Last Updated: January 1, 2020
Effective Date: January 1, 2020
This Privacy Notice applies to Personal Space MB, LLC, referred to as “Personal Space MB” or “PSMB.”
By using the Site, or sharing your information with us, you accept the privacy practices described in this Privacy Notice.
Unless otherwise indicated herein, our USA websites are governed and operated in accordance with the laws of the United States and are intended for the use of residents of the United States.
If you have any questions about this Privacy Notice, please contact us at:
Personal Space MB, LLC
Attn: Legal Department Privacy Inquiry
22395 S Western Ave, Ste 303
Torrance, CA 90501
Changes to Our Privacy Notice
We may make changes to this Notice from time to time, in our sole discretion. When we do, we will update this page and display the date of last update at the top of the page. We encourage you to periodically check this Site to learn about the information we collect, use and share. Your continued use of any of the Site after the changes have been made will constitute your acceptance of the changes. If you do not wish to continue using the Site under the new version of the Notice, please uninstall any mobile application and cease using the Site.
Sources of Personal Information
As you interact with Personal Space MB, we may collect information from or about you from the following sources:
- Directly from you
- From technology when you visit our Site
- From third parties, such as:
- Dealers and Resellers
- Service providers
- Data brokers/resellers of data
- Business partners
- Advertising networks
- Social media platforms and networks
What Information Do We Collect and/or Receive from You?
The information we collect from you varies, depending on the way you use our Site or interact with us. The information may include:
- Identifiers, such as name, shipping/billing address, telephone number, email address, IP address; browser type and language; operating system; domain server; type of computer or device; and other information about the device you use to access our Site
- Commercial information, including records of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
- Internet or other electronic network activity information, including, but not limited to browsing history, search history, and information regarding your interaction with our Site or advertisements.
- Geolocation data
- Audio or electronic information, such as recording calls made to our customer service centers
- Professional or employment-related information, and other demographic information
- Inferences drawn from any of the information above used to create a profile about our customers
How Do We Use Your Information?
We use your information identified above for the following business purposes:
- For our own internal business purposes, such as maintaining or servicing accounts, providing customer service, processing or fulfilling order and transactions, verifying customer information, processing payments, providing financing, and performing analytics
- Internal research for research, development and product improvement
- Verifying or maintaining the quality or safety of a service or product and to improve, upgrade or enhance the service or product
- Short-term transient use, such as customization of ads shown as part of the same interaction
- Auditing related to a current interaction with the consumer and concurrent transactions
- For legal, safety and security reasons
- For marketing or advertising
- In a de-identified or aggregated format
- For services of third parties that you authorize
With Whom Do We Share Your Information?
We may share information collected about you with the following entities or in the following situations:
- Service Providers. We may share your information with service providers to perform functions and services on our behalf, to deliver our products or services and/or to conduct our business, such as product delivery services, payment processors, data hosting and storage providers, customer service, marketing, and data analytics service providers.
- Corporate Changes. We might buy or sell businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the information we collect may be part of the transferred assets.
- For Legal, Safety and Security Reasons. We may disclose information to others if we are required to do so by law, or whenever we believe that disclosing such information is necessary or advisable to protect and defend our rights, property or the safety of us or others. Note that we may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. We may also disclose your information to detect and/or resolve any fraud or security concerns.
- For Targeted Marketing. We may share personal information that we hold about you with non-affiliated third parties for marketing of similar products or services.
- Consent. We may share personal information that we hold about you with your consent or at your direction with non-affiliated third parties.
Cookies and Other Tracking Technologies
Our Site does not currently support Do Not Track. Our Site does not respond if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads.
We use or may use third-party analytics services, such as Google Analytics or Facebook Pixels, to evaluate your use of the Site, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information related to the Site. Google Analytics is a web analytics service provided by Google, Inc., (“Google”). Google Analytics places cookies on your computer, to help the website analyze how users use the Site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information regarding Google Analytics please visit Google's website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html
Facebook Conversion Tracking/Custom Audience
The Site also uses Facebook's Conversion Tracking or Custom Audience Pixel service. The service allows us to follow the actions of users after they are redirected by clicking on a Facebook advertisement. We are thus able to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data is saved and processed by Facebook. If you previously accepted cookies in our banner and directed us to share your information, you may change your preference by contacting us at firstname.lastname@example.org.
Interest Based Advertising
We belong to ad networks that may use your browsing history across participating websites to show you interest-based advertisements on those websites. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance www.aboutads.info and the Network Advertising Initiative www.networkadvertising.org. Please note that if you choose to opt out, you will continue to see ads on our Site, but they will not be based on how you browse and shop.
Standard Open Authorization and Similar Technology (“OAuth”)
With your permission, in addition to the uses of or access to your Personal Information discussed above, third-party applications and services may access your personal information using OAuth if you choose to log into our Site using your log-in information from those third-party applications. We may also use OAuth to allow us to share information about you that is stored by us without sharing your security credentials.
Your Access and Choices About Your Information
You can access and update most of your account information on our Site by logging into your account.
You may opt-out of receiving certain future email communications from us, by clicking on the unsubscribe link at the bottom of emails you receive from us. We will use commercially reasonable efforts to process such requests in a timely manner. You cannot opt out of receiving transactional emails or communications related to your account with us.
You may also contact us at the email provided in this Privacy Notice.
We are not responsible for the practices employed by third-party websites or services linked to or from our Site, including the information or content contained in such websites or services, and this Privacy Notice does not apply to them. Privacy policies on such linked websites may be different from our Privacy Notice. Your browsing and interaction with any third-party website or service, including those that have a link on our Site, are subject to that third party’s own rules and privacy policies. You access such linked websites at your own risk. You should always read the privacy Notice of a linked website before disclosing any of your information on such website.
How We Protect Your Information
We use reasonable physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment and no security system or measures are impenetrable, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that e-mails and other communications you send to us through our Site are not encrypted, and we strongly advise you not to communicate any confidential information through these means. You should secure your password and not share it with any other individual. Be careful when using your login information on or making purchases from public computers. Always log off when finished.
The Site is not directed or targeted towards, nor intended for use by, persons under the age of 16. If you are not at least 16 years of age, do not access, use, or register on the Site. We do not knowingly collect, use, share or sell Personal Information from persons under age 16. If you believe we have done so in error, please notify us and we will terminate and delete your account and all information contained therein.
YOUR CALIFORNIA PRIVACY RIGHTS
As a California resident, you have certain rights, subject to legal limitations, regarding the collection, use and sharing of your personal information described below.
- Right to Opt-Out/Do Not Sell
We do not monetize your information. We may disclose the information identified above to third parties for their targeted marketing purposes and to enhance your experience on our Site. California Consumers have the right to request that we not disclose your personal information to third parties.
You can exercise your Request to Opt Out by email to email@example.com or you can call +1 720 605 3505. We will ask you for your personal information or information about you in order to match you with the data we have collected before executing the request.
To opt-out of online activity tracking and data sharing (through cookies and other tracking technologies), our web properties will offer you an option to set preferences for online data sharing, or you can contact us at firstname.lastname@example.org.
- Right to Delete
California Consumers have the right to request that we delete personal information about you that we have collected from you. This right is subject to exceptions that allow us to retain data; for example, to service a contract or for our internal business purposes. We will not delete data subject to an exception. If you make a Request to Delete non-excepted data, we will not delete personal information on archived or backup systems until the archived or backup system is next accessed or used by restoring such data to live systems. We will also maintain a record of the Request to Delete as permitted by law.
You can exercise your Request to Delete by email to email@example.com or you can call 1-888-443-435=1 720 605 3505. We will seek confirmation of your request.
For a Request to Delete, we will seek certain pieces of information to verify your identify that may include email address and government issued identification. We may use third party verification companies to help us verify your identify. If we are unable to find you in our records, or match the data you provide on this website with what we have in our records, we will notify you.
- Right to Know
California Consumers have the right to request that we disclose personal information that we have about you. You can request that we provide you with the categories of personal information we have collected in the 12 months preceding your request, at a minimum, and for each category: the categories of sources from which the personal information was collected; the business or commercial purpose for which we collected the personal information; the categories of third parties to whom we sold or disclosed the category of personal information for a business purpose; and the business or commercial purpose for which we sold or disclosed the category of personal information. You can also request that we provide the specific pieces of personal information that we have about you.
For a Request to Know the specific pieces of information that we have about you, we will seek certain pieces of information to verify your identify that may include email address and government issued identification. We may also ask you to provide a signed declaration, under penalty of perjury, that you are the person whose personal information is the subject of the request. We may use third party verification companies to help us verify your identify. If we are unable to verify your request for specific pieces of information, we will treat it as a request for categories of personal information we have collected from you.
For a Request to Know seeking the categories of information we have collected, we may seek certain pieces of information to verify your identify that may include email address and government issued identification. We may use third party verification companies to help us verify your identify. If we are unable to verify your request for categories of information we have collected, we will direct you to the data handling practices in in our online privacy statements.
You can exercise your Request to Know by email to: firstname.lastname@example.org or you can call +1 720 605 3505. California Consumers can submit a Request to Know twice in a 12 month period and the report will be provided free of charge.
If you are submitting a request on behalf of a household, we will need to verify each member of the household in the manner set forth above.
Use of Authorized Agent
If you are making any of the requests above through an authorized agent, we will request written authorization from you and will seek to verify your identify in the manners stated above (depending on the request type) or we will accept a legal Power of Attorney under the California Probate Code to the authorized agent. To make a request using an authorized agent call +1 720 605 3505.
Timing of Response
For a Request to OptOut, we will strive to fulfill your request within 15 days from the date we receive your request. For a Request to Delete or Request to Know, we will strive to fulfill these requests within 45 days from the date we receive your request. If additional time is needed to complete a request, we will notify you that additional time is needed, tell you the reason that we need additional time, and tell you when you can expect your request to be completed.
We will maintain records of requests that are made that include the date of request, nature of request, manner in which the request was made, the date of our response, the nature of our response, and the basis for any denial of the request if it is denied in whole or part.
Contact for More Information
If you have questions about your California Privacy Rights or concerns about our privacy statement and practices, please contact us at email@example.com.
In accordance with applicable law, we will not discriminate against you for exercising your rights.
Under California’s "Shine the Light" law, Civil Code Section 1798.83, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain once a calendar year information about the customer information shared, if any, with other businesses for their own direct marketing uses. As set forth in this Privacy Notice, we do not share customer information with third parties for their own direct marketing uses.
FOR USERS IN THE EUROPEAN ECONOMIC AREA AND SWITZERLAND
General Data Protection Regulations (GDPR) Information
For more information about Herman Miller’s privacy practices with respect to personal data collected in the EEA and Switzerland, please refer to our privacy policies for those jurisdictions: https://personalspacemb.com/pages/privacy-policy
Personal Space MB as Controller
Personal Space MB obtains and processes personal information in different capacities. When you provide us with your information through our Site or to use our Services, we serve as a data controller. When we act as a data controller we determine how personal information will be utilized, in accordance with this Privacy Notice.
Our Legal Basis for Processing Your Personal Data
We process the personal information you provide relating to the services and Site to perform our contractual obligations to provide you products and services. We also process your personal information based on our legitimate interests to provide our products and services and Site to you, to develop and improve our products and services and Site that we provide to you, to prevent fraud, and/or comply with law enforcement requests. Where we ask for consent, we process certain personal information based on your consent.
Data Subject Rights Access and Control of Your Information
We enable you to have control over the accuracy of your personal information. You can access and review your personal information by logging into the Site and visiting your account profile page. You can also exercise your data rights by email to: firstname.lastname@example.org. To protect your privacy, before we give you access to or let you update your information, we may ask you to verify your identity or provide additional information. We will try to update and allow you to access your information for free, but if it would require a disproportionate effort on our part, we may charge a fee. We will disclose the fee before we comply with your request. We may reject a request for any of a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful.
Right to Rectification
You have the right to correct your personal data if incorrect, which also includes the right to have incomplete personal data completed. You can do so by logging into your account and deactivating any incorrect or incomplete information and adding the corrected and/or completed information. You can also exercise your data rights by email to: email@example.com
When we process your personal data by automated means that you have provided to us based on consent or through a contract, you have the right to get a copy of that data in a structured, commonly used and machine-readable format and have that transferred to you or to third party.
Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal information:
- During the pending period of time where we verify the accuracy of any personal data that you claim is inaccurate
- Where the processing of your personal data is unlawful but you oppose erasure and instead request that we restrict the use of your personal data
- If we no longer need your personal data but it is required for you to make or defend legal claims
- During the pending period of time where we verify our legitimate interest to process your data when you object to such processing
Erasure of Personal Data
You have the right to delete the data collected through our Site and can do so by logging into your account and either deleting your account or deleting the specific personal data. There may be instances where we may not be able to delete your data or where we retain a copy of your data, for example, where we may need it to comply with a legal obligation or to protect the rights of others.
How Long We Keep Your Personal Data
We retain your personal data for as long as necessary to provide the products, services and Site to you. We will retain and use this information as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, and then we will delete it.
How to Exercise Your Rights
In order to exercise the rights stated above, please email to: firstname.lastname@example.org You can also exercise many of your data rights through your account.
Right to Complain to Supervisory Authority
If you believe that Personal Space MB is processing your personal data in an incorrect or unlawful manner, please exercise your data rights by email to: email@example.com For those located in the European Union, you also have a right to file a complaint with a Supervisory Authority in the EU.
INTERNATIONAL TRANSFER OF INFORMATION COLLECTED
Information Personal Space MB collects from you will be stored and processed in the United States. If you provide us information, it will be transferred to, processed, and accessed in the United States.
EU-US Privacy Shield
We comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce (the "privacy Shield") regarding the collection, use, and retention of personal information from European Union member countries. Personal Space MB has certified that it adheres to the Privacy Shield principles of: notice; choice; accountability for onward transfer; security; data, integrity and purpose limitation; access; and recourse, enforcement and liability. If there is any conflict between the policies in this Privacy Notice and Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield, and to view our certification page when available, please visit: https://www.privacyshield.gov. Personal Space MB is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).
Resolution of Complaints
In compliance with the Privacy Shield Principles, Personal Space MB commits to resolve complaints about your privacy and our collection or use of your personal information. European Union citizens with inquiries or complaints regarding this privacy Notice should first contact Personal Space MB at firstname.lastname@example.org Personal Space MB has further committed to:
For Non-Human Resources Data, refer unresolved complaints to the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
For Human Resources Data, we have committed to participate in the dispute resolution procedures of the EU Data Protection Authorities (DPA’s). For information on how to contact your jurisdiction’s DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Personal Space MB will cooperate with the appropriate EU DPAs during investigation and resolution of complaints concerning human recourse data.
Please also note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Under the Privacy Shield frameworks, Personal Space MB is responsible for the processing of personal data it receives as well as any such data that it provides to its third-party service providers and/or agents. Any personal information received under the Privacy Shield that we transfer to a third party must also comply with our Privacy Shield obligations, and we will be liable under the Privacy Shield for any failure to do so by the third party unless we prove that we are not responsible for the event giving rise to the damage.
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com or mailing us at:
Personal Space MB
1012 Manhattan Ave, Manhattan Beach, California US 90266
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at
Personal Space MB, 22395 S Western Ave #303, Torrance, CA 90501