Last Updated: November 1, 2021
Some of the information we collect and process may include personal information or personal data. Personal information, also known as “personal data” in some jurisdictions, is information that directly or indirectly identifies, relates to, describes, is capable of being associated with, or could reasonably be linked to a particular individual or household. This may include device information such as IP addresses, browser history, and other information about your device where that information can be linked to you. Personal information does not include de-identified, anonymized, or aggregated information. This policy only applies to personal information, unless otherwise noted.
This policy covers:
- Collection and use
- Third Parties
- Your Rights
- Data Retention
- European Economic Area Residents
- California Residents
- Age of Consent
- Questions and Contact Information
Section 1 – Collection and Use
What categories of personal information do we collect?
Compass Mining collects information from you in several ways in order to provide and market our services. We collect information from you when: 1) you provide it to us, such as when you make a purchase, apply for a job, or fill out a form or make an inquiry on our website; 2) automatically, when you visit our website; and 3) from third parties.
The categories of information we collect from you depend on your interaction with us. For example, we collect different types of information from you when you make a purchase from us versus when you apply for a job at Compass Mining. The following table provides information about the types of information we collect and process, and how we use this information:
|Categories of Individuals||Categories of Information Collected and Processed||How We Use the Information||Lawful Bases for Processing (for individuals in the UK and EEA)|
|Website visitor or app or service user||
For activity information:
(a website visitor that places an order with us)
Those categories set forth above for all website visitors and:
|Applicant for Employment||
Those categories set forth above for all website visitors and:
|Businesses seeking to provide services to us||
Those categories set forth above for all website visitors and:
The categories of personal information referred to above are defined as follows:
- Activity information refers to information we collected indirectly regarding your usage of our website and other services, such as your IP address, browsing history, analytics information, and other information.
- Volunteered information refers to information you provide to us when you fill out a form on our website, submit a comment, question, or feedback to us, or when you otherwise provide your personal information to us.
- Biographical information refers to your name, email address, mailing/shipping address, phone number, courtesy titles, and similar information
- Order information refers to transaction and billing information, such as your billing address, order details, and shipping information.
- Employment credentials refers to information about your education and employment history that you provide to us to consider you for employment.
Section 2 – Disclosure
We may disclose your personal information as follows:
- To our vendors, consultants, and other service providers who need access to such information to carry out services on our behalf;
- If we are required by law to do so, such as in response to a court order or subpoena. We will take reasonable steps to object to these requests where we have legitimate grounds to do so and will endeavor to provide data subjects with notice of requests that relate to them;
- To the extent permissible under applicable law, to investigate activities that we believe are inconsistent with our policies or agreements, or to protect the rights, property and safety of Compass Mining, our customers, or others;
- With your consent or at your direction.
Section 3 – Payments
Unless otherwise specified, payments by credit card, bank transfer, crypto or other means are processed via external payment service providers. In general, and unless where otherwise stated, users are requested to provide their payment details and personal information directly to such external service providers. Third parties such as identity verification services may also access and/or collect your personal information when providing identity verification and/or fraud prevention services.
We use service providers that abide by the Payment Card Industry Data Security Standard (PCI-DSS), which includes encrypting credit card information. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with us, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account. Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided below.
Section 4 – Third Parties
Our third-party service providers only collect, use and disclose your information at our direction and to the extent necessary to allow them to perform the services they provide to us.
Certain third-party service providers, such as payment transaction processors and financial instiutions, may have their own privacy policies that may govern personal information that we are required to provide to them for your purchase-related transactions. We encourage you to review these privacy policies.
When you click on links on our website or store, they may direct you away from our site. We are not responsible for the privacy practices of other websites and we encourage you to read these websites’ privacy statements before providing them with your personal information.
Section 5 – Security
To protect your personal information, we employ reasonable physical, administrative, and technical safeguards to protect your personal information against loss, misuse, access, disclosure, alteration or destruction.
If you provide us with your credit card information, the information is encrypted using transport layer security (TLS) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Compass Mining is based in the United States. To the extent that we transfer and process your information outside of the jurisdiction in which you provided it, we take appropriate steps to ensure that your information, including your personal data, is protected at a level comparable to what is required in the jurisdiction in which we collected the information.
Section 6 – Your Rights
Depending on the jurisdiction in which you reside and the reason for which we process your personal information, you may have the right to access to the personal information we maintain about you. You also have the right to update and correct inaccuracies in your personal information, and to request that we delete personal information that we have related to you. To exercise these rights, please contact us as set forth below. Please note that we will need to take steps to verify your identity when responding to your request.
If you are a resident of the European Economic Area (EEA) or California, please visit the sections below for more information applicable to you and your rights as an EEA or California resident.
Section 7 – Data Retention
Compass Mining retains your personal information only for as long as necessary to fulfill the purpose for which your personal information was provided or for such additional time as may be required by applicable law.
Section 8 – Cookies
Our website uses both persistent and session cookies to enable our Services to collect data from our website visitors. These cookies enable us to collect data about your visit when you visit our website, or use our app. Some of these cookies are necessary cookies, or essential cookies, and are required to provide our website. Because these cookies are necessary cookies, you cannot opt out of these cookies. We also use other cookies. You can choose whether you would like us to collect data from you using these other cookies, and you may opt out of our use of these cookies when you visit our website.
Section 9 – United Kingdom & European Economic Area Residents
If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have certain rights as a data subject regarding your personal data conferred upon you under Regulation (EU) 2016/679 (General Data Protection Regulation), known as the GDPR. These rights include the right to access your personal data, the right to rectification and erasure, the right to portability in certain circumstances, the right to object to processing in certain circumstances, and the right to withdraw your consent to our processing of your personal data where consent is the lawful basis for our processing. You also have the right to lodge a complaint with the data protection authority where you reside. You may appoint someone else to exercise these rights on your behalf.
If you would like to exercise your rights, please contact us using the contact information located below. Please note that we will need to take steps to verify your request when you exercise your rights.
Compass Mining is based in the United States. To the extent that we transfer and process your information outside of the jurisdiction in which you provided it, we take appropriate steps to ensure that your information, including your personal data, is protected at a level comparable to what is required in the jurisdiction in which we collected the information and is consistent with GDPR requirements applicable to restricted transfers. We may also transfer data when contractual measures designed to provide an adequate level of protection to your information are in place.
Section 10 – California Consumer Privacy Act Information
If you are a California resident, you have certain rights as a consumer regarding your personal information conferred under Cal. Civ. Code § 1798.100, et seq., known as the California Consumer Privacy Act (CCPA).
Collection of Personal Information
The following table shows the categories of personal information Compass Mining has collected in the last 12 months and indicates whether each category of personal information has been shared for a business purpose or sold to a third party.
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||Yes|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Yes|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Yes, but only where required by law in the employment context.|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Yes|
|G. Geolocation data.||Physical location or movements.||No|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||Yes, but only for employees and applicants for employment.|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
We do not sell personal information. We obtain this information directly from you via e-mail, via our website, or using our mobile apps. We also obtain it indirectly from you, such as from logging your interactions with our website and mobile apps. For employment applicants, we may also obtain information about you from your professional references, educational institutions, and from consumer reporting agencies in those jurisdictions where such inquiries are legally permitted.
Disclosure of Personal Information
To the extent we collect personal information, we disclose this information for what the CCPA defines as our “business purposes.” “Business purposes” under the CCPA refers to our own purposes. We disclose personal information for business purposes to the following categories of third parties:
- Our service providers, such as financial institutions, payment processors, identity verifications, employment-related entities, marketing companies, information system vendors and consultants.
We endeavor to enter into contracts with all third parties that receive information from us that require them to only use information shared with them for the purpose for which it was shared, as well as to keep information confidential.
We do not provide third parties with personal information to use for their own purposes.
The CCPA provides California residents with specific rights regarding their personal information. The CCPA requires us to describe these CCPA rights and explain how you may exercise those rights if you are a California resident. Please note that many of these rights are inapplicable to personal information we maintain in the business-to-business context.
Shine the Light
California’s “Shine the Light” law, Cal. Civ. Code § 1798.83, entitles California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. However, we do not disclose personal information to any third parties for their direct marketing purposes. Any inquiries regarding personal information sharing with third parties may be directed to us at the contact information set forth above.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by one of the following methods:
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. We will verify that any requests from persons other than you have your legal authorization. You may also make a request to know or delete on behalf of your child. You may only submit a request to know twice within a 12-month period.
Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in the request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We will confirm receipt of your request within ten business days. If you do not receive confirmation within that timeframe, please contact us using the contact information above.
We endeavor to substantively respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
California residents have the right to opt out or opt in, depending on their age, to the sale of their personal information to third parties. However, because we do not sell any personal information to third parties, you do not need to contact us to exercise this right.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we are permitted to offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels, but we do not presently do so.
Section 11 – Age of Consent
Our products, services and website are not directed to individuals under the age of 16. Under our terms of service, users represent that they are at least the age of majority or that their access is with the consent of their parent or legal guardian. Our terms of service prohibit users under the age of 16 from using our Services.
We update this privacy notice from time to time as our personal information practices change. We will also update the “Last Updated” date at the top of this page so that you have notice of the date this policy was last modified.
Questions & Contact Information
If you would like to exercise any of the rights mentioned above throughout this policy, register a complaint, have a question, or simply want more information, contact our Privacy Compliance Officer at [email protected]. If you need to access this document in an alternative format due to a disability, please contact us at [email protected] or at 1 (888) 871-3071