Last updated: November 1, 2023
TABLE OF CONTENTS
I. OUR COLLECTION AND USE OF PERSONAL INFORMATION
We collect personal information in a variety of ways. For example, you may provide us with your personal information when you make a purchase, list an item for sale, send us messages, subscribe to our mailing lists, newsletters or other forms of marketing communications, or use some other feature of our Services.
We may link or combine information collected from you on our Sites and Apps with information we have collected from you offline (e.g., in-person), information we receive from third parties, as well as information we collect automatically through tracking technologies (defined below). This allows us to, for example, provide you with a personalized experience regardless of how you interact with us.
The personal information we collect, the way we collect it, and how we use it will depend on how you are interacting with us and the type of services you use.
Personal Information Collected from You
Account Information, including name, email address, phone number, username and password, location, profile information, and any other information you provide to us. We use this information to administer your account, provide you with the relevant service and information, communicate with you regarding your account and your use of the Services, and for fraud prevention and customer support purposes. Please note that other users may see your username and/or location (if you enable location services and grant permission) on the Services.
User Generated Content, including content that you create, such as posts and/or comments, messages that you send and receive (including their content) and the metadata about content and messages.
Inquiry and Communications Information, including any information you submit to us through a “Submit Request” customer support form, such as contact information and any other information you provide in the request, information provided in chat messages, to one of our email addresses, in-person, or via phone. We use this information to investigate and respond to your inquiries, to communicate with you, to enhance the services we offer to our users and to manage and grow our organization.
Newsletter and Marketing Emails Information, including email address and applicable interests and communication preferences. We use this information to manage our communications with you and send you information about products and services we think may be of interest to you. If you wish to stop receiving emails from us, simply click “unsubscribe” at the bottom of the email. Note that you cannot unsubscribe from certain services-related emails (e.g., account verification, confirmations of transactions, technical or legal notices).
Personal Information from Third Parties
We may also combine the information we receive from you with personal information we obtain from third parties. We may receive the same categories of personal information as described above from the following third parties:
Social Media. When an individual interacts with our Services through various social media platforms, such as when someone logs in through a social media platform, links their social media account, provides us with their social media handle, “Likes” us on a social media platform or follows us or shares our content on Google, Facebook, Twitter, Instagram or other social media platform, we may receive some information about individuals that they permit such social media platform to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social media platform. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media platforms and services before sharing information and/or linking or connecting them to other services.
Service Providers. Our service providers that perform services solely on our behalf, such as payment processors, fraud prevention vendors, verification vendors, website hosting providers, or certain survey and advertising/marketing providers, collect personal information and may share some or all of this information with us.
Other Sources. We may also collect personal information about individuals that we do not otherwise have from, for example, publicly available sources, third-party data providers, our affiliated companies, brand partnerships, or through transactions such as mergers and acquisitions.
Personal Information Collected at Our In-Person Locations
When you visit one of our in-person locations, we may collect the following information from or about you:
Contact Information. When you visit one of our in-person locations, we may collect your name, email address and/or phone number so that we can send you promotional offers or other marketing materials. We may also give you the opportunity to answer survey questions about your experience.
Transaction Information. We may collect information about your in-store transaction such as items purchased or dropped off, date and time of your transaction, amount purchased, and payment information, such as your credit/debit card (through our payment processor) or gift card details, when you make an in-store purchase.
In-store Location and Movement Information. In some locations, we may work with third-party providers that collect location and movement data from your mobile device when you’re using a mobile app configured for this purpose. We may receive aggregated information about visitors to our stores and may use this data to analyze foot traffic patterns and measure the effectiveness of our marketing and promotional campaigns. See Control Over Your Information to learn how you may adjust location data collection through your mobile device.
In-store Wi-Fi. In some locations, we may offer free Wi-Fi services to our guests. Our Wi-Fi network providers may capture certain data from devices you connect to it, such as a unique device identifier. We may also enable Bluetooth or other technologies in our stores which enable us to detect the presence of your device in our stores or provide operational insights.
In-store Video or Images. In some locations, we use CCTV cameras in our stores for security, fraud, incident reporting and loss-prevention purposes, or to collect analytics, improve operations and other purposes.
Personal Information Automatically Collected
As is true of many digital properties, we and our third-party partners may automatically collect certain information from or in connection with your device when visiting or interacting with our Services, as described in the list below:
Log data, including internet protocol (IP) address, operating system, device type and version, unique device identifier, browser type and version, browser ID, the URL entered and the referring page/campaign, date and time of visit, other user agent string data, the time spent on our Services, and any errors that may occur during the visit to our Services.
Analytics data, including the electronic path you take to our Services, through our Services and when exiting our Services, UTM source, as well as your usage and activity on our Services, such as the time zone, activity information (e.g., first and last active date and time), usage history (e.g., emails opened, total log-ins) as well as the pages, links, objects, services you view, click or otherwise interact with.
Additional Uses of Personal Information
In addition to the uses described above, we may use the personal information collected as described above for the following purposes:
- Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to deliver the Services you have requested and to process transactions;
- Manage our businesses and day-to-day operations;
- Send you technical notices (including sending you an SMS text code for multifactor authentication), security alerts, and support and administrative messages and to respond to your and others’ comments, questions, and customer service requests;
- Personalize your experience on the Services and to tailor the Sites, Apps and the Services to your interests;
- Respond to requests, suggestions, questions, and comments, and provide other types of user support;
- For internal business purposes, including analytics and marketing purposes;
- Test, enhance, update and monitor the Services, or diagnose or fix technology problems;
- Help maintain the safety, security and integrity of our properties and Services, technology assets and business;
- Prevent, investigate or provide notice of fraud or unlawful or criminal activity;
- Comply with contractual and legal obligations and requirements;
- To fulfill any other purpose for which you provide personal information; and
- For any other lawful purpose, or other purpose that you consent to.
Through the provision of our Services, we may process deidentified information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer or household. We will maintain and use such information in deidentified form and will not attempt to reidentify the information, except in instances where necessary for determining whether the deidentification process used satisfies the requirements under applicable law.
We may also aggregate data for reporting, analytics, and other business reasons, including to promote or describe the use of our Services.
II. DISCLOSURE OF PERSONAL INFORMATION
As part of our Services, we may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as follows:
Affiliated Companies. We may share personal information with other companies owned or controlled by GOAT, and other companies owned by or under common ownership as GOAT, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns, particularly when we collaborate in providing the Services.
Other Users. When you create a profile on the Services, other registered users may be able to see the information that you include in your profile, including but not limited to your username and/or your location (if you enable location services and grant permission). If you purchase or list items for sale on certain of our Services, or interact with the Services, we may disclose your information to other parties. For example, if you make a purchase on one of our Sites, we may disclose your information to the Seller. You should exercise care in deciding what information to provide.
Service Providers. We may employ third-party providers and individuals to facilitate the Services, to provide the Services on our behalf, to perform Service-related functions (e.g., payment processing services, IT support services, maintenance services, shipping, database management, marketing, security and fraud prevention services, web or advertising analytics, and improvement of the Service’s features) or to assist us in analyzing how the Services are used.
Third-Party Referral Partners. We may work with third-party referral partners. If you visit the Site by linking directly from a third-party website, we may provide the third party with select information about your individual transaction that you made after being referred. To track and credit your transaction, the third-party website may give you a unique code, cookie or graphic which will uniquely identify you. The presence of a third-party navigation bar at the top of any page on any website is an indication that the third-party website may have access to information about your activity on such website.
Business Transaction or Reorganization. We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal information to a third party during the negotiation of, in connection with or as an asset in such a corporate business transaction. Personal information may also be disclosed in the event of insolvency, bankruptcy or receivership.
Legal Obligations and Rights. We may disclose personal information to third parties, such as legal advisors, law enforcement and tax authorities:
- in connection with the establishment, exercise, or defense of legal claims;
- to comply with laws and our tax obligations (e.g., to respond to claims, lawful requests and legal process, including but not limited to subpoenas);
- to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
- to detect, suppress, or prevent fraud;
- to protect the health and safety of us and others or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, harmful, unethical or legally actionable activity; or
- as otherwise required by applicable law.
With Your Consent. We may disclose personal information about an individual to certain other third parties or publicly with your consent or direction.
Aggregated and Deidentified Information. We may share aggregated or deidentified information without limitation. This includes sharing the types of technical information that we collect as described above (including information that identifies a device), to the extent permitted by law.
III. CONTROL OVER YOUR INFORMATION
You may control your information in the following ways:
Account and Profile Information and Settings. If you have created an account, you may review, update, correct or delete certain information in your profile within the Apps or Sites (as applicable). If you would like us to delete your record in our system, please contact us at [email protected] with a request that we delete your personal information from our database. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.
Newsletter and Marketing Emails. You can opt out of receiving marketing emails from us by clicking the “unsubscribe” link at the bottom of each email. Note that you cannot unsubscribe from certain services-related emails (e.g., account verification, confirmations of transactions, technical or legal notices).
IV. DATA RETENTION
We will usually store the personal information we collect about you for no longer than necessary to fulfill the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal information for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.
To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.
For example, if you reside in the European Economic Area, the United Kingdom or the State of California, your personal information may be subject to certain laws and regulations that define the criteria used to determine the period for which personal information about you will be retained, which varies depending on the legal basis under which we process the personal information:
Contract. Where we are processing personal information is based on contract, we generally will retain your personal information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.
Legitimate Interests. Where we are processing personal information based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account your fundamental interests and your rights and freedoms.
Consent. Where we are processing personal information based on your consent, we generally will retain your personal information until you withdraw your consent, or otherwise for the period of time necessary to fulfill the underlying agreement with you or provide you with the applicable service for which we process that personal information.
Legal Obligation. Where we are processing personal information based on a legal obligation, we generally will retain your personal information for the time necessary to fulfill the legal obligation.
Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
When an individual discontinues the use of our Services, we will retain their personal information for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices they have made, such as to receive marketing communications. We will retain personal information supplied when joining our Services, including complaints, claims and any other personal information supplied during the duration of an individual’s contract with us for the Services until the statutory limitation periods have expired, when this is necessary for the establishment, exercise or defense of legal claims.
Once retention of the personal information is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal information or, if this is not possible (e.g., because personal information has been stored in backup archives), then we will securely store the personal information and isolate it from further processing until deletion or deidentification is possible.
V. CHILDREN’S PERSONAL INFORMATION
Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 16. If an individual is under the age of 16, they should not use our Services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 16 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the age of 16, we will promptly delete that personal information.
VI. LINKS TO THIRD-PARTY WEBSITES OR SERVICES
VIII. CONTACT US
Alternatively, inquiries may be addressed to:
Attn: Privacy Department
P.O. Box 91258
Los Angeles, CA 90009-1258
IX. REGION-SPECIFIC DISCLOSURES
We may choose or be required by law to provide different or additional information relating to the processing of personal information about residents of certain countries, regions or states. Please refer below for additional information that may be applicable to you:
- For residents of the States of California, Colorado, Connecticut, Nevada, Utah, or Virginia in the United States, please click here for additional US-specific privacy disclosures.
- For residents of Canada, please click here for additional Canada-specific privacy disclosures.
- For residents of the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”), please click here for additional region-specific privacy disclosures.
ADDITIONAL U.S. STATE PRIVACY DISCLOSURES
Last updated: October 10, 2023
For the purposes of these U.S. Disclosures, personal information does not include publicly available information or deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.
Your Privacy Choices
Depending on your state of residency, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):
The Right to Know. The right to confirm whether we are processing personal information about you and, under California law only, to obtain certain personalized details about the personal information we have collected about you in the last 12 months, including:
- The categories of personal information collected;
- The categories of sources of the personal information;
- The purposes for which the personal information were collected;
- The categories of personal information disclosed to third parties (if any), and the categories of recipients to whom the personal information were disclosed;
- The categories of personal information shared for cross-context behavioral advertising purposes (if any), and the categories of recipients to whom the personal information were disclosed for those purposes; and
- The categories of personal information sold (if any), and the categories of third parties to whom the personal information were sold.
The Right to Access and Portability. The right to obtain access to the personal information we have collected about you and, where required by law, the right to obtain a copy of the personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity without hindrance.
The Right to Request Deletion. The right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
The Right to Correction. The right to request that any inaccuracies in your personal information be corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.
The Right to Opt-Out of Sales or Sharing for Targeted Advertising. The right to direct us not to “sell” personal information we have collected about you to third parties for monetary or other valuable consideration, or “share” your personal information to third parties for cross-context behavioral advertising purposes.
The Right to Control over Automated Decision-Making/Profiling. The right to direct us not to use automated decision-making or profiling for certain purposes.
The Right to Control over Sensitive Information. The right to exercise control over our collection and processing of certain sensitive information.
The Right to Appeal. Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request.
- Colorado Residents: If your appeal is denied, you may contact the Colorado Attorney General to address your concerns here.
- Connecticut Residents: If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint here.
- Virginia Residents: If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint here.
Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.
How to Exercise Your Privacy Rights
To submit a request to exercise one of the privacy rights identified above, please submit a request:
- By Email: Please contact us by email at [email protected] with an explanation of the rights you wish to exercise and submit the required verifying information, as further described below.
- By Mail: You may also exercise your right to request that we delete the personal information we have collected from you or maintain about you by sending a letter to us by mail that explains you would like to exercise this right and that includes your name and email address associated with your account. You can send this letter to us at the following address: GOAT Group, Attn: GOAT Group CCPA, P.O. Box 91258, Los Angeles, CA 90009-1258.
We may need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log in to your account, if you have one. Note that we may need to request additional information from you to verify your identity or process your request, although you will not be required to create an account with us to submit a request or have it fulfilled. At a minimum, we may ask you for your name, email address, and telephone number. We will use the personal information you provide us in connection with your exercise of the above rights only to review and comply with your request.
In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
Exercise Your Right to Opt-Out of Personal Information Sales or Sharing for Targeted Advertising
We do not “sell” personal information as most people would typically understand that term (i.e., we do not share your information in exchange for money), but certain uses may be deemed the “sale” of personal information under applicable privacy laws. Unless you have exercised your Right to Opt-Out, we may disclose or “sell” your personal information to third parties for non-monetary consideration, or “share” your personal information to third parties for cross-context behavioral advertising purposes. The third parties to whom we sell or share personal information may use such information for their own purposes in accordance with their own privacy policies.
You do not need to create an account with us to exercise your Right to Opt-Out. However, we may ask you to provide additional personal information so that we can properly identify you to track compliance with your opt-out request. We will only use personal information provided in an opt-out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.
To exercise the Right to Opt-Out, you may submit a request by:
Opt Out of “Selling” of Personal Information. In limited circumstances, we may share your personal information (such as your name and email address) with third parties who may use such information for their own commercial or business purposes. To opt out of such sharing, please email [email protected].
In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the applicable privacy law) to submit requests on your behalf through the designated methods set forth in these U.S. Disclosures where we can verify the authorized agent’s authority to act on your behalf.
For requests to know, delete, or correct personal information, we require the following for verification purposes: (a) a power of attorney valid under the laws of the state where you reside from you or your authorized agent; or (b) sufficient evidence to show that you have: (i) provided the authorized agent signed permission to act on your behalf; and (ii) verified your own identity directly with us pursuant to the instructions set forth in these U.S. Disclosures; or directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.
For requests to opt out of personal information “sales” or “sharing”, we require a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf.
Appealing Privacy Rights Decisions
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing [email protected] or mailing a letter to us at the following address: GOAT Group, Attn: GOAT Group CCPA, P.O. Box 91258, Los Angeles, CA 90009-1258.
The following disclosures only apply to residents of the State of California.
- Personal Information Collection. In the last 12 months, we may have collected the following categories of personal information:
- identifiers (such as first and last name, email address, or unique online identifiers),
- categories of information described in Section 1798.80(e) of the California Civil Code (such as phone number, bank account number, credit card number, or debit card number),
- commercial or transactions information (such as records of personal property or products or services purchased, obtained or considered),
- internet/network information (such as browsing history, search history, interactions with a website, email, application, or advertisement),
- geolocation information,
- biometric Information, such as facial geometry used to create a unique biometric identifier in order to verify your identity,
- inferences drawn from the above information about your predicted characteristics and preferences,
- other personal information (such as information you submit via a request form and any communications between you and a customer support agent, as well as information we receive from social media platforms), and
- sensory information (such as call recordings).
In the last 12 months, we may have collected the following categories of sensitive personal information: account log-in in combination with a password allowing access to an account, as well as social security number, government ID, and biometric information (i.e., facial geometry). We do not use or disclose sensitive personal information for any purpose other than for performing services you have requested, for detecting security incidents, fraud and other illegal actions, complying with applicable laws, regulations or other legal obligations, or for short term transient use. We collect and process sensitive information without the purpose of inferring characteristics about a consumer, and we do not sell sensitive information or process or otherwise share sensitive personal information for the purpose of targeted advertising.
- Service providers;
- Government entities.
Sales of Personal Information and Sharing for Targeted Advertising. In the previous 12 months, we have sold the following categories of personal information to third parties:
- Commercial information;
- Internet/network information.
Minors. We do not sell the personal information and do not have actual knowledge that we sell the personal information of minors under the age of 16. Please contact us at [email protected] to inform us if you, or your minor child, are under the age of 16.
If you are under the age of 18 and you want to delete your account, please contact us directly at [email protected]. We may not be able to modify or delete your information in all circumstances.
If you wish to submit a privacy request on behalf of your minor child in accordance with applicable jurisdictional laws, you must provide sufficient information to allow us to reasonably verify your child is the person about whom we collected personal information and you are authorized to submit the request on your child’s behalf (i.e., you are the child’s legal guardian or authorized representative).
“Shine the Light”. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the way we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. To opt out of this type of sharing, please email us at [email protected].
Financial Incentives. We may provide financial incentives to consumers who allow us to collect and retain personal information, such as identifiers (e.g., name and email address) and commercial information (e.g., purchase history). These incentives may result in differences in our prices or services offered to consumers and may include a lower price for goods and services (e.g., discounts and other promotions). For example, the financial incentives we may provide include discounts or promo codes for certain existing customers. The material aspects of any financial incentive will be explained and described in its program terms or in the details of the incentive offer.
Each financial incentive or price or service difference related to the collection and use of personal information is based upon our reasonable, good faith determination of the estimated value of such information to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized by rewarding brand loyalty and/or repeat purchases.
ADDITIONAL CANADA-SPECIFIC PRIVACY DISCLOSURES
Last updated: October 10, 2023
Cross-jurisdictional Transfers. By providing us with personal information, you acknowledge and agree that your personal information may be transferred to other jurisdictions for processing and storage, including in servers located across Canada and in the United States, where laws regarding the protection of personal information may be less stringent than the laws in your jurisdiction. Further, your personal information may be accessible to law enforcement, national security authorities, and the courts of such jurisdictions. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to the personal information.
Your Legal Rights. Subject to certain exemptions, as permitted by law, you have the following rights in relation to the personal information we hold about you:
Right of Access. You have the right to access the personal information we hold about you and to receive a general account of our uses of that personal information. Upon receipt of a written request from you, we will provide you with a copy of your personal information, although in certain limited circumstances, we may not be able to make all relevant personal information available to you, for example, where that personal information also relates to another individual. In such circumstances, we will, upon request, provide you with the reasons for such refusal. We will endeavour to deal with all requests for access of personal information in a timely manner.
Right to Rectification. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. Where appropriate, such amended personal information will be provided to the parties to whom we are authorized to disclose your personal information. We will endeavour to deal with all requests for rectification of personal information in a timely manner.
Right to Erasure. You can ask us to delete or remove your personal information in some circumstances such as where we no longer need your information to fulfill the purposes for which it was collected, or if you withdraw your consent (where applicable because your consent was the legal basis on which we were processing your personal information). If you are entitled to erasure and if we have shared your personal information with others, we will take reasonable steps to inform those others where possible and where this would not involve disproportionate effort.
Right to Personal Information Portability. You may have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Right to Withdraw Consent. If we rely on your implicit or explicit consent as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. We may use your information to send important notices or communications regarding your orders, even if you have opted out from our marketing communications.
ADDITIONAL PRIVACY DISCLOSURES FOR EEA, UK AND SWISS USERS
Last updated: November 1, 2023
The controller, which is the company belonging to GOAT Group that is responsible for the processing of your personal data, depends on how you interact with the GOAT Group brands. As such, the relevant controller will typically consist of one or two entities: (1) The main entity who manages the GOAT Group brands based on region, and, if applicable, (2) the local company you interact with in connection with localized activities (e.g., marketing campaigns, events, promotions). In connection with the local controller, the controller and contact information will be disclosed in the specific method of interaction.
Annex 1 sets out in detail the categories of personal data we collect about you and how we use that information when you use the Services, as well as the legal basis which we rely on to process the personal data and recipients of that personal data.
- We may link or combine the personal data you provide and the information we collect automatically. This allows us to provide you with a personalized experience regardless of how you interact with us.
Marketing and Advertising. From time to time, we may contact you with information about our products and services, including sending you marketing messages and asking for your feedback on our products and services.
- For some marketing messages, we may use personal data we collect about you to help us determine the most relevant marketing information to share with you.
- We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent later by clicking on the “unsubscribe” link at the bottom of our marketing emails.
Storing and Transferring Your Personal Data.
Security. We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national ID numbers.
International Transfers of Your Personal Data. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party providers have operations, including in the United States. If you are accessing the Services from the EEA, UK or Switzerland, your personal data will be processed outside of the EEA, UK or Switzerland. In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. Annex 3 sets out in detail the provisions for international transfers of your personal data to the United States if you are accessing the Services from the EEA, UK or Switzerland.
Your Rights in Respect of Your Personal Data. In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:
Right of access. You have the right to obtain:
- confirmation of whether, and where, we are processing your personal data;
- information about the categories of personal data we are processing, the purposes for which we process your personal data and information as to how we determine applicable retention periods;
- information about the categories of recipients with whom we may share your personal data; and
- a copy of the personal data we hold about you.
Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.
Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified.
Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
Right to withdraw consent. If you have provided consent for the processing of your personal data, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
You also have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available here.
Due to the confidential nature of data processing, we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.
ANNEX 1: PERSONAL DATA YOU PROVIDE TO US
Contact information and identifiers, such as your first name, last name, email address, phone number, and birthdate.
- How we may use your contact information and the legal bases for processing:
- We may use this information to deal with enquiries and complaints made by or about you relating to the Services. The processing is necessary for our legitimate interests, namely administering the Services, and for communicating with you effectively to respond to your queries or complaints.
- We may use this information to send you unsolicited marketing communications in accordance with your preferences. We will only use your personal data in this way to the extent you have given us consent to do so.
- Recipients of this information: We may share this information with payment processors to identify you so that you can make and receive payments through the Services. We may also share your personal data with our email marketing providers.
Profile and log-in information. This is information you choose to put in your profile such as username, phone number, photo, mailing address and shoe size.
- How we may use your profile and log-in information and the legal bases for processing:
- Recipients of this information: We may share this information with third parties that help us prevent fraud on our platform and shipping carriers or logistics providers that facilitate the delivery of an item purchased on our platform.
Payment and transaction information, such as your credit/debit card numbers, payment authentication code, billing address, and other information such as date and time of your transaction.
- How we may use your payment and transaction information and the legal bases for processing:
- We may use this information to verify your identity in connection with the detection and prevention of fraud or financial crime. The processing is necessary for our and third parties’ legitimate interests, namely the detection and prevention of fraud and financial crime.
- Recipients of this information: We may share this information with payment processors to identify you so that you can make and receive payments through the Services.
Identity and compliance information, such as your name, birthdate, address, phone number, email address, bank account information, national ID number and copies of government ID or tax documents, along with a selfie image. This information may also be used by our third-party provider, Persona, to create a unique biometric identifier based on facial geometry.
- How we may use your identity and compliance information and the legal basis for processing:
- We use data collection and verification services provided by a third-party provider, Persona, to collect and verify your information in order to comply with legal obligations and protect against fraud and abuse. Persona may use a combination of machine-learning tools and optical scans to verify your identity document and may use facial recognition technology to produce a unique biometric identifier based on facial geometry that can be used to compare your selfie to the image on the identity document you provided to determine the likelihood that the images are a "match." The processing is necessary for our and third parties’ legitimate interests, namely the detection and prevention of fraud and financial crime and compliance with applicable laws and regulations.
Information about your activity on the Services, such as any offers for products you have made, any products on your 'want list', and information about any products you have purchased, listed for sale or sold.
- How we may use information about your activity on the Services and the legal basis for processing:
- Recipients of this information: We may share this information with our cloud storage provider and other third-party providers. We may also share certain information with local tax authorities to fulfil our legal obligations.
Chat, comments, opinions. When you contact us directly (e.g., by email or phone), we may record your comments and opinions.
- How we may use information about any direct contact from you and the legal bases for processing:
- We may use this information to address your questions, issues and concerns. The processing is necessary for our legitimate interests, namely communicating with you and responding to queries, complaints and concerns.
- We may use this information to improve the Services. The processing is necessary for our legitimate interests (i.e., to develop and improve our Services).
- Recipients of this information: We may share any information you provide to us when you contact us with our customer support platforms to process any customer support queries you might submit to us.
Your preferences such as preferences set for notifications, marketing communications, how the Services are displayed and the active functionalities on the Services.
- How we may use information about your preferences and the legal bases for processing:
- We use this information to provide notifications, send news, alerts and marketing communications and provide the Services in accordance with your choices. The processing is necessary for our legitimate interest, namely ensuring the user receives the correct marketing and other communications, and that features are displayed in accordance with the user's preferences.
- We use this information to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented. The processing is necessary for compliance with a legal obligation to which we are subject.
- Recipients of this information: We may share this information with our email marketing providers to send out relevant communications as well as third-party providers that support our compliance efforts.
All personal data set out above.
- How we may use all personal data set out above and the legal basis for processing:
- We may use all the personal data we collect to operate, maintain and provide to you the features and functionality of the Services, to communicate with you, to monitor and improve the Services and business, and to help us develop new products and services. The processing is necessary for our legitimate interests, namely, to administer and improve the Services.
ANNEX 2: PERSONAL DATA COLLECTED AUTOMATICALLY
Approximate location information. Other than information you choose to provide to us (when you enable location services and/or grant permission for location tracking), we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location.
- How we may use your approximate location information and the legal bases for processing:
- We may use information you provide to us about your location to monitor and detect fraud or suspicious activity in relation to your account. The processing is necessary for our legitimate interests, namely, to protect our business and your account from fraud and other illegal activities.
- We may use this information to tailor how the Services are displayed to you (such as the language in which it is provided to you). The processing is necessary for our legitimate interest, namely tailoring our service so that it is more relevant to our users.
Information about how you access and use the Services. For example, how frequently you access the Services, the time you access the Services and how long you use it for, the approximate location that you access the Services from, the site from which you came and the site to which you are going when you leave our Site, the website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the Services from multiple devices, and other actions you take on the Services.
- How we may use information about how you access and use the Services and the legal bases for processing:
- We may use information about how you use and connect to the Services to present the Services to you on your device. The processing is necessary for our legitimate interests, namely, to tailor the Services to the user.
- We may use this information to determine products and services that may be of interest to you for marketing purposes. The processing is necessary for our legitimate interests, namely, to inform our direct marketing.
- We may use this information to monitor and improve the Services and business, resolve issues and to inform the development of new products and services. The processing is necessary for our legitimate interests, namely, to monitor and resolve issues with the Services and to improve the Services generally.
Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the Services. This information can include details about the type of device, unique device identifiers, operating systems, browsers and applications connected to the Services through the device, your mobile network, your IP address and your device’s telephone number (if it has one).
- How we may use log files and information about your device and the legal bases for processing:
- We may use information about how you use and connect to the Services to present the Services to you on your device. The processing is necessary for our legitimate interests, namely, to tailor the Services to the user.
- We may use this information to monitor and improve the Services and business, resolve issues, prevent fraud, and to inform the development of new products and services. The processing is necessary for our legitimate interests, namely, to monitor and resolve issues with the Services and to improve the Services generally.
Recipients of personal data set forth above. We may share this information with the following: affiliates and third-party providers, including payment processors, customer support platforms, email marketing providers, fraud prevention vendors, cloud storage providers and analytics providers; and third-party social media platforms.
ANNEX 3: PROVISIONS FOR INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA TO THE UNITED STATES
The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
Complaints per the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Judicial Arbitration and Mediation Services, Inc. (JAMS), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit here for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Onward transfers to third parties
Our accountability for personal data that we receive under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, we remain responsible and liable under the DPF Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Option to limit certain onward transfers to third parties
We will not disclose your sensitive personal data to any third party without first obtaining your opt-in consent.
In each instance, please allow us a reasonable amount of time to process your response.
Your DPF rights
Upon request to us, we will confirm whether we are processing your personal data pursuant to the DPF and provide you with the data in a reasonable amount of time. You also have the right to correct, amend, or delete the personal data processed pursuant to the DPF where it is inaccurate or has been processed in violation of our privacy disclosures to you, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable amount of time to respond to your inquiries and requests.
Personal data retention
We will retain the personal data processed pursuant to the DPF in a form that identifies you pursuant to the retention policy described above. We may continue processing such personal data for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of our privacy disclosures. After such time periods have expired, we may either delete your personal data or retain it in a form such that it does not identify you personally.
How we protect your data
We will implement reasonable and appropriate security measures to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data.
Last updated: November 1, 2023
I. SCOPE OF POLICY
2. WHAT ARE COOKIES AND RELATED TECHNOLOGIES
We use the following types of cookies:
Strictly necessary cookies. These cookies enable core functionality such as security, network management and accessibility. You may disable these by changing your browser settings, but this may affect how the Services function. The legal basis for our use of strictly necessary cookies is our legitimate interests, namely being able to provide and maintain our Services.
Functional cookies. These cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. The legal basis for our use of functional cookies is our legitimate interests, namely being able to provide and maintain our Services.
Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors to our Services, and to see how visitors move around our Services when they are using them. This helps us to improve the way our Services work, for example, by ensuring that users are finding what they are looking for easily. If you are accessing our Services with a European IP address, you have been asked to consent to the use of these cookies. You are free to deny your consent.
Targeting Cookies. These cookies record your visit to our Services, the pages you have visited and the links you have followed. They are used to track visitors across our Services. If you are accessing our Services with a European IP address, you have been asked to consent to the use of these cookies. You are free to deny your consent.
3. WHAT WE COLLECT WHEN USING COOKIES
We may include or engage in the following as part of our Services:
Social Media Widgets. Our Services may include social media features, such as the ability to share content on Instagram or Twitter or other widgets. These social media companies may recognize you and collect information about your visit to our Services, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.
Social Media Platforms. We may display targeted advertising to you through social media platforms, such as Facebook, Twitter, Instagram, and LinkedIn. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. We may share a unique identifier, such as a user ID, with these platform providers or they may collect information from our Site visitors through a first-party pixel, to direct targeted advertising to you or to a custom audience on the social media platform. These advertisements are governed by the privacy policies of those social media companies that provide them. If you do not want to receive targeted ads on your social networks, you may be able to adjust your advertising preferences through your settings on those networks.
Third-Party Partners. We work with a variety of third-party partners to provide analytics and advertising services. For example, we use Google Analytics to recognize you and link the devices you use when you visit our Services on your browser or mobile device, log in to your account on our Services, or otherwise engage with us. We share a unique identifier, like a user ID, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our Services and to tailor our advertisements and content accordingly. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's website, “How Google uses data when you use our partners’ sites or apps” located here. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here.
We may also utilize certain forms of display advertising and other advanced features through Google Analytics. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Services. You may control your advertising preferences or opt out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available here, or by visiting NAI’s online resources here.
4. HOW WE USE INFORMATION COLLECTED VIA COOKIES
- The Services may offer payment capabilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.
- When you submit data through a form, such as those found on the contact pages, cookies may be set to remember your user details for future correspondence.
- To provide you with a great experience on the Services, we provide the functionality to set your preferences for how the Services run when you use it. To remember your preferences, we need to set cookies so that this information can be called whenever you interact with a website page.
- We may also use the information we collect through cookies to understand your browsing activities, including across unaffiliated third-party websites, so that we can deliver information about products and services that may be of interest to you.
- Tracking technology used in emails helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and help us understand if you have opened and how you interacted with our emails.
5. YOUR CHOICES ABOUT COOKIES
If you are in the EEA, UK, or Switzerland, other than strictly necessary cookies, which are required for the operation of our Service, we will only place cookies on your device if you give us your consent to do so. We will ask you to tell us which cookies you agree to receive when you first access our Service.
If you would prefer not to accept cookies, you can use our cookie consent management tool located at the bottom of the Site. Moreover, most browsers will allow you to change the setting of cookies by adjusting the settings on your browser to: (i) notify you when you receive a cookie, which lets you choose whether to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Be aware that disabling cookies may negatively affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionalities and features of the Services.
Depending on your device and operating system, you may not be able to delete or block all cookies. In addition, if you want to reject cookies across all your browsers and devices, you will need to do so on each browser on each device you actively use. These settings will typically be found in the "options" or "preferences" menu of your browser. To understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our emails and performed certain functions with them.
Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.