Effective Date/Last Reviewed Date: 8/26/2022

Introduction Tuck Shop (“We, “Us,” or “Our”) values your privacy and wants you to be familiar with how we collect, disclose, or otherwise use (“Process”) any information that we collect about you. This Privacy Policy (“Privacy Policy”) describes our practices in connection with information that we collect through our Websites, social media pages we control (“Social Media Pages”), and applications we make valuable for use on or through computers or your mobile devices, that link to this Privacy Notice, and through any of our offline business uses, such as when you provide information on the phone via our call centers or in person (“Business Activities”; collectively, including the Websites, Apps, Social Media Pages, and Business Activities, the “Services”).

California Residents, please see section below.

Information We Collect We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal Information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded is personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

1. In particular, we have collected the following categories of Personal Information from our customers within the last twelve (12) months:

• Name and Signature • Telephone number(s) • Postal address (including your billing and shipping addresses)
• Online identifier, IP address, device ID, email address and internet click activity on our Site. Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Communication, product, service or other preferences.
• Products or services purchased, obtained, or considered. Purchasing or consuming histories or tendencies.

2. We may collect information from you when you interact with us such as when you:

• Register for, subscribe to, use, or make a payment for a product or service • Contact us with a question or request
• Use our Webservices or services
• Provide a testimonial or story, or post or submit a photo, review, or comment
• Provide feedback or participate in a survey
• Participate in any loyalty or other programs
• “Like”, “Follow” or otherwise connect with or post to one of our social media accounts or pages
• Provide goods or services to us (for example, as a vendor or contractor)

3. Other information we collect about you:

• Cookies: Our Services may use “cookies” and similar technologies (collectively, “Cookies”). Cookies are small text files this Site sends to your computer for recordkeeping purposes; this information is stored in a file on your computer’s hard drive. Cookies may be either “persistent” or “temporary” (or “session”) cookies. A persistent cookie retains user preferences for a particular site allowing those preferences to be used in future browsing sessions and remains valid until its set expiry date (unless deleted by the user before the expiry date). A temporary cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies make web surfing and browsing easier for you by saving your preferences so we can use these to improve your next visit to our Site. This includes purposes such as saving login details.

Cookies are also used for statistical or marketing purposes, to determine how the Website is used. These cookies are provided by us or by third parties (e.g., advertising partners). While we do not control or have access to the advertiser cookies, we do permit them to be used on this Site to facilitate tailored advertising and monitor patterns of buying specific goods or interest in – for example, holidays or hobbies. These cookies run advertisements tailored to the user based on your online buying habits.

• Pixels, Beacons: We, Providers, or third party ad servers, including Facebook, may use cookies or invisible pixels or beacons on our Site to count how many users visit certain pages or take certain actions to collect or receive information from our Site and elsewhere on the Internet. We may use this information to improve our marketing programs and content, and to target advertisements on our Site and/or on other sites.

• Mobile Devices: When you use or access our Web Services from a mobile device, we may collect information such as your unique device ID and your location.

• Internet Based Advertising: We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use our Web Services, based on information relating to your access and use of our Web Services and Site as well as information received from third parties. To do so, these companies may place or recognize a unique cookie on your browser (including through the use of pixel tags). They may also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop.

• Other Data: We, our Providers, and other third-party service providers may use a variety of technologies that automatically collect information about your interaction with our Web Services so that we can quantify user interaction and traffic with our Site and Web Services.

How We Use Your Information: We may use or process your personal information in connection with any of the following:

1. Completing or conducting business with you, including (but not limited to):

• Sending information to you regarding your reservation, services, or products you may be receiving or seek to receive
• Fulfilling any purchases or requests for services

2. For our legitimate business interest, including (but not limited to):

• Personalizing your experience on the Services by presenting products and offers tailored to you
• Carrying out data analysis, audits, fraud monitoring and prevention, internal quality assurance, developing new products, enhancing, improving or modifying our services or Web Services, identifying usage trends, auditing use and functionality of our Services or Web Services, helping enforce compliance with our Terms and Conditions of Use, helping protect our Services or Web Services, determining the effectiveness of our promotional campaigns and operating and expanding our business activities
• Facilitating social sharing functionalities of your social media account(s)
• Subject to your marketing preferences (which may include consent to marketing under applicable law), sending you newsletters or marketing communications we believe may interest you, for our own products and services, and on behalf of our Affiliates or selected third parties, in accordance with applicable law.
• Allowing you to send messages to another potential user of our Web Services.

3. In accordance with any consent you may have provided. You have the right to decline to provide your consent and, if consent is provided, to withdraw it at any time.

4. As necessary or appropriate for legal reasons, including, but not limited to:

• Under applicable law
• Complying with legal process
• Responding to requests from public and government authorities
• Enforcing our Terms and Conditions of Use in connection with our services and Web Services
• Protecting our operations or those of any of our affiliates or other third parties or Providers
• Protecting our rights, privacy, safety or property, or that of our affiliates, you, or other third parties or Providers
• Allowing us to pursue available remedies or limit damages we, our affiliates, Providers, or other third parties, may sustain

To Whom We May Disclose your Information:

1. Our Affiliates: We may disclose your Personal Information to any other entity that is directly or indirectly controlled by, or under common control with us (“affiliates”) for the purposes described in this Privacy Notice, including under the title “Why and How We Use your Information,” unless otherwise prohibited by law or other agreement.

2. Vendors, Providers, and other Service Providers: We may disclose your Personal Information to vendors and service providers we retain in connection with our business such as: add-on services providers or companies, activity or experience service providers, financial services companies, website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, credit card processing, tax and financial advisers, legal advisers, accountants, auditing services or others.

3. Business Partners, Sponsors, and Other Third Parties: We may disclose your Personal Information to business partners, co-sponsors of promotions, and other third parties in order to provide you with services that may interest you.

4. Change in Control: We may disclose your Personal Information to a third party in connection with any change in control of any part of our business or the business of any of our affiliates, including, without limitation, merger, consolidation, divestiture, spin-off, purchase of all or a substantial portion of our assets, dissolution, liquidation, administration, receivership or other form of insolvency.

5. Disclosure Permitted by Law: We may disclose your Personal Information to law enforcement authorities, government or public agencies or officials, regulators, and/or to any other person or entity having appropriate legal authority or justification for receipt of your information, if required or permitted to do so by law or legal process, to respond to claims, or to protect our rights, interests, privacy, property or safety, and/or that of our affiliates, you or other third parties.

How we Safeguard your Information:

We take reasonable measures to protect information you provide to use from loss, misuse, unauthorized access, or disclosure. However, unfortunately, no security measure is fully secure online; and therefore, we cannot guarantee or ensure the security of the information you provide to us through the services we provide or through the use of our Web Services.

Other Information:

• If you provide us information about someone else, please make sure you have that person’s permission to provide it to us.
• We have no control over websites that are not operated by us and how these websites may collect your information. As a result, we do not accept liability for the practices, policies and security measures implemented on these websites. Please read the privacy policies for these other websites before you submit any information through them.
• From time to time, we will amend or supplement this Privacy Policy.
• We do not knowingly collect or maintain the personal information of minors.
• We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.
• We are not responsible for the collection, usage, practices, and disclosure policies (including data security) of other organizations, such as Instagram, Facebook, Apple, Google, Microsoft, Twitter, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages. Any posts you make on any of our social media pages may be available to others or the general public. Never include sensitive personal, financial, or other confidential information such as your social security number, credit card information, address, phone number or email address when posting or commenting online. Please refer to the privacy policies of our social media partners when you interact with them online.

Your Choices and Rights:

1. Withdrawal or Amendment. Changes to your Marketing Preferences: You can change your marketing preferences by withdrawing you consent, changing your contact information, or adjusting the cookies policy available on the Site.

2. Obtain Your Information. In accordance with applicable law, you may access the Personal Information we Process about you. Any request to access or obtain copies of your Personal Information must be made in writing by contacting us as set forth under “Contact Us” below.

3. Correcting your Information: We will take reasonable steps to ensure the accuracy of the Personal Information we retain about you. It is your responsibility to ensure you submit true, accurate, and complete information to us, and timely update us in the event this information changes. You may request that any inaccurate or incomplete Personal Information held by us or on our behalf is corrected, by contacting us as set forth under “Contact Us” below.

4. Objecting to Our Processing of Information: If you would like us to stop the processing of your Personal Information, you can request this by contacting us as set forth under “Contact Us” below. We will then determine, under applicable law, whether we have any justification for the continued processing of your Personal Information.

5. Transferring your Information: Under certain circumstances, you may receive your Personal Information in a format that allows you to send it or transfer it to another company.

6. Deleting your Information: Under certain circumstances, you may request we delete Personal Information we hold about you by contacting us as set forth under “Contact Us” below. We will assess your request and determine, under applicable law, whether we are required to delete this information.

Contact Us:

Email: hello@shoptuckshop.com


Your California Rights:

This Privacy Policy for California Residents supplements the information contained in Tuck Shop’s Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”).

1. Shine the Light Law: If you are a resident of California, California Civil Code Section 1798.83 allows you to request information regarding the Personal Information we collected and third parties to whom we disclosed your Personal Information for the third parties’ direct marketing purposes during the preceding calendar year. To send this request, you may contact us contact us below at “Contact Us.”

2. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), to the extent is applicable to us, and any terms defined in the CCPA have the same meaning when used in this Policy.

• The Categories of Personal Information We Collect and Why they are Collected. Generally, we may collect the following categories of Personal Information about you for the following purposes:

We may obtain the categories of personal information listed above from the following categories of sources:

• Directly from you. For example, from forms you complete or products and services you purchase.
• Indirectly from you. For example, from observing your actions on our Site.
• Public databases, joint marketing partners, data firms, social media platforms, from people with whom you are friends or otherwise connected on social media platforms, as well as from other third parties.

Use of Personal Information We may use, sell, or disclose the personal information we collect for one or more of the following purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request room rates, services, or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
• To provide, support, personalize, and develop our Site, products, and services.
• Auditing the interaction with you and your concurrent transactions, including counting ad impressions and verifying quality of ad impressions.
• Debugging.
• Transient use, where your information is used to build a profile or otherwise alter a guest’s experience outside the current interaction.
• To create, maintain, customize, and secure your account with us.
• To process your requests, purchases, transactions, and payments and prevent transactional fraud.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• To personalize your Site experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Site, third-party sites, and via email or text message (with your consent, where required by law).
• To help maintain the safety, security, and integrity of our Site, products and services, databases and other technology assets, and business.
• For testing, research, analysis, and product development, including to develop and improve our Site, products, and services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• To manage and respond to employee and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties
• As described to you when collecting your personal information or as otherwise set forth in the CCPA, to the extent it is applicable to us.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Site users/consumers is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.

Your Rights and Choices

The CCPA, to the extent it is applicable to us, provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

1. Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: • sales, identifying the personal information categories that each category of recipient purchased; and • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
• The specific pieces of personal information we collected about you (also called a data portability request).

2. Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.

2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

3. Debug products to identify and repair errors that impair existing intended functionality.

4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

8. Comply with a legal obligation.

9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

3. Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by either:

• Emailing us at hello@shoptuckshop.com

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.

You may also make a request to know or delete on behalf of your child. You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include providing two specific pieces of personal information including recently purchased items, the dollar amounts of purchases, etc. For a minor, you will be asked to sign a consent form, and may be required to produce government-issued identification.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

For instructions on exercising your sale opt-out or opt-in rights, see Section 4 below.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact hello@shoptuckshop.com.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

4. Personal Information Sales Opt-Out and Opt-In Rights

If you are age 16 or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years old, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 15 years old, or the parent or guardian of a consumer less than 13 years old. Consumers who opt-in to personal information sales may opt-out of future sales at any time.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing us at hello@shoptuckshop.com.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by emailing us at hello@shoptuckshop.com.

You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

5. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, to the extent such rights apply. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

6. Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to hello@shoptuckshop.com.

7. Changes to Our Privacy Policy

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Site following the posting of changes constitutes your acceptance of such changes.

8. Contact Information

If you have any questions or comments about this notice, the ways in which Tuck Shop collects and uses your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: hello@shoptuckshop.com