Last updated: November 18, 2021
This Policy is written in the English language. We do not guarantee the accuracy of any translated versions of this Policy. To the extent that any translated versions of this Policy conflict with the English language version, the English language version of this Policy shall control.
2. COLLECTION OF PERSONAL INFORMATION Information you provide to us. We collect information you provide to us when you create or modify your account; register to use our website, www.PicnicAllergy.com (the “Site”); purchase products or services from us; post comments or reviews on our Site; request information from us; contact customer support; or otherwise communicate with us.
Information we obtain indirectly. We may receive certain information about you through our third-party affiliates or partners and from other companies that provide us with such information as a part of their relationship with us, including Google Analytics and Hotjar.
3. CATEGORIES OF PERSONAL INFORMATION AND PURPOSE FOR COLLECTION Picnic only collects and processes the minimum amount of personal information from you necessary for purposes of our information processing activities, which includes the following categories of personal information: (1) contact information, including your name, address, email address, and telephone number; (2) authentication information, including the user name and password that you use to register an account on the Site; (3) financial information, including your debit or credit card number, its expiration date, and its security code, for payment processing purposes; (4) personal characteristics, including date of birth, photographs of your head and hair, and other information relevant to diagnosis and treatment, such as hair loss, lifestyle and general medical history; (5) comments, reviews, and suggestions; (6) personal preferences including product preferences, online preferences, and interests; (7) online behavior information including online activity, preferences, and time spent viewing features; and (8) IP address, mobile network information, or device information.
Picnic retains this information only if required to fulfill Picnic’s information processing activities. Additionally, any information sent by you to a doctor regarding your diagnosis or treatment is kept private and confidential. Our information processing activities include conducting our business, customer communications and support, user verification, payment processing, shipping, quality management services, Site maintenance and improvements, enforcing our legal rights, and complying with legal requirements. Where applicable, if Picnic intends to further process your personal information for a purpose other than that for which the personal information was initially collected, Picnic shall, prior to such processing, provide you with any relevant information on such additional purpose, and, to the extent required by applicable law, obtain your consent for this.
4. DISCLOSURE OF PERSONAL INFORMATION Picnic does not trade, rent, or sell your personal information to third parties.
We may share or disclose your personal information for the following limited purposes:
Healthcare Providers. We share your personal information with KMG Medical Group MO, PC, doctors, and relevant medical staff (“KMG”) to provide you with services related to your diagnosis and treatment. In addition to this Policy, our disclosure of your personal information to KMG is subject to KMG’s Notice of Privacy Practice Policy.
Vendors and Services Providers. We may provide information to third party vendors and service providers that perform services and functions on our behalf to help us operate and manage our Site, process orders, and fulfill and deliver products and services that you purchase from us. These vendors and service providers will have access to your personal information in order to provide these services, but when this occurs we implement reasonable contractual and technical protections to limit their use of that information to helping us provide our Service and support our interactions with you.
Your Consent to Have Your Personal Information Shared. In addition to the sharing described elsewhere in this Policy, we will share personal information with companies, organizations, or individuals outside of Picnic when we have your consent to do so.
Use of Non-Personal Information. In addition, where allowed by applicable law, we may use and disclose anonymized data or information that is not in a personally identifiable form for any purpose. If we combine information that is not in personally identifiable form with information that is identifiable (such as combining your name with your geographical location), we will treat the combined information as personal information as long as it is combined.
5. ACCESS TO YOUR INFORMATION AND CHOICES You can access and update certain information we have relating to your online account by signing into your account and going to the Account section of our Site. If you have questions about personal information we have about you or need to update your information, you can contact us online (PicnicAllergy.com/Contact) or call us at (205) 875-8432.
6. SECURITY OF YOUR INFORMATION We use industry standard physical, technical, and administrative security measures and safeguards to protect the confidentiality and security of your personal information. Please be advised, however, that while we take reasonable security measures to protect your personal information, such measures cannot be guaranteed to be secure. Picnic cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your personal information. Accordingly, it is your responsibility to protect the security of your login information, including your username and password. Additionally, please note that emails and other communications you send to us through our Site are not encrypted, and we strongly advise you not to communicate any confidential information through these means.
You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. You can also delete cookies or clear your cache, browser history, stored password, and other browser storage through your browser settings. However, some Site features or services may not function properly without cookies. Please keep in mind that your browser settings may not permit you to control the technologies utilized by third-party companies. If you would like more information about these practices, please click: http://optout.aboutads.info/#!/
Currently, our Site does not recognize if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads. If you would like more information about these practices, please click: http://optout.aboutads.info/#!/
9. CHILDREN’S PRIVACY If you are under the age of 18, please do not attempt to register with us at this Site, engage our Service, or provide any personal information about yourself to us. If we learn that we have collected personal information from someone under 18, we will promptly delete that information. If you believe we have collected personal information from someone under the age of 18, please contact us online (PicnicAllergy.com/Contact) or call us at (205) 875-8432.
10. SPECIAL NOTE TO CALIFORNIA RESIDENTS In compliance with California law, we provide California residents with certain information and access upon request (“Consumer Request”). This Policy outlines how California residents can request the information and what you can receive.
If you would like to submit a Consumer Request, you or your authorized agent can contact Picnic at email@example.com and (205) 875-8432. If you choose to submit a Consumer Request, you must provide us with enough information to identify you and enough specificity on the requested data. Picnic will only use the information it receives to respond to your request. Picnic will not be able to disclose information if it cannot verify that the person making the Consumer Request is the person about whom we collected information, or someone authorized to act on such person’s behalf.
“Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. “Personal information” does not include publicly available information.
A. Request to Access. You may submit a Consumer Request to obtain a copy of or access to the personal information that Picnic has collected on you.
B. Request to Correct Inaccurate Personal Information. You may submit a Consumer Request to correct inaccurate personal information. Keeps will use commercially reasonable efforts to comply with such request and correct inaccurate personal information.
C. Request to Know. You may submit a Consumer Request to receive information about Picnic’ data collection practices. You may request information on the categories of personal information (as defined by California law) Picnic has collected about you; the categories of data collection sources; Picnic’ business or commercial purpose for collecting or selling personal information; the categories of third parties with whom Picnic shares personal information, if any; and the specific pieces of personal information we have collected about you.
Please note that the categories of personal information and sources will not exceed what is contained in this Policy. Additionally, Picnic is not required to retain any information about you if it is only used for a one-time transaction and would not be maintained in the ordinary course of business. Picnic is also not required to reidentify personal information if it is not stored in that manner already, nor is it required to provide the personal information to you more than twice in a twelve-month period.
If you would like to know if Picnic has disclosed information about you to specific third parties, you may also email firstname.lastname@example.org to receive information about the categories of information that we disclosed to third parties for their direct marketing purposes. You may receive the names and addresses of those third parties, and you may request this information for the year prior to your request. Note that these particular requests may only be made once per calendar year. Additionally, please be aware that only sharing activities required by California law will be included in our response to your request.
D. Request to Delete. You may request that Picnic delete your personal information. Subject to certain exceptions set out below we will, on receipt of a verifiable Consumer Request, delete your personal information from our records and direct any service providers to do the same.
Please note that we may not delete your personal information if it is necessary to:
Picnic may not, and will not, treat you differently because of your Consumer Request or Opt-Out activity. Picnic may not and will not deny goods or services to you; charge different rates for goods or services; provide a different level of quality of goods or services; or suggest any of the preceding will occur. However, we can and may charge you a different rate, or provide a different level of quality, if the difference is reasonably related to the value provided by your personal information.Further, some Service functionality and features may change or become unavailable upon deletion or restriction on use of your personal information.
11. SPECIAL NOTICE FOR NEVADA RESIDENTS Picnic does not sell, rent, or lease your personally identifiable information to third parties. However, if you are a resident of Nevada and would like to submit a request not to sell your personally identifiable information, you may do so by emailing us at email@example.com.
12. LINKED SITES The Site may contain links to third-party owned or operated websites, including, without limitation, social media websites (each a “Linked Site”), as a convenient method of accessing information that may be useful or of interest to you. This Policy and the practices that we follow under this Policy do not apply to Linked Sites. We are not responsible for the content, accuracy, or opinions expressed on any Linked Site or for the privacy practices or security standards used by third parties on such Linked Sites. These Linked Sites have separate privacy and data collection practices, and we have no responsibility or liability relating to them.
Accordingly, if you use Linked Sites through our Site, to login to our Site, or to share information about your experience on our Site with others, these Linked Sites may be able to collect information about you, including information about your activity on our Site. In accordance with their own privacy policies, the Linked Sites may further notify your social media connections about your use of our Site.
You understand and agree that by clicking on a link to a Linked Site or using a Linked Site as described above, this Policy, as stated on the Site, is no longer in effect because you have either left our Site or used a Linked Site to interact with our Site.
13. USER CONTENT Some features of the Service may now or in the future allow you to provide content, such as written comments or reviews, to be published or displayed on public areas of the Site (“User Content”). Be careful about giving out information in public areas of the Service. The information you share in public areas may be read, collected, or used by any user of the Service. We cannot control the actions of other users of the Site with whom you may choose to share your User Content.
14. CONSENT TO PROCESSING OF PERSONAL DATA IN UNITED STATES This Site is intended for use only by residents of the United States. If you are a citizen of the European Economic Area (EEA) or other jurisdiction outside of the U.S., please note that in order to provide our Site, products, and services to you, we may send and store your personal information (also commonly referred to as personal data) outside of the EEA, including to the U.S. Accordingly, your personal information may be transferred outside of the country where you reside or are located, including to countries that may not or do not provide the same level of protection for your personal information. We are committed to protecting the privacy and confidentiality of personal information when it is transferred. Where such transfers occur, we take appropriate steps to provide the same level of protection for the processing carried out in any such countries as within the EEA to the extent feasible under applicable law. By using and accessing our Site, users who reside or are located in countries outside of the United States agree and consent to the transfer to and processing of personal information on servers located outside of the country where they reside, and that the protection of such information may be different than required under the laws of their residence or location.
16. QUESTIONS AND HOW TO CONTACT US If you have any questions, concerns, complaints, or suggestions regarding this Policy, please contact us online (PicnicAllergy.com/Contact), call us at (205) 875-8432, email us firstname.lastname@example.org, or writing us by US postal mail at the following address:
Thirty Madison Inc. 27 E 28th St, 12th Floor New York, NY 10016