personal Data to place an Order for any Item, such Personal Data shall be transferred to the United States for the legitimate interest of performing our contractual obligations to you. If you submit Personal Data to request information or subscribe to our newsletters, you explicitly consent to the general use of such information for marketing and informational purposes and to the transfer of that information to, and/or storage of that information in, the United States. All Personal Data transferred shall be collected and utilized in accordance with the terms of this Privacy Policy.
You may ask to review and correct the personal information that we maintain about you, or submit a complaint about our collection or use of your personal information, by sending a request to [email protected].
7. Your California Privacy Rights
California law permits California-resident to request and obtain from LMG once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
8. What is LMG’s Security Policy?
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. LMG utilizes activity logs to identify any unusual activity, from authorized or unauthorized individuals accessing our systems or making changes to stored information. We regularly perform preventative system maintenance and monitoring to ensure the security of our data systems. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.
In addition, LMG utilizes a PCI-DSS compliant third party payment processor to ensure the security of Customer’s Personal Data. Customers should review Stripe’s Privacy Policy & Square's Privacy Policy for more information on their security practices.
9. How Does The Platform Respond To “Do Not Track” Signals?
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-Platform user tracking. At present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.
10. How Will I Be Notified Of Changes To Your Privacy Policy?
If we make material changes to our Privacy Policy, we will notify you by (1) changing the Effective Date at the top of the Privacy Policy, (ii) sending an email to all active account holders, and (iii) add a banner/notification to the Platform itself. Express consent will be obtained when required for any material changes in LMG’s collection and use practices.
11. Contact Us
If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: LMG, Attention: Privacy Department, 563 Sutter Street, San Francisco, CA 94102 or at [email protected]