Privacy Policy

NEW PRIVACY POLICY

Effective Date: January 1, 2020

At Combat Shillelagh we value you, and we strive for transparency in our interactions with you. We seek to make your online experiences with us fun, efficient and as personalized as you would like. You should be able to find the training items you desire as quickly as possible. If you want to hear from us, you can set that up with us. If you decide you’ve heard enough from us for a while, you can do that too! The information that we obtain from or about you, whether directly or indirectly, helps us understand you better and improve your training, ordering and other experiences with us.

Above it all, though, our main goals are to gain and maintain your trust, including by addressing any questions or concerns you might have about the privacy and safety of your personal information when it is in our hands.

You can review each section of our Privacy Policy. Or, if you would like, you can print and read the entire Privacy Policy.

Privacy Choices and Rights

Cookie Preference Center

Privacy Rights Requests Center

Marketing Communications Preferences

SCOPE

This Privacy Policy (“Privacy Policy”) describes how Combat Shillelagh, Inc. (“Combat Shillelagh,” “we,” “us”) collects, uses, processes and shares your personal information (sometimes referred to as “PI”) and other information when you use our US-based website (the “Site”) or mobile app (the “App”) (sometimes collectively referred to as the “Sites”), visit or make a purchase in our Training Hall, visit or talk to us on our US-targeted social media pages (“Social Media”), receive or open our e-mails or text messages, or otherwise interact or communicate with us related to any of these services (sometimes collectively referred to as the “Services”).

Throughout this Privacy Policy, we refer to the PI we collect from you, about you, or which may be associated with you, interchangeably without any geographic or legal distinctions. (Please note the subsections below addressing specific jurisdictions and any additional rights that you may have, or any additional requirements that we may have, under the laws of those jurisdictions.  By using the Services from wherever in the world you are located, you consent to our data practices set forth herein (and, if applicable in any particular cases, to any other privacy notice provided at the point of collection, which collection notice will prevail if different from this general Privacy Policy). Simply put, your PI is important to us. We take commercially reasonable steps to secure it, and aim to use it responsibly and transparently. If you have any privacy questions or concerns, or need reasonable accommodations to enable disability access, you can always contact us at info@CombatShillelagh.com.

INFORMATION WE COLLECT

HOW WE USE YOUR INFORMATION

DISCLOSURE OF YOUR INFORMATION

Subject to applicable law, this Privacy Policy, and any other applicable notices at the point of collection, we may share, or you may yourself share via our Services, your PI, and other information, in connection with our operation of our business, and more specifically as follows:

  • Companies providing services on our behalf. We may share your PI with third-party vendors that perform services on our behalf, as needed to carry out their work for us, which may include delivering your orders, providing Customer Service, providing marketing and advertising services to us, conducting security audits, providing accounting or legal services, providing web hosting, payment processing services or fraud prevention services, assessing or measuring the performance and functioning of our Sites, providing analytics or providing any other services that we need to operate our business.
  • Third party ad networks. We use third party ad networks and other advertising services providers and intermediaries to develop information to enable personalized advertising content for you, to display our ads to you on third party websites and apps you visit, and to measure the effectiveness of those ads. These third parties may place Cookies on your device if you use our Services. Our shared use of your information with these parties helps us tailor ads to your interests. Other parties’ use of Cookies are governed by each applicable company’s specific Privacy Policy. If you would like to learn more about how we and our third party partners use Cookies and how to manage your settings and choices, please navigate to that section.
  • Payment service providers. We may use third-party payment service providers to process payments made through the Services. If you wish to make a payment in connection with your use of the Services, your PI will be collected by such a third-party payment service provider and not by us, and thus will be subject to the third party’s Privacy Policy rather than this Privacy Policy.
  • Corporate transactions. If we are, or under consideration to be, acquired by, merged with, or invested in by another company, or if our assets are, or may be under consideration to be, transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise (each, a “Corporate Transaction”), we may transfer your PI in connection therewith. As part of Corporate Transactions, we may also share certain of your PI with lenders, auditors, and third party legal and financial advisors.
  • In the context of legal processes. We may disclose your PI to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena or if we reasonably believe that such action is necessary to comply with the law and the reasonable requests of law enforcement.
  • To protect us and others. We may disclose your PI when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the rights, property or personal safety of any person, violations of our Terms of Use or this Privacy Policy, or as evidence in litigation, arbitration or government agency investigation in which we are involved.
  • General public and other Site or App users. Your user name and any information, including, without limitation, reviews, comments, and text will be available to, and searchable by, all users of our Sites if you post such content there.
  • Non-PI. We may share aggregate, anonymized, or de-identified information, and other non-PI, about you with affiliated and non-affiliated entities for marketing, advertising, research and other purposes. This Privacy Policy is not intended to limit our disclosure of non-PI, which we reserve the right to disclose and otherwise share as permitted by applicable law.

COOKIES AND OTHER TRACKING TECHNOLOGIES

We, our service providers and third parties automatically collect certain types of usage information when you use our Services or otherwise engage with us. We, and they, collect this information through a variety of Cookies, including traditional cookies, web beacons, pixel tags, Flash cookies, embedded scripts, location-identifying technologies, SDKs or similar technologies now or hereafter developed. To the extent required by applicable law, we ask you to provide your consent to the use of Cookies. You can avoid certain Cookies by not consenting to their use or if you already provided your consent, by subsequently withdrawing it. To learn more, manage your Cookies preferences and see a complete list of the Cookies we use, go to the Cookie Preference Center. Please note that blocking or disabling Cookies may negatively impact your experience using our Sites, as some of the features may not work properly or as intended.

What Are Cookies?

  • Cookies. The traditional cookies are small text files which are placed on your device (such as computer or smart phone) when you visit our Services. Cookies store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie has been placed, as well as information about the age of the cookie and a random alphanumeric identifier, the so-called cookie-ID. They help to recognize the device and make any pre-settings immediately available.
  • Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons or pixel tags), in connection with our Services to, among other things, track the activities of our Site and App users, help us manage content, and compile statistics about usage of the Sites. We and our third party service providers also use clear GIFs in HTML e-mails sent to you, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded. If you are an EEA User and sign up to receive marketing e-mails, you acknowledge and agree to the uses set forth above. If you are an EEA User and you do not agree to our use of pixel tags in marketing e-mails, please do not sign up to receive marketing e-mails from us.
  • Embedded scripts. An embedded script is programming code that is designed to collect information about your interactions with our Services, such as the links you click on. The code is temporarily downloaded onto your computer or device from our web server or a third-party service provider, is active only while you are connected to the applicable Services, and is deactivated or deleted thereafter.
  • SDKs. SDKs are blocks of code that may be installed in our App and that come from third party companies with which we work. SDKs helps us understand how you interact with our App and collect certain information about the device and network you use to access our App, such as the advertising identifier associated with your device and information about how you interact with our App.
  • Location-identifying technologies. GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate you (sometimes precisely), or make assumptions about your location, for purposes such as verifying your location and delivering or restricting content (including ads) based on your location. If you have enabled GPS or use other location-based features on your device while using the Services, your device location may be tracked by us and third parties.
  • Device recognition technologies. These technologies, which include application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household).
  • In-app tracking methods. There are a variety of tracking technologies that may be included in mobile applications, and these are not browser-based like traditional cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as “Ad IDs” to associate app user activity to a particular app and to track user activity across apps and/or devices.

Cookie Categories and Purposes

We categorize the Cookies we use in connection with our Services in four general categories as follows:

  • Strictly Necessary Cookies let you navigate our Sites and use essential features such as access to the shopping cart and tools to pay for your purchase or enhance your security. We use Strictly Necessary Cookies to identify you as being logged in to the Sites and to authenticate you. Strictly Necessary Cookies are required to ensure that the products that you add to your shopping cart are kept there while you are shopping, and that the data that you enter during the ordering process is retained, to allow you to proceed with the payment of your order. These Cookies are persistent and allow for session to session browsing. You may not opt out of Strictly Necessary Cookies, because if you disable these Cookies we can’t guarantee how the Sites or the security on the Sites will perform during your visit or subsequent visits.
  • Performance Cookies may be placed on your device by us (or others) to collect analytics, statistical and other information about how you and others use our Sites (e.g. which pages you visit, when you open or read the communications we send you, which of our ads you interact with on our Sites or other websites or access points where our ads may appear, if you receive any error messages, how many users have viewed a product, etc.).
  • Functionality Cookies may be placed on your device by us (or others) and are used to improve your visit to our Sites by providing you the personalized or enhanced features that you have selected or by remembering certain settings you have chosen (e.g., language preferences, the country from where you are visiting, if you have engaged with a particular component or list on the Sites so that it won’t repeat, show you when you’re logged in to the Sites, etc.). If you disable these Cookies, we will not be able to retain your preferences or selected settings for your next visit.
  • Targeting or Advertising Cookies are used to track your visit to our Sites or other interaction with our Services, as well as your interaction with other websites, applications or online services (including social media) and the pages you visited and links you followed. This allows us and others to display targeted ads to you, improve their delivery, measure the success of our ad campaigns and see when, whether and for how long you interact with our Services. We may also use these Cookies to limit the number of times you see the same ad.

Do Not Track; Opting Out of Interest Based Advertising

Some information about your use of the Services and certain third-party services may be collected using Cookies across time and services. This information may be used by us and third parties for purposes such as to associate different devices you use and deliver relevant ads and/or other content to you on the Service and certain third-party services. Some services purport to offer “do not track” signals that are or can be associated with your device. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, currently, our systems do not recognize browser “do-not-track” signals. You may, however, disable certain Cookies as discussed below, you may also opt-out of targeted advertising by going to the Cookie Preference Center, and if you are a California consumer, you may also exercise your Do Not Sell right from each of your browsers and devices.. Remember that if you opt out of interest-based advertising, you will still receive ads, but they will not be personalized to your interests.

EXERCISING YOUR ACCESS, DELETION AND OTHER PRIVACY RIGHTS

To obtain access to your PI or to ask us to delete your PI from our systems, or for other choices you may have regarding the exercise of your privacy rights, e-mail us at info@combatshillelagh.com. To honor your requests, we may require additional information about you to verify your identity and authenticate your request. Our responses to and processing of your requests may differ based on the applicable data protection laws which apply to you and your transactions, and the sensitivity of the data you seek to access. We will make good faith efforts to comply with your requests, but reserve the right to limit requests to what is required by applicable law and to exercise such discretion to limit or reject requests as permitted by applicable law.

ADDITIONAL PRIVACY RIGHTS AND CHOICES; MANAGING PREFERENCES

Account-related choices. You may update your profile information, such as your user name and password, by accessing the profile section of your account. You may also be able to adjust certain communications preferences in your account settings. If you would like us to close your account associated with a particular e-mail address, please send us an e-mail from that e-mail address to info@CombatShillelagh.com with the words CLOSE MY ACCOUNT in the subject line. We will only honor “close my account” requests associated with a particular e-mail address if we locate an account in our systems associated with that e-mail address.

Access to your Device Information. You may control the App’s access to certain of your device information through the “Settings” on your device.

Marketing communications preferences. You can stop receiving promotional e-mail communications from us by using the “unsubscribe” mechanism provided in the e-mail message, by sending an e-mail to info@CombatShillelagh.com with the words UNSUBSCRIBE FROM E-MAIL in the subject line. If you are a US resident and have signed up for our marketing text message program, you can opt out by replying “STOP” to the last marketing text message you received from us. We make every effort to promptly process all unsubscribe requests; however, this may take a few days. If you unsubscribe from receiving promotional e-mails or text messages, we may still send you transactional e-mails or text messages about your account or any services you have requested or receive from us (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices, responses to your communications, purchase-related communications if you made a purchase, etc.).

Managing Cookies. To manage your choices and preferences regarding the Cookies we use on our Services, go to the Cookies and Other Tracking Technologies section of this Privacy Policy to learn more about the categories of Cookies we use or to the Cookie Preference Center to manage your preferences regarding the Cookies we use. You may also set your e-mail options to prevent the automatic downloading of images that may contain Cookies that would allow us to know whether you have accessed our e-mails and performed certain functions with it. To learn more about Cookies and how to manage them generally, you can visit http://www.aboutcookies.org or http://www.allaboutcookies.org/, but we do not guaranty the accuracy of that third party information. If you prefer not to accept traditional Cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a Cookie, which lets you choose whether or not to accept it; (ii) disable existing Cookies; or (iii) set your browser to automatically reject Cookies. Please check your browser and browser settings to determine where traditional Cookies are stored and whether and how they may be deleted. The “help” portion of the toolbar on most browsers will tell you more. To find out how to manage traditional Cookies on popular browsers, go to Google Chrome; Microsoft Edge; Mozilla Firefox; Microsoft Internet Explorer; Opera and Apple Safari. To find information relating to other browsers, visit the browser developer’s website. Deleting Cookies in the manner described above does not delete Local Storage Objects (LSOs) such as Flash objects and HTML5. You can learn more about Adobe Flash objects—including how to manage privacy and storage settings for Flash cookies—here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#124401

Depending on your mobile device and operating system, you may not be able to delete or block all Cookies.

Managing Your Interest-Based Advertising Preferences and Choices. To specifically manage your choices and preferences regarding the Advertising and Targeting Cookies we use, go to the Cookie Preference Center. In addition, you can opt-out of receiving behavioral advertisements from certain vendors that are members of specific self-regulatory associations, as described below.

If you are a US based user of our Site, you may opt out of many third party ad networks through the use of various trade association websites. For example, you may go to the Digital Advertising Alliance (DAA) Consumer Choice Page for information about opting out of interest-based advertising and signaling your choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (NAI) Consumer Opt-Out Page for information about opting out of interest-based advertising and your choices regarding having your information used by NAI members. Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean that you will no longer receive advertising, even advertising that appears relevant to you. For example, you may still receive contextually-based ads that are based on the particular website that you are visiting at that particular time. Also, if your browsers are configured to reject Cookies when you attempt to exercise your right to opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org.

If you are a Canada-based user of our Site, you may also opt out of interest-based advertising from companies registered with the Digital Advertising Alliance of Canada (Canadian DAA). As with the US program, please be aware that you will continue receiving ads, but that advertising will be delivered based on other factors not including your particular interests as demonstrated by your visits to sites across time. Additional information is available on the Canadian DAA’s website at https://youradchoices.ca.

If you opt out of interest-based advertising, your opt-out will be specific to the web browser, app, or device from which you accessed the opt-out. If you use multiple devices or web browsers, you will need to opt out on each browser or device that you use.

We are not responsible for the effectiveness of, or compliance with, third-party opt-out options or programs, or the accuracy of their statements.

Managing Google.

To prevent your personal information or other data from being used by Google Analytics, you can install Google’s opt-out browser add-on. You can also access your Google Ads settings to control what data Google uses to show ads to you. Google offers other choices in the settings and privacy control portions of its service. We are not responsible to the accuracy of Google’s statements of the effectiveness of its choice controls.

CALIFORNIA PRIVACY RIGHTS

This section provides specific information for California consumers, as required under California privacy laws, including the California Consumer Privacy Act as amended, and its implementing regulations (“CCPA”). The CCPA requires that we provide certain information to California consumers about how we handle their PI, and their rights in that regard. Under the CCPA, “PI” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device or household, including the categories identified in the chart below to the extent they identify, relate to, describe, are capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer, device or household, subject to certain exceptions (e.g., publicly available information is not PI).

Consistent with the CCPA, this notice, and the rights described, do not apply in calendar year 2020 to job applicants, current or former employees, contractors, or persons interacting with us in their capacity as a representative of a business.

This notice reflects our good faith understanding of the law and our data practices as of the Effective Date, but as of that date, the CCPA’s implementing regulations are not yet final and there remain differing interpretations of the law. Accordingly, we may from time-to-time update information in this and other notices regarding our data practices and your rights, modify our methods for responding to your requests, and/or supplement our response to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.

Categories of PI of California Consumers that We Collect, Disclose, and Sell

The CCPA requires us to disclose the categories of PI about California consumers that we collect, disclose for a business or commercial purpose, or sell. These categories are defined in the CCPA. Our PI practices for the 12 months preceding the Effective Date were as described in this Privacy Policy, and more specifically as follows:

Categories of PI Collection Sources Purpose(s) for Collection Categories of Parties We Share PI With
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, e-mail address, account name, government ID or other similar identifiers. From the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors. Managing Cookies, sending marketing e-mails and text messages, conducting other advertising and promotional campaigns, data security, debugging, internal research and development, processing and managing customer interactions and transactions, facilitating arrangements we have with business partners, performing services requested by the consumer, and research and quality assurance. Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
2. Personal records, including signature, physical characteristics or description, written statements, telephone number, address, credit card number, or other financial information. From the consumer, by us and from the consumer’s e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors. Data security, debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, research and quality assurance. Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
3. Characteristics such as gender and age. From the consumer and from vendors Providing more relevant service to consumers Service providers, Corporate Transaction recipients, and as directed by the Consumer or as required by applicable law.
4. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. From the consumer, by us from the consumer’s browser, device, e-mail and/or social media account, other individuals, such as the consumer’s friends or family, business partners (non-vendors), and vendors. Data security, debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, advertising, research and quality assurance. Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
6. Internet or other electronic network activity information, including, but not limited to, browsing history, browsing time, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. From the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, and our vendors. Debugging, processing and managing consumer interactions and transactions, performing services requested by the consumer, advertising, quality assurance and research and analytics. Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
7. Geolocation data, including, but not limited to, precise physical location and movement patterns From the consumer, by us and from the consumer’s browser, device, e-mail and/or social media account, and otherwise directly from Consumers Managing Cookies, processing and managing consumer interactions and transactions, performing services requested by the consumer, targeted advertising, quality assurance, fraud prevention and security, and research and analytics. Service providers, third party partners, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.
11. Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, and behavior. Consumer’s browser, device, e-mail and/or social media account, and otherwise directly from consumers or as created by us or our vendors. Processing and managing customer interactions and transactions, performing services requested by the customer, and quality assurance and security and fraud prevention. Service providers, Corporate Transaction recipients, and as directed by the consumer or as required by applicable law.

We have disclosed the following categories PI of California consumers for a business purpose, consistent with the collection purposes set forth in the chart above, within the 12 months preceding the Effective Date:

  • Identifiers;
  • Personal records;
  • Commercial information;
  • Internet or other electronic network activity information;
  • Geolocation data;
  • and
  • • Inferences drawn from PI to create a profile about a consumer.

The applicable sources, and purposes of the PI collected by us, and the categories of third parties to which we have disclosed it for business purposes, are set forth in the chart above. We do not believe that we have sold PI, except as discussed in the next section. We acknowledge that the data collection by some third party Cookies associated with our Services may be considered by some to be a “sale” under the broad language of the CCPA

Rights that California consumers have under the CCPA. California law grants consumers certain rights and imposes certain restrictions on particular business practices as set forth below.

Do Not Sell Right If you are a California consumer, you have the right to opt-out of the sale of your PI. The CCPA, however, defines “sale” in an unusual way, and with no guidance from the State of California as of the Effective Date as to how broadly the term should be interpreted, a number of differing reasonable interpretations are possible.

Some may argue that when certain third parties place Cookies on your device when you engage with our Sites, the PI collected by such Cookies constitutes a “sale” under the CCPA. We do not agree with this interpretation. However, pending a consensus as to what “sale” actually means under the CCPA, we are providing a way for California consumers to opt-out of future Cookie-based “sales” of their PI, by (i) enabling the Google Restricted Processing solution into our use of certain Google products, (ii) using the IAB Tech Lab “do not sell” signal with third parties that we work with that are participating in the IAB CCPA Compliance Framework, and (iii) disabling other third parties’ Cookies that are not covered by either (i) or (ii) above. The solutions referenced in (i) and (ii) each conveys to the recipient that PI can only be used for restricted purposes, such as providing us services, and cannot be sold by the recipient downstream. We make no guaranty as to how third parties will treat our Do Not Sell signals. In order for the Do Not Sell request to be honored by us as described above, you must make the request from each browser and each mobile device you use.

We do not knowingly sell the PI of children under the age of 16 without the authorization required by the CCPA.

Requests for Deletion and Right to Know. If you are a California consumer, you have the right to make the following requests, typically at no charge, up to twice every 12 months:

  • Deletion: the right to request deletion of your PI that we have collected about you, subject to certain exemptions, such as where the information is used to complete the transaction for which the PI was collected, provide a good or service that you have requested, perform a contract between you and us, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, prosecute people responsible for malicious, deceptive, fraudulent or illegal activities, debug to identify and repair errors that impair existing intended functionality, comply with a legal obligation, enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us, or otherwise use your information internally, in a lawful manner that is compatible with the context in which you provided the information.
  • Right to Know (categories or specific information): the right to know what categories of PI we have collected about you in the preceding 12 months, including with regard to each of the categories of PI collected, the categories of sources from which the PI was collected, the business and/or commercial purpose(s) for the collection, disclosure and/or sale of your PI, and the categories of third parties with whom we have sold or disclosed for business purposes your PI. You also have the right to know what specific pieces of PI we have collected about you in the preceding 12 months and the right to request a copy of that information.

Submitting Requests and What You can Expect. You (or your authorized agent) can submit a deletion, or right to know, or Do Not Sell request online by contacting us at Combat Shillelagh 6901 Lynn Way Suite 205 Pittsburgh PA 15208. We will notify you that we have received your deletion or right to know request within 10 days of receipt of your request. We will honor Do Not Sell requests, as more fully explained above, within 15 days after we receive such a request. For right to know and deletion requests, we will endeavor to respond within 45 days after receiving the request, but if we believe that in order to thoroughly and accurately respond to your request we need more time, we will notify you that we need an additional 45 days to process your request.

Incentives and “Non-Discrimination.” The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on financial incentives, including loyalty programs, offered to California consumers related to their PI. Accordingly, we will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI provided to us.

Shine the Light

We do not typically share PI about you with third parties for their direct marketing purposes, except where we offer you the ability to consent (either on an opt-in or opt-out basis), but we sometimes may. Where permitted by applicable law, if we elect to share your personal information (as defined by California’s “Shine The Light” law, California Civil Code Section 1798.83) with third parties for their direct marketing purposes without giving you the ability to consent to such sharing (such as may from time to time be the case with the issuer of our Combat Shillelagh-branded credit card(s)), the law allows you to, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of PI to third parties for their direct marketing purposes without your opportunity to consent. If this applies, you may obtain the categories of PI shared and the names and addresses of all third parties that received PI for their direct marketing purposes during the immediately prior calendar year (e.g. requests made in 2020 will receive information about 2019 sharing activities). You may make one request per calendar year. To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request by sending us an e-mail at info@CombatShillelagh.com, or by writing to us at Combat Shillelagh 6901 Lynn Way, Suite 205 Pittsburgh PA 15208. Any such request must include “Shine the Light Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code, and confirmation that you are a California resident. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address or mail address. Please allow up to 30 days for a response.

CA Minors Any California residents under the age of eighteen (18) who have registered to create an account to use the Services, and who post content on the Service, can request removal by contacting us as set forth in the Contact Us section, detailing where the content or information is posted and attesting that they posted it. We will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished or archived content by search engines and others that we do not control.

SUPPLEMENT FOR EUROPEAN AND UK USERS

Data Controller. Combat Shillelagh is the data controller for purposes of your PI. Our address is 3880 N. Mission Rd., Los Angeles, CA 90031.

If you are an EEA User, the GDPR provides you with certain additional operational protections and rights, which we describe here.

Legal bases for processing. If you are an EEA User, we only collect, use, share or otherwise process your PI by obtaining your consent or by using other legal bases for processing your PI as set forth in more detail below:

  • Processing on the Basis of Consent. We may collect, use, share or otherwise process your PI by obtaining your consent. You are free to deny your consent and the denial will have no negative consequences for you. Your consent will be limited to our (or our vendors’) processing of your PI for the purposes for which we collect it, which purposes we can adequately demonstrate through notice. For example, we may obtain your consent at the point in time when you set up an account with us, or when you provide your consent for the use of Cookies, or when you sign up to receive marketing e-mails from us. If you sign up for our marketing e-mails, we will use your PI to send you e-mails containing promotional materials relating to our Services. You can always withdraw your consent.
  • Processing for the performance of a contract (or in preparation of entering into a contract). If you order anything on our Sites or if you contact us to request any other service, we will use your information to fulfill your order or otherwise provide you the features and functionality of the services you requested.
  • Processing based on Legitimate Interests. The use of your PI may also be necessary for our own legitimate business interests. Our use of your PI to perform a legitimate interest, takes into consideration your privacy rights, and the relative necessity we have to use your PI to fulfill that interest. For example, we process your PI based on the legitimate interests legal basis to analyze and improve the quality of our Services, such as providing you with Customer Service, and to understand you as a customer. This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising. In addition, based on your use of our Services and the products you purchased, we may target you with ads or other marketing materials that are customized to your personal preferences and experiences, or conduct other direct marketing initiatives (to the extent we are permitted to process such PI on the basis of legitimate interest; otherwise we will ask for your consent). We may also use your PI for our other legitimate interests, such as to operate and expand our business activities, to administer our Services, to evaluate and review our business performance, to facilitate social sharing functionality, to generate aggregated statistics about the users of our products and Services, to facilitate our business operations, to operate company policies and procedures, to conduct fraud monitoring and prevention, to identify cyber threats, to enable us to enter into Corporate Transactions, or for other legitimate business purposes as permitted by applicable law. If necessary, we may also use your PI to pursue or defend ourselves against legal claims.
  • Processing for compliance with legal obligations. We may process your PI when it is necessary to comply with a relevant legal or regulatory obligation that we have, such as to maintain appropriate business records according to tax and commercial law, to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law.

Exercising your rights under the GDPR:As an EEA User, you have the following GDPR-specific rights with respect to your PI:

  • Right of access. The right to obtain access to your PI.
  • Right to rectification. The right to obtain rectification of your PI without undue delay where that PI is inaccurate or incomplete.
  • Right to erasure. Subject to certain exceptions (such as for example, the need to retain the PI in order to comply with a legal obligation or to establish, exercise or defend a legal claim), the right to obtain the erasure of your PI without undue delay in certain circumstances, such as where the PI is no longer necessary in relation to the purposes for which it was collected or processed, and where consent is withdrawn and there is no other legal ground for processing.
  • Right to restriction. The right to obtain restriction of the processing undertaken by us on your PI in certain circumstances, such as where the accuracy of the PI is contested by you, for a period of time enabling us to verify the accuracy of that PI.
  • Right to portability. The right to portability allows you to move or have the PI moved, copied or transferred easily from one organization to another.
  • Right to Opt-Out of Processing. There are a number of ways for you to opt-out of further processing of your PI: (i) you can withdraw your consent; (ii) you can object to our processing of your PI based on legitimate interests where there are grounds related to your particular situation; and (iii) you can object to the processing of your PI for direct marketing purposes for whatever reason whatsoever at any time.

Prior to releasing any PI to you, we may ask you for additional information to verify your identity and for security purposes. The processing of your request will generally be free of charge, unless your request is manifestly unfounded or excessive. In such a case, we reserve the right to charge a reasonable fee in accordance with applicable law. We will decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable law.

  • Right to lodge a complaint. You also have the right to lodge a complaint with an EU national data protection authority. Further information about how to contact your local data protection authority is available at the following link: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. However, we encourage you to first reach out to us by contacting us at info@combatshillelagh.com so that we first have an opportunity to address your concerns directly and find a mutually agreeable solution together.

Use of Processors. We may engage service providers to perform certain business-related functions. In this regard, such service providers will act as our processors and will only process your PI in accordance with applicable law, our written instructions, and as included in any relevant data processing agreement entered into between such processors and us. These processors may not engage subprocessors without our prior consent. We will only engage processors who provide adequate guarantees with regard to the application of appropriate technical and organizational measures as required by applicable law and who ensure the protection of your rights.

International Transfers of your PI. Your PI may be transferred to and stored in countries outside of the EEA (or UK after Brexit) where we and our third party service providers have operations, including, without limitation, the US. In the event of such a transfer, we will ensure that your PI is transferred to countries recognized as offering an equivalent level of protection, or to entities certified under the EU-U.S. Privacy Shield, or that the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to enquire further about the safeguards used, please contact us at using the details set out in the contact us section of this Privacy Policy.

NEVADA CONSUMERS

Although we do not “sell” “covered information” of Nevada “consumers” as those terms are defined by Chapter 603A of the Nevada Revised Statutes, if you are a Nevada consumer, please sendus an e-mail address for us to provide you notice in the event we should do so in the future, at which point you will have an opportunity to be verified and exercise your opt-out rights under that law. Contact us in the same manner to update your contact e-mail address for notices. Changing your e-mail elsewhere (e.g., informational requests, account information, etc.) will not update your Nevada notice contact information. It is your responsibility to keep your notice contact information current.

SITES NOT DESIGNED FOR MINORS

Our Sites are not designed for children under 16 and we do not knowingly collect information from children under the age of 16. In fact, our Sites require you to have reached the age of majority in the jurisdiction in which you live in order to make purchases there. If you are under the age of 16, please do not use our Services or otherwise provide us with any PI either directly or by other means. Combat Shillelagh does not knowingly collect or solicit any information from anyone under the age of 16 on our Services. In the event that we learn that we have inadvertently collected PI from a child under age 16, we will delete that information as required by applicable law. If you believe that we might have any information from a child under 16, please contact us using the contact details set out at the end of this Privacy Policy. Visitors older than the age of 16, but younger than their country’s legal age of majority are permitted to use and/or submit their PI only with parental supervision. We encourage parents and guardians to spend time online with their minor children and to participate and monitor their interactive activities.

RETENTION OF YOUR PI

We will retain your PI only for as long as necessary for the purposes outlined in this Privacy Policy, and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection, or audit purposes, or as otherwise required by law. Where your PI is no longer required we will delete it consistent with our data retention and deletion policy. If you do not have an account on our Site or App, or a Combat Shillelagh-branded credit card, but you have signed up to receive Combat Shillelagh marketing communications (e-mails or text messages), we will only retain your PI for as long as we have your consent to send you marketing communications. When you shop online on the Site or on the App without having opened an account (i.e., you shop as a guest), we will only retain your PI for a commercially reasonable period of time after you have completed your order in order to fulfill any contractual or legal obligations we have such as processing any refunds, exchanges, refunds, or honor any product warranties (unless you have also signed up to receive marketing communications from us, in which case we will add this order information to your customer record). If you already have an account with us, but you choose to make a purchase as a guest, we will add the guest checkout purchase to your customer record internally automatically. To avoid this, please use a different e-mail address to make a purchase as a guest.

SECURITY

Data Security. We care about the security of your PI and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through our Services. In addition to implementing various security measures, we do not store your PI for an unlimited period of time. However, no security system is impenetrable, and we cannot guarantee the 100% security of our systems. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with applicable law.

Please take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing robust and unique passwords that nobody else knows or can easily guess, and keeping your log-in ID and password private. Also, please be aware that, if you publicly post your PI, it is not protected. Please refrain from sending us sensitive data by e-mail. We are not responsible for any lost, stolen, or compromised passwords, for any activity on your account via unauthorized password activity, or for any PI that you publicly and intentionally disclose via our Services.

INTERNATIONAL USE & TRANSFER

We are based in the US and the information we and our service providers and other third parties collect is governed by US law, except as otherwise stated in this Privacy Policy or required by applicable law. If you are accessing the Services from outside of the US, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the US and other parts of the world, where the data protection laws may be different from and less protective than those of your country of residence. Except as otherwise provided with respect to transfers of the PI of EEA, your use of the Services and the provision of any information therefore constitutes your consent to the transfer to, and the processing, usage, sharing, and storage of your information, including your PI, in, the US and other countries, as set forth in this Privacy Policy.

CONTACT US

If you have any questions about this Privacy Policy or the way we process your PI or if you want to make a complaint or exercise your rights, please contact us at:

Combat Shillelagh

ATTN: Privacy

6901 Lynn Way, Suite 205

Pittsburgh, PA 15208

info@combatshillelagh.com

CHANGES TO PRIVACY POLICY

We may change this Privacy Policy to reflect new practices, better inform you, or to comply with changes in applicable laws. Please check back periodically to ensure you are familiar with all of our current practices. When we change the Privacy Policy in a material manner, we will let you know by updating the “Effective Date” at the top of this page. If you object to any changes, you may stop using our Services.