Updated: December 20, 2019
The Stash Company is committed to your privacy and ensuring that your personal information is protected. This policy explains the types of personal information we collect, why we collect it, how we use, disclose and protect it and how you can update, manage, export and delete your information
Stash Tea Company, (referred to hereinafter as, “Stash,” or “Company,” or “We,” or “Us,” or “Our”), is a manufacturer, wholesale and retail distributor of loose-leaf and bagged tea and other related products (“Products”) located on Our website at www.stashteabusiness.com/ (“Site”) or offered or marketed through digital channels we control (together with the Site, collectively referred to as “Stash Tea Services”).
Please read this document carefully because this Privacy Policy (“Policy”), describe the legally binding agreement between You (referred to hereinafter as, “You,” or “User,” or “Your”, or “Visitor”) and Us. More specifically, this Policy intends to describe Our intended use of any of Your Data, navigational data, personal or sensitive information acquired, stored and/or maintained through Your use of the Stash Tea Services. It also describes Your choices regarding use, access, rights and correction, and deletion of Your personal information. If You do not agree with the data practices described in this Privacy Policy, You should not use any of the Stash Tea Services.
SCOPE AND ACCEPTANCE OF THIS PRIVACY POLICY
By accessing the Stash Tea Services, You agree to comply with this Policy, and that Your visit and use of the Stash Tea Services, and any dispute directly arising out of Your use or misuse, shall be governed by this Policy. We may modify the terms of this Policy at any time in Our sole discretion, by posting amended terms to this Policy to the Site. If We believe a change to the Policy materially affects You or Your use of Our Site, We will send You an email, notifying You of the change made to this Policy.
Your continued use of the Stash Tea Services thereafter shall constitute immediate acceptance of all revised, modified and/or amended terms to this Policy. However, You should review the most up-to-date version of the Policy from time-to-time on the Site. We will notify You of any material changes, amendments or modifications to the Policy through the Site, or through other communication. In the event You choose not to agree and accept the new, modified or amended Terms, You shall cease use of all the Stash Tea Services and provide Us with written notice.
Nothing in this Policy shall be deemed to confer any third-party rights or benefits. Our partners, affiliates, vendors, manufacturers, distributors, licensors and/or third-party websites may have additional privacy policy terms, restrictions, limitations and data collection and protection practices that You should review separately and independently from this Policy. We are not liable for the data collection, storage and usage practices of any third-party affiliate, vendor, licensor or the like. Some of the third-party affiliates that We use to provide the Stash Tea Service include, without limitation and subject to change; Shopify, Shopify Apps, Stripe, Paypal, Square, and Sage X3.
This Policy constitutes a binding agreement between You and Us. By accessing and/or using the Stash Tea Services, Stash Tea branded pages or applications on third party social media (e.g. Facebook, Twitter, Instagram) or by giving Us Your Data, You accept the practices described in this Privacy Policy.
DEFINITIONS
- Navigational Information: Navigational information refers to information about Your computer, device, VPN information, IP address, the date and time of the visit and how long You remained on Our Site, the referral URL (the site from which the visitor has come), the pages visited on Our Site and information about the device and browser (such as, browser type and version and operating system), browser history, and geographical location;
- Personal Information: This refers to full name, email address, phone numbers, payment information, credit or debit card numbers, shipping and billing information, or similar personal identifiers, or any information that can be used to identify You or that We can link to You;
- User Content: Content uploaded or submitted by Users such as feedback, information, comments, emails, images, photographs, videos, notes, sounds, data, posts and suggestions;
- User Information: Information such as name, user name, password, email address, phone number, and address; (collectively referred to as “Data”).
PERSONAL DATA COLLECTED BY STASH TEA
- WHAT INFORMATION DO WE COLLECT? We may, depending on Your use of the Services, collect the following Data:
-
Personal Information: We collect Personal Information that You voluntarily provide to Us when (1) You create an account to use the Stash Tea Services or place an order for Products through Our Site; (2) when You express an interest in obtaining information about Us or Our Products, or when You sign up to receive emails, marketing, and promotional information from Us; and (3) when You participate in activities on the Stash Tea Services or otherwise contact Us, both online or offline, such as at trade shows or fairs. The Personal Information We collect can include the following: Your full name, email address, phone numbers, payment information, credit or debit card numbers, personal financial account information, or similar personal identifiers, or any information that can be used to identify You or that We can link to You. All Personal Information that You provide to Us must be true, complete and accurate, and You must notify Us of any changes to such personal information. The Personal Information provided for the Stash Tea Services and Products is stored and managed on servers and third-party hosting services in the United States and other countries, including without limitation, Shopify.
-
Payment Information. When You sign up to use the Stash Tea Services or place an order for Our Products, We collect data necessary to process Your payment if You purchase Products, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument. All payment data is stored by a secure third-party payment gateway, such as Square, Shopify and Paypal. If You choose a direct payment gateway to complete Your purchase, then Shopify will process Your credit card data and Payment Information. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Please note that many e-commerce websites sell Our Products that are beyond Our control. Please be sure to review their privacy policy and data practices independent of this Policy before making purchases or sharing Your Personal Information or Payment Information with those third-party websites.
-
Navigational Information and UDID. If You are visiting or using the Stash Tea Services, We may automatically collect Navigational Information, such as Your IP address, the date and time of the visit and how long You remained on Our Site, the referral URL, the pages visited on Our Site or related third-party applications, and information about the device and browser (such as, browser type and version and operating system). We may also collect visitor data through third party services such as Google Analytics, in order to better understand visitor behavior, demographics, locations, page views, time spent on the Site or affiliated third-party applications, and other metrics and analytics used to provide and improve the Stash Tea Services. In addition to the information We collect on Our Site, We may also collect Your city location, device model and version, device identifier (or “UDID”), and OS version. This information is primarily needed to maintain the security and operation of Stash Tea Services, and for Our internal analytics and reporting purposes.
-
User Content. We also keep a record of Our correspondence with You, including without limitation, any feedback and/or testimonials You have provided to Us, whether online, phone or email, information provided to Our customer service, and/or User Content.
-
Online Identifiers. Like many businesses, We also collect information through cookies and similar technologies. We collect devices, cookie identifiers, or others such as the ones used for analytics and marketing, and other similar data. Most web browsers are set to accept cookies by default. If You prefer, You can usually choose to set Your browser to remove cookies and to reject cookies. If You choose to remove cookies or reject cookies, this could affect certain features or services of Stash Tea Services or third-party applications.
-
Mobile Device Data. We may automatically collect device information (such as Your mobile device ID, model and manufacturer), operating system, version information and IP address.
-
Push Notifications. We may request to send You push notifications regarding Your account or the mobile application. If You wish to opt-out from receiving these types of communications, You may turn them off in Your device’s settings.
-
INFORMATION ABOUT MINORS/CHILDREN. We never knowingly collect, sell, share, or store data related to children. The only information we collect, store and use to provide the Stash Tea Services is the Personal Information of the account creator, who must be above the age of 12. Individuals above the age of 12 and below the age of 18 (or the age of majority in your jurisdiction) (“Minors”) shall not be allowed to create an account without the express permission of a legal guardian or parent. If You become aware that Stash Tea has collected Personal Information from a Minor without parental or legal guardian consent, please let us know by contacting us at [email]. To prevent inadvertent disclosure of Personal Information while using the Stash Tea Services, assist in effective use of Information, and ensure appropriate use of the Stash Tea Services, we strongly encourage the parent or guardian of any minor to actively guide any interactions with and/or use of the Stash Tea Services.
- WHEN DO WE COLLECT DATA FROM YOU. We may collect Data from You when You:
- Visit Our Site or order Our Products;
- Interact with Us online, on the phone, through email or on Our Site;
- Interact with Us in person, with Our stores, or at an event or trade show;
- Opt-in to Our direct marketing campaigns, promotions, offers and deals;
- Register with Us through physical registration cards, competition entries, and through call centers;
- Submit User Content;
- Apply for employment with Us on Our Site;
- Post information, comments, testimonials, or reviews online about Us;
- Interact with targeted online content that We or Our service providers provide to You via third-party websites or applications; and
- When You interact with third-party social media such as Facebook and Instagram.
You may have the right to revoke Your consent or to ask Us to stop collecting and/or processing Your Data. You can exercise this right by contacting us at business@stashtea.com.
SHARING OF PERSONAL DATA BY STASH TEA
- WHEN WILL INFORMATION BE SHARED?
-
We Never Sell Your Data. STASH TEA DOES NOT SELL, SHARE, LICENSE, OR OTHERWISE SHARE YOUR PERSONAL INFORMATION OR ANY PERSONALLY IDENTIFIABLE INFORMATION WITH ANY ENTITY OR PERSON, EXCEPT AS EXPRESSLY DESCRIBED IN THIS POLICY OR WHEN WE HAVE A LEGAL BASIS TO DO SO, FOR INSTANCE WITH YOUR PRIOR WRITTEN CONSENT OR A COURT ORDER. YOU ALWAYS HAVE THE RIGHT TO WITHDRAW ANY CONSENT YOU PREVIOUSLY PROVIDED BY CONTACTING US AT business@stashtea.com.
- Service Providers and Affiliates.
- We reserve the right to disclose parts or all of the Data that We collect about You to service providers and affiliates who assist Us in Our business purpose either through partnerships, affiliations, contractors and/or licensors. Some service providers and contractors used on Our applications and Site include, without limitation, processing payment services, analytics services, customer support services, billing, ecommerce services, internal administrative services, maintenance of the Stash Tea Services, and providing business services to Us or to You. In all cases where We share Data with such partners, affiliates, and service providers, We explicitly require them to acknowledge and adhere to Our Privacy Policy and customer data handling policies. Such third parties are prohibited from using any Personal Information or Data except for these stated purposes, and they are required to maintain the confidentiality of Your Data.
- Stash Tea and its affiliated entities reserve the right to share information with third-party data controllers, law enforcement agencies and potential transaction partners where Stash Tea and its affiliated entities have a legal basis to do so.
- By Law or Protected Right.
- We may disclose part or all User Information, User Content and/or Personal Information collected through the Stash Tea Services, if (1) required by law; (2) if We believe that disclosure is necessary to comply with the law; (3) to enforce Our intellectual property rights; (4) to protect the rights, property or safety of Us and Our employees or agents; and (5) if necessary to defend against third-party claims. We may also disclose Data collected when requested to comply with a court order, investigation, subpoena or governmental request. We will notify You of such use, either by a notification on the Site or by email to You.
- Business Transfers.
- If We go through a business transfer, such as consolidation, merger, restructuring, acquisition, or sale of part or all of Our assets, You acknowledge and consent to the transfer of Your Data, including User Information, Personal Information and User Content. You further acknowledge and consent to the continued use of Your Data by the recipient, so long as they comply with this Privacy Policy or a similar policy. In this event, You will be notified via email and/or a prominent notice on the Site, of any change in ownership or business transfer, use of Your Data, and the choices and rights You may have regarding Your Data.
- Vendors, Consultants and Third-Party Service Providers.
- We may share your Data with third party vendors, service providers, contractors or agents who perform services for Us or on Our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Stash Tea Services or Site, which will enable them to collect data about how You interact with the Stash Tea Services over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, We do not share, sell, rent or trade any of Your Data with third parties for their promotional or commercial purposes. We have contracts in place with Our data processors that ensure they safeguard Your Data. This means that they cannot do anything with Your Data unless We have instructed them to do it or if they have a legal basis. They will not share Your Personal Information with any organization apart from Us. They will hold it securely and retain it for the period We instruct or required by law. However, We are not responsible for the privacy practices other content and/or services operated by third parties that are linked to or integrated with the Stash Tea Service or for the privacy practices of any third party. Our provision of such third-party links, content and/or services does not constitute Our endorsement of these third parties, their content, their owners, or their practices. Once You leave the Site via such a link, access a third-party application, or click on a third-party offer, You should check the applicable privacy policy of the third party or advertiser website to determine, among other things, how they will handle any personal information they collect from You.
HOW STASH TEA USES PERSONAL DATA
- WHY WE COLLECT DATA AND HOW WE USE IT. We use the Data We collect solely to provide and improve the Stash Tea Services, the Site, sell Our Products, and communicate with You regarding the same. We may, without limitation, use Data to:
-
Complete Product Orders. We will need to use Your Personal Information and User Information in order to process and ship Your orders from Our Site, and to inform You about the tracking of Your order.
-
Account Maintenance. We may use Your Data to create and maintain Your account with Us, including customer loyalty points for purchases. You may cancel or delete Your account at any time by contacting Us at business@stashtea.com.
-
Customer Service – We may use Your Data to provide You with customer service, including responses to Your inquiries, complaints and feedback about Stash Tea Services and Products. Customer service may be done through email, letters mailed or telephone.
-
Personalization – In order to improve the Stash Tea Services We combine Personal Information and Data collected from one source (e.g. a website) with data collected from another source (e.g. an offline event), to personalize Your experience with Us. This information gives Us a more complete view of You as a consumer, which in turn, allows Us to serve You better in regards to the following:
-
Websites – We use Data such as User Information, Navigational Information, and/or previous website usage information to improve and personalize Your experience on the Site and applications;
-
Products – We use Data to improve and develop new Products that may be of interest to You;
-
Internet Based Advertising – We may use Data to target advertisements of Our Products that You would be interested in. THIS WEBSITE USES COOKIES. A cookie is a small amount of data sent to, or requested from Your computer. Cookies are used in order to keep track of Your shopping cart. Without cookies, the online ordering system would not be able to associate Your shopping cart with You, and You would not be able to carry more than one item in Your cart at a time. Cookies can be disabled within Your browsers software settings. Disabling cookies may affect or impair the use of the Stash Tea Services.
-
Marketing Communications – If You opt in to receive marketing communications from Us, We may send You information on Our new Products, offerings, promotions, and discounts, and we may use your Personal Information to determine which communications are most relevant to you. You always have the right to opt-out or unsubscribe from any marketing or commercial emails sent from Us, by clicking on the “unsubscribe” link at the bottom of Our emails or otherwise contacting us. You cannot, however, unsubscribe from transactional emails relating to Your account or orders. If You delete Your account, We may retain Your marketing preferences data.
You have the right to request information on how We process and share Your Data. You can exercise this right by contacting Us at business@stashtea.com.
- HOW LONG DO WE KEEP YOUR INFORMATION?
- We will only keep Your Personal Information for as long as it is necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When We have no ongoing legitimate business need to process Your Data, We will delete, de-identify it, or anonymize it. If this is not possible (for example, because Your Data has been stored in backup archives), then We will securely store Your Data and isolate it from any further processing until deletion is possible.
- If You have elected to receive marketing communications from Us, We retain information about Your marketing preferences for a reasonable period of time from the date You last expressed interest in Our Products or brand, such as when You last opened an email from Us or ceased using Your Account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created. We keep this information for analytics and internal business purposes.
- HOW DO WE KEEP YOUR INFORMATION SAFE?
- We are committed to protecting Your Data and We implement appropriate administrative, technical, organizational and physical safeguards designed to safeguard the information that We collect. For instance, We encrypt all data when in transit. However, no information system can be made 100% secure. This means that We cannot guarantee the absolute security of Your Data. Moreover, We are not responsible for the security of information You transmit to Us over networks that We do not control, including the internet and wireless networks, or the data that is stored on Your device. You should only access the services within a secure environment.
- Secure Sockets Layer (SSL) technology protects Data on Our Site using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons. Every time you send Us Your credit card number and Your billing and shipping information, We use the industry-standard SSL technology to prevent the information from being intercepted. We also encrypt Your credit card number when We store Your order.
- Our computer systems are hosted in cloud services that we have selected, in part, based on their representation that they use a firewall, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders.
- If You live outside of the United States, You understand and agree that We may transfer Your Personal Information to the United States. This Site is intended for use in the United States and is subject to the laws of the United States, which may not provide the same level of protections as those in Your own country.
- We store Your Data in a secure operating environment and is only accessible to Stash Tea employees, agents and contractors on a need-to-know basis. Contracts are in place that requires others to keep Your Personal Information private and secure.
- TECHNICAL SAFEGUARDS.
- Unique password requirements and limited employee access;
- Destruction, deletion or de-identification of Data;
- Industry standard security protocols;
- Employee training on how to handle sensitive data, breach notice and procedures;
- Secure Technology (SSL), server authentication and Data encryption and use of firewall to host data;
- Designated security coordinator on the Stash Tea team;
- Sub-processors, sub-contractors and third-parties are bound to same security practice obligations;
- Backups; and
- Periodic audits.
- DATA BREACH. Stash Tea shall comply with all applicable federal and state laws that require notification to individuals, entities, state agencies, or federal agencies in the event of a data breach. When Stash Tea reasonably suspects and/or becomes aware of a disclosure or security breach concerning any Data, We shall notify the affected user or individual immediately and mitigate the damage of such security breach to the greatest extent possible. In the event of an actual data breach or the unauthorized access or disclosure of any sensitive or personal data, We will notify You in writing as soon as possible outlining the following information:
- What happened (date of breach is possible, or estimated date of incident, or the date range within which the breached occurred);
- What information was involved (list the type of personal information);
- What We are doing to help resolve or mitigate the issue (and if there was any delay in providing this notice due to law enforcement investigation);
- What You can do to help Us;
- How You can get more information or contact Us;
- Information about what We have done to protect individuals whose information has been breached;
- Advice on steps that the person whose information has been breached may take to protect himself or herself; and
- Information about the steps We have taken to cure the breach and the estimated timeframe for such cure.
ADDITIONAL INFORMATION FOR EUROPEAN RESIDENTS
- GLOBAL DIGITAL PRIVACY REGULATIONS (GDPR) COMPLIANCE FOR EU USERS.
- Our legal basis for collecting and using information described herein will depend on the User Information and Data concerned, and the specific context in which We collect it. However, We will normally collect Personal Information and Data from You only where We have Your consent to do so, where We need the Personal Information and/or Data to perform a contract with You, or where the processing is in Our legitimate interests is not outweighed by Your data protection interests or fundamental rights and freedoms. In some cases, We may also have a legal obligation to collect and maintain Personal Information and/or Data from You.
- If We ask You to provide Personal Information and/or Data to comply with a legal requirement or to perform a contract with You, We will make this clear at the relevant time and advise You whether the provision of Your Personal Information and/or Data is mandatory or not (as well as of the possible consequences if You do not provide Your Personal Information and/or Data). Similarly, if We collect and use Your Personal Information and/or Data in reliance on Our legitimate interests (or those of any third party), We will make clear to You at the relevant time what those legitimate interests are.
- Processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- WHAT ARE YOUR PRIVACY RIGHTS?
- You have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your Personal Information, (ii) to request rectification or erasure; (iii) to restrict the processing of your Personal Information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the sharing of your Personal Information. To make such a request, please contact us at business@stashtea.com.
- If We are relying on Your consent to process Your Personal Information, You have the right to withdraw Your consent at any time.
- If You are resident in the European Economic Area and You believe We are unlawfully processing Your Personal Information, You also have the right to complain to Your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
- If You would like to opt out of or unsubscribe from receiving direct marketing communications, You can also use the unsubscribe link contained in the message You have received.
- Upon Your request to terminate Your account, We will deactivate or delete Your account and information from Our active databases. However, some information may be retained in Our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce Our Terms of Use and/or comply with legal requirements, but such information may be de-identified or anonymized.
- If You would at any time like to review, delete or change the information in Your account or terminate Your account, You can:
- Log into Your account settings and update Your user account; or
ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
- ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
- California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits Our users who are California residents to request and obtain from Us, once a year and free of charge, information about categories of personal information (if any) We disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which We shared personal information in the immediately preceding calendar year. If You are a California resident and would like to make such a request, please submit Your request in writing to us at business@stashtea.com or through the portal below.
- If You are under 18 years of age, reside in California, and have a registered account with the Stash Tea Services, You have the right to request removal of unwanted data that You publicly post on the Site. To request removal of such data, please contact Us at business@stashtea.com, and include the email address associated with Your account and a statement that You reside in California. We will make sure the data is not publicly displayed on the Site, but please be aware that the data may not be completely or comprehensively removed from Our systems.
TO EXERCISE ANY OF YOUR DATA PRIVACY RIGHTS, PLEASE:
- Email Us at business@stashtea.com;
- Use Our ‘Contact Us’ link and fill out the online form on Our Site;
- Call Us at a toll-free number +1-800-547-1514;
- Send Us Mail to: PO Box 910, Portland, OR 97207;
- To OPT-OUT of marketing emails, choose the Unsubscribe option at the bottom of Our marketing emails or email us at business@stashtea.com.
Stash Tea reserves the right to make changes to this Privacy Policy. Please refer to this page from time to time to review this policy for changes and any new information.