Effective Date: June 17, 2020 (v 1.7.2)
- What constitutes personal information?
- Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, address, phone number, email address, IP address, credit card information, and identifying information on projects in Design Space® including photo, birthdays, or important dates
- We do not consider personal information to include information that has been anonymized or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise.
- We collect personal information from you when you use our Services
- What are my choices about how you use my personal information for marketing?
- If you do not wish to receive marketing communications from us, you can unsubscribe via the link at the bottom of an email you received, or contact us at email@example.com
- Keep in mind, we do not sell, rent, or otherwise disclose your personal information to third parties for their marketing purposes without your consent
- Can you delete my personal information?
- We will provide you with a copy of your personal information including name, address, phone number, email address, phone number, photo, birthday, and credit card information in a structured, commonly used and machine readable format on request, e.g., PDF
- If your personal information is incorrect or incomplete, you have the right to ask us to update it
- You can also ask us to delete or restrict how we use your personal information, but this right is determined by applicable law and may impact your access to our Services. To request deletion, please email firstname.lastname@example.org
- How long do you keep my personal information?
- We retain your personal information for as long as necessary to provide the Services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our policies
- Do you track cookies?
- You can read our full User Cookie Notice for more information
- How do we protect your personal information?
- We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration
- Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls
- For more information about staying safe while buying and selling online, or to report an issue with your account please contact Member Care
When you use the Sponsored Activities of Cricut, your privacy matters.
Notice To European Residents – Your GDPR Privacy Rights:
Cricut, Inc. is the data controller for all GDPR requirements. For questions or to contact the data protection compliance representative, email email@example.com or send postal mail to Cricut, Inc. Attn: Privacy Data Processor, 10855 South River Front Parkway, Suite 300, South Jordan, Utah U.S.A. 84095.
Notice To California Residents – Your California Privacy Rights:
We do not, but may in the future, share Personal Information with non-affiliated third parties so that they may offer, market, and advertise products and services directly to our members. If and when that happens, we will provide our members the choice to opt out of such information sharing. Any request for a disclosure required under this California law should be sent to us via email at firstname.lastname@example.org or via postal mail at Cricut, Inc., Attn: Privacy Data Processor, 10855 South River Front Parkway, Suite 300, South Jordan, Utah U.S.A. 84095. Please note that under this law, we are not required to respond to a member’s request more than once in a calendar year, nor are we required to respond to any request that is not sent to the email or mailing address designated above.
1. Types of information we collect
- Personal Information. “Personal Information” refers to your personally identifiable information, including first and last name, telephone number, email address, mailing address, IP address, and Payment Account Information (as defined below). Many areas and features on our Site do not require registration and may be accessed by you without having to disclose any Personal Information. However, to the extent you voluntarily provide your Personal Information to us, we collect such information. For example, we collect Personal Information from you: (i) when you register to become a member on our Site; (ii) when you register to participate in a Sponsored Activity; (iii) when you join our electronic mailing list; (iv) when you purchase a product or service from us online (in such event, we collect your credit card, bank account, or other payment account information (“Payment Account Information”) in order for us to accept, process, manage, and fulfill a purchase order as well as to process a return and refund request from you after the purchase); (v) when you submit a request or inquiry to us on our Site; and/or (vi) when you interact with Member Care (in such event, we collect details regarding your interactions with Member Care, such as the date, time and reason for contacting us, transcripts of any chat conversations, and if you call us, your phone number). Each of the above means of furnishing Personal Information is referred to as a “Transaction or Request.” You control the decision to disclose your Personal Information. However, without your Personal Information, we will not be able to process your Transaction or Request.
- Aggregate and Anonymous Information. “Aggregate and Anonymous Information” means any information that does not identify you individually. For example, we may collect anonymous group data (demographics, interests and preferences, etc.) about members when they register to become members on our Site or to participate in a Sponsored Activity. We also collect aggregate traffic data pertaining to our Site, such as: total page views in a given time period; total impressions per ad; average amount of time that visitors spend on our Site each time they visit; average amount of time that visitors spend on each page of our Site; percentage of visitors from a certain geographical area, etc. Moreover, we may combine “User Activity Information” (as described below) about you and other users of our Site to generate aggregate information that reflects activities, habits, preferences, interests, etc. about our users as a group. In addition, we may take Personal Information and make it non-personally identifiable, such as by aggregating your information with information about other individuals, or by removing personally-identifiable elements (such as names) so as to “anonymize” or “de-personalize” your information.
To the extent we use User Activity Information in a manner that identifies a specific user individually (e.g., if we link or associate such information with name or address), it will be treated as Personal Information. Otherwise, User Activity Information will be treated as Aggregate and Anonymous Information.
2. Our use of information
Cricut processes your Personal Information under a lawful basis based on your consent by participating in a Sponsored Activity. We use information collected from and about our users and members to improve our products and Sponsored Activities, to improve the pages and content of our Site, to administer and maintain operations of our Site, to administer and manage transactions and relationships with our users and members, to offer, market and advertise products and services to our users and members, and to conduct market research and analysis.
- For Marketing and Advertising Purposes. We may use your Personal Information or User Activity Information to offer, market and advertise to you, on our Site and/or via email, our and/or third party products and services that may be of interest to you.
- For Market Research Purposes. We may use Aggregate and Anonymous Information (including such information derived from Personal Information and User Activity Information) to conduct market research and analysis for ourselves as well as for our sponsors and business partners. If we do combine non-personal information with Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.
3. Disclosure to third parties outside Cricut
At times, Cricut may make certain Personal Information available to strategic partners that work with Cricut to provide products and services, or that help Cricut market to members.
- Disclosure to Non-Affiliates for Direct Marketing/Advertising Purposes. We do not, but may in the future, share your Personal Information with non-affiliated third parties so that they may offer, market, and advertise products and services directly to you. If and when that happens, we will provide our members with advance notice and the choice to opt out of such information sharing.Please note, however, that under no circumstances do we knowingly share your Payment Account Information with non-affiliated third parties for direct marketing and advertising purposes (except with your affirmative prior consent).
- Disclosure to Co-Sponsors. From time to time, we may co-sponsor (online and offline) events and/or product/service offerings with non-affiliated third parties. If you participate in such co-sponsored events or offerings, any Personal Information, and User Activity Information we collect from you based on your participation may be shared with our co-sponsors who may use such information for their own marketing and advertising purposes. You must contact our co-sponsors directly in order to opt out of their use of your information for marketing and advertising purposes.
- Disclosure to Service Providers. We may disclose your Personal Information and User Activity Information to our outside vendors and contractors who need to access such information in order to perform their services (including, without limitation, transaction/payment processing, financing offers, order fulfillment, survey/contest/sweepstakes administration and prize fulfillment, data research and analysis, data collection and processing, data storage, data security, hosting and technical support for our Site, and marketing and advertising support) to us (hereinafter collectively as “Service Providers”). For example, we may use a marketing firm to conduct online surveys from time to time. We require that our Service Providers use your information shared by us solely for the purposes of performing their services to us and that they maintain the confidentiality, security, and integrity of such information and not further disclose the information to others.
4. Information access – your choices
- Information Access. If you wish to update/correct your Personal Information (such as name, address, phone number, or payment information) previously provided to us, you may send your request to us via email at email@example.com or via postal mail at Cricut, Inc. Attn: Privacy Data Processor, 10855 South River Front Parkway, Suite 300, South Jordan, Utah U.S.A. 84095. We will endeavor to process your request as soon as possible after receipt. Also, if you have an active account on our Site, you may log in to your account to review, update, and correct your account information. For other Personal Information, we will provide you with access for any purpose except as follows; (i) we may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by law.
- Your Choices
Please also note that if the email address you provide to us is a “wireless” email address (i.e., the address is designated by a wireless service carrier specifically for transmitting emails to a wireless device), we will not send marketing emails to that address without your prior opt-in consent. The Federal Communications Commission has published a list of domain names used by wireless service providers to transmit emails to wireless devices, at http://www.fcc.gov/cgb/policy/DomainNameDownload.html. Wireless service providers must add new domain names to this list within 30 days of activating them. If your email address contains a domain name on this list (after the “@” symbol), then we will treat your email address as a wireless email address. However, the mere fact that you can retrieve emails from your regular Internet email account on your mobile/wireless device, does not make your Internet email address a “wireless” email address.
- Opt-Out for Disclosure to Non-Affiliates for Direct Marketing/Advertising Purposes. We do not currently, but may in the future, share your Personal Information with non-affiliated third parties so that they may offer, market and advertise products and services directly to you. You may at any time opt out of such information sharing, by sending your request to us via email at firstname.lastname@example.org or via postal mail at Cricut, Inc. Attn: Privacy Data Processor, 10855 South River Front Parkway, Suite 300, South Jordan, Utah U.S.A. 84095. We may also provide you with an opportunity to opt out at the time you register on our Site or to participate in a Sponsored Activity, such as by checking an opt-out box on the registration page.
- Cancellation of Account/Deletion of Information. If you wish to cancel your account on our Site and delete your Personal Information previously provided to us, you may send your request to us via email at email@example.com or via postal mail at Cricut, Inc. Attn: Privacy Data Processor, 10855 South River Front Parkway, Suite 300, South Jordan, Utah U.S.A. 84095. We will endeavor to process your request as soon as possible after receipt. However, we reserve the right to retain your Personal Information if doing so is required by law or to comply with legal process (including a court order or subpoena), a legitimate law enforcement need,or for legitimate business purposes.
5. Data Retention
It is our highest priority to protect your personally identifiable information and to only use it in the way our members would expect us to. Your Personal Information is retained to allow for financial transactions and to allow Cricut to provide Sponsored Activities for up to 5 years after you have actively engaged in our Sponsored Activities, or until you request otherwise.
6. How we protect your information
Cricut understands the importance of protecting the security and integrity of Personal Information that our members have shared with us, and will endeavor to safeguard your Personal Information. All Payment Account Information provided by you in connection with an online transaction with our Site will be protected by encryption using the standard Secure Sockets Layer (SSL) protocol, and we retain your Payment Account Information for only as long as is necessary to process your related transactions with us. It is also important for you to protect against unauthorized access to your password and to your computer. We urge you to keep your account login information in a safe place and not to divulge it to anyone. Also, remember to sign off your account and close your browser window when you have finished your visit. This is to ensure that others cannot access your account, especially if you are sharing a computer with someone else or are using a computer in a public place such as a library or an Internet cafe. We will endeavor to notify you within 72 hours in the event we become aware of a breach or suspected breach of the security of your Personal Information stored by us.
Unfortunately, however, no data transmission over the Internet and no data storage can be 100% secure. Consequently, while Cricut will endeavor to safeguard your Personal Information, it cannot guarantee the absolute security of such information. You understand and agree that Cricut shall not be liable for any breach of the security of your Personal Information resulting from causes or events that are beyond Cricut’s control, including, without limitation, your own act or omission, corruption of storage media, defects in third party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism. You have a right to know if your Personal Information was stolen due to a breach. We will notify you no later than 72 hours after we become aware of the breach. We note that an inability to determine whether a breach has occurred which is caused by a failure in our internal systems and policies does not excuse a delay in reporting.
Please note that any information that you post in any public, community, or interactive areas on our Site (e.g., chat rooms, bulletin boards, message boards, and discussion groups) will be accessible to, and may be collected and used by, others and may result in unsolicited or unwanted messages or contact from others. Accordingly, please exercise caution when providing information about yourself in any public, community or interactive areas on our Site.
We treat information collected by cookies and other technologies (such as pixel tags and web beacons) as non-personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered Personal Information by local law, we also treat these identifiers as Personal Information.
Web Beacons. Web beacons are small bits of code embedded in web pages or in emails. We may use web beacons to deliver or communicate with cookies, to count users who have visited a web page, and to understand usage patterns. We also may include web beacons in emails to learn if messages have been opened, acted on, or forwarded. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.
Adobe’s Flash Cookies. The Adobe Flash Player is an application and web tool that allows rapid development of dynamic content. Flash (and similar applications) use technology to remember settings, preferences, and usage similar to browser cookies but these are managed through a different interface than the one provided by your web browser. We may employ Adobe Flash cookies in certain situations where we use Flash to provide some content such as video clips or animation. You may access your Flash management tools from Adobe’s web site directly.
DoubleClick’s Dart Cookies. The DoubleClick DART cookie helps us learn how well our Internet advertising campaigns or paid search listings perform. We may use DoubleClick’s DART technology to deliver and serve advertisements. This information helps to give us and third parties the number of unique users their advertisements were displayed to, how many users click on our Internet ads or paid listings, and which ads or paid listings are clicked on.
Third-Party Advertisements. We also may use third-party advertisements and advertisers on our Site. Some of these advertisers may use technology such as cookies and web beacons when they advertise on our Site, which will also send these advertisers (such as Google through the Google AdSense program) information including your IP address, your ISP, the browser you used to visit our site, and in some cases, whether you have Flash installed. This is generally used for geotargeting purposes (showing New York real estate ads to someone in New York, for example) or showing certain ads based on specific sites visited (such as showing cooking ads to someone who frequents cooking sites).
8. Third-party websites and third-party applications
9. Protecting children
Our Site is not designed or intended for children under the age of 18, and we do not knowingly collect Personal Information from children under 18 on our Site. Children under the age of 18 are not permitted to register on our Site. If we discover that any registration is made by an underage child, such registration will be promptly and permanently canceled and removed from our Site, with or without notice. We urge parents and guardians to spend time online with their children and to participate in and monitor the online activities of their children.
10. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your Personal Information, including the following:
- The right to request access to a copy of the Personal Information we are holding about you
- The right to request that the Personal Information we are holding about you be updated/corrected
- The right to request erasure of the Personal Information we hold about you
- The right to object to our processing of your Personal Information on the basis of our legitimate interests
- The right to object to processing for direct marketing
- The right to request that your Personal Information be transferred to you or another provider
If you wish to exercise any of the rights set out above, please contact us using the details below.
You also have the right to make a complaint to your data protection regulator (in the UK, this will be the Information Commissioner’s Office (ICO)( www.ico.org.uk ). We would, however, appreciate the chance to deal with your concerns before you approach the ICO. Please contact us first before escalating your complaint.
12. Our contact information
firstname.lastname@example.org or via postal mail at Cricut, Inc., Attn: Privacy Data Processor, 10855 South River Front Parkway, Suite 300, South Jordan, Utah U.S.A. 84095
We will use reasonable efforts to respond promptly to requests, questions, or concerns you may have regarding our use of Personal Information about you. Except where required by law, Cricut cannot ensure a response to questions or comments regarding topics unrelated to this policy or Cricut’s online privacy practices.