Last modified: August 2023
1. What Personal Information We Collect
Personal Information means information about or relating to an identified or identifiable person, such as a name, address, email address, phone number, or other identifier that permits contacting of a specific individual, or such other definition under applicable privacy laws. We collect certain Personal Information depending on how you interact with us.
a) Contact and Account Information. To create or update an account with the Services, including when you download the App and link the App to your account, you must provide your first and last name, a working email address, and create a password for your account. You may also choose to add an avatar or photo to your profile, as well as a list of books that you have already read. Lastly, we generate a unique customer identification number that will be associated with your account.
b) Payment Information. If you make a purchase through the Services, we will also collect your payment card information to fulfill your purchase. However, payment card information is processed by a third-party payments processor and we do not store your complete payment card information. If you purchase a gift for someone else through the Services, you must provide the recipient’s name and shipping address and you may include a message with your gift.
c) Device Information. We collect information about the computers, phones, and other devices used when interacting with our Services, including browser type and version and IP address (which may be used to infer general location at a city or country level).
d) Activity and Usage Information. We collect information regarding your use of our Services, including the time, date, and length of time of use; the pages you view, including the time spent on each page and clicks on each page; how you got to the Services (i.e., referring URL) and any links you click on to leave the Services; and metadata about your use of the Services and your email conversions (including clicks and opens); and other interactions with the Services.
e) Inquiry Information. We collect information when you communicate with us, submit an inquiry through our Sites, or order new Services.
f) Participation in Reese’s Book Club Community. If you participate in the “Community” portion of the Reese’s Book Club Site or the App, we will process the content that you post in these parts of the Services.
g) Partnership with Fair Play Programs. Hello Sunshine partners with Fair Play to provide trainings on the Fair Play Method. To the extent that you participate in Fair Play training programs through your employer, we may receive Personal Information that you provide as part of the training, such as name, email, job title, and home address. We use this Personal Information to facilitate the training program, and for no other purposes.
h) In Person Interactions. We may collect certain limited Personal Information from you, such as name, address, and email address during in-person events, such as book-signing events.
2. How We Use your Personal Information
We use Personal Information to provide our Services and for the following purposes:
a) to provide Services to you, including to fulfill your orders and requests;
b) to improve our Services, including making our Sites and Apps easier for you to use and to ensure that they are properly functioning;
c) to respond to customer inquiries, diagnose product and Site problems, and provide other customer care and support services;
d) to develop and improve our Services, Sites, and products, including through our market research, using search queries and clicks to improve the relevance of search results and using usage data to determine what new features to prioritize;
e) to communicate with you, including sending emails or text messages as permitted by law, responding to your questions and comments; and to update you about changes to your account;
f) to personalize your experience with our Services and Sites;
g) to market our Services, as well as to analyze and enhance our marketing communications and strategies, including by using pixels, cookies, and other cookies for marketing purposes;
h) to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our Services;
i) to secure our Services, including protecting against malicious conduct, fraudulent activity or unsafe experiences; and
j) to comply with applicable law, including to respond to valid legal process, including, but not limited to, a search warrant, subpoena, or court order, and any other instance when we believe we are required to do so by law.
3. How We Share Personal Information
a) Reese’s Book Club Community. All registered users of the Services have access to the Reese’s Book Club Community (the “RBC Community”), a social feed and community forum where users can swap books, share thoughts, participate in virtual book clubs and follow the posts of other users who do the same. User profiles are “public” in that profiles and posts may be seen by all other users of the RBC Community. We may reach out to you for permission to share feedback you have provided in RBC Community more broadly, for example, in marketing materials, but otherwise will not disclose information shared in RBC Community more widely without your permission. Your posts to the RBC Community may not violate the privacy rights of any third parties, including other RBC Community users, as required by our Terms.
b) Third-Party Services Providers and Vendors. We may share Personal Information with third parties who perform services on our behalf, such as customer service, marketing strategy, payment processing, communications delivery, information technology services, and information storage services. These third parties may not use Personal Information for any other purpose.
c) Marketing, Advertising, and Analytics Partners. We may use third-party marketing, advertising, and analytics providers: to provide statistics and analysis about how people are using our Services, including our Sites; and to provide advertising and marketing for our Services, which may be considered targeted advertising. These third-party partners may receive information about your interactions with our Services through third-party cookies. For information about how to opt out of our use of third-party cookies that share data with these partners, see "California and Other U.S. State Privacy Rights", Where required by law, we will first obtain your consent before engaging in the marketing or advertising activities described.
e) Legal Process and Protection from Harm. If legally required to do so, or if we have a good faith belief that such disclosure is reasonably necessary, we may disclose your Personal Information to courts of law, law enforcement authorities and other relevant third parties, (i) to conduct an investigation, (ii) to respond to a third party or law enforcement subpoena or court order, or (iii) to bring legal action, prevent harm to others or pursue other relief, in each aforementioned case when you or a third party are or may be:
violating our Terms & Conditions;
causing injury or other harm to, or otherwise violating the property or other legal rights, of us, other users, or third parties; or
violating federal, state, local, or other applicable law.
4. Retention of Personal Information
We retain Personal Information as long as needed to fulfill the purposes outlined above. We use the following criteria to determine how long to retain Personal Information: the length of time that we have a relationship with you, and the Services we provide to you; your requests to us regarding your information, or our Services; any applicable legal, contractual, tax, or accounting purposes; and technical considerations and feasibility.
5. Links to and between Third Party Sites and Services
For avoidance of doubt, if we provide links to social media platforms, such as Facebook, Instagram or Twitter, and you choose to visit those websites through our links, or if you use these platforms to log into the Services, please note that the information you post, transmit or otherwise make available on or through those platforms will be shared with those platforms and may be viewed by the general public. We do not control user-posted content on social media homepages and are not responsible for any third-party use of your information that you have posted, transmitted or otherwise made available there.
We use reasonable technical, administration, and physical controls to help protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security. You agree and acknowledge that we will not be liable or responsible for use or disclosure of your Personal Information that is the result of unauthorized or illegal access to our systems or those of third parties. If you believe the security of your Personal Information has been compromised, please notify us immediately using the contact information below.
7. California and Other U.S. State Privacy Rights
Under some U.S. state laws, including the California Consumer Privacy Act of 2018 (as amended by the California Consumer Privacy Rights Act) (CCPA), residents may have a right to:
a) Access and/or Portability. You can request, up to two times each year, that we disclose the categories and/or specific pieces of Personal Information that we collect, use, disclose, and may sell, and, in some circumstances, have that data provided to you so that you can provide or “port” that data to another provider.
b) Deletion. You can ask us to delete the Personal Information that we have collected from you, subject to certain exceptions such as to complete a transaction for you, to exercise our rights, or to comply with a legal obligation.
c) Correct. You can request that we correct the Personal Information that we have collected from you under certain circumstances.
e) Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
f) Appeal. You may have the right to appeal a denial of your request. Some states provide additional rights to their residents. If we decline to process your request, you may have the right to appeal our decision. You can do so by replying directly to our denial or emailing firstname.lastname@example.org.
Exercising Your Rights. To exercise your rights, please email email@example.com. We will acknowledge receipt of your request within 10 business days, and provide a substantive response within 45 calendar days, or inform you of the reason and extension period (up to a total of 90 days) in writing.
These rights are not absolute, are subject to exceptions and limitations, and may not be afforded to residents of all states. In certain cases, we may decline requests to exercise these rights where permitted by law. We will need to verify your identity to process your access, deletion, and correction requests and reserve the right to confirm your state residency. We will verify your consumer request by comparing the information you provide to information already in our possession, and take additional steps to minimize the risk of fraud. You may designate an authorized agent to submit your verified consumer request by providing written permission and verifying your identity, or through proof of power of attorney.
8. California Notice at Collection
a) Personal Information that We Collect, Use and Disclose. The list below summarizes the Personal Information we collect through the Services by reference to the categories of Personal Information specified in the CCPA. Please see "What Personal Information We Collect" above for a general description of the Personal Information we collect through the Services.
Personal Information Collected. Identifiers/biographical information, commercial information, payment card information, internet or other electronic network activity information (such as device or usage information), geolocation information, visual information, and inferences drawn from the above. The sources of this information are the consumer, analytics providers, and service providers.
Sources of Personal Information. We receive information from sources as described in the “What Personal Information We Collect” section, including: from you (including through your use of our Services); from partners; and from publicly available sources.
Disclosure of Personal Information. We disclose the following categories of Personal Information to our service providers for business purposes: Identifiers/biographical information, commercial information, payment card information, internet or other electronic network activity information, geolocation information, visual information, and inferences drawn from the above.
"Sale" or "Share" of Personal Information. We may permit advertising and analytics services that are intended to deliver advertising to you and/or analyze your interactions, based on your interactions with our Services, which may constitute a “sale” or “sharing” of data under California law. See "California & Other U.S. State Privacy Rights" for more information regarding your right to opt-out.
b) Business and Commercial Purposes. We use Personal Information for the following business and commercial purposes: to provide Services; for research and development; for marketing and promotions (we do not use any content shared as part of Reese’s Book Club Community for any marketing or promotions); security and safety; to communicate with you; and for legal reasons. For more information, please see "How We Use Personal Information". Categories of third parties to whom we disclose Personal Information for business purposes are described in "How We Share Personal Information".
c) California Shine the Light Law. In addition to the above rights, if you are a California resident, you may request that we provide to you: (i) a list of the categories of Personal Information about you that we have disclosed to third-parties for those third-parties’ direct marketing purposes during the calendar year preceding your request; (ii) the names and addresses of such third-parties; and (iii) if the nature of the third-parties’ businesses cannot reasonably be determined from their names, examples of the products or services marketed, if known to us, sufficient to give you a reasonable indication of the nature of the third-parties’ businesses. To submit your request, please e-mail us at firstname.lastname@example.org. However, please note that as stated above, we do not currently disclose Personal Information to third-parties for those third-parties’ direct marketing purposes.
9. European and United Kingdom Users
Legal Basis for Processing Personal Information. We only use your information in a lawful, transparent, and fair manner. Depending on the specific Personal Information concerned and the factual context, when we process Personal Information as a controller for individuals in regions such as the EEA, Switzerland, and the UK, we have a lawful basis to process your data if: we are legally obligated to process it; we must process it to provide you with Services you have requested; you have consented to the processing; and/or we have a legitimate interest in processing your data, including for fraud prevention, network and information systems security, data analytics, enhancing, modifying or improving our services and Sites, identifying usage trends, determining the effectiveness of promotional campaigns, and personalization of the Services; in each case as described herein.
a) Your Rights. If you are in the EEA, Switzerland, or the UK, your rights in relation to your Personal Information processed by us as a controller specifically include:
Right of access and/or portability: You have the right to access any Personal Information that we hold about you and, in some circumstances, have that data provided to you so that you can provide or “port” that data to another provider;
Right of erasure: In certain circumstances, you have the right to the erasure of Personal Information that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected);
Right to object to processing: In certain circumstances, you have the right to request that we stop processing your Personal Information and/or stop sending you marketing communications;
Right to rectification: You have the right to require us to correct any inaccurate or incomplete Personal Information;
Right to restrict processing: You have the right to request that we restrict processing of your Personal Information in certain circumstances (for example, where you believe that the Personal Information we hold about you is not accurate or lawfully held).
Some features of the Services allow you to review, update and delete your Personal Information from your profile, or to cancel your account. Where this function is not available or you would like assistance with exercising your rights, please contact us at email@example.com. Please note that we may request you to provide us with additional information in order to confirm your identity and ensure that you are entitled to access the relevant Personal Information. You also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.
b) Data Transfers. This website is hosted in, and the Services are provided from, the United States. In order for us to provide the Services to you, it may be necessary to transfer your Personal Information to the United States.
The Services are not directed to persons under 18. We do not knowingly collect Personal Information from children under 13. If a parent or guardian of a child under the age of 13 becomes aware that his or her child has provided us with personal information without such parent or guardian’s consent, he or she should contact us and we will delete such information from our files.
12. Contact Us