Privacy Policy
Website Privacy Policy
Last Modified: 3/31/25
Purpose
The Modern Hive Interior Design Studio, LLC (hereinafter “we,” “our,” “us”) is committed to protecting your privacy and maintaining a quality online experience for our website users.
This Privacy Policy describes the type of personal information we may collect from you or that you may provide when you visit www.themodernhive.com and www.themodern-hive.com (hereinafter “Website”) and our practices for handling, storing, and protecting that information as well as your rights in relation to your personal information and how you can contact us and supervisory authorities in the event you have questions about how we handle your personal information.
Privacy Policy Consent
Please read this Privacy Policy carefully and in its entirety before using our Website. If you do
not agree with our policies and practices regarding your personal information and how we will treat it, your choice is to not use our Website. Your use of our Website constitutes your voluntary acceptance to be bound by this Privacy Policy, whether you have read it or have had the opportunity to read it and have chosen not to.
This Privacy Policy applies to the information we collect:
On this Website.
In email, text, and other electronic messages between you and this Website.
It does not apply to information that is collected by:
Us offline or through any other means, including on any other website operated by any third party (including our affiliates).
Any third party (including our affiliates) through any content (including advertising) that may link to or be accessible from (or on) the Website.
Children’s Online Privacy Protection Act (COPPA)
This Website and any products and services offered herein are not intended for persons under the age of 18.
We prohibit children under the age of 18 from using any and all interactive portions of this Website, including leaving any comments, filling out forms, or otherwise submitting information. A child’s parent or guardian should contact us if we have inadvertently collected any information or content from that child without the parent or guardian’s authorization, so that we may delete that information from our records.
CAN-SPAM Act of 2003
We have taken the necessary steps to ensure that we are in compliance with the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 and will not send misleading information.
Personal Information We Collect
The type of personal information we collect depends on how you are interacting with us. We generally collect the following categories of personal information:
Contact information, such as first and last name, email address, postal address, phone number, and other similar contact data;
Records and copies of your correspondence (including email address) if you contact us;
Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website and we will use a third-party payment processor to process the payment. We do not collect your credit card or debit card number, expiration date, or pin number;
Comments, feedback, questions and other information you provide to us;
Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website;
Information about your computer and internet connection, including your IP address, operating system, and browser type.
[The CCPA and the California Privacy Rights Act (CPRA) apply to any for-profit business that does business in California and:
Has annual gross revenues that exceed $25 million;
Collects, buys, receives, sells, or shares the personal information of 100,000 or more consumers or households each year; OR
Derives 50% of its annual revenues from selling or sharing personal information.
See the definitions for “sale” and “sharing” referenced below in the How We Use the Information/Lawful Bases section.
The CPRA has defined “sensitive personal information” as follows:
Social Security, driver’s license numbers, state identification card, and passport numbers;
financial account, debit card, or credit card numbers in combination with required security or access codes, passwords, or credentials allowing access to an account;
account login in combination with required security or access codes, passwords, or credentials allowing access to the account;
precise geolocation (i.e., information used or intended to be used to locate a consumer within a geographic area equal to or less than approximately 1/8 square mile);
information about racial or ethnic origin, religious beliefs, philosophical beliefs, or union membership;
contents of consumers’ mail, emails, or text messages, unless the business is the intended recipient of that information;
genetic data;
the processing of biometric information for the purpose of uniquely identifying a consumer; and
information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.
If you process “sensitive personal information” and CCPA/CPRA apply to your business you must include the following:]
Limit the Use of My Sensitive Personal Information [HYPERLINK TO YOUR INTERNET WEB PAGE THAT EXPLAINS: (I) THE SENSITIVE PERSONAL INFORMATION YOU COLLECT; (II) THE PURPOSES FOR COLLECTING IT; (III) WHETHER THE SENSITIVE PERSONAL INFORMATION IS SHARED OR SOLD; AND (IV) THE LIMITATIONS ON ITS USE AND DISCLOSURE. BE SURE THIS HYPERLINK IS ALSO INCLUDED ON YOUR WEBSITE’S HOME PAGE.]
[AS A NOTE, IF YOU PROCESS SENSITIVE PERSONAL INFORMATION AND THE COLORADO PRIVACY ACT (CPA), CONNECTICUT SB6, DELAWARE PERSONAL DATA PRIVACY ACT (DPDPA), NEBRASKA DATA PRIVACY ACT (NDPA), OREGON SB19, TEXAS DATA PRIVACY AND SECURITY ACT (TDPSA), AND/OR VIRGINIA CONSUMER DATA PROTECTION ACT (VCDPA) APPLIES TO YOUR BUSINESS (SEE THE TABLE ON THE LAST PAGES OF THIS DOCUMENT), YOU MUST FIRST OBTAIN A CONSUMER’S CONSENT TO DO SO]
Sources of Personal Information
We collect personal information from you as follows:
You provide personal information to us when you:
Subscribe to or purchase our products and/or services;
Complete a contact or information request form. [OR]; and
[any additional ways a website user may provide you with their personal information]
We automatically collect personal information when you:
Visit, interact with, or use our Website;
Access, use, or download content from us; and
Open emails or click links in emails from us. [OR]; and
[any additional ways you may automatically collect personal information from a website user]
[IF YOU USE THIRD PARTY COOKIES LIKE GOOGLE ADSENSE, FACEBOOK PIXEL, ETC., YOU CAN INCLUDE THE FOLLOWING SENTENCE. IF NOT, THEN YOU CAN OMIT IT:]
We collect personal information for third party advertisers that use cookies on our Website to provide interest-based advertising. See the Interest-Based Advertising section below.
How We Use the Information/Lawful Bases
We process personal information about you on one or more of the following bases: [REVISE THIS LIST TO REFLECT WHICH OF THESE 6 LAWFUL BASES FOR PROCESSING YOU USE TO SUPPORT WHY YOU PROCESS PERSONAL INFORMATION:]
To perform a contract;
With your consent;
For our legitimate interests;
To comply with the law;
To protect someone’s life; and/or
Public task.
We process personal information to: [REVISE THIS LIST TO REFLECT HOW YOU PROCESS THE PERSONAL INFORMATION PROVIDED TO YOU BY YOUR WEBSITE USERS]
Process and fulfill an order, download, subscription, or other transaction;
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
Respond to your requests, inquiries, comments, and concerns;
Notify you about changes to our Website or any products or services we offer or provide through it;
Send marketing emails;
Inform you of and administer promotions, contests, sweepstakes or surveys;
Help us address problems with and improve our Website;
Protect the security and integrity of our Website;
Contact you for other business reasons, if necessary; and
Provide interest-based advertising. [OR]; and
[any additional reasons you process personal information]
[The CCPA/CPRA define “sale” of personal information as “selling, renting, releasing, disclosing, disseminating, making available, transferring or communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or their party for monetary of other valuable consideration.”
The CPRA defines “sharing” as any disclosure of personal information (renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, or in writing, or by electronic or other means) to third parties for cross-contextual behavioral advertising whether or not for monetary or other valuable consideration.
IF CCPA/CPRA APPLY TO YOU AND IF YOU DO NOT SELL OR SHARE PERSONAL INFORMATION YOU COLLECT FROM CONSUMERS, INCLUDE THE FOLLOWING SENTENCE:]
We will not sell or share your personal information and have not done so in the last 12 months.
[OR]
[IF CCPA/CPRA APPLY TO YOUR AND YOU DO SELL OR SHARE PERSONAL INFORMATION YOU COLLECT FROM CONSUMERS, INCLUDE THE FOLLOWING:]
Do Not Sell or Share My Personal Information [HYPERLINK TO YOUR INTERNET WEB PAGE THAT ENABLES A CONSUMER, OR A PERSON AUTHORIZED BY THE CONSUMER, TO OPT-OUT OF THE SALE OR SHARING OF THE CONSUMER’S PERSONAL INFORMATION (OR SENSITIVE PERSONAL INFORMATION IF YOU COLLECT IT). BE SURE THIS HYPERLINK IS ALSO INCLUDED ON YOUR WEBSITE’S HOME PAGE.]
In the last 12 months I have sold the following categories of personal information: [REVISE THIS LIST TO REFLECT THE CATEGORIES OF INFORMATION YOU HAVE SOLD]
Identifiers: Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers
Customer records information: Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, other financial information, medical information, health insurance information
Characteristics of protected classifications under California or federal law: Race, religion, sexual orientation, gender identity, gender expression, age
Commercial information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Biometric information: Hair color, eye color, fingerprints, height, retina scans, facial recognition, voice, and other biometric data
Internet or other electronic network activity information: Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Professional or employment-related information
Education information
Inferences
We may transfer your personal information to a third party in the event of a bankruptcy, dissolution, merger, sale, acquisition, or change of control.
We may transfer your personal information to a third party if we need to comply with our legal obligations, resolve disputes, and/or enforce our agreements.
Use of Cookies
“Cookies” are small text files that are placed on a computer or other device and used to identify the user or device and to collect information when you visit a website. Cookies may be set by the website you are visiting (also known as “first party cookies”) or by third parties who provide advertising or analytics services on the website (also known as “third party cookies”).
We use cookies for several different purposes.
[This Section should be revised to reflect what type of cookies you use, their purposes, a link to third parties who install cookies as well as a link to their opt out site. Cookies are typically assigned to one of four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.
You’ll want to look into the cookies that you use on your website, including third-party cookies like Google Analytics, Google AdSense, Facebook Pixel, etc. so that you can disclose them here. You can visit the website for each optional third-party cookie that you use to obtain further information about the cookie’s function, what information it collects, and how your website user can opt out of it OR you can use a cookie tracking software that will scan your website and provide this information for you and you can hyperlink the resulting Cookies Policy here.
Such software is helpful because if you use cookies that track personal information, you will need to make sure that you are first obtaining your website viewer’s consent before they are activated under the GDPR by using a cookie opt-in – and the software should provide it.
If you will be hyperlinking your Cookies Policy, you can include this text with “Cookies Policy” hyperlinked, otherwise be sure to delete it:] Please see our Cookies Policy for more information.
You can disable cookies through your web browser’s settings, but disabling this function may diminish your experience on our Website as some features may not work as intended.
[INCLUDE THE FOLLOWING SECTION ONLY IF YOUR WEBSITE PARTICIPATES IN INTEREST-BASED ADVERTISING (I.E., ADVERTISING THAT SPECIFICALLY TARGETS A USER BASED ON THEIR ONLINE ACTIVITY, AKA “TARGETED ADS” AND “ONLINE BEHAVIORAL ADVERTISING”), SUCH AS GOOGLE ADWORDS. OTHERWISE OMIT IT:]
Interest-Based Advertising
Our Website also allows third parties to collect certain personal information during your visit to the Website to provide interest-based advertising to you.
Website users may opt out of interest-based advertising by:
Going to your account privacy settings in your browser and turning off personalization;
Going to the Digital Advertising Alliance’s opt out tool, http://optout.aboutads.info;
Going to the Network Advertising Initiative’s opt out tool, https://www.networkadvertising.org/choices; or
Going to https://www.youronlinechoices.com/, if you’re based in the EU.
[INCLUDE THE FOLLOWING SECTION ONLY IF YOU USE AUTOMATED DECISION-MAKING (an example would be online credit approval or an aptitude test). OTHERWISE OMIT IT:]
Automated Decision-Making
We use the personal information that we collect for automated decision-making (i.e., making a decision solely by automated means without any human involvement) if it is authorized by legislation, if you have provided explicit consent, or if it is necessary for entering into or performance of a contract.
When using automated decision-making, we will provide you with further information about the logic involved, your right to obtain human intervention, the potential consequences of the processing, and your right to contest the automated decision.
[INCLUDE THE FOLLOWING SECTION ONLY IF YOU USE PROFILING (an example would be evaluating a person’s health based on the information you collect). OTHERWISE OMIT IT:]
Profiling
We use the personal information that we collect for profiling (i.e., automated processing of the information to evaluate certain personal aspects of a natural person to predict their behavior and make decisions regarding it) if it is authorized by legislation, if you have provided explicit consent, or if it is necessary for entering into or performance of a contract.
When profiling, we will provide you with further information about the logic involved, your right to obtain human intervention, the potential consequences of the processing, and your right to contest the automated profile.
“Do Not Track” (DNT) Signals
Some browsers transmit Do Not Track (DNT) signals to websites.
Due to the lack of a common interpretation of DNT signals throughout the industry, we do not currently alter, change, or respond to DNT requests or signals from these browsers.
[This Section should be revised to reflect how your website responds to DNT signals.]
How the Information is Shared
Depending on how you interact with us, we share information with our third-party service providers, agents and representatives, including, but not limited to, [1] eCommerce platform providers, payment processing providers, email service providers, IT service providers, security and software service providers, in order to process the information as necessary to complete a transaction, fulfill your request, or otherwise on our behalf based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to:
meet any applicable law, regulation, legal process or other legal obligation;
detect, investigate and help prevent security, fraud or technical issues; and/or
protect the rights, property, or safety of us, our Website, our users, employees, or others.
Our current third-party service providers include:
[2] _______________
[This Section should be revised to reflect exactly:
[1] What types of third-party service providers you use, and
[2] Who your current third-party service providers are (such as PayPal or ConvertKit; you can also hyperlink their separate privacy policies.]
Information Retention
We retain your personal information for as long as necessary to fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements, or until such time as you let us know you would like for us to delete it or unsubscribe from our marketing contacts.
[This Section should be revised to reflect exactly how long you intend to retain the personal information you collect]
[INCLUDE THE FOLLOWING SECTION ONLY IF CERTAIN FEATURES OF YOUR WEBSITE REQUIRE THE CREATION OF A USERNAME AND PASSWORD. OTHERWISE OMIT IT:]
Passwords
Certain features of our Website require the creation of a username and password. You are responsible for keeping your username and password confidential. We ask that you not share your username or password with anyone. We cannot and will not be liable for any loss or damage arising from your failure to protect your username or password.
You agree to notify us immediately of any unauthorized use of your username or password or any other breach of security.
Information Protection and Security
Our Website uses commercially acceptable security measures to prevent your personal information from being lost, used, or accessed in an unauthorized way. We use a Secure Sockets Layer (SSL) certificate and [NOTE: VERIFY THAT THIS IS ACCURATE AND YOU HAVE THIS INSTALLED ON YOUR WEBSITE!] never transmit your credit card information via email. If you receive an email from us that appears to be a request for personal information, do not respond because it may be a phishing scam designed to steal your personal information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk.
Should there be a data breach, we will notify you when we are legally required to do so.
[This Section should be revised to reflect the specific security measures you take on your website]
Your Rights to Control Your Information
You can unsubscribe from our email newsletters or updates at any time through the unsubscribe links found in the communications you receive from us.
[IF YOU USE TEXT MESSAGE ADVERTISING, INCLUDE THE FOLLOWING. OTHERWISE OMIT IT:]
You can unsubscribe from our text message advertisements at any time by ____________ [outline the procedure your service has for unsubscribing].
Local data protection laws may give you rights with respect to personal information if you are located in or a resident of that country, state, or territory.
THESE RIGHTS ARE NOT GUARANTEED AND IT IS IMPORTANT FOR YOU TO CONSULT YOUR LOCAL DATA PROTECTION LAWS TO DETERMINE WHAT RIGHTS MAY BE AVAILABLE TO YOU.
These rights may include the following:
Right
May Apply To
Right to disclosure/access (to know the personal information collected about you and request a copy)
Residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, Virginia, Australia, Canada, the European Union and/or the European Economic Area, and the United Kingdom
Right to correct/rectification (to have your inaccurate personal information corrected)
Residents of California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Virginia, Canada, Australia, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to erasure/deletion (to have all or some of your personal information deleted upon a verifiable request)
Residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Texas, Oregon, Utah, Virginia, the European Union and/or the European Economic Area, and the United Kingdom
Right to nondiscrimination (the right to equal service and price even if you exercise your rights)
Residents of California, Maryland, Minnesota, Montana, Oregon, Texas, and Virginia
Right to obtain a specific list of third parties your personal information was shared with
Residents of Minnesota and Oregon
Right to obtain a list of the categories of third parties to which the business has disclosed personal information
Residents of Maryland
Right to opt out of sale of personal information
[INCLUDE THIS OPTION ONLY IF YOU SELL OR SHARE PERSONAL INFORMATION FOR THIS PURPOSE]
Residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, Nevada, Oregon, Texas, Utah, and Virginia
Right to opt out of use of personal information for the purposes of targeted advertising
[INCLUDE THIS OPTION ONLY IF YOU RUN TARGETED ADVERTISING]
Residents of Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia
Right to opt of use of personal information for profiling
[INCLUDE THIS OPTION ONLY IF YOU ENGAGE IN PROFILING]
Residents of Connecticut, Delaware, New Hampshire, Oregon, and Texas
Right to question the results of profiling, be informed of the reason that the profiling resulted in the decision, and be informed of what actions the consumer might take to secure a different decision in the future as well as the right to review the personal information used in the profiling to correct such information for the profiling decision to be reevaluated based on the corrected information.
[INCLUDE THIS OPTION ONLY IF YOU ENGAGE IN PROFILING]
Residents of Minnesota
Right to opt out of use of personal information for profiling in furtherance of decisions that produce legal or similarly significant effects
[INCLUDE THIS OPTION ONLY IF YOU ENGAGE IN PROFILING THAT HAS LEGAL OR SIGNIFICANT EFFECTS FOR YOUR WEBSITE USERS]
Residents of Colorado, Maryland, Minnesota, Montana, Nebraska, New Jersey, and Virginia
Right to limit use and disclosure of sensitive personal information
[INCLUDE THIS OPTION ONLY IF YOU PROCESS SENSITIVE PERSONAL INFORMATION FOR THIS PURPOSE]
Residents of California and Connecticut
Right to opt out of sensitive data processing
[INCLUDE THIS OPTION ONLY IF YOU PROCESS SENSITIVE PERSONAL INFORMATION FOR THIS PURPOSE]
Residents of Iowa
Right to data portability (to have your personal information transferred to you or a third party in machine-readable format, where technically feasible)
Residents of Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to data portability (to have your personal information transferred to you in a readily-usable format that lets you transmit that information to a third party)
Residents of California, Colorado, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia
Right to data portability (to have your personal information transferred to you in a readily-usable format that lets you transmit that information to a third party where processing is carried out by automated means)
Residents of Connecticut
Right to withdraw consent (to withdraw your consent that we handle your personal information at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal)
Residents of Canada, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to not identify yourself or of using a pseudonym
Residents of Australia
Right to restriction of processing (to limit the purposes that your personal information may be used for)
Residents of the European Union and/or the European Economic Area, and the United Kingdom
Right to object (to object to the processing of your personal information in cases where our processing is based on direct marketing)
Residents of the European Union and/or the European Economic Area, and the United Kingdom
Right to stop unwanted direct marketing
Residents of the European Union and/or the European Economic Area, and Australia
Right to complain (to lodge a complaint with competent authorities in the proper jurisdiction if you are not content with how we collect, share, and process your personal information)
Residents of Canada, Australia, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to appeal (a decision made regarding an exercise of rights)
Residents of Montana, Oregon, and Texas
These rights are not absolute and they do not always apply in all cases. We will honor your rights under applicable data protection laws.
CALIFORNIA CIVIL CODE SECTION 1798.83 (“SHINE THE LIGHT LAW”)
[As a note, businesses with less than 20 full time or part-time employees are exempt from the Shine the Light Law. See California Civil Code Section 1798.83(c)(1). If you fall within that exemption, you can delete this section dealing with the Shine the Light Law. If you do not fall within the exemption and have made disclosures of personal information to third parties who will use that personal information to solicit a purchase, rental, lease, or exchange of products directly to individuals by means of mail, telephone, or email then include this section.]
California Civil Code Section 1798.83 or the “Shine the Light Law” permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, see the Contact Us section below.
Exercising Your Rights
If you wish to exercise any of the rights specified above, please submit a request via email to:
____________________ [insert your email address here]
Please be sure to specify which right you want to exercise and provide us with enough information to verify your identity. If we cannot verify your identity, we may not be able to fulfill your request.
We will respond to your request within 30-45 calendar days of receipt, depending on where you reside. We will notify you in writing via email if we need more time to respond.
We may deny your request if certain exceptions in the law apply. We will provide you the reason(s) for denial in writing via email.
You have the right to appeal our decision with respect to your request to exercise your rights. You may appeal the decision by emailing the address provided above in this section.
We will respond to your appeal within 30-45 calendar days of receipt, depending on where you reside. We will notify you in writing via email if we need more time to respond.
Use and Transfer of Your Information Out of the European Economic Area (EEA) or Canada
This Website is operated in the United States and the third parties with whom we might share your personal information (as explained above) are also located in the United States or other countries located outside the EEA and Canada.
If you are located outside of the United States, please be aware that any information you provide will be transferred to the United States. By using this Website and/or providing your information, you consent to this transfer.
Contact Us
If you have any questions, comments, complaints, or suggestions in relation to this Privacy Policy or our privacy practices, please contact us by [UNDER THE CCPA IF YOU ARE A BRICK-AND-MORTAR BUSINESS WITH AN ONLINE PRESENCE YOU ARE REQUIRED TO PROVIDE BOTH A TOLL-FREE TELEPHONE NUMBER AND A WEB FORM IF YOU HAVE A WEBSITE FOR CALIFORNIAN RESIDENTS TO EXERCISE THEIR RIGHTS IF CCPA/CPRA APPLY TO YOU. IF YOU OPERATE EXCLUSIVELY ONLINE THEN YOU ARE ONLY REQUIRED TO PROVIDE AN EMAIL ADDRESS. BE SURE TO SPEAK WITH AN ATTORNEY IN YOUR AREA IF YOU HAVE QUESTIONS] using this web form: ____________ [link your web form here], calling this toll-free telephone number: ______________ [provide telephone number], or by email or postal mail:
____________________ [insert your email address here]
____________________ [insert the full name of the person for consumers to contact or your registered business name here]
____________________ [insert your business’ mailing address here]
[If you’ve appointed a Data Protection Officer under GDPR, be sure to include their contact details as well]
Changes to this Privacy Policy
The date this Privacy Policy was last revised is identified at the top of the page. It is our policy to post any changes we make to our Privacy Policy on this page. If we make any material changes to how we treat our Website users’ personal information, we will notify you of any such changes by email (if you have provided your email to us) and/or by a prominent notice displayed on our Website’s home page and updating the revised date of our Privacy Policy. We recommend that you check this Privacy Policy when you visit our Website to be sure that you are aware of our most current policy.
[*NOTE THAT IF AT ANY TIME YOU CHANGE YOUR PRIVACY POLICY IN A WAY THAT AFFECTS THE PERSONAL INFORMATION YOU COLLECT, AFTER YOUR REVISED PRIVACY POLICY HAS BEEN POSTED TO YOUR WEBSITE IT IS RECOMMENDED THAT YOU NOT ONLY EMAIL YOUR EMAIL LIST SUBSCRIBERS BUT ALSO POST A NOTICE ON YOUR WEBSITE. IT IS ALSO RECOMMENDED THAT YOU KEEP RECORDS OF EACH VERSION OF YOUR PRIVACY POLICY*]
Please also read our Terms and Conditions of Use. [Link your Terms and Conditions here]
[THIS TABLE IS NOT INTENDED TO BE PART OF THE PRIVACY POLICY POSTED TO YOUR WEBSITE. IT IS AN OUTLINE OF THE VARIOUS DATA PRIVACY LAWS THIS TEMPLATE ADDRESSES IN THE CHART ABOVE AND THEIR THRESHOLDS FOR IMPLEMENTATION:
DATA PRIVACY LAW
WHO IT APPLIES TO
Australia Privacy Act of 1988
Applies to business if website collects personal information of residents of Australia or Australian territories.
California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA)
SEE NOTES ABOVE IN TEMPLATE.
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
Applies to business if website collects the personal information of Canadians.
Colorado Privacy Act (CPA)
Applies to business if:
Conduct business in Colorado or produce or deliver commercial products or services that are intentionally targeted towards residents of Colorado; and
Satisfies one of the following thresholds:
Controls or processes the personal data of 100,000 or more Colorado consumers during a calendar year; or
Derives revenue or receives a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of 25,000 or more Colorado consumers.
Exempts airlines, public utilities, financial institutions, governmental entities in Colorado, entities covered by the Health Insurance Portability and Accountability Act (HIPAA), those collecting/processing data for Colorado health insurance law purposes,
those collecting/processing data for, employment records purposes, those processing de-identified personal data, consumer reporting agencies, and higher education institutions.
Connecticut SB6
Applies to business if:
Controlled or processes the personal data of 100,000 or more Connecticut residents; or
Controlled or processed the personal data of 25,000 or more residents of Connecticut and derived more than 25% of their gross revenue from the sale of personal data.
Exempts non-profits, higher education institutions, national securities associations, financial institutions and entities that need to comply with HIPAA.
Delaware Personal Data Privacy Act (DPDPA)
Applies to business if doing business in Delaware or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 35,000 or more Delaware consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 10,000 or more Delaware consumers with over 20% annual gross revenue from the sale of personal data.
Exempts government entities and financial institutions.
Businesses may not process sensitive personal data without receiving prior consent from the consumer.
General Data Protection Regulation (GDPR)
Applies to business if it:
processes personal information as part of the activities of one of its branches established in the European Union, regardless of where the data is processed; or
is established outside the European Union and is offering goods or services (paid or for free) or is monitoring the behavior of individuals in the European Union.
Iowa Consumer Data Protection Act (IACDPA)
Applies to individuals and entities who conduct business in Iowa or produce products or services that are targeted to residents of Iowa and during a calendar year either:
Controls or processes personal data of at least 100,000 Iowa residents; or
Controls or processes personal data of at least 25,000 Iowa residents and derives over 50% of its gross revenue from the sale of personal data.
Exempts non-profit organizations, government entities, public and private education institutions.
Exempts data such as business-to-business personal data, data provided in the employment context, consumer credit reporting data, health records, and scientific research data.
Maryland Online Data Privacy Act of 2024
Applies to businesses in Maryland or that provide products or services that are targeted to residents of Maryland if:
Control or process the personal data of at least 35,000 residents of Maryland; or
Control or process the personal data of at least 10,000 residents of Maryland AND derived more than 25% of its gross revenue from the sale of personal data.
Exempts non-profits who process data to assist law enforcement agencies in investigating criminal or fraudulent acts relating to either insurance or first responders in responding to catastrophic events.
Minnesota Consumer Data Privacy Act (MCDPA)
Applies to legal entities in Minnesota or that provide products or services that are targeted to residents of Minnesota if:
Control or process the personal data of 100,000 residents of Minnesota; or
Control or process the personal data of at least 25,000 residents of Minnesota AND derived more than 25% of its gross revenue from the sale of personal data.
Exempts government entities, federally recognized Indian tribes, covered entities and business associates subject to the Health Insurance Portability and Accountability Act ("HIPAA"), state or federally chartered banks or credit unions, insurance companies, non-profits established to detect and prevent insurance fraud, air carriers subject to the federal Airline Deregulation Act, and
small businesses, as defined by the United States Small Business Administration. The Small Business Administration defines “small business” as either an independent business with less than 500 employees or a business that makes under a certain amount of gross revenue per year.
HOWEVER, small businesses may not engage in the sale of sensitive personal data without receiving prior consent from the consumer.
Montana Consumer Data Privacy Act (MCDPA)
Applies to businesses in Montana or that provide products or services that are targeted to residents of Montana and meet one or more of the following factors:
Control or process the personal data of not less than 50,000 Montana residents (excluding personal data controlled or processed solely for completing payment transactions); or
Control or process the personal data of not less than 25,000 Montana residents and derive more than 25% of gross revenue from the sale of personal data.
Exempts non-profits, higher education institutions, national securities associations, financial institutions and entities that need to comply with HIPAA.
Nebraska Data Privacy Act (NDPA)
Applies to any entity that:
Conducts business in Nebraska or produces products or services consumed by Nebraska residents;
Processes or engages in the sale of personal data; and
Is not a small business under the federal Small Business Act (SBA), except if such entity engages in the sale of sensitive data without receiving prior consent from the consumer.
Exempts state agencies, non-profit organizations, higher education institutions, and energy utility providers.
Nevada Revised Statutes Chapter 603A
Applies if a person:
Owns and operates a website for business purposes;
Collects and maintains personal information from consumers who reside in Nevada and use the website; and
Purposefully directs its activities towards Nevada, consummates a transaction with the State of Nevada or a resident of Nevada, purposefully avails itself of the privilege of conducting activities in Nevada or otherwise engages in any activity that constitutes sufficient nexus with Nevada to satisfy the requirements of the U.S. Constitution.
Exempts those that live in Nevada if your revenue is derived primarily from a source other than selling goods, services or credit on your website; and your website has less than 20,000 unique visitors per year as well as financial institutions and entities that need to comply with HIPAA.
New Hampshire Privacy Act (NHPA)
Applies to business if doing business in New Hampshire or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 35,000 or more New Hampshire consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 10,000 or more New Hampshire consumers with over 25% annual gross revenue from the sale of personal data.
Exempts non-profit organizations, government entities, financial institutions, and education institutions.
New Jersey Privacy Act (NJPA)
Applies to business if doing business in New Jersey or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 100,000 or more New Jersey consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 25,000 or more New Jersey consumers and the controller receives revenue or a discount on the price of any goods or services from the sale of personal data.
Exempts government entities and financial institutions.
Oregon SB619
Applies if person conducts business in Oregon or provides products or services to residents of Oregon and that, during a calendar year:
Processors or controls the personal data of 100,000 or more residents of Oregon; or
Processors or controls the personal data of 25,000 or more residents of Oregon and derives 25% or more of annual gross revenue from the sale of personal data; or
signed a contract for the processing of data with a company that does need to comply with this law.
Exempts non-profits that are established to detect or prevent fraudulent acts in connection with insurance and non-profits that provide programming to radio or television networks.
Quebec Law 25
Applies to business if persons collect, hold, use or share personal information in the course of carrying on an enterprise.
“Enterprise” is defined as “the carrying on by one or more persons of an organized economic activity, whether or not it is commercial in nature, consisting of producing, administering or alienating property, or providing a service.”
Includes non-profits.
Texas Data Privacy and Security Act (TDPSA)
Applies if person conducts business in Texas or produces a product or service consumed by residents of Texas and that processes or engages in the sale of personal data.
Exempts non-profits, small businesses, as defined by the United States Small Business Administration. The Small Business Administration defines “small business” as either an independent business with less than 500 employees or a business that makes under a certain amount of gross revenue per year.
HOWEVER, small businesses may not engage in the sale of sensitive personal data without receiving prior consent from the consumer.
United Kingdom’s Data Protection Act of 2018
Applies if business monitors the behavior of UK residents via interest-based advertising, use of cookies, etc.
Utah Consumer Privacy Act (UCPA)
Applies to business if:
Has annual revenue of $25,000,000 or more; and
Meets one of the following thresholds:
During a calendar year, controls or processes the personal data of 100,000 or more Utah residents; or
Derives 50% or more of its annual gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more Utah consumers.
Exempts state agencies and other such political organizations, financial institutions,
HIPAA-defined covered entities and their business associates, higher education institutions, non-profits, and air carriers.
Virginia Consumer Data Protection Act (VCDPA)
Applies to business if during a calendar year:
control or process the personal data of at least 100,000 Virginia residents
control or process the personal data of at least 25,000 consumers and derive over 50% of gross revenue from the sale of personal data
Exempts state agencies and other such political organizations, financial institutions,
HIPAA-defined covered entities and their business associates, higher education institutions, and non-profits.
DELETE THIS TABLE BEFORE POSTING YOUR PRIVACY POLICY TO YOUR WEBSITE!]
Website Privacy Policy
Last Modified: 3/31/25
Purpose
The Modern Hive Interior Design Studio, LLC (hereinafter “we,” “our,” “us”) is committed to protecting your privacy and maintaining a quality online experience for our website users.
This Privacy Policy describes the type of personal information we may collect from you or that you may provide when you visit www.themodernhive.com and www.themodern-hive.com (hereinafter “Website”) and our practices for handling, storing, and protecting that information as well as your rights in relation to your personal information and how you can contact us and supervisory authorities in the event you have questions about how we handle your personal information.
Privacy Policy Consent
Please read this Privacy Policy carefully and in its entirety before using our Website. If you do
not agree with our policies and practices regarding your personal information and how we will treat it, your choice is to not use our Website. Your use of our Website constitutes your voluntary acceptance to be bound by this Privacy Policy, whether you have read it or have had the opportunity to read it and have chosen not to.
This Privacy Policy applies to the information we collect:
On this Website.
In email, text, and other electronic messages between you and this Website.
It does not apply to information that is collected by:
Us offline or through any other means, including on any other website operated by any third party (including our affiliates).
Any third party (including our affiliates) through any content (including advertising) that may link to or be accessible from (or on) the Website.
Children’s Online Privacy Protection Act (COPPA)
This Website and any products and services offered herein are not intended for persons under the age of 18.
We prohibit children under the age of 18 from using any and all interactive portions of this Website, including leaving any comments, filling out forms, or otherwise submitting information. A child’s parent or guardian should contact us if we have inadvertently collected any information or content from that child without the parent or guardian’s authorization, so that we may delete that information from our records.
CAN-SPAM Act of 2003
We have taken the necessary steps to ensure that we are in compliance with the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 and will not send misleading information.
Personal Information We Collect
The type of personal information we collect depends on how you are interacting with us. We generally collect the following categories of personal information:
Contact information, such as first and last name, email address, postal address, phone number, and other similar contact data;
Records and copies of your correspondence (including email address) if you contact us;
Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website and we will use a third-party payment processor to process the payment. We do not collect your credit card or debit card number, expiration date, or pin number;
Comments, feedback, questions and other information you provide to us;
Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website;
Information about your computer and internet connection, including your IP address, operating system, and browser type.
[The CCPA and the California Privacy Rights Act (CPRA) apply to any for-profit business that does business in California and:
Has annual gross revenues that exceed $25 million;
Collects, buys, receives, sells, or shares the personal information of 100,000 or more consumers or households each year; OR
Derives 50% of its annual revenues from selling or sharing personal information.
See the definitions for “sale” and “sharing” referenced below in the How We Use the Information/Lawful Bases section.
The CPRA has defined “sensitive personal information” as follows:
Social Security, driver’s license numbers, state identification card, and passport numbers;
financial account, debit card, or credit card numbers in combination with required security or access codes, passwords, or credentials allowing access to an account;
account login in combination with required security or access codes, passwords, or credentials allowing access to the account;
precise geolocation (i.e., information used or intended to be used to locate a consumer within a geographic area equal to or less than approximately 1/8 square mile);
information about racial or ethnic origin, religious beliefs, philosophical beliefs, or union membership;
contents of consumers’ mail, emails, or text messages, unless the business is the intended recipient of that information;
genetic data;
the processing of biometric information for the purpose of uniquely identifying a consumer; and
information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.
If you process “sensitive personal information” and CCPA/CPRA apply to your business you must include the following:]
Limit the Use of My Sensitive Personal Information [HYPERLINK TO YOUR INTERNET WEB PAGE THAT EXPLAINS: (I) THE SENSITIVE PERSONAL INFORMATION YOU COLLECT; (II) THE PURPOSES FOR COLLECTING IT; (III) WHETHER THE SENSITIVE PERSONAL INFORMATION IS SHARED OR SOLD; AND (IV) THE LIMITATIONS ON ITS USE AND DISCLOSURE. BE SURE THIS HYPERLINK IS ALSO INCLUDED ON YOUR WEBSITE’S HOME PAGE.]
[AS A NOTE, IF YOU PROCESS SENSITIVE PERSONAL INFORMATION AND THE COLORADO PRIVACY ACT (CPA), CONNECTICUT SB6, DELAWARE PERSONAL DATA PRIVACY ACT (DPDPA), NEBRASKA DATA PRIVACY ACT (NDPA), OREGON SB19, TEXAS DATA PRIVACY AND SECURITY ACT (TDPSA), AND/OR VIRGINIA CONSUMER DATA PROTECTION ACT (VCDPA) APPLIES TO YOUR BUSINESS (SEE THE TABLE ON THE LAST PAGES OF THIS DOCUMENT), YOU MUST FIRST OBTAIN A CONSUMER’S CONSENT TO DO SO]
Sources of Personal Information
We collect personal information from you as follows:
You provide personal information to us when you:
Subscribe to or purchase our products and/or services;
Complete a contact or information request form. [OR]; and
[any additional ways a website user may provide you with their personal information]
We automatically collect personal information when you:
Visit, interact with, or use our Website;
Access, use, or download content from us; and
Open emails or click links in emails from us. [OR]; and
[any additional ways you may automatically collect personal information from a website user]
[IF YOU USE THIRD PARTY COOKIES LIKE GOOGLE ADSENSE, FACEBOOK PIXEL, ETC., YOU CAN INCLUDE THE FOLLOWING SENTENCE. IF NOT, THEN YOU CAN OMIT IT:]
We collect personal information for third party advertisers that use cookies on our Website to provide interest-based advertising. See the Interest-Based Advertising section below.
How We Use the Information/Lawful Bases
We process personal information about you on one or more of the following bases: [REVISE THIS LIST TO REFLECT WHICH OF THESE 6 LAWFUL BASES FOR PROCESSING YOU USE TO SUPPORT WHY YOU PROCESS PERSONAL INFORMATION:]
To perform a contract;
With your consent;
For our legitimate interests;
To comply with the law;
To protect someone’s life; and/or
Public task.
We process personal information to: [REVISE THIS LIST TO REFLECT HOW YOU PROCESS THE PERSONAL INFORMATION PROVIDED TO YOU BY YOUR WEBSITE USERS]
Process and fulfill an order, download, subscription, or other transaction;
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
Respond to your requests, inquiries, comments, and concerns;
Notify you about changes to our Website or any products or services we offer or provide through it;
Send marketing emails;
Inform you of and administer promotions, contests, sweepstakes or surveys;
Help us address problems with and improve our Website;
Protect the security and integrity of our Website;
Contact you for other business reasons, if necessary; and
Provide interest-based advertising. [OR]; and
[any additional reasons you process personal information]
[The CCPA/CPRA define “sale” of personal information as “selling, renting, releasing, disclosing, disseminating, making available, transferring or communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or their party for monetary of other valuable consideration.”
The CPRA defines “sharing” as any disclosure of personal information (renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, or in writing, or by electronic or other means) to third parties for cross-contextual behavioral advertising whether or not for monetary or other valuable consideration.
IF CCPA/CPRA APPLY TO YOU AND IF YOU DO NOT SELL OR SHARE PERSONAL INFORMATION YOU COLLECT FROM CONSUMERS, INCLUDE THE FOLLOWING SENTENCE:]
We will not sell or share your personal information and have not done so in the last 12 months.
[OR]
[IF CCPA/CPRA APPLY TO YOUR AND YOU DO SELL OR SHARE PERSONAL INFORMATION YOU COLLECT FROM CONSUMERS, INCLUDE THE FOLLOWING:]
Do Not Sell or Share My Personal Information [HYPERLINK TO YOUR INTERNET WEB PAGE THAT ENABLES A CONSUMER, OR A PERSON AUTHORIZED BY THE CONSUMER, TO OPT-OUT OF THE SALE OR SHARING OF THE CONSUMER’S PERSONAL INFORMATION (OR SENSITIVE PERSONAL INFORMATION IF YOU COLLECT IT). BE SURE THIS HYPERLINK IS ALSO INCLUDED ON YOUR WEBSITE’S HOME PAGE.]
In the last 12 months I have sold the following categories of personal information: [REVISE THIS LIST TO REFLECT THE CATEGORIES OF INFORMATION YOU HAVE SOLD]
Identifiers: Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers
Customer records information: Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, other financial information, medical information, health insurance information
Characteristics of protected classifications under California or federal law: Race, religion, sexual orientation, gender identity, gender expression, age
Commercial information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Biometric information: Hair color, eye color, fingerprints, height, retina scans, facial recognition, voice, and other biometric data
Internet or other electronic network activity information: Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Professional or employment-related information
Education information
Inferences
We may transfer your personal information to a third party in the event of a bankruptcy, dissolution, merger, sale, acquisition, or change of control.
We may transfer your personal information to a third party if we need to comply with our legal obligations, resolve disputes, and/or enforce our agreements.
Use of Cookies
“Cookies” are small text files that are placed on a computer or other device and used to identify the user or device and to collect information when you visit a website. Cookies may be set by the website you are visiting (also known as “first party cookies”) or by third parties who provide advertising or analytics services on the website (also known as “third party cookies”).
We use cookies for several different purposes.
[This Section should be revised to reflect what type of cookies you use, their purposes, a link to third parties who install cookies as well as a link to their opt out site. Cookies are typically assigned to one of four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.
You’ll want to look into the cookies that you use on your website, including third-party cookies like Google Analytics, Google AdSense, Facebook Pixel, etc. so that you can disclose them here. You can visit the website for each optional third-party cookie that you use to obtain further information about the cookie’s function, what information it collects, and how your website user can opt out of it OR you can use a cookie tracking software that will scan your website and provide this information for you and you can hyperlink the resulting Cookies Policy here.
Such software is helpful because if you use cookies that track personal information, you will need to make sure that you are first obtaining your website viewer’s consent before they are activated under the GDPR by using a cookie opt-in – and the software should provide it.
If you will be hyperlinking your Cookies Policy, you can include this text with “Cookies Policy” hyperlinked, otherwise be sure to delete it:] Please see our Cookies Policy for more information.
You can disable cookies through your web browser’s settings, but disabling this function may diminish your experience on our Website as some features may not work as intended.
[INCLUDE THE FOLLOWING SECTION ONLY IF YOUR WEBSITE PARTICIPATES IN INTEREST-BASED ADVERTISING (I.E., ADVERTISING THAT SPECIFICALLY TARGETS A USER BASED ON THEIR ONLINE ACTIVITY, AKA “TARGETED ADS” AND “ONLINE BEHAVIORAL ADVERTISING”), SUCH AS GOOGLE ADWORDS. OTHERWISE OMIT IT:]
Interest-Based Advertising
Our Website also allows third parties to collect certain personal information during your visit to the Website to provide interest-based advertising to you.
Website users may opt out of interest-based advertising by:
Going to your account privacy settings in your browser and turning off personalization;
Going to the Digital Advertising Alliance’s opt out tool, http://optout.aboutads.info;
Going to the Network Advertising Initiative’s opt out tool, https://www.networkadvertising.org/choices; or
Going to https://www.youronlinechoices.com/, if you’re based in the EU.
[INCLUDE THE FOLLOWING SECTION ONLY IF YOU USE AUTOMATED DECISION-MAKING (an example would be online credit approval or an aptitude test). OTHERWISE OMIT IT:]
Automated Decision-Making
We use the personal information that we collect for automated decision-making (i.e., making a decision solely by automated means without any human involvement) if it is authorized by legislation, if you have provided explicit consent, or if it is necessary for entering into or performance of a contract.
When using automated decision-making, we will provide you with further information about the logic involved, your right to obtain human intervention, the potential consequences of the processing, and your right to contest the automated decision.
[INCLUDE THE FOLLOWING SECTION ONLY IF YOU USE PROFILING (an example would be evaluating a person’s health based on the information you collect). OTHERWISE OMIT IT:]
Profiling
We use the personal information that we collect for profiling (i.e., automated processing of the information to evaluate certain personal aspects of a natural person to predict their behavior and make decisions regarding it) if it is authorized by legislation, if you have provided explicit consent, or if it is necessary for entering into or performance of a contract.
When profiling, we will provide you with further information about the logic involved, your right to obtain human intervention, the potential consequences of the processing, and your right to contest the automated profile.
“Do Not Track” (DNT) Signals
Some browsers transmit Do Not Track (DNT) signals to websites.
Due to the lack of a common interpretation of DNT signals throughout the industry, we do not currently alter, change, or respond to DNT requests or signals from these browsers.
[This Section should be revised to reflect how your website responds to DNT signals.]
How the Information is Shared
Depending on how you interact with us, we share information with our third-party service providers, agents and representatives, including, but not limited to, [1] eCommerce platform providers, payment processing providers, email service providers, IT service providers, security and software service providers, in order to process the information as necessary to complete a transaction, fulfill your request, or otherwise on our behalf based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to:
meet any applicable law, regulation, legal process or other legal obligation;
detect, investigate and help prevent security, fraud or technical issues; and/or
protect the rights, property, or safety of us, our Website, our users, employees, or others.
Our current third-party service providers include:
[2] _______________
[This Section should be revised to reflect exactly:
[1] What types of third-party service providers you use, and
[2] Who your current third-party service providers are (such as PayPal or ConvertKit; you can also hyperlink their separate privacy policies.]
Information Retention
We retain your personal information for as long as necessary to fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements, or until such time as you let us know you would like for us to delete it or unsubscribe from our marketing contacts.
[This Section should be revised to reflect exactly how long you intend to retain the personal information you collect]
[INCLUDE THE FOLLOWING SECTION ONLY IF CERTAIN FEATURES OF YOUR WEBSITE REQUIRE THE CREATION OF A USERNAME AND PASSWORD. OTHERWISE OMIT IT:]
Passwords
Certain features of our Website require the creation of a username and password. You are responsible for keeping your username and password confidential. We ask that you not share your username or password with anyone. We cannot and will not be liable for any loss or damage arising from your failure to protect your username or password.
You agree to notify us immediately of any unauthorized use of your username or password or any other breach of security.
Information Protection and Security
Our Website uses commercially acceptable security measures to prevent your personal information from being lost, used, or accessed in an unauthorized way. We use a Secure Sockets Layer (SSL) certificate and [NOTE: VERIFY THAT THIS IS ACCURATE AND YOU HAVE THIS INSTALLED ON YOUR WEBSITE!] never transmit your credit card information via email. If you receive an email from us that appears to be a request for personal information, do not respond because it may be a phishing scam designed to steal your personal information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk.
Should there be a data breach, we will notify you when we are legally required to do so.
[This Section should be revised to reflect the specific security measures you take on your website]
Your Rights to Control Your Information
You can unsubscribe from our email newsletters or updates at any time through the unsubscribe links found in the communications you receive from us.
[IF YOU USE TEXT MESSAGE ADVERTISING, INCLUDE THE FOLLOWING. OTHERWISE OMIT IT:]
You can unsubscribe from our text message advertisements at any time by ____________ [outline the procedure your service has for unsubscribing].
Local data protection laws may give you rights with respect to personal information if you are located in or a resident of that country, state, or territory.
THESE RIGHTS ARE NOT GUARANTEED AND IT IS IMPORTANT FOR YOU TO CONSULT YOUR LOCAL DATA PROTECTION LAWS TO DETERMINE WHAT RIGHTS MAY BE AVAILABLE TO YOU.
These rights may include the following:
Right
May Apply To
Right to disclosure/access (to know the personal information collected about you and request a copy)
Residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, Virginia, Australia, Canada, the European Union and/or the European Economic Area, and the United Kingdom
Right to correct/rectification (to have your inaccurate personal information corrected)
Residents of California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Virginia, Canada, Australia, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to erasure/deletion (to have all or some of your personal information deleted upon a verifiable request)
Residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Texas, Oregon, Utah, Virginia, the European Union and/or the European Economic Area, and the United Kingdom
Right to nondiscrimination (the right to equal service and price even if you exercise your rights)
Residents of California, Maryland, Minnesota, Montana, Oregon, Texas, and Virginia
Right to obtain a specific list of third parties your personal information was shared with
Residents of Minnesota and Oregon
Right to obtain a list of the categories of third parties to which the business has disclosed personal information
Residents of Maryland
Right to opt out of sale of personal information
[INCLUDE THIS OPTION ONLY IF YOU SELL OR SHARE PERSONAL INFORMATION FOR THIS PURPOSE]
Residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, Nevada, Oregon, Texas, Utah, and Virginia
Right to opt out of use of personal information for the purposes of targeted advertising
[INCLUDE THIS OPTION ONLY IF YOU RUN TARGETED ADVERTISING]
Residents of Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia
Right to opt of use of personal information for profiling
[INCLUDE THIS OPTION ONLY IF YOU ENGAGE IN PROFILING]
Residents of Connecticut, Delaware, New Hampshire, Oregon, and Texas
Right to question the results of profiling, be informed of the reason that the profiling resulted in the decision, and be informed of what actions the consumer might take to secure a different decision in the future as well as the right to review the personal information used in the profiling to correct such information for the profiling decision to be reevaluated based on the corrected information.
[INCLUDE THIS OPTION ONLY IF YOU ENGAGE IN PROFILING]
Residents of Minnesota
Right to opt out of use of personal information for profiling in furtherance of decisions that produce legal or similarly significant effects
[INCLUDE THIS OPTION ONLY IF YOU ENGAGE IN PROFILING THAT HAS LEGAL OR SIGNIFICANT EFFECTS FOR YOUR WEBSITE USERS]
Residents of Colorado, Maryland, Minnesota, Montana, Nebraska, New Jersey, and Virginia
Right to limit use and disclosure of sensitive personal information
[INCLUDE THIS OPTION ONLY IF YOU PROCESS SENSITIVE PERSONAL INFORMATION FOR THIS PURPOSE]
Residents of California and Connecticut
Right to opt out of sensitive data processing
[INCLUDE THIS OPTION ONLY IF YOU PROCESS SENSITIVE PERSONAL INFORMATION FOR THIS PURPOSE]
Residents of Iowa
Right to data portability (to have your personal information transferred to you or a third party in machine-readable format, where technically feasible)
Residents of Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to data portability (to have your personal information transferred to you in a readily-usable format that lets you transmit that information to a third party)
Residents of California, Colorado, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia
Right to data portability (to have your personal information transferred to you in a readily-usable format that lets you transmit that information to a third party where processing is carried out by automated means)
Residents of Connecticut
Right to withdraw consent (to withdraw your consent that we handle your personal information at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal)
Residents of Canada, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to not identify yourself or of using a pseudonym
Residents of Australia
Right to restriction of processing (to limit the purposes that your personal information may be used for)
Residents of the European Union and/or the European Economic Area, and the United Kingdom
Right to object (to object to the processing of your personal information in cases where our processing is based on direct marketing)
Residents of the European Union and/or the European Economic Area, and the United Kingdom
Right to stop unwanted direct marketing
Residents of the European Union and/or the European Economic Area, and Australia
Right to complain (to lodge a complaint with competent authorities in the proper jurisdiction if you are not content with how we collect, share, and process your personal information)
Residents of Canada, Australia, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to appeal (a decision made regarding an exercise of rights)
Residents of Montana, Oregon, and Texas
These rights are not absolute and they do not always apply in all cases. We will honor your rights under applicable data protection laws.
CALIFORNIA CIVIL CODE SECTION 1798.83 (“SHINE THE LIGHT LAW”)
[As a note, businesses with less than 20 full time or part-time employees are exempt from the Shine the Light Law. See California Civil Code Section 1798.83(c)(1). If you fall within that exemption, you can delete this section dealing with the Shine the Light Law. If you do not fall within the exemption and have made disclosures of personal information to third parties who will use that personal information to solicit a purchase, rental, lease, or exchange of products directly to individuals by means of mail, telephone, or email then include this section.]
California Civil Code Section 1798.83 or the “Shine the Light Law” permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, see the Contact Us section below.
Exercising Your Rights
If you wish to exercise any of the rights specified above, please submit a request via email to:
____________________ [insert your email address here]
Please be sure to specify which right you want to exercise and provide us with enough information to verify your identity. If we cannot verify your identity, we may not be able to fulfill your request.
We will respond to your request within 30-45 calendar days of receipt, depending on where you reside. We will notify you in writing via email if we need more time to respond.
We may deny your request if certain exceptions in the law apply. We will provide you the reason(s) for denial in writing via email.
You have the right to appeal our decision with respect to your request to exercise your rights. You may appeal the decision by emailing the address provided above in this section.
We will respond to your appeal within 30-45 calendar days of receipt, depending on where you reside. We will notify you in writing via email if we need more time to respond.
Use and Transfer of Your Information Out of the European Economic Area (EEA) or Canada
This Website is operated in the United States and the third parties with whom we might share your personal information (as explained above) are also located in the United States or other countries located outside the EEA and Canada.
If you are located outside of the United States, please be aware that any information you provide will be transferred to the United States. By using this Website and/or providing your information, you consent to this transfer.
Contact Us
If you have any questions, comments, complaints, or suggestions in relation to this Privacy Policy or our privacy practices, please contact us by [UNDER THE CCPA IF YOU ARE A BRICK-AND-MORTAR BUSINESS WITH AN ONLINE PRESENCE YOU ARE REQUIRED TO PROVIDE BOTH A TOLL-FREE TELEPHONE NUMBER AND A WEB FORM IF YOU HAVE A WEBSITE FOR CALIFORNIAN RESIDENTS TO EXERCISE THEIR RIGHTS IF CCPA/CPRA APPLY TO YOU. IF YOU OPERATE EXCLUSIVELY ONLINE THEN YOU ARE ONLY REQUIRED TO PROVIDE AN EMAIL ADDRESS. BE SURE TO SPEAK WITH AN ATTORNEY IN YOUR AREA IF YOU HAVE QUESTIONS] using this web form: ____________ [link your web form here], calling this toll-free telephone number: ______________ [provide telephone number], or by email or postal mail:
____________________ [insert your email address here]
____________________ [insert the full name of the person for consumers to contact or your registered business name here]
____________________ [insert your business’ mailing address here]
[If you’ve appointed a Data Protection Officer under GDPR, be sure to include their contact details as well]
Changes to this Privacy Policy
The date this Privacy Policy was last revised is identified at the top of the page. It is our policy to post any changes we make to our Privacy Policy on this page. If we make any material changes to how we treat our Website users’ personal information, we will notify you of any such changes by email (if you have provided your email to us) and/or by a prominent notice displayed on our Website’s home page and updating the revised date of our Privacy Policy. We recommend that you check this Privacy Policy when you visit our Website to be sure that you are aware of our most current policy.
[*NOTE THAT IF AT ANY TIME YOU CHANGE YOUR PRIVACY POLICY IN A WAY THAT AFFECTS THE PERSONAL INFORMATION YOU COLLECT, AFTER YOUR REVISED PRIVACY POLICY HAS BEEN POSTED TO YOUR WEBSITE IT IS RECOMMENDED THAT YOU NOT ONLY EMAIL YOUR EMAIL LIST SUBSCRIBERS BUT ALSO POST A NOTICE ON YOUR WEBSITE. IT IS ALSO RECOMMENDED THAT YOU KEEP RECORDS OF EACH VERSION OF YOUR PRIVACY POLICY*]
Please also read our Terms and Conditions of Use. [Link your Terms and Conditions here]
[THIS TABLE IS NOT INTENDED TO BE PART OF THE PRIVACY POLICY POSTED TO YOUR WEBSITE. IT IS AN OUTLINE OF THE VARIOUS DATA PRIVACY LAWS THIS TEMPLATE ADDRESSES IN THE CHART ABOVE AND THEIR THRESHOLDS FOR IMPLEMENTATION:
DATA PRIVACY LAW
WHO IT APPLIES TO
Australia Privacy Act of 1988
Applies to business if website collects personal information of residents of Australia or Australian territories.
California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA)
SEE NOTES ABOVE IN TEMPLATE.
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
Applies to business if website collects the personal information of Canadians.
Colorado Privacy Act (CPA)
Applies to business if:
Conduct business in Colorado or produce or deliver commercial products or services that are intentionally targeted towards residents of Colorado; and
Satisfies one of the following thresholds:
Controls or processes the personal data of 100,000 or more Colorado consumers during a calendar year; or
Derives revenue or receives a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of 25,000 or more Colorado consumers.
Exempts airlines, public utilities, financial institutions, governmental entities in Colorado, entities covered by the Health Insurance Portability and Accountability Act (HIPAA), those collecting/processing data for Colorado health insurance law purposes,
those collecting/processing data for, employment records purposes, those processing de-identified personal data, consumer reporting agencies, and higher education institutions.
Connecticut SB6
Applies to business if:
Controlled or processes the personal data of 100,000 or more Connecticut residents; or
Controlled or processed the personal data of 25,000 or more residents of Connecticut and derived more than 25% of their gross revenue from the sale of personal data.
Exempts non-profits, higher education institutions, national securities associations, financial institutions and entities that need to comply with HIPAA.
Delaware Personal Data Privacy Act (DPDPA)
Applies to business if doing business in Delaware or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 35,000 or more Delaware consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 10,000 or more Delaware consumers with over 20% annual gross revenue from the sale of personal data.
Exempts government entities and financial institutions.
Businesses may not process sensitive personal data without receiving prior consent from the consumer.
General Data Protection Regulation (GDPR)
Applies to business if it:
processes personal information as part of the activities of one of its branches established in the European Union, regardless of where the data is processed; or
is established outside the European Union and is offering goods or services (paid or for free) or is monitoring the behavior of individuals in the European Union.
Iowa Consumer Data Protection Act (IACDPA)
Applies to individuals and entities who conduct business in Iowa or produce products or services that are targeted to residents of Iowa and during a calendar year either:
Controls or processes personal data of at least 100,000 Iowa residents; or
Controls or processes personal data of at least 25,000 Iowa residents and derives over 50% of its gross revenue from the sale of personal data.
Exempts non-profit organizations, government entities, public and private education institutions.
Exempts data such as business-to-business personal data, data provided in the employment context, consumer credit reporting data, health records, and scientific research data.
Maryland Online Data Privacy Act of 2024
Applies to businesses in Maryland or that provide products or services that are targeted to residents of Maryland if:
Control or process the personal data of at least 35,000 residents of Maryland; or
Control or process the personal data of at least 10,000 residents of Maryland AND derived more than 25% of its gross revenue from the sale of personal data.
Exempts non-profits who process data to assist law enforcement agencies in investigating criminal or fraudulent acts relating to either insurance or first responders in responding to catastrophic events.
Minnesota Consumer Data Privacy Act (MCDPA)
Applies to legal entities in Minnesota or that provide products or services that are targeted to residents of Minnesota if:
Control or process the personal data of 100,000 residents of Minnesota; or
Control or process the personal data of at least 25,000 residents of Minnesota AND derived more than 25% of its gross revenue from the sale of personal data.
Exempts government entities, federally recognized Indian tribes, covered entities and business associates subject to the Health Insurance Portability and Accountability Act ("HIPAA"), state or federally chartered banks or credit unions, insurance companies, non-profits established to detect and prevent insurance fraud, air carriers subject to the federal Airline Deregulation Act, and
small businesses, as defined by the United States Small Business Administration. The Small Business Administration defines “small business” as either an independent business with less than 500 employees or a business that makes under a certain amount of gross revenue per year.
HOWEVER, small businesses may not engage in the sale of sensitive personal data without receiving prior consent from the consumer.
Montana Consumer Data Privacy Act (MCDPA)
Applies to businesses in Montana or that provide products or services that are targeted to residents of Montana and meet one or more of the following factors:
Control or process the personal data of not less than 50,000 Montana residents (excluding personal data controlled or processed solely for completing payment transactions); or
Control or process the personal data of not less than 25,000 Montana residents and derive more than 25% of gross revenue from the sale of personal data.
Exempts non-profits, higher education institutions, national securities associations, financial institutions and entities that need to comply with HIPAA.
Nebraska Data Privacy Act (NDPA)
Applies to any entity that:
Conducts business in Nebraska or produces products or services consumed by Nebraska residents;
Processes or engages in the sale of personal data; and
Is not a small business under the federal Small Business Act (SBA), except if such entity engages in the sale of sensitive data without receiving prior consent from the consumer.
Exempts state agencies, non-profit organizations, higher education institutions, and energy utility providers.
Nevada Revised Statutes Chapter 603A
Applies if a person:
Owns and operates a website for business purposes;
Collects and maintains personal information from consumers who reside in Nevada and use the website; and
Purposefully directs its activities towards Nevada, consummates a transaction with the State of Nevada or a resident of Nevada, purposefully avails itself of the privilege of conducting activities in Nevada or otherwise engages in any activity that constitutes sufficient nexus with Nevada to satisfy the requirements of the U.S. Constitution.
Exempts those that live in Nevada if your revenue is derived primarily from a source other than selling goods, services or credit on your website; and your website has less than 20,000 unique visitors per year as well as financial institutions and entities that need to comply with HIPAA.
New Hampshire Privacy Act (NHPA)
Applies to business if doing business in New Hampshire or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 35,000 or more New Hampshire consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 10,000 or more New Hampshire consumers with over 25% annual gross revenue from the sale of personal data.
Exempts non-profit organizations, government entities, financial institutions, and education institutions.
New Jersey Privacy Act (NJPA)
Applies to business if doing business in New Jersey or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 100,000 or more New Jersey consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 25,000 or more New Jersey consumers and the controller receives revenue or a discount on the price of any goods or services from the sale of personal data.
Exempts government entities and financial institutions.
Oregon SB619
Applies if person conducts business in Oregon or provides products or services to residents of Oregon and that, during a calendar year:
Processors or controls the personal data of 100,000 or more residents of Oregon; or
Processors or controls the personal data of 25,000 or more residents of Oregon and derives 25% or more of annual gross revenue from the sale of personal data; or
signed a contract for the processing of data with a company that does need to comply with this law.
Exempts non-profits that are established to detect or prevent fraudulent acts in connection with insurance and non-profits that provide programming to radio or television networks.
Quebec Law 25
Applies to business if persons collect, hold, use or share personal information in the course of carrying on an enterprise.
“Enterprise” is defined as “the carrying on by one or more persons of an organized economic activity, whether or not it is commercial in nature, consisting of producing, administering or alienating property, or providing a service.”
Includes non-profits.
Texas Data Privacy and Security Act (TDPSA)
Applies if person conducts business in Texas or produces a product or service consumed by residents of Texas and that processes or engages in the sale of personal data.
Exempts non-profits, small businesses, as defined by the United States Small Business Administration. The Small Business Administration defines “small business” as either an independent business with less than 500 employees or a business that makes under a certain amount of gross revenue per year.
HOWEVER, small businesses may not engage in the sale of sensitive personal data without receiving prior consent from the consumer.
United Kingdom’s Data Protection Act of 2018
Applies if business monitors the behavior of UK residents via interest-based advertising, use of cookies, etc.
Utah Consumer Privacy Act (UCPA)
Applies to business if:
Has annual revenue of $25,000,000 or more; and
Meets one of the following thresholds:
During a calendar year, controls or processes the personal data of 100,000 or more Utah residents; or
Derives 50% or more of its annual gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more Utah consumers.
Exempts state agencies and other such political organizations, financial institutions,
HIPAA-defined covered entities and their business associates, higher education institutions, non-profits, and air carriers.
Virginia Consumer Data Protection Act (VCDPA)
Applies to business if during a calendar year:
control or process the personal data of at least 100,000 Virginia residents
control or process the personal data of at least 25,000 consumers and derive over 50% of gross revenue from the sale of personal data
Exempts state agencies and other such political organizations, financial institutions,
HIPAA-defined covered entities and their business associates, higher education institutions, and non-profits.
