This Privacy Notice has been updated in order to comply with the new Colorado and Connecticut privacy laws that took effect on July 1, 2023 and the new Utah privacy law that will take effect on December 31, 2023. These 3 states, as well as California and Virginia, which privacy laws took effect earlier, require additional information regarding our privacy practices and your privacy rights. Depending on whether you are a resident of those states, we provide you additional notices about our privacy practices and your privacy rights as a consumer under sections 11, 12 and 13 below.

Last Updated: January 9, 2024

This Privacy Notice (“Privacy Notice” or “Notice”) describes how we collect, use, share, manage or disclose or generally process your personal information as a visitor or customer when you visit or use our websites, mobile apps, applications, digital services, or any related products, services, sites, features or functionalities (each a “Service“, collectively the “Services“) that link to this Privacy Notice, and how Leaf Group collects, uses, shares, processes and manages your personal information.

We collect and use your personal information and in accordance with applicable data protection and privacy laws (“Data Protection Laws“), to keep it secure and recognize and respect your privacy rights. We have included below specific provisions relevant to users in different regions.

We use the terms “personal data” and “personal information” interchangeably in this Privacy Notice, and they mean any information about a living individual from which that individual can be identified. By “processing”, we refer to any operation or set of operations performed upon personal data, which means anything that is done to, or with, personal data, including simply collecting, using, storing or deleting those data, but also organizing, structuring, altering, combining with other data, transmitting or disseminating.

It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your personal information. This Privacy Notice supplements any other notices and privacy policies and is not intended to override them. By using the Services, you acknowledge that you have read this Privacy Notice and you understand how we collect, share or generally process your personal data and what your privacy rights are, as described in this Notice.

Where our Services may include third-party content and links to other third-party websites, we are not responsible for the privacy practices or the content of these third-party websites. You are encouraged to review the privacy policies of the different websites that you visit.

1. Our Details and How To Contact Us

Leaf Group Ltd., or one of its wholly-owned subsidiaries/affiliates, including Society6, LLC, Saatchi Online, Inc., Deny Designs LLC, Other Art Fairs, LLC, Other Art Fairs Ltd. and Other Art Fairs Australia Pty. Ltd., is the controller of your personal data as it relates to this Privacy Notice — including for the purposes of UK and EU data protection legislation. When we use the terms “Leaf Group”, “we”, “us”, or “our” in this Privacy Notice, we are referring to the relevant company that is responsible for processing your personal data in the applicable context. This Privacy Notice does not apply to personal data that Leaf Group processes solely on behalf of another organization.

If you have any questions about this Privacy Notice or our processing activities, you can contact us via the details below. If you wish to exercise any of your privacy rights, please use the appropriate web form linked in Sections 10, 11, 12 or 13, as applicable.

 

 

Controller name

Email address

Mailing address

Leaf Group Ltd. d/b/a “World of Good Brands”.

All users (UK and EU users included): privacy@worldofgoodbrands.com

All users:

Attn: Legal Department

1655 26th Street – Santa Monica, CA 90404 – UNITED STATES

UK users may also contact us at:

4th Floor, 15 D’Arblay Street, London, W1F 8DZ – UNITED KINGDOM

2. Personal Information that We Collect from You

Account Data You Directly and Voluntarily Provide to Us. We collect and process some or all of the following personal information you make available to us if you register, download or use the Services, enroll in our mailing lists or text message campaigns, interact with customer support, or otherwise communicate with us through the Services:

  • Name
  • Email Address
  • Mailing Address
  • Phone Number
  • Date of birth
  • Username
  • Password
  • Other Registration Information
  • Sex (gender identity) and age (whenever you may be asked to subscribe to newsletters or respond to surveys on some of our websites)
  • Customer Support or Technical Information you provide when you contact us with questions about your use of the Services or ask to be contacted by us directly
  • Other information you may provide to us through promotions or surveys

Personal Contacts. In some cases, and with your consent, we collect personal information that you provide about others, including first and last name, email address, and phone number of your personal contacts, such as when you send your contacts benefits, coupons, or discounts. We will use the information you provide to fulfill your requests, including (if applicable) sending them a text message, and we will not send marketing communications to your contacts unless they have a separate relationship with us and have affirmatively consented to receive such communications. Such functionality is implemented in all jurisdictions where legally permissible. By using this functionality, you acknowledge and agree that both you and your contacts are based in jurisdictions where it is legally permissible and that you have your contacts’ consent for us to use their contact information to fulfill your request.

Public Data You Post Through the Services. If you post information on your user profile or other public areas of the Services, such as reviews, comments, and user content, that information may be collected and used by us, other users of the Services, and the public generally. We strongly recommend that you do not post any information through the Services that allows strangers to identify or locate you or any other person, or that you otherwise do not want to share with the public.

You may choose to voluntarily submit other information to us through the Services that we do not request, and, in such instances, you are solely responsible for such information.

3. Information We Automatically Collect from Your Device or Browser

In addition to the information you provide to us, where legally permitted the Services automatically collect and process information from your device or browser. This information includes your:

  • Device Registration Data: this may include the type of mobile device you use; your mobile device’s advertising ID (a unique user ID assigned to your mobile device or operating environment, and stored directly on the device itself, to help advertising services personalize their offers. It can be sent to advertisers and other third parties which can use this unique ID to track the user’s movements, habits, and usages of applications); your IP address, operating system or browser type.
  • Device Settings: for example, your language preference.
  • Mobile Carrier.
  • Information about how you use the Services, for example through our use of tracking technology that informs us how many times you use the Services each day and which pages you have viewed.
  • Requested and Referring URLs: including, for example, when you are referred to us by an affiliate partner URL or you request to visit an affiliate partner’s URL linked to on our Services.
  • Imprecise location data collected through your Device: we will collect your IP address and, depending on the website you are visiting, may also collect the country, state and city inferred from your IP address.
  • Data collected through cookies and other tracking technologies: including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, imprecise location data, web logs and other communication data, and the resources that you access. Please refer to our Cookie Notice for more information on data collected through cookies and other tracking technologies.

Information once “de-identified” (or “anonymized”) to the standard required by applicable law is not subject to this Privacy Notice and we may treat it as non-personal information, which means we could use it without restrictions nor obligation to you, except as prohibited by applicable law.

4. Information We Collect from Third Parties about You

In addition to information we collect from you – either directly from you (see Section 2 above) or automatically through our Site (see Section 3 above) – we may also combine it with information we receive about you, which consists of information collected offline or from third-party sources such as data aggregators, email acquisition, email identity and email marketing companies, marketing platforms, customer relationship management data platforms and customer data platforms and offline print catalogs, in order to help us tailor our communications to you, improve our services, better understand your interests, preferences, propensity to buy from your visits and past transactions on any of our websites, visits of other partner websites and certain offline activities such as whether you have recently refinanced a mortgage or made a recent purchase of real estate.

Some of the information received about you may come from consumer data resellers and includes information that combines your personal information with those companies’ own records and records they themselves obtained from other sources.

5. How We Use Your Personal Information

In this section, we set out the business and commercial purposes for which we use personal information that we collect when you use the Services.

5.1. To Provide or Improve Our Services, Provide Support, and Communicate with You. We and our service providers use the personal information you provide, or that is collected through the Services, to operate, facilitate and fulfill transactions, authenticate you as a user of our Services, personalize your user experience on our websites, and improve our Services, other sites, applications, products and services, to contact you from time to time to provide you with important information and notices relating to the Services, and to carry out obligations arising from any agreements between you and us.

For EEA, UK and Swiss personal data – please refer to sub-section 10.2 below for the legal bases for processing.

5.2. To Carry out Marketing Activities such as Promotions. We and our service providers use the personal information you provide or that is collected through the Services to provide you with updates, offers, and promotions, where you have chosen to receive these. We also use your information for marketing our own and our selected business partners’ products and services to you by email and, where required by Data Protection Laws, we will ask for your consent at the time we collect your personal information to conduct any of these types of marketing. If you wish to unsubscribe from receiving marketing communications from us by email, please follow the instructions contained in each email you receive from us describing how you can unsubscribe from receiving further marketing communications from us. If you are a registered user you may also be able to adjust your email settings by logging in to your account and adjusting your account settings.

For EEA, UK and Swiss personal data – please refer to sub-section 10.2 below for the legal bases for processing.

5.3. To Organize Sweepstakes and Contests. From time to time, we may host sweepstakes or a contest on our Services. You may be asked to provide personal information or permit its transfer to a third party in connection with such sweepstakes or contest. The parties whose privacy notice applies will be disclosed at the point of collection or transfer and you will have a choice of whether or not you wish to permit such transfer or collection of information to a third party.

For EEA, UK and Swiss personal data – please refer to sub-section 10.2 below for the legal bases for processing.

6. Advertising and Analytics

6.1. Advertising and Third-Party Content and Links

The Services are supported through advertising. From time to time we work with third-party companies, advertisers and advertising networks, to enable them to collect certain information regarding how you engage with our websites and to provide advertising through the Services.

We may allow third-party companies, including advertisers, ad networks, and advertising services providers, to serve advertisements, provide other advertising services, or collect personal information when you visit the Services. We provide these companies with the ability to collect personal information about how you interact with the Services and, if applicable, your mobile device.

This personal information includes the unique device or advertising ID associated with your device and imprecise location information (only the country, state and, on some of our websites, the city where you connect from), in order to help analyze and serve targeted advertising on the Services and elsewhere (including third-party sites and applications).

In addition, we share with these third-party providers personal information that is pseudonymized (information that only identifies you indirectly), which may consist of the following data:

  • a hashed version of information that we collect from you directly (such as an email or a phone number)
  • a third party IDs, such as a mobile advertising ID, a device identifier or other proprietary ID assigned by third parties)
  • an IP address
  • the clickstream information generated by your browser, such as HTTP header fields, browser type, time and date stamps), or operating system
  • statistical identifiers calculated from data shared by your browser or device
  • the subject of advertisements you clicked or scrolled over, etc.

all of which are collected during your visit to the Services in order to provide advertisements about goods and services likely to be of interest to you on our websites, but also on websites of third-party companies.

For EEA, UK and Swiss personal data – please refer to sub-section 10.3 below for the legal bases for processing.

6.2. Matched Ads. As an example, we serve ads on and through third-party companies, such as Apple, Facebook and Google, that are targeted to reach people (or people who are similar to you as a customer or to our target audience) who have visited our Services or are identified in one or more of our databases. These ads are called “matched ads”. This is generally done by us uploading a customer list to a technology service or incorporating a pixel from a technology service on our Services, and the technology service matching common factors between our data and their data. For instance, we incorporate the Facebook pixel on our Services and may share your email address with Facebook as part of our use of Facebook Custom Audiences.

For EEA, UK and Swiss personal data – please refer to sub-section 10.3 below for the legal bases for processing.

6.3. How to Opt Out of Matched Ads and Targeted Advertising?

To opt out of Matched Ads, please contact the applicable technology service listed below. California and Virginia residents may also opt out of the use of their personal information for interest-based advertising, including Matching Ads, by following the instructions in Sections 12 and 13, respectively.

To opt out of targeted advertising: for information about how tracking works for targeted advertising purposes, and to opt out of the collection of personal information for the purposes described above by companies participating in the Digital Advertising Alliance Self-Regulatory Program, you can visit:

To opt out of this type of advertising by third parties that are members of the Network Advertising Initiative (“NAI”), please visit:

We are not responsible for such technology service’s failure to comply with your opt-out instructions.

For EEA, UK and Swiss personal data – please refer to sub-section 10.3 below for the legal bases for processing.

6.4. Analytics Services

We also work with third-party analytics companies to help us understand and analyze how you use our Services and assist us with delivering to you relevant marketing messages and advertisements.

These analytics companies (e.g., Google Analytics) collect information about the content you view and your system information as well as imprecise location information (only the country, state and, on some of our websites, the city where you connect from).

Neither they, nor we, do collect precise geolocation information about your visits from your devices, such as GPS coordinates, WiFi, radio frequency location and RFID, Bluetooth, or latitude and longitude information).

For EEA, UK and Swiss personal data – please refer to sub-section 10.3 below for the legal bases for processing.

7. Third Parties to Whom We Disclose Your Personal Information

We disclose the personal information you provide or that we collect in some circumstances to the following third parties:

7.1. Advertisers, Advertising Networks and Data Analytics Companies. We share your personal information with advertisers, third-party advertising networks and analytics companies who use it to deliver targeted advertisements to you on the Services or third-party websites or advertisers. Similarly, these advertisers share personal information with us about you that they have independently gathered or acquired. We also share the personal information we have collected in order to enable our advertising partners to perform data analysis or for advertising-related use. That personal information is always encrypted except cookie IDs.

7.2. Cooperative Database and Marketing Companies

These companies provide what is called a “cooperative database”, which is a type of database that holds information about customers and their transaction histories through which many companies, such as ours, will contribute information to the database in return for aggregate information on the customers other companies have provided. None of the companies that participate in these cooperative databases reveal which company has collected that data, so none of the participating companies are able to identify which company the data is associated with. Each email and mailing address is then associated with specific business categories (e.g., home decor, artwork, etc.) based on customers’ transaction histories. The participating companies, like ours, are then able to process, using data mining and other marketing targeting techniques, the email and mailing addresses in relation to the specific business categories they want to target in their direct mailing. Such databases are generally used for promotional mailings, credit card fraud detection, digital media targeting, business intelligence or fighting e-mail spam. In our case, these databases are used for promotional mailings and direct mail campaigns: this means that, from time to time, we share our customers’ email and mailing addresses and related transactional information, such as your purchase history, amounts paid and products ordered, with cooperative database and marketing companies for promotional mailings and direct mail campaigns. These types of marketing campaigns are mainly carried out in relation with our Saatchiart.com and Society6.com websites. Some of the third-party vendors who receive your personal information from us may resell it for their own direct marketing purposes, and the direct marketing purposes of other third-party marketing companies.

If you prefer to opt-out of the use of your email and mailing addresses for the above purposes, please let us know at privacy@worldofgoodbrands.com.

7.3. Our Service Providers and Contractors. We share your information with service providers and contractors who work on our behalf. For example, they may handle payment or credit card processing, data management, customer data pooling or aggregating, feature administration, email distribution, market research, information analysis, and promotions management. They also include accountants, auditors, lawyers, insurers or similar advisers when we ask for their professional advice. Service providers and contractors will only have access to the personal information needed to perform these limited functions on our behalf.

7.4. Social Media Sites. Our Services may use social networking or “share functionality” or contain links to third-party social media sites or applications that are not owned or controlled by us. We also may allow you to use social media sites or applications to leverage your existing social media site or application accounts to access features of the Services. Your use of these features may result in the collection or sharing of personal information about you by these sites or applications, depending on the feature.

7.5. Our Business Partners

If you are directed to the Services through a third party, we share certain information back with that third party, which may include personal information such as name, email and value of purchase depending on the type of relationship or Services utilized.

We have no control over, and assume no responsibility for any share functionality or the content, privacy policies, or practices of any third-party site or application. We encourage you to review the privacy policies and settings on the social media sites or applications with which you interact to make sure you understand the personal information that may be collected, used, and shared by those sites. You are subject to the policies of those third parties when and where applicable.

7.6. Our Company Affiliates. We share your personal information with members of the Leaf Group corporate family in order to provide joint content and services (like registration, transactions and customer support), or to improve your experience with the Services, products and other services.

7.7. Other Businesses. We will disclose your personal information to other businesses in the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets or any business, any user personal information owned or controlled by us may be one of the assets transferred to third parties in such transaction or event. We reserve the right, as part of this type of transaction or event, to transfer or assign your personal information and other personal information we have collected from users of the Services to third parties. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user personal information will be subject to this Privacy Notice. However, any personal information you submit or that is collected after this type of transfer may be subject to a new privacy notice adopted by the successor entity or acquirer, as applicable.

7.8. Government Authorities, National Security or Law Enforcement Agencies, Courts and Other Similar Third Parties

We will disclose your personal information to these third parties:

  • if required to do so, and to the extent permitted, by law;
  • if requested in response to a subpoena or court order;
  • if we believe in our sole and absolute discretion that disclosure is reasonably necessary to protect against fraud;
  • to protect the property or other rights of us or other users, third parties or the public at large; or
  • if we believe that you have abused the Services by using it to attack other systems or to gain unauthorized access to any other system, to engage in spamming or otherwise to violate applicable laws, or in violation of our Terms of Use.

You should be aware that, following disclosure to any third party, your personal information may be accessible by others to the extent permitted or required by applicable law.

8. Cookies and Other Tracking Technologies and How To Control Them

We use our own cookies, pixel tags, JavaScript, software development kits (“SDKs”), device identifiers and other tracking technologies on our websites or allow third-party companies, such as advertisers and advertising networks, to use the same technologies.

These technologies recognize your computer, mobile or other device and your actions online over time, collect personal information about you and your activities on the Services and do so across different websites and platforms, digital or marketing channels and email in order to deliver to you targeted electronic advertisements.

We or these third-party companies may link two or more devices or browsers believed to belong to the same user or household and use it for advertising-related purposes.

These third-party companies such as advertisers, advertising networks may use cookies, but also other tracking technologies such as pixel tags to recognize your computer, mobile or other device and your actions online over time, collect personal information about you and your activities on the Services and reach out to your computer, mobile or other device them across different websites and platforms, digital or marketing channels and email in order to deliver targeted electronic advertisements to an individual user. Third-party companies may link two or more devices or browsers believed to belong to the same user or household for advertising-related purposes.

We do not have access to the information located in the cookies, pixel tags and other tracking technologies that third-party partners ask us to place on our websites, nor have control over them, except to take them off our websites, which generally happens once we terminate our agreement with them.

You can control the use of cookies and other tracking technologies by using the “Cookie Settings” link that is located at the bottom of all our website homepages, by changing your privacy preferences through your browser, mobile or other device, or by using a setting or extension in your browser or device that is called “Global Privacy Control”:

  • Through the Cookie Settings link located at the bottom of all our website homepages, you can prevent us from using any cookie or other tracking technology that is not strictly necessary for you to view our websites or to enable us to provide you with our Services. Keep in mind that the cookie settings may not permit you to block the use of some tracking technologies.
  • Using your browser or device, you may set it up so as to accept all cookies, only accept specific cookies, block others or all of them.
  • Keep in mind that your web browser or device may not permit you to block the use of some tracking technologies, and adjusting your browser or device settings to block them may have no effect.
  • Your browser or device may also allow you to adjust its settings so that “Do Not Track” requests are sent to the websites that you visit. However, we will not disable tracking technology that may be active on the Services in response to the “Do Not Track” requests we receive from your browser or device.
  • Using the Global Privacy Control (“GPC”) setting or extension in your browser or mobile device: GPC is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It acts as a mechanism that websites can use to indicate they support the specification. All of our websites have the GPC setting turned on. Once you activate this setting or extension, your browser or mobile device will automatically transmit your preference to our websites which, when detected, will stop the sharing of all our advertising cookies. More information at https://globalprivacycontrol.org/.
  • To control the cookies that we use to obtain analytics information from your visits to our websites and prevent your browser, mobile phone or other device to disclose imprecise location details about your visits:
  • You can adjust your browser or device settings to deactivate the analytics cookies (categorized as “performance cookies”) sent to your device by using the “Cookie Settings” link located at the bottom of all our website homepages and deactivating the “performance cookies”.
  • You can also use your mobile or other device to adjust its location services settings. (For instructions on changing the relevant settings, please contact your service provider, carrier or device manufacturer.)

If you are a California, Colorado, Connecticut, Utah, or Virginia resident: you may exercise your right to opt-out of sales or sharing through preference signals. Please refer to section 12 (“California Privacy Rights”) and section 13 (“Colorado, Connecticut, Utah, and Virginia Privacy Rights”) below to exercise your rights with respect to cookies and other tracking technologies.

If you are located in the EEA, the United Kingdom or Switzerland, please refer to sub-section 10.5 and, more generally, to section 10 (“European Privacy Rights”) below to exercise your rights with respect to cookies and other tracking technologies.

Blocking all cookies and other tracking technologies will affect your online experience and may prevent you from enjoying the full features offered through our Services.

9. The Privacy of Children

The Services are not intended for children under age 16. We do not knowingly collect or distribute personal information from or about children under the age of 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at privacy@worldofgoodbrands.com.

10. European Privacy Rights

In this section, we clarify the rules that are applicable to you, as a user, website visitor or customer using our Services and if you are located in the European Economic Area (“EEA”) (which includes the European Union member states, Iceland, Norway and Liechtenstein), the United Kingdom, and Switzerland.

We also identify the legal bases on which we rely to use your personal data and acknowledge your right to access and control your personal data in accordance with applicable Data Protection Laws, which include but are not limited to the Regulation (EU) 2016/679 (the European Union General Data Protection Regulation, or “GDPR”), the United Kingdom GDPR (“UK GDPR”), the Swiss Act on Federal Data Protection (“FADP”) and the Directive 2002/58/EC (“e-Privacy Directive”) and other relevant national legislation implementing it (“e-Privacy Laws”), together, the “European Privacy Laws”.

10.1. Information We Automatically Collect from Your Device or Browser

If required by the European Privacy Laws, we will seek your consent to these activities and provide the ability for you to withdraw your consent via a cookie consent management platform or other appropriate means. Please see our Cookie Notice for further details.

10.2. How We Use Your Personal Data

  • To Provide or Improve the Services, Provide Support, and Communicate With You:
  • For details please refer to sub-section 5.1 of this Privacy Notice.
  • Legal bases: contract performance, legitimate interests (to correspond with you, to enable us to provide you with the Services and to improve the Services).
  • To Carry out Marketing Activities such as Promotions:
  • For details please refer to sub-section 5.2 of this Privacy Notice.
  • Legal bases: consent, legitimate interest where consent is not required (to enable us to provide you with an experience related to your interests or keep you updated with news in relation to our products and services).
  • To Organize Sweepstakes and Contests:
  • For details please refer to sub-section 5.3 of this Privacy Notice.
  • Legal base: consent.

10.3. Advertising and Analytics

For details please refer to section 6 of this Privacy Notice.

  • How to Opt Out of Matched Ads and Targeted Advertising?
  • If required by the European Privacy Laws, we will seek your consent to these activities and provide you the ability to withdraw your consent at any time via a cookie consent management platform or other appropriate means. Please see our Cookie Notice for further details.
  • Our websites will honor “Do Not Track” requests from your browser if you visit us from EEA countries, the United Kingdom or Switzerland and you activate the “Do Not Track” feature in your browser settings: in this case, the “Do Not Track” request your browser sends us will automatically deactivate the targeting cookies we use on our websites. Some browsers or browser add-ons may also automatically activate that “Do Not Track” feature.
  • Legal bases: consent, legitimate interest where consent is not required (to enable us to provide you with an experience related to your interests).
  • Analytics Services:
  • Legal bases: consent, legitimate interest where consent is not required (to enable us to provide you with an experience relevant to your interests).

10.4. Third Parties to Whom We Disclose Your Personal Data

For details please refer to section 7.2 of this Privacy Notice.

Where we disclose the personal data you provide, or that we collect, to cooperative database and marketing companies for promotional mailings and direct mail campaign purposes, we will seek your consent to these activities if it is required by the European Privacy Laws.

10.5. Cookies and Other Tracking Technologies and How To Control Them

For general explanations, please refer to section 8 of this Privacy Notice.

If required by the European Privacy Laws, we will seek your consent to these activities and provide you with the ability to withdraw your consent via a cookie consent management platform or other appropriate means. Please see our Cookie Notice for further details.

10.6. Data Subject Rights

  • Accessing, Correcting, Erasing Your Information; Objecting to or Restricting the Processing of Your Information; or Withdrawing Your Consent:
    • If you are located in the EEA, the United Kingdom or Switzerland: to request access to, correction or erasure of, your personal data, object to, or restrict the processing of your personal data, or to withdraw your consent to our processing of your personal data (where we are relying on consent as the lawful basis) in accordance with European Privacy Laws, you can visit the following page in order to exercise your data subject rights for some or all of our websites: GDPR Data Subject Rights Web Form .
    • You may also contact us via the contact details in Section 1 above.
    • Please include the registration information you provided through the Services. We may ask you to provide additional information for identity verification purposes, or to verify that you are in possession of an applicable email account. We will respond within a month after receiving your request or in accordance with the European Privacy Laws. If your request is complex or you have sent us several or different ones (access, correction, deletion requests, etc.), we may have extend the time to respond to you by a further two months but will always inform you of such delay within a month and explain you why the extension is necessary.
  • Portability of Your Personal Data:
    • Data portability is the ability to obtain some of your personal data in a machine-readable format that you can migrate, where technically feasible, from one controller to another in accordance with applicable Data Protection Laws. This right is available to users located in the EEA, United Kingdom and Switzerland in relation to the personal data that we process via automated means and in reliance on your consent. You may send your request by visiting the following page in order to exercise your right to data portability: GDPR Data Subject Rights Web Form .

10.7. International Transfers

We may transfer your personal data outside of the EEA, the United Kingdom or Switzerland, including to servers, databases or cloud storage facilities located in the United States. We put adequate safeguards in place when we transfer your personal data internationally. This includes only transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by the applicable regulatory authority, or by otherwise using an appropriate safeguard to ensure the ongoing protection of personal data, such as standard contractual clauses approved by the applicable regulatory authority. You may request further information on the safeguards we use by contacting us via the contact details in Section 1 of this Privacy Notice.

Leaf Group Ltd complies with the E.U.-U.S. Data Privacy Framework program (“E.U.-U.S. DPF”), the UK Extension to the E.U.-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.

  • Leaf Group Ltd has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“E.U.-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the E.U.-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the E.U.-U.S. DPF.
  • Leaf Group Ltd has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
  • Leaf Group Ltd’s participation in the E.U.-U.S. DPF is subject to the investigation and enforcement powers of the United States Federal Trade Commission.
  • If there is any conflict between the terms in this Privacy Notice and the E.U.-U.S. DPF Principles or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the E.U.-U.S. DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We have responsibility for the processing of the personal data we receive under the E.U.-U.S. DPF, the UK Extension to the E.U.-U.S. DPF and the Swiss-U.S. DPF, and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under the E.U.-U.S. DPF, the UK Extension to the E.U.-U.S. DPF and the Swiss-U.S. DPF if our agent processes such information in a manner inconsistent with the E.U.-U.S. DPF Principles and the Swiss-U.S. DPF Principles, unless we are not responsible for the event giving rise to the damage.

In compliance with the E.U.-U.S. DPF Principles, Leaf Group Ltd commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, United Kingdom and Swiss individuals with DPF inquiries or complaints should first contact:

Leaf Group Ltd has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism located in the United States of America – “Data Privacy Framework Services” – operated by the Better Business Bureau National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

10.8. Complaints

If you have a concern about our handling of your personal data, please get in contact with us first so we can try to resolve your query using our contact details in section 1 of this Privacy Notice.

If however you feel we have not dealt with your concern and that we are failing to meet our legal obligations, the GDPR gives you the right to lodge a complaint with a supervisory authority. You can do so with your local data protection authority: the Information Commissioner’s Office in the United Kingdom or the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

11. Nevada Privacy Rights

Under Nevada law, Nevada residents may submit a request directing us not to make certain disclosures of personal information we maintain about them. As a Nevada resident, you have the right to direct us not to sell any “covered information” (as that term is defined by Chapter 603A – Security and Privacy of Personal Information, Section NRS 603A.340) that we have collected or will collect about you. If you wish to exercise this right, you can visit the following page: USA Consumer Privacy Rights Web Form.

12. California Privacy Rights

12.1. California Residents Under 18. If you are a California resident under the age of 18 and are a registered user of the Services, you may request that we remove content or information about you that you posted on the Services by: (a) submitting a request in writing to privacy@worldofgoodbrands.com; and (b) clearly identifying the content or information you wish to have removed and providing sufficient information to allow us to locate the content or information to be removed. However, please note that we are not required to, and may not be able to, erase or otherwise eliminate content or information if: (i) other state or federal laws require us or a third party to maintain the content or information; (ii) the content or information was posted, stored, or republished by another user; (iii) the content or information is anonymized so that you cannot be individually identified; (iv) you do not follow the instructions posted in this Privacy Notice on how to request removal of your content or information; or (v) you have received compensation or other consideration for providing the content. Further, nothing in this provision shall be construed to limit the authority of a law enforcement agency to obtain the applicable content or information.

12.2. California Privacy Rights – California Notice of Collection. This section contains disclosures required by the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act of 2020 (“CPRA”) (cited together as the “CCPA”) and applies only to “personal information” that is subject to the CCPA. Consumers with disabilities may access this notice with a standard screen reader. If you are a California resident, this section applies to you. It describes how we collect, use, and share your personal information in our capacity as a “business” under the CCPA, and the rights that you have with respect to your personal information, including sensitive personal information. For purposes of this section, “personal information” and “sensitive personal information” have the meanings given in the CCPA and do not include information excluded from the CCPA’s scope.

A. Personal Information We Collect, Disclose for a Business Purpose, and Sell or Share

The chart below summarizes the personal information we collect and use by reference to the categories of personal information specified in the CPRA. It describes our current practices as well as our practices during the 12 months preceding the effective date of our Privacy Notice (January 1, 2023). Information you voluntarily provide to us, such as in free-form webforms or posts on some of our websites, may contain additional categories of personal information not described below. More information regarding the sources from which we collect personal information can be found in Section 2 of our Privacy Notice titled “Personal Information that We Collect from You”, Section 3 titled “Information We Automatically Collect from Your Device or Browser”, and Section 4 titled “Information We Collect from Third Parties about You”. Business and commercial purposes for which we collect your personal information can be found in Section 5 of our Privacy Notice titled “How We Use Your Personal Information”. Categories of recipients with whom personal information is shared or sold can be found in Section 7 of our Privacy Notice titled “Third Parties to Whom We Disclose Your Personal Information”.

 

Categories of Personal Information

Collected in the last 12 months

Categories of sources from which information is collected

Business or commercial purposes for collection, use, selling, and sharing

Disclosed for business purposes to the following categories of third parties

Sold or shared to the following categories of third parties

Personal and online identifiers (such as first and last name, email address, or unique online identifiers)

Yes.

All categories described above in Sections 2, 3, and 4.

All purposes described above in Section 5.

All categories listed above in Section 7.

All categories listed below under section D.

Commercial or transactions information (such as records of personal property or products or services purchased, obtained or considered)

No.

Category described above in Section 4.

All purposes described above in Section 5.

All categories listed above in Section 7.

All categories listed below under section D.

Geolocation data

Yes: only imprecise geolocation data (IP address, country, state, city)

All categories described above in Sections 2, 3, and 4.

All purposes described above in Section 5.

All categories listed above in Section 7.

All categories listed below under section D.

Audio, electronic, visual, thermal, olfactory, or similar information

No.

N/A.

N/A.

N/A.

N/A

Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement)

Yes.

All categories described above in Sections 2, 3, and 4.

All purposes described above in Section 5.

All categories listed above in Section 7.

All categories listed below under section D.

Inferences drawn from the above information about your predicted characteristics and preferences

Yes.

All categories described above in Sections 2, 3, and 4.

All purposes described above in Section 5.

All categories listed above in Section 7.

All categories listed below under section D.

Characteristics of protected classification under California or federal law (race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, sex, age and sexual orientation)

Yes: only sex (gender identity) and age

All categories described above in Sections 2, 3, and 4.

All purposes described above in Section 5.

All categories listed above in Section 7.

N/A.

Employment and education information

No.

All categories described above in Sections 2, 3, and 4.

All purposes described above in Section 5.

All categories listed above in Section 7.

Affiliates not under the Leaf Group brand; partner programs; service providers.

Categories of personal information described in Section 1798.80(e) of the California Civil Code

Yes: only name, address and telephone number

All categories described above in Sections 2, 3 and 4.

All purposes listed below under Section 5.

All categories listed above in Section 7.

All categories listed below under Section D.

Other information about you that is linked to the personal information above

Yes.

All categories described above in Sections 2, 3, and 4.

All purposes described above in Section 5.

All categories listed above in Section 7.

All categories listed below under section D.

B. Sensitive Personal Information

Some of the personal information we collect may be considered sensitive personal information (as described in the CPRA). For further details of the sensitive personal information we collect (if any) and how we obtain this information, please review the section entitled “Personal Information that We Collect from You” above.

We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information.

C. Retention

Our retention periods for each category of personal information, including sensitive personal information, are based on our business needs and legal requirements. We retain personal information only for as long as is reasonably necessary for us to fulfill the purpose for which it was collected, and as otherwise to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. If we continue to retain your personal data in accordance with a legal obligation, any further processing of your data will be limited to compliance with such legal obligation.

Where required by applicable law, we shall delete your personal information when we are requested to do so. Even if we delete your personal information from our active databases, some or all of the personal information you provided may be required in order for the Services to function properly and it may remain in backup storage or records retention archival media (not to be used for any other purpose) until it is permanently deleted in accordance with our standard retention schedules.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal obligations.

D. Third Parties to Whom We Sell or Share Personal Information

We sell or share the categories of personal information designated above to the categories of third parties listed below:

  • Third-parties (persons different than service providers and contractors);
    • Advertising and marketing companies;
  • Affiliates not under the Leaf Group brand;
  • Partner programs;
  • Social networks; and
  • Advertising platforms.

E. Right to Know, Correct, and Delete

California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations. Please understand, however, that these rights are not absolute and are subject to exceptions, and we may be required or permitted by law to decline your request. In addition, we will not be able to process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

You may request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold or shared;
  • The categories of persons to whom the personal information was disclosed for a business purpose or sold or shared;
  • The business or commercial purpose for collecting or selling or sharing the personal information; and
  • The specific pieces of personal information we have collected about you.

In addition, you have the right to correct or delete the personal information we have collected from you. These rights apply to sensitive personal information.

To exercise any of the above rights, please contact us using the following information and submit the required verifying information online at the following USA Consumer Privacy Rights Web Form . We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.

F. Right to Opt-Out of Sales and Sharing

To the extent we “sell” or “share” your personal information as those terms are defined under the CPRA, you have the right to opt-out of the sale or sharing, which you can exercise through:

  • The following USA Consumer Privacy Rights Web Form by choosing the option “Opt out” (this functionality will only remove you from our marketing email lists);
  • The “Do Not Sell or Share My Personal Information” link that appears in the footer of our website.
  • In addition, you may exercise this right by turning on a recognized opt-out preference signal, such as Global Privacy Control , through the appropriate setting or extension of your browser or mobile device.

Note that when you submit an opt-out, except as provided below, your opt-out will only apply to sales and shares of personal information through tracking technologies from the specific browser or mobile device from which you submitted the opt-out because the connection between your browser identifiers and other personal information we have about you is not known to us. Opt-outs also apply to any pseudonymous profiles we maintain associated with your browser or device. If you want the opt-out to also apply to other personal information we have about you (such as your contact information), please use the link and provide your contact information as requested or make sure you are logged into your account when submitting the opt-out.

G. Verification Process and Required Information

Note that we may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We reserve the right to deny your requests if we cannot verify your identity.

H. Authorized Agent

You may designate an authorized agent to make a CPRA request on your behalf. We will require proof of your consent to designating such an agent and verification of your identity as described above. Requests must be submitted through one of the designated methods above.

I. Minors’ Right to Opt In

We do not knowingly sell the personal information of minors under 16 years of age.

J. Right to Non-Discrimination

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

K. Financial Incentives

Financial incentives, as defined under the CPRA, include “programs, benefits, or other offerings, including payments to consumers as compensation, for the disclosure, deletion, or sale of personal information about them. Although we do not consider our discounts and offerings to be a “financial incentive,” each may be interpreted to be one under California law.

We may offer discounted prices to consumers who sign up for our offerings and voluntarily provide us with certain requested personal information to be used in accordance with this Privacy Notice.

You can opt-in by submitting the requested personal information. You can withdraw your consent at any time by emailing us using the contact information below with “Opt-out of Financial Incentives” in the subject line.

We generally do not treat consumers differently if they exercise a privacy right under California law. However, you will need to provide some personal information in order to receive certain discounts or benefits. In such circumstances, we offer a price difference that is reasonably related to the value of your data to us in connection with the discount or benefit.

The price differences reflected in our discounts and offerings are provided based upon our reasonable determination of the estimated value of the data you provide to us, which takes into consideration a number of factors, including, among other things, our estimates regarding the anticipated revenue generated from such data and the actual and anticipated expenses that we incur in the collection, storage, and use of such data in connection with our discounts and offerings. If you choose to withdraw from our discounts and offerings or choose not to create an account with us, you can still continue to use our website as a guest user.

L. Shine the Light

Customers who are residents of California may request (i) a list of the categories of personal information (as that term is defined by Shine the Light) disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in section 1 above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

13. Colorado, Connecticut, Utah, and Virginia Privacy Rights

These additional rights and disclosures apply to residents of Colorado, Connecticut, Utah, and Virginia. Terms have the meaning ascribed to them in the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”) and the Virginia Consumer Data Protection Act (“VCDPA”), as applicable.

You have the following rights under these laws:

  • To confirm whether or not we are processing your personal data
  • To access your personal data
  • To correct inaccuracies in your personal data
  • To delete your personal data
  • To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
  • To opt out of the processing of personal data for purposes of targeted advertising and the sale of personal data

You can visit the following page in order to exercise any of the above rights for some or all of our websites: USA Consumer Privacy Rights Web Form, or call our toll-free number from the United States at 1 (888) 622-0767.

You also have the right to opt out of the processing of personal data for purposes of targeted advertising or the sale of personal data. To opt-out, click on the “Do Not Sell or Share My Personal Information” link that appears at the footer of our website or turn on a recognized opt-out preference signal, such as Global Privacy Control, in your browser or extension. Please note that when you submit an opt-out, we do not know who you are within our systems, and your opt-out will only apply to personal data collected from tracking technologies on the specific browser from which you opt-out. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings.

We will respond to your request within 45 days. If you have an account with us, we may require you to use the account to submit the request. We may require specific information from you to help us confirm your identity and process your request.

You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly

If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@worldofgoodbrands.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows. 

14. Security Measures and Storage Limits

We provide industry-standard physical, electronic, and procedural safeguards to protect personal data we process and maintain. For example, we take reasonable measures to limit access to this data to authorized employees and contractors who need to know that information in order to operate, develop or improve our Services. Please be aware that, although we endeavor to provide reasonable security for data we process and maintain, no security system can prevent all potential security breaches. As a result, we cannot guarantee or warrant the security of any information you transmit on or through the Services and you do so at your own risk. We have also put in place procedures to deal with any personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

Our retention periods for each category of personal information, including sensitive personal information, are based on our business needs and legal requirements. We retain personal information only for as long as is reasonably necessary for us to fulfill the purpose for which it was collected, and as otherwise to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. If we continue to retain your personal data in accordance with a legal obligation, any further processing of your data will be limited to compliance with such legal obligation.

Where required by Data Protection Laws, we shall delete your personal information when we are requested to do so. Even if we delete your personal information from our active databases, some or all of the personal information you provided may be required in order for the Services to function properly and it may remain in backup storage or records retention archival media (not to be used for any other purpose) until it is permanently deleted in accordance with our standard retention schedules.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal obligations.

15. Updates to this Privacy Notice

If you do not agree to such changes following such notice, you should discontinue your use of the Services prior to the time the modified Privacy Notice takes effect. If you continue using the Services after the modified Privacy Notice takes effect, the modified Privacy Notice will govern any further processing of your personal data.