These are the privacy policies that apply to the domain(s) below. We refer to the website(s) accessible through the domain(s) and all related websites as “sites” and to each of them as a “site.”
When we refer to “we,” “us,” or “our,” we mean NeoGraft or the specific division, subsidiary, or affiliate that operates a site, provides its content, or processes information received through it, each as appropriate and applicable.
When we refer to “you” or “your,” we mean the person accessing the site. If the person accessing the site does do so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization.
Information Ownership, Collection and Use
We are the sole owner of the information collected through the sites. We will not sell, share, or rent this information to others in ways different from those disclosed in this policy. We may collect information from users at several different points on a site.
Child Online Privacy Protection Act (COPPA) Compliance and Related Information
The Child Online Privacy and Protection Act (COPPA) regulate online collection of information from persons under the age of 13. It is our policy to refrain from knowingly collecting or maintaining personally identifiable information relating to any person under the age of 13. If you are under the age of 13, please do not supply any personally identifiable information through the site. If you are under the age of 13 and have already provided personally identifiable information through the site, please have your parent or guardian contact us immediately using the information below so that we can remove such information from our files.
Ordering, Event Registration, and Related Processes
When and if you order products or services using a site or register for an event, we request information from you using an order form. When we already have information about you (such as through a previous order or registration, whether received through a site or otherwise), we may use such information to facilitate the order or registration process. When using an order form, you must provide contact information (such as name and shipping address) and financial information (such as credit card number and expiration date). This information is used for billing purposes and to fill your order. If we have trouble processing an order, we use this contact information to contact you.
A cookie is a piece of data stored on the computer that runs an Internet browser. It can contain information about you, your computer, your browser, your session, the websites you visit, and other information about you or others who use, or have used, the computer or browser you use to access the Internet. The cookies we use, if any, are not linked to any personally identifiable information while using a site unless you have given us permission to link personally identifiable information to one or more cookies. You give us that permission any time you register on a site, place an order through a site, or identify yourself or the computer you are using through a site.
If you set the browser you use to reject cookies, you can use the sites, but you may not be able to use the full functionality of one or more of the sites or it may take additional time to utilize such functionality.
We or our hosting provider may collect traffic information from visitors for statistical analysis and site improvement. When you accesses a site, we or our hosting provider may collect information about your visit in a log file on a server. Log file information may include, but is not limited to, internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. We or our hosting provider use this information to analyze trends, administer sites, track users’ movements in the aggregate, and gather demographic information for aggregate use. IP addresses and other log file information are not linked to personally identifiable information. We do not try to track users or to identify users individually except as otherwise stated in this policy, but we or our hosting provider do review this information to understand overall trends and to determine what kinds of content are popular and useful to users.
(a) Aggregated information. We or our hosting provider may share aggregated demographic information with our users, our affiliated organizations, and other organizations with which we do, or contemplate doing, business. Such information is aggregated and is not linked to any information that can identify individual users.
(b) Outsourcing providers. We may use outside shipping or other outsourcing providers to process and ship orders or perform other functions. We use commercially reasonable diligence to restrict the purposes for which these outsourcing providers may use your personally identifiable information. T he requirements or requests that we impose on such outsourcing providers vary with the sensitivity of the information and can, but do not necessarily, include requirements that these outsourcing providers not retain, share, store, or use personally identifiable information for any secondary purposes, except for backup and recovery operations. Although we use good faith efforts to impose, and/or ensure compliance by our outsourcing providers, we cannot, and will not, be responsible to users for misuse of personally identifiable information by such outsourcing providers. This section is meant as a general description of our practices. It does not impose any duty upon us and it does not constitute a representation or warranty by us upon which you may rely.
(c) Specific services. We may have agreements with other parties to provide specific services. When you use such services, we may share personally identifiable information with such parties. In such cases, we will use good faith efforts to restrict the information provided to the information necessary for the provision of such services.
(d) General use. We share personally identifiable information (whether in return for compensation or otherwise) with various vendors, suppliers, and advertisers. While we use good faith efforts to verify that such vendors, suppliers, and advertisers promote products and services of interest to site users, we cannot, and do not, endorse such vendors, suppliers, advertisers, products or services unless we expressly state otherwise. We share only such information as you yourself provide to us or someone else provides about you (such as through a registration process) and do not share personally identifiable information derived indirectly through IP address tracing or similar means. If you wish us to refrain from providing your personally identifiable information in this manner, please see the opt-out information and contact information provided below.
Links and Information Gathered by Others
One or more sites may contain links to other websites. We do not operate those websites and we cannot control the information that the operators of such websites gather or what the operators of such websites do with the information. We are therefore not responsible for the activities of the operators of such websites.
If you wish to subscribe to a newsletter we offer or to a mailing list that we maintain, we will collect from you contact information necessary to send the newsletter or other information to you. This is usually limited to your e-mail address, but may include other information.
Surveys and Contests
From time to time, we may request information from you using surveys or contests. Participation in these surveys or contests is completely voluntary and you therefore have a choice as to whether to disclose this information. Information requested may include contact information (such as name and address) and demographic information (such as zip code and type of user). We will use such contact information to notify winners and award prizes, and to monitor or improve the use of one or more sites and provide aggregated information for our own uses or to our customers or other organizations, and we may also use it to notify you of news about us or our affiliates or promotions of our products or services or the products or services of people with whom we do business.
We may offer a referral service that allows you to inform your friends and other acquaintances about content on the site or to forward information to them. If you elect to use such a referral service, we will collect the friend or acquaintance’s e-mail address and use it to send to the friend or acquaintance a one-time e-mail inviting the friend or acquaintance to visit one or more sites or providing the information you requested. We store this contact information for the sole purpose of sending the one-time e-mail. When you use such a service, you represent and warrant to us that you have an existing business or personal relationship with the friend or acquaintance sufficient to avoid liability under any law that applies to unsolicited e-mail. You will be the sender of any such e-mail and we will merely be a service provider facilitating your sending of the e-mail.
Where we collect nonpublic personal information from you, we or one or more of our service providers use industry-standard encryption and security standards to protect such information. You can tell whether encryption is being used by noting the “locked” or other status indicator on the browser you are using. If the browser you are using does not indicate that the session is secure (e.g. by displaying a lock, a key or another icon), you should assume that the connection is not secure and that third parties will receive the information shared by you and us during that part of the session.
We also use commercially reasonable efforts to protect user information offline. All sensitive user information is maintained in our offices or at the facilities of our information technology provider(s). We cause access to servers and connections to be limited by key or other access. Only employees or agents who need the information to perform specific functions are granted access to personally identifiable information. We use reasonable efforts to assure that our employees and agents are informed of our security and privacy practices.
Supplementation of Information
We sometimes supplement the information we receive from you with other information we receive from third party sources, such as credit card issuers or clearinghouses.
We may send to you a welcoming e-mail that may also verify password and user name information. We occasionally send newsletters or information about products, services, and special deals to users like you. You may opt to not receive such informational communications by using the contact information below.
Site and Service Updates
We may also send to you updates and service announcements about one or more of the sites. You may not un-subscribe or opt not to receive such announcements because such announcements contain important information about the services offered through the relevant site(s).
Misappropriation of Personal Information
For the purposes of any applicable law regarding notification of persons whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person, our information security policy provides that any required notification may, where permitted by law, be made by the use of e-mail, telephone, fax, mail (including a notice printed in an available area of a bill or statement) or posting a notice on a site. The specific means used is up to us and we will use our judgment based on the circumstances. Where any notice is to be sent to a specific address or number (such as e-mail address, physical address, telephone number, etc.), we will use the latest available address in our records. EXCEPT TO THE EXTENT PROHIBITED BY LAW, YOU AGREE TO THIS MEANS OF NOTIFICATION.
Correcting or Updating Personal Information
If your personal information changes, or if you no longer desire service, you may contact us using the contact information below and we will accommodate all reasonable requests for such changes.
Users who no longer wish to receive newsletters or promotional materials or have their information provided to third parties may opt to not receive such communications or have information shared by contacting us using the information below. We will comply with such requests as soon as is commercially practicable. Such compliance may involve batch processing and other processes that take 30 days or longer. If you opt not to receive such communications or allow us to share your information and then give your personal information to us again using a site or under other circumstances that permit us to use your information, we will regard your opt-out as rescinded.
In most cases, it is impractical for use to stop any other party to whom we have supplied your information from continuing to use the information and opting out will usually not stop others to whom we have provided your information from continuing to use it.
We will use commercially reasonable efforts to timely make any changes you request. Many such changes are accomplished using batch processing (i.e. collecting a number of similar change requests and making all such changes at once), so the changes may not be immediately effective. If you require an immediate change to your personally identifiable information and are unable to make such a change using the available site resources, please contact us.
BY USING A SITE, YOU AGREE TO THIS CHANGE PROCEDURE.
130 West Highway 407, Ste 201
Lewisville, TX 75077
If you (a) wish to begin or end receipt of newsletters or promotional information (b) wish to update your user information, or (c) wish to opt in or out of any other service offered through the site, please contact our technical personnel using the following information. Please be sure to include your name and your user name (if applicable), but do not include any information regarding your password(s), if any.
130 West Highway 407, Ste 201
Lewisville, TX 75077
The EU Directive on the Protection of Personal Data (the “EU Directive” or the “Directive”) prohibits the transfer of personal data to non-EU countries that do not meet the European “adequacy” standard for data protection. The EU standard is specified in a number of privacy principles as detailed below. We have listed the privacy principles below, along with the ways we comply with those principles.
“Personal data” and “personal information” and “your information” means data about you that identifies or can identify you and that is within the scope of the Directive, received by us from a source in the European Union, and recorded in any form.
This EU Policy applies to all personal information about you that we collect, maintain, or disclose, regardless of the way in which we collect it (i.e. whether through a site or otherwise).
If we state a specific purpose for gathering of information at the time we ask you to give the information to us, we will not use the information for any purpose other that the purposes stated or for purposes reasonably related to fulfilling that purpose. For example, if you give us your contact information in connection with the purchase of a product, we will use that information to communicate with you about the product (e.g. warranties, claims, features, maintenance, and use) and about issues reasonably related to the product (e.g. to tell you about user groups, events, and additional information that are available to you online, through print media, or in your physical area). We will not use the information for any purpose about which we have not notified you as of the date you provide the information to us and/or as of the date you give to us your further express or implied consent after receiving such notice.
You can contact us with any inquiries or complaints using the contact information above.
If you choose to revise or withdraw your consent at any time, you may contact us using the information above and, to the extent we do not have a right under the Directive to continue to obtain, maintain, and/or disclose such information, we will comply with your request.
Except as otherwise provided by the Directive, you may choose whether your personal information is (a) to be disclosed to a third party or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. You may express your choices to us using the contact information above.
For sensitive information (e.g. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying sex life), we will give you an affirmative or explicit choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by you.
Consistent with the Directive, we may or may not solicit or obtain your consent where the use of your personal information is (1) in your vital interests of the interests of another person; (2) necessary for the establishment of legal claims or defenses; (3) required to provide medical care or diagnosis; (4) necessary to carry out our obligations in the field of employment law; or (5) related to data that you manifestly make public.
We apply the Notice and Choice principles above when providing your personal information to third parties. Where we wish to transfer information to a third party that is acting as our agent we may do so if we first either ascertain that the third party subscribes to the EU Directive Privacy Principles or is subject to the Directive or another adequacy finding or enter into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant principles. Note that, so long as we comply with these requirements, you may not hold us responsible (unless we specifically agree otherwise in an authenticated record that refers to this provision) when a third party to which we transfer such information processes it in a way contrary to any restrictions or representations, unless we knew or should have known that the third party would process it in such a contrary way and we have not taken reasonable steps to prevent or stop such processing. If you suspect, or become aware of, any such processing, please contact us using the information above and give us as many specifics as possible.
Investment bankers or auditors may process your personal information without your knowledge, but only to the extent and for the period necessary to meet statutory or public interest requirements and in other circumstances in which the application of the EU Privacy Principles would prejudice our legitimate interests. These legitimate interests include the monitoring of our compliance with our legal obligations and legitimate accounting activities, and the need for confidentiality connected with possible acquisitions, mergers, joint ventures, or other similar transactions carried out by investment bankers or auditors.
The personal information we use must be relevant for the purposes for which it is to be used. We will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We generally assume that information that you give to us is accurate. If information you give to us is inconsistent with other information you give to us or with information that is available in public records or from other sources we are permitted by law to use, we will use reasonable efforts to make sure that the information we process is accurate. If, using prudent business practices, we reasonably satisfy ourselves that we have identified the correct information, we will make the correction internally and may or may not confirm the correction with you.
You may have access to personal information about you that we hold and you may correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of third persons would be violated. To access your personal information, and to correct, amend, or delete that information where it is inaccurate, please contact us using the contact information above.
We provide access in the form of disclosure to the affected individual and, unless otherwise required by applicable law, do not permit access to our database.
We may charge you a reasonable fee for access to your personal information. We expect that this fee will approximate our actual costs or providing access to you. We may also waive such fees on a case-by-case basis.
If we refuse access to your personal information for any reason, we will tell you our reasons and will do so as specifically as we can. We may refuse to provide access to information to the extent that disclosure is likely to interfere with the safeguarding of important countervailing public interests, such as national security; defense; or public security. In addition, we may deny access where personal information is processed solely for research or statistical purposes. Other reasons for denying or limiting access are:
(a) Interference with execution or enforcement of the law, including the prevention, investigation or detection of offenses or the right to a fair trial;
(b) Interference with private causes of action, including the prevention, investigation, or detection of legal claims or the right to a fair trial;
(c) Disclosure of personal information pertaining to other individual(s) where such references cannot be redacted;
(d) Breaching a legal or other professional privilege or obligation;
(e) Breaching the necessary confidentiality of future or ongoing negotiations, such as those involving the acquisition of publicly quoted companies;
(f) Prejudicing employee security investigations or grievance proceedings;
(g) Prejudicing the confidentiality that may be necessary for limited periods in connection with employee succession planning and corporate reorganizations;
(h) Prejudicing the confidentiality that may be necessary in connection with monitoring, inspection or regulatory functions connected with sound economic or financial management; or
(i) Other circumstances in which the burden or cost of providing access would be disproportionate or the legitimate rights or interests of others would be violated.
If you are not satisfied with the resolution we offer, you may seek redress from us using arbitration. All arbitration will be conducted by the American Arbitration Association according to its applicable rules. The place of arbitration will be Denton County in the State of Texas, USA. All disputes will be resolved by reference to the EU Privacy Principles and the arbitrator may, among other things, award damages where the applicable law or private sector initiatives so provide. We will follow up and permit the arbitrator to verify that the attestations and assertions we make about our privacy practices are true and that privacy practices have been implemented as presented.
The Personal Information Protection and Electronic Documents Act (“PIPEDA”) imposes requirements regarding the collection, use, and disclosure of personal information in relation to our commercial activities, as does private-sector privacy legislation in Toronto, Ontario, Canada.
This Canadian Policy applies to all personal information about you that we collect, hold, use and disclose, regardless of the way in which we collect it (i.e. whether through a site or otherwise).
Under Canadian privacy laws (and in this Canadian Policy), personal information is generally any information about an identifiable individual. It may include your name, age, mailing address, residential phone number, or e-mail address, personal history (including financial and credit information, donations, personal health information, billing history, personal family and relationship matters, and penal or criminal information), personal information related to corporate involvements, work experience (past and present), discipline, income and benefits, medical records, tax records, and security clearances. The term does not include your name, business title, business address, or business telephone number in your capacity as an employee of an organization or enterprise.
Collection of Personal Information
We collect personal information from correspondence, faxes, e-mails, telephone inquiries, web forms, and other means of communication. We collect such information when you order or agree to purchase or avail yourself of goods or services, as well as in the case of registrations (e.g. user groups, leagues, and other communities), to track warranty rights and obligations, to provide product information (whether with regard to recalls or otherwise), and other lawful purposes. We often collect personal information from you or from third parties and as agents on behalf of third parties, where we have obtained the requisite consent to do so or as otherwise permitted by law. Third parties include, as examples, organizations for whom we provide services to you or on your behalf, and organizations that perform outsourcing and other services for us (such as payment processors, order fulfillment organizations, shipping companies, warranty and other service organizations, and systems development and maintenance organizations).
How We Use Personal Information
As a general matter, we collect your personal information primarily to provide goods and/or services to and for you, for administrative or management requirements, and to enhance our relationship with customers. We identify additional purposes for which we use your personal information at the time we collect such information from you and obtain the requisite consent, unless otherwise permitted by law, prior to such other use. We may also use your personal information as otherwise permitted by law.
We do not sell client lists or other personal information.
We generally hold, collect, use, and disclose your personal information for the following purposes.
(a) With respect to customers and other past, present, or potential users of our goods or services, we collect, use, and disclose your personal information for the following purposes.
(i) Recording and using the information relevant to the provision of goods and/or services to you or on your behalf;
(ii) Recording and determining goods and/or services provided to you or on your behalf in your relationship with us;
(iii) Administration, billing, accounting and collection in relation to your business and relationship with us;
(iv) Protecting against fraud and error;
(v) Communicating with you generally or to ensure your satisfaction;
(vi) Communicating the information to a subcontractor (or other agents or intermediaries) in the course of a contract or mandate for the performance of any of the purposes listed above;
(vii) Fulfilling orders from you or on your behalf;
(viii) Fulfilling the terms of a warranty or other contractual obligation; and
(ix) Facilitating recalls if necessary.
(b) With respect to our divisions, subsidiaries, and affiliates, we keep a file and collect, use, and disclose the information in it for the following purposes.
(i) Provide products and/or services to you or on your behalf;
(ii) Establish, manage or terminate an employment relationship;
(iii) Administrative or management requirements related to our provision of products;
(iv) Service, build, and maintain our relationship and expertise;
(v) Communicate with you generally, ensure your satisfaction, inform you of the development of, or other information regarding, products and/or services; and
(vi) Communicate to subcontractors (or other agents or intermediaries) any of your personal information in the course of the performance of a contract or mandate for the execution of any of the purposes mentioned above.
See the paragraph below titled “Limitations” for more information about what we do not do with your personal information.
Sharing Your Personal Information
We identify to whom, and for what purposes, we disclose your personal information. For example, we may disclose your personal information:
(a) For the specific purposes declared (or not limited by) the section below titled “Limitations”);
(b) To any of our offices or facilities in connection with the provision of goods and/or services to or on behalf of our customers, to establish, manage or terminate an employment relationship, and for administrative or management requirements, including analysis of relevant products, services, and markets;
(c) To professional firms, government agencies, and any other organizations or enterprises, when required for services to and for customers, as well as for compliance and insurance obligations;
(d) To third-party service providers with whom we have a contractual agreement and who have comparable levels of privacy protection, for the processing related to goods and services provided to, or on behalf of, customers, to establish, manage, and terminate an employment relationship, and for administrative or management requirements (such as, in all cases, for photocopying, printing and faxing, shredding, storage and other document management, payroll, information technology, including software maintenance, consulting and staffing services, collections, warranty tracking, accounting, and legal compliance);
(e) To such persons for which you provide your consent; and
(f) As otherwise permitted by law.
When supplementary disclosure is required, we will identify (at the time we collect such information from you and obtain the requisite consent to such disclosure, unless otherwise permitted by law) the other persons, organizations, and/or enterprises and the other purposes to whom and for which disclosure may occur.
Except when otherwise permitted by law, we obtain the requisite consent prior to collecting and, in any case, prior to using or disclosing your personal information for any purpose. You may provide your consent to us orally, in writing, by electronic communication, or any other means reasonably capable of conveying your consent. We will obtain your express consent if we collect, use or disclose sensitive information. Your consent may also be intrinsic to the circumstances such as in the case where you have already provided personal information to us and you maintain your relationship with us or where you provide our representatives with your phone number so that we can contact you. Except when otherwise permitted by law, we will only use the information for the purpose for which it was given. From time to time, we may collect, utilize, or disclose your personal information based on your consent and as otherwise permitted by law.
When your consent is required, you can withdraw consent at any time (unless withdrawing the consent would frustrate the performance of legal obligations) upon providing to us a 30-day notice. However, the withdrawal of your consent may adversely affect our ability to provide products and services to you and to maintain our relationship.
In certain circumstances, as permitted or required by law, we may collect, use, or disclose personal information without your knowledge or consent. These circumstances include (where applicable) information about individuals that is publicly available, where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way, to investigate a breach or a contravention of a law, to comply with a subpoena, warrant, court order, or as required or otherwise permitted by law.
We remain responsible for all personal information communicated to third parties for processing. As such, we ensure that third parties that are engaged to provide products or services on our behalf and are provided with personal information are required to observe the intent of this Canadian Policy by having comparable levels of security protection or, when required, by assuring us (through a confidentiality agreement) that they will not use or disclosure the personal information for any purpose other than the purpose for which the personal information was communicated.
We only collect the personal information necessary to fulfill the purposes identified to you prior to or at the time of collection, or any other reasonable and legitimate purposes or as required by law.
We do not use or disclose your personal information, except for the purposes for which it was collected, or new purposes to which you have consented, or as required or otherwise permitted by applicable law.
We do not, as a condition of supplying goods or services to you or on your behalf, or as an administrative or management requirement, require consent to the collection, use or disclosure of personal information beyond that reasonably required for such purposes, or to comply with its obligations under applicable law.
Retention of Personal Information
We may keep a record of your personal information, including correspondence or comments, in the applicable file specific to you. We will utilize, disclose, or retain your personal information for as long as necessary to fulfill the purposes for which it was collected and for legal or business requirements. We will establish minimum and maximum retention periods and procedures for maintaining and destroying your personal information. When personal information is retained to make a decision about you, we will retain such information for one year.
Access to Your Personal Information
Subject to the exceptions provided by the applicable law, we will make available to you any specific personal information about you that we have collected, utilized or disclosed, upon your written request. We will make such information available to you in a form that is generally understandable, including explaining any abbreviations or codes and using an alternative format, if required. Simply send your request for access to the Privacy Officer listed below. Please be as specific as possible in your request so that we can meet the applicable time lines.
We will use reasonable efforts to ensure that your personal information is kept as accurate, complete, and up-to-date as possible. We will not routinely update your personal information, unless such a process is necessary. In order to help us maintain and ensure that your personal information is accurate and up to date, you must inform us, without delay, of any change in the information you provided to us.
You can at any time, challenge the accuracy or completeness of the personal information we have about you, subject to the exceptions provided by applicable law. If you successfully demonstrate that the personal information we have on you is inaccurate or incomplete, we will amend the personal information as required. Where appropriate, we will transmit the amended information to third parties to whom we have communicated your personal information.
We will make every reasonable effort to respond to each of your written requests not later than 30 days after receipt of such requests. When applicable, we will advise you in writing if we cannot meet your requests within this time limit. When applicable, you have the right to make a complaint to the appropriate privacy commission with respect to this time limit.
We expect to provide access without charge as a general matter. However, we reserve the right to collect a reasonable charge when you request the transcription, reproduction, or transmission of such information. We will notify you, following your request for transcription, reproduction, or transmission, of the appropriate amount that will be charged. You will then have the opportunity to withdraw your request.
Identifying You in Connection with Requests
We may require that you provide to us sufficient information to identify yourself before we provide information about the existence, use, or disclosure of your personal information in our possession. Any such information shall be used only for this purpose.
We use security safeguards appropriate to the sensitivity of personal information to protect it from loss or theft, as well as unauthorized access, disclosure, copying, use or modification. These safeguards include physical measures, such as restricted access to offices and equipment, organizational measures, such as security clearances, and publishing this policy to appropriate personnel with instructions to act in accordance with its principles (for example, limiting access on a “need to know” basis), and technological measures, such as the use of passwords and/or encryption.
Please direct all complaints or other inquiries regarding personal information, the General Policy, or the Canadian Policy to our Chief Privacy Officers as follows.
130 West Highway 407, Ste 201
Lewisville, TX 75077