Last Updated - March 23, 2022
This policy applies to information we collect:
- On the Service.
- In email, text, and other electronic messages between you and the Service.
- Through mobile and desktop applications you download, which provide dedicated non-browser-based interaction between you and this Service.
It does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by Company or any third party; or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from the Service.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Service. This policy may change from time to time. Your continued use of this Service after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
Information We Collect About You and How we Collect It
We collect several types of information from and about users of our Service, including information:
- By which you may be personally identified, such as name, e-mail address, cell phone number, or any other identifier by which you may be contacted online or offline ("personal information");
- That is about you but individually does not necessarily identify you, such as pictures, videos, texts, and other content you provide on the Service; and/or
- About your internet connection, the equipment you use to access our Service, and usage details.
We collect this information:
Directly from you when you provide it to us.
Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
From third parties, for example, our business partners.
Information you Provide to Us
The information we collect on or through our Service may include:
- Information that you provide by filling in forms on our Service, including information provided at the time of registration, when you post material, or when you request further services. We may also ask you for information when you report a problem with our Service.
- Records and copies of your correspondence (including text messages or email and email addresses), if you contact us.
User Contributions and Interactive Features. You also may provide information to be published or displayed (hereinafter, "posted") on shared areas of the Service such as a “Room” or a “Space,” or transmitted to other users of the Service or third parties at your request (collectively, "User Contributions"). Each Room or Space may contain interactive functionality that allows you to engage with other users on the Service, to post comments, view and upload photographs, provide User Contributions, and otherwise to interact with the Service and with other users. Your User Contributions are posted on and transmitted to others at your own risk. Although your User Contributions will be available only to other users with access to a Room or a Space or that you ask us to share with, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Service with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Metadata from User Contributions.We may also access, collect and use information about the User Contributions you upload, such as the photo metadata (time and location the photo was taken), information derived from computer vision such as easily recognizable landmarks, subject names and other publicly shared information. We collect this information about you and other individuals from the following third party sources: (a) third parties who license, sell or otherwise provide data they have collected; or (b) information from publicly available sources, such as via the Internet and social networks, including through public or licensed APIs. We do not collect data from webpages that have been designated (in a standards-based way) as private. We use this information to generate and deliver reflections as part of the Service.
Information We Collect Through Automatic Data Collection Technologies
When you visit our Service, some information is collected automatically, such as your browser's Internet Protocol (IP) address, your browser type, the nature of the device from which you are visiting the Service (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, the Service that you visited immediately prior to accessing the Service, the actions you take on the Service, and the content, features, and activities that you access and participate in our Service. We may access, collect, monitor and/or remotely store "location data," which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device to provide certain features of the Service. You will always have the option to disable location-based services. We also may collect information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message.
We may collect this information passively using technologies such as standard server logs, cookies, and clear GIFs (also known as "Web beacons"). We use passively-collected information to administer, operate, and improve the Service and our other services and systems. If we link or associate any information gathered through passive means with personal information, or if applicable laws require us to treat any information gathered through passive means as personal information, we treat the combined information as personal information under this Policy. Otherwise, we use and disclose information collected by passive means in aggregate form or otherwise in a non-personally identifiable form.
This information helps us to improve our Service and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Service according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Service.
Use of Your Information
We collect and use your personal information to provide you with our Service, to fulfill a contractual obligation, to improve our Services or where we need your personal information for a legitimate business interest. We will only use your personal data for certain legitimate interests and only where we have a lawful basis to do so. These legitimate interests include:
- verifying your or your business’ identity
- preventing risk and fraud
- answering questions or providing other types of support
- providing, securing, debugging, and improving our Services and website
- providing reporting and analytics
- testing out features or additional services
- assisting with marketing, advertising, or other communications
- understanding your needs and eligibility for products and services
- complying with legal and regulatory requirements
We may also collect and use your personal information for any other purpose to which you consent. We only collect the personal information we consider necessary for achieving these purposes.
We may use information that is aggregated or de-identified so that it is no longer reasonably associated with an identified or identifiable natural person for any business purpose.
We may also use your personally identifiable information to inform you of other products or services available from Lalo.
Disclosure of Your Information and User Contributions
Except as described in this Policy, we will not disclose your personal information that we collect on the Service to third parties without your consent. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
With other Users in a Room or Space
By default, all User Contributions posted to a shared Room or Space is made available to other users with access to that Room or Space. Please keep in mind that anything you share privately with another user, whether through a Room or Space or elsewhere, may be posted publicly or otherwise copied or stored even after it has been removed from the Service. As a result, we cannot warrant or guarantee that any User Contributions (including any personally identifiable information contained within such User Contributions) that you provide on and in connection with the Service will not be accessed, viewed, or used by unauthorized persons.
We may disclose information to third-party service providers (e.g., data storage and processing facilities) that we use to support our business, who are required by contractual obligations with us to keep personal information confidential and only use it for the purposes for which we disclose it to them.
Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which user information is transferred to one or more third parties as one of our business assets.
To Protect our Interests
We also disclose information about users if we believe that doing so is legally required, or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others, or otherwise to help protect the safety or security of our Service and other users of the Service.
Your Choices Regarding The Information We Collect
You may choose to:
- Update and correct your personal information
- Object to the processing of your personal information
- Request to have your personal information or usage data deleted or restricted from our Service
- Request for portability of your personal information
- Cancel your account
To do any of these, simply notify us of this decision by one of these methods:
- Follow the unsubscribe link in any marketing email or following the directions included in any other promotional material received from Lalo.
- Send an email to us at email@example.com
Right to Deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
- Delete your personal information from our records; and
- Direct any service providers to delete your personal information from their records.
Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:
- Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- Debug to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
- Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
- Comply with an existing legal obligation; or
- Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
We will retain your profile information and usage data for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. If you close your account, we may still retain certain information associated with your account for analytical purposes and recordkeeping integrity, as well as to prevent fraud, collect any fees owed, enforce our terms and conditions, take actions we deem necessary to protect the integrity of our web site or our Users, or take other actions otherwise permitted by law. Deactivating your account does not automatically delete your account or usage data from our database, but regardless of any retention policy we will make reasonable efforts to enable you to delete your profile and personally identifiable information from our database upon request.
Text or Email Communications
If you receive text messages from us, you may unsubscribe at any time by texting us the message "HELP" or "STOP". You may also opt-out from receiving emails and other communications from us by following the "unsubscribe" instructions in the email, by sending your request to us by e-mail at firstname.lastname@example.org or by writing to us at the address given at the end of this policy.
Tracking Technologies and Advertising.
NOTICE TO CALIFORNIA RESIDENTS
For more details about the personal information, we collect from you, please see the “Collection of Your Personal Information” section above. We collect this information for the business and commercial purposes described in the “Use of Your Personal Information” section above. We share this information with the categories of third parties described in the “Sharing of Your Personal Information” section above. Lalo does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out).
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights. Please see the “Your Choices Regarding Your Personal Information” section above or contact us at email@example.com
for more information about these rights or to exercise these rights.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org
Children Under the age of 16
Children's safety is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Service is not directed to and should not be used by children under the age of 16, and we do not knowingly collect personal information from children under the age of 16. If we learn that we have collected personal information from a child under the age of 13 on our Service, we will delete that information as quickly as possible. If you believe that we may have collected any such personal information on our Service, please notify us at email@example.com
Our servers and data centers are located in the United States. If you choose to use the Service from outside the U.S., then you should know that you are transferring your information outside of your region and into the U.S. for storage and processing. By providing your information to us through your use of the Service, you agree to that transfer, storage, and processing in the U.S. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. You should know that each region can have its own privacy and data security laws, some of which may be less stringent as compared to those of your own region.
We use reasonable security measures that are designed to protect your personal information from accidental loss, disclosure, misuse, and destruction. Please be aware, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.
Updates to this Policy
We may occasionally update this Policy. When we do, we will also revise the "last updated" date at the beginning of this Policy. Your continued use of our Service after such changes will be subject to the then-current policy. We encourage you to periodically review this Policy to stay informed about how we collect, use, and disclose our user’s personal information.
If you have any questions or comments about this Policy, please contact us using the following contact information: firstname.lastname@example.org
EUROPEAN UNION & BRAZILIAN
DATA PROTECTION LAWS – PRIVACY NOTICE
- (a) you are established in the European Union (“EU”);
- (b) you provide goods or services to customers in the EU or Brazil; or
- (c) you are otherwise subject to the requirements of the EU General Data Protection Regulation (“GDPR”) or the Brazilian Lei Geral de Proteção de Dados (LGPD);
then Lalo’s processing on your behalf of personal data which is within the territorial scope of the GDPR and LGPD is also subject to the following rules. All defined terms not otherwise defined herewith shall be interpreted in accordance with the GDPR and LGPD.
You acknowledge that, for the purposes of the GDPR and LGPD, Lalo is a Processor, and you are the Controller of the Personal Data of you and, for Brands, your customers, for the purpose of it providing the services. Lalo may share the Personal Data with its agents or subcontractors or affiliates or other third-party service providers for the sole purpose of providing or improving the services. In relation to any Personal Data which is within the territorial scope of the GDPR and LGPD provided by you to Lalo:
- You warrant, undertake, and confirm that you have grounds for sharing the Personal Data with Lalo as envisaged;
- You process and control the Personal Data in compliance with all applicable laws;
- You consent to its use, and you have obtained any necessary consents from the receiver of the goods (your customer) as required under the GDPR to pass to Lalo the details required to complete the services requested, including but not limited to name, address, email address, mobile telephone number, and contents of package;
- You have made your customers aware that such details may be used by Lalo to enhance the delivery process for your customers and it may use notifications and geodata for that purpose. This may involve Lalo sharing such details with limited third parties’ data processors, for the purpose of completing the requested services; and
- Personal Data of EU Data Subjects that originates in the EU will as part of providing the services be transferred to other regions, including the United States, subject to the data transfer mechanisms provided for in Chapter V of the GDPR.
- Lalo retains the Personal Data processed on behalf of our Customers which is within the territorial scope of the GDPR and LGPD subject to the requests of our Customers, the contractual and regulatory obligations to the USPS, our other partners, other legal requirements, and our retention schedule.
Processing by Lalo of Personal Data
To the extent that Lalo, in the course of its provision of services to you under these terms of service, processes on your behalf personal data, which is within the territorial scope of the GDPR and LGPD, Lalo will:
- a. Process the Personal Data as a Data Processor, only for the purpose of providing the services in accordance with documented instructions from you (provided that such instructions are commensurate with the functionalities of the services), and as may subsequently be agreed to by you. If Lalo is required by law to Process the Personal Data for any other purpose, Lalo will provide you with prior notice of this requirement, unless Lalo is prohibited by law from providing such notice;
- b. Ensure that Lalo’s personnel who access the Personal Data are subject to confidentiality obligations that restrict their ability to disclose Personal Data;
- c. Notify you if, in Lalo’s opinion, your instruction for the processing of Personal Data infringes the GDPR or LGPD;
- d. Notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Data Subject or Supervisory Authority relating to Lalo’s Processing of the Personal Data;
- e. Implement and maintain appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration, or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage, or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected;
- f. Notify you promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data and, at your cost and request, assist you with the notification of such incidents to data protection supervisory authorities and the persons whose data is affected, where required by the GDPR or LGPD;
- g. Taking into account the nature of Lalo’s processing activities and at your cost and request, assist you, insofar as this is possible, to fulfill your obligations to respond to requests made by Data Subjects in relation to their rights under Data Protection Laws;
- h. Taking into account the nature of Lalo’s processing activities and at your cost and request, assist you to fulfill your obligations to conduct data protection impact assessments and consult with data protection supervisory authorities in relation to such assessments, where required by the GDPR or LGPD;
- i. At your choice and cost, delete or return all the Personal Data to you on termination of this service agreement, and delete existing copies of such data unless Lalo is subject to a legal requirement under European Union or Member State law to retain such data beyond such term;
- j. At your cost and request, make available to you all information reasonably necessary to demonstrate Lalo’s compliance with its obligations under (a) through (i) above and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you, but in each case only in relation to the Personal Data processed on your behalf by Lalo in the course of its provision of services under these terms of service.
In the course of providing the services, you acknowledge and agree that Lalo may use subprocessors to Process the Personal Data. Lalo’s use of any specific subprocessor to process the Personal Data must be in compliance with the GDPR and must be governed by a contract between Lalo and subprocessor, which binds the subprocessor to comply with the same data protection obligations as contained in this section. Lalo will inform you of any intended changes concerning the addition or replacement of such subprocessors, thereby giving you the opportunity to object to such changes.
You agree to fully indemnify Lalo, for any costs, fees, fines, and professional fees incurred due to a breach by you of the provisions of this section.
Lawful Basis for Processing
Please see “Collection of Personal Information” for more information on the data collected by Lalo.
For the following categories our lawful basis for this use of your personal data is performing our contract with you:
- Personally identifiable information such as your name, email address, postal address, and telephone number.
- Financial information, such as your zip code and the last four digits of your credit card;
- Sensitive information such as your job title, date of birth, and tax number;
- Feedback and correspondence, such as information you report a problem with Service, receive support or otherwise correspond with us.
For the following categories our lawful basis for this use of your personal data is your consent:
- Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our websites to which a User browsed, and the time spent on those pages or features, the frequency with which the websites are used by a User, search terms, the links on our websites that a User clicked on or used, and other statistics;
Data Protection Officer
Lalo is headquartered in Seattle, Washington State, USA. We have appointed a data protection officer for you to contact if you have any questions or concerns about your personal data. Our data protection officer can be contacted at:
DPO@lalo.app or by writing to:
Data Protection Officer
Lalo Services Inc.
19419 109th Ct NE
Bothell, WA 98011
©2022 Lalo Services, Inc. All Rights Reserved.