ONLINE PRIVACY POLICY – UNITED STATES ONLY
Last updated November 6, 2024
Audio and Video Labs, Inc. d/b/a CD Baby (the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our customers, visitors to our website(s), job applicants, and independent contractors. This policy describes the personal information we collect, use, and disclose about individual consumers, applicants, and contractors who visit or interact with our website(s), visit any of our offices, purchase or inquire about any of our products or services, contract with us to provide services, apply for a position of employment, or otherwise interact or do business with us.
Whenever you visit our website(s), we will collect some information from you automatically simply by you visiting and navigating through the site, and some voluntarily when you submit information using a form on the website, utilize the Live Chat feature on our website(s), enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our website(s). Through the website, we will collect information that can identify you and/or your activity.
Additionally, whenever you communicate, interact, or do business with us, whether online or at any of our offices, or whether you are contracted to perform services for us or apply for a position of employment, we will be collecting personal information from you or about you in the course of our interaction or dealings with you.
The meaning of “personal information” may be defined based on your state of residence: in this policy, it means any information that can reasonably be used to identify an individual.
This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries; if you are a California resident who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to [email protected].
1. Consent to Share Personal Information When Using Live Chat Function
By using the Live Chat feature, you consent to the collection and analysis of all personal information provided. The Live Chat feature utilizes a chatbot that analyzes the data and information submitted to respond intelligently to meet or identify the customer’s need and answer questions. We utilize a vendor called Ada Support Inc. (“Chat Vendor”) to process, analyze, and store the contents of the chat on our behalf. The Chat Vendor may provide information in the chat to their service providers and/or their affiliated entities, distributors, agents, and contractors. The Chat Vendor may also use the information analyzed or processed from the chat for targeted advertising purposes. For more information on how the Chat Vendor may use or disclose your personal information, please review their privacy policy here: https://www.ada.cx/legal-resources/privacy-policy. By using these forms and features, you direct the Company to disclose to and share with the Chat Vendor any personal information you provide.
2. Collection of Personal Information and Sensitive Personal Information
Based on your specific transactions and interactions with us or our website(s), we will or may collect, and we have in the last 12 months collected, the following categories of personal information about you. For each category of information, the categories of 3rd parties and service providers to whom we have disclosed the information in the last 12 months are referenced below. The examples provided for each category are not intended to be an exhaustive list nor an indication of all specific pieces of information we collect from or about you in each category, but rather the examples are to provide you a meaningful understanding of the types of information that may be collected within each category.
Category | Personal Identifiers |
Examples | Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | For data collected through our website, we sell some of this data to customer review or data analytics vendors (not for monetary consideration but for other valuable consideration), and we also share the data with data analytics vendors and social media platforms for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website or app), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising. |
Retention Period | Duration of our relationship with you plus 6 years.
If you are a job applicant and are hired by the Company, then your name will be retained permanently, and the rest will be retained for the duration of employment plus 6 years. If you are not hired, this data will be retained for 6 years from when the position is filled or the date we receive your information, whichever is longer. |
Category | Contact Information |
Examples | Home, postal or mailing address, email address, home phone number, cell phone number. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | For data collected through our website, we sell some of this data to customer review or data analytics vendors (not for monetary consideration but for other valuable consideration), and we also share the data with data analytics vendors and social media platforms for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website or app), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising. |
Retention Period | Duration of our relationship with you plus 6 years.
If you are a job applicant and are hired by the Company, then your name will be retained permanently, and the rest will be retained for the duration of employment plus 6 years. If you are not hired, this data will be retained for 6 years from when the position is filled or the date we receive your information, whichever is longer. |
Category | Account Information |
Examples | Username and password for Company accounts and systems (including where a job applicant or candidate must create an account to apply for a job), and any required security or access code, password, security questions, or credentials allowing access to your Company accounts. |
Disclosed To in Last 12 Months | Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants |
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising. |
Retention Period | Username: permanent; Password or security code: while in use + 2 years |
Category | Commercial or Transactional Data |
Examples | Information regarding products or services provided, purchasing history. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | For data collected through our website, we sell some of this data to social media platforms and data analytics vendors (not for monetary consideration but for other valuable consideration), and we also share the data with data analytics vendors and social media platforms for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website or app), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising. |
Retention Period | 6 years after transaction, unless necessary to maintain for a longer period for tax or other regulatory compliance. |
Category | Internet Network and Computer Activity |
Examples | Date and time of your visit to the website; webpages visited; links clicked on the website; browser ID; browser type; device ID; operating system; form information downloaded; domain name from which our site was accessed; search history; and cookies; internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, as well as Company-owned computers and electronic devices, including system and file access logs. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | For data collected through our website, we sell some of this data to marketing support vendors and vendors that support managing or hosting the website and the Chat function on the website, data analytics vendors, and social media platforms (not for monetary consideration but for other valuable consideration), and we also share the data with data analytics vendors and social media platforms for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website or app), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising. |
Retention Period | 6 years after the transaction or activity. |
Category | Geolocation Data |
Examples | IP address. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | For data collected through our website, we sell some of this data to marketing support vendors and vendors that support managing or hosting the website and the Chat function on the website, data analytics vendors, and social media platforms (not for monetary consideration but for other valuable consideration), and we also share the data with data analytics vendors and social media platforms for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website or app), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising. |
Retention Period | 6 years. |
Category | Mobile Device Data |
Examples | Information collected when you navigate, access or use any of our websites via mobile device, including device type, software type; data identifying your device if you access our business networks and systems, including cell phone make and model. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | For data collected through our website, we sell some of this data to marketing support vendors and vendors that support managing or hosting the website and the Chat function on the website, data analytics vendors, and social media platforms (not for monetary consideration but for other valuable consideration), and we also share the data with data analytics vendors and social media platforms for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website or app), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising. |
Retention Period | 6 years. |
Category | Online Portal and/or Mobile App Access and Usage Information |
Examples | Username and password, account history, usage history, file access logs, security clearance level, and any information submitted through the account. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising. |
Retention Period | 6 years. |
Category | Visual, Audio, or Video Recordings |
Examples | Your image when recorded or captured in surveillance camera footage or pictures of you taken on our premises or at our events or that you share with us; audio recordings of calls and virtual meetings as disclosed to you at the time of the call. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising. |
Retention Period | Surveillance video – 90 days; the rest of this category is retained for the duration of our relationship with you plus 6 years. |
Category | Pre-Hire Information |
Examples | Information gathered on job applicants as part of background screening and reference checks, information recorded in job interview notes by persons conducting job interviews for the Company, information contained in candidate evaluation records and assessments, information in work product samples you provided, and voluntary disclosures by you. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising. |
Retention Period | If hired, this data will be retained for the duration of employment plus 6 years. If not hired, it will be retained for 6 years from when the position is filled or the date we receive your information, whichever is longer. |
Category | Employment and Education History |
Examples | Information contained in job applicants’ resumes regarding educational history, information in transcripts or records of degrees, vocational certifications obtained, and information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising. |
Retention Period | If hired, this data will be retained for the duration of employment plus 6 years. If not hired, it will be retained for 6 years from when the position is filled or the date we receive your information, whichever is longer. |
Category | Professional Related Information |
Examples | Information on independent contractors contained in tax forms/1099 forms, safety records, licensing and certification records, and performance records, and information related to services provided by independent contractors, including in statements of work. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising. |
Retention Period | Duration of our relationship with you plus 6 years. |
Category | Facility & Systems Access Information |
Examples | Information identifying you, if you accessed our secure company facilities, systems, networks, computers, and equipment, and at what times, using keys, badges, fobs, login credentials, or other security access method. |
Disclosed To in Last 12 Months |
|
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising. |
Retention Period | 6 years. |
Category | Medical and Health Information |
Examples | Information related to symptoms, exposure, contact tracing, diagnosis, testing, or vaccination for infectious diseases, pandemics, or other public health emergencies. |
Disclosed To in Last 12 Months | Not Disclosed. |
We May Collect, Process, and Disclose for the Following Business Purposes |
|
Sold To / Shared With | Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising. |
Retention Period | 2 years.
Job Applicants: If hired, this data will be retained for the duration of employment plus 6 years. If not hired, it will be retained for 6 years from when the position is filled or the date we receive your information, whichever is longer. |
Of the above categories of Personal Information, the following categories of Sensitive Personal Information (as considered under your State Privacy Laws) the Company may collect from or about consumers, independent contractors, or applicants:
- Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
- Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
- Medical and Health Information
Personal information does not include:
- Publicly available information from government records.
- Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media.
- Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience.
- Deidentified or aggregated information.
3. We may collect your personal information from the following sources:
- You the consumer, independent contractor, or job applicant, when you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our physical locations, when you purchase or inquire about any of our products or services, when you utilize the Live Chat feature on the website, when you enter into a contract to perform services for us, or when you apply for a position of employment
- Our employees, contractors, vendors, suppliers, guests, visitors, and other consumers based on your interactions with them (if any)
- We utilize cookies to automatically collect information about our website visitors
- Surveillance cameras at our physical locations
- Lead generators and referral sources
- HR support vendors, Recruiters or Staffing agencies
- Social media platforms
- Company-issued computers, and electronic devices
- Company systems, networks, software applications, and databases you log into or use
- Company systems, networks, software applications, and databases you log into or use in the course of applying for a position with the Company, interacting with our website, or otherwise interacting with us in any other capacity, including from vendors the Company engages to manage or host such systems, networks, applications or databases
- Personal references and former employers (if you are a job applicant)
- Schools, universities, or other educational institutions which you attended (if you are a job applicant)
- From friends, family, or colleagues who choose to email you job postings that they think you may be interested in from our application platform or careers page
We use website analytics tools, such as Mouseflow, that provide session replay, heatmaps, funnels, form analytics, feedback surveys, and similar features/functionality and may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar metadata.
4. We may disclose, sell, or share your personal information to/with the following categories of service providers, contractors, or third parties:
- A. Financial institutions
- B. Insurance carriers, administrators, and brokers
- C. Government agencies
- D. Promotional or other fulfillment vendors
- E. Marketing support vendors, and vendors that support managing or hosting the website and the Chat function on the website
- F. Transaction support vendors (e.g., check guaranty, payment processors)
- G. Data analytics vendors
- H. Customer review vendors
- I. Social media platforms, including TikTok, Meta, and YouTube
- J. Professional employer organizations, recruiting firms, and/or staffing agencies
- K. Talent acquisition management systems, and other vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
- L. Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
- M. Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)
5. We may collect your personal information for the following business purposes:
- To fulfill or meet the purpose for which you provided the information.
- To process, complete, and maintain records on transactions.
- To retain your selection for text opt in/opt out to ensure customers who opted out are not sent any text messages.
- To schedule, manage and keep track of customer appointments.
- To maintain records of when customers decline a service or sale.
- To respond to consumer inquiries, including requests for information, customer support online, Live Chat on the website, phone calls, and in-person inquiries.
- Marketing and sales activities.
- To obtain customer reviews.
- To contact you by email, telephone calls, mail, or other equivalent forms of communication regarding updates or informative communications related to the functionalities, services, or other information you requested or asked the Company to provide to you.
- To provide interest-based advertising.
- To process for targeted advertising.
- To improve user experience on our website.
- To understand the demographics of our website visitors.
- To detect security incidents.
- To debug, identify, and repair errors that impair existing intended functionality of our website.
- To protect against malicious or illegal activity and prosecute those responsible.
- To grant access to Company accounts, facilities, and systems.
- To ensure security of Company data accessed through Company accounts and systems.
- To verify and respond to consumer requests.
- To prevent identity theft.
- JOB APPLICANT PURPOSES:
- (a) To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to apply for a job with the Company, we will use that Personal Information in connection with your candidacy for employment.
- (b) To comply with local, state, and federal law and regulations requiring employers to maintain certain records, as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements.
- (c) To evaluate your job application and candidacy for employment.
- (d) To obtain and verify background check and references.
- (e) To communicate with you regarding your candidacy for employment.
- (f) To permit you to create a job applicant profile, which you can use for filling out future applications if you do not get the job you are applying for.
- (g) To keep your application on file even if you did not get the job applied for, in case there is another position for which we want to consider you as a candidate even if you do not formally apply.
- (h) To evaluate and improve our recruiting methods and strategies.
- (i) To engage in lawful monitoring of job applicant activities and communications when they are on Company premises, or utilizing Company internet and WiFi connections, computers, networks, devices, software applications or systems.
- (j) To engage in corporate transactions requiring review or disclosure of job applicant records subject to non-disclosure agreements, such as for evaluating potential mergers and acquisitions of the Company.
- (k) To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company related to recruiting or processing of data from or about job applicants.
- (l) To improve job applicant experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
- (m) To reduce the risk of spreading infectious diseases in or through the workplace.
- 22. INDEPENDENT CONTRACTOR PURPOSES:
- (a) To fulfill or meet the purpose for which you provided the information.
- (b) To comply with state and federal law and regulations requiring businesses to maintain certain records (accident or safety records, and tax records/1099 forms).
- (c) To engage the services of independent contractors and compensate them for services.
- (d) To evaluate, make, and communicate decisions regarding an independent contractor, including decisions to hire and/or terminate.
- (e) To grant independent contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon.
- (f) To implement, monitor, and manage electronic security measures on independent contractor devices that are used to access Company networks and systems.
- (g) To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.
- (h) To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
- (i) To reduce the risk of spreading infectious diseases in or through the workplace.
We may disclose your personal information for any one or more of the business purposes identified above.
We do NOT and will not sell or share your personal information in exchange for monetary consideration. However, we may sell or share some of your information to third parties for other valuable consideration, as noted in the table above.
We may sell or share your personal information for the following business purposes:
- Marketing and sales activities.
- To provide interest-based advertising.
- To process for targeted advertising.
- To improve user experience on our website.
- To understand the demographics of our website visitors.
- To obtain customer reviews.
Other than these exceptions, we do not and will not disclose your personal information to any third party in exchange for monetary or other valuable consideration or share your personal information for cross-context behavioral advertising.
6. Notice of Right of California Residents to Opt-Out of the Selling and Sharing of Your Information
While we do not sell or share your personal information in exchange for money, we may sell or share your personal information for other valuable consideration. You have the right to tell us NOT to sell or share your personal information. You have the full and free right to opt-out of our disclosure of your personal information to any third parties where the disclosure constitutes “selling” or “sharing” as defined by the California Privacy Rights Act. You may exercise your right to opt-out without fear of discrimination for doing so. To opt-out of our selling or sharing of your information, meaning, we will not disclose your information to third parties for any monetary or other valuable consideration, you can do any of the following:
You can have an authorized agent submit a request on your behalf. To submit an opt-out through use of an authorized agent, you must provide that agent with written permission signed by you to submit an opt-out on your behalf, except when using an opt-out preference signal. The authorized agent may contact us through [email protected] to make the opt-out request and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to the Company. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf. A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent. |
7. Opt-Out Preference Signals
Opt-out preference signals provide you with a simple and easy-to-use method by which to exercise the right to opt-out of the selling and sharing of their information. Global Privacy Controls (GPC) or Universal Opt-Out Mechanisms (UOOM) are user-enabled opt-out preference signals which can communicate a user’s “Do Not Sell or Share” request on behalf of you or a device. We will process opt-out preferences from GPC and UOOM signals which are in formats commonly used and recognized by businesses, such as an HTTP field header. We will treat your use of GPCs or UOOMs as a valid request to opt-out of the selling and sharing of information for that browser. We currently do not connect browser use to particular consumers and, as such, you will need to use GPCs or UOOMs on all browsers in which you access our website and use our opt-out form to opt-out of offline sales.
Do Not Track (DNT) is a privacy preference that you can set if you do not want web services to collect information about your online activity. We do not respond to DNT signals or other mechanisms (with the exception of GPCs and UOOMs) that provide a choice regarding the collection of personal information about activities over time and across different websites or online services. We encourage users who have DNTs to use GPCs or UOOMs.
We do not and will not use or disclose your sensitive personal information for purposes other than the following:
- To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
- To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
- To ensure the physical safety of natural persons.
- For short-term, transient use.
- To perform services on behalf of the Company.
- To verify or maintain the quality or safety of a product, service or device that is owned, developed, developed for, or controlled by the Company, and to improve, upgrade, or enhance the service that is owned, developed by, developed for, or controlled by the Company.
- For purposes that do not involve inferring characteristics about the consumers, contractors, and applicants.
Retention of Personal Information
We will retain each category of personal information in accordance with our established data retention schedule as indicated above. Some of the retention periods in the retention schedule above are measured from a particular point in time that has not occurred yet, such as the end of employment or end of a relationship (whether business, contractual, or transactional) plus a certain number of years. Where no particular event is defined in the retention schedule as the point from which the retention period is measured, we will measure the retention period from either (1) the date the record or data was collected, created, or last modified, (2) the date of the particular transaction to which the record or data pertains, or (3) another triggering event that is determined to be reasonable and appropriate based on the nature of the data and the legal/business needs for its continued use.
In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.
We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.
8. Third Party Vendors
We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Apart from customer review emails, subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.
We utilize YouTube API Services and refer you to the Privacy Policy.
We utilize Microsoft Advertising and Microsoft may collect or CD Baby may share your personal information with Microsoft. More information on how Microsoft processes your personal information can be found here: https://www.microsoft.com/en-us/privacy/privacystatement.
9. Business Transfers
In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.
10. Compliance with Law and Safety
We may disclose specific personal and/or sensitive personal information when we believe in good faith that such disclosure is necessary to comply with or conform to any applicable laws, rules or regulations; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of CD Baby, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
11. Use of Cookies and Other Tracking Technologies
Our website may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data (text file) that a website – when visited by a user – places on the user’s device to remember information about the user, such as the user’s language preference or login information.
This type of cookie is set by us and is referred to as a “first-party cookie.” Our website uses first-party cookies primarily to make the website work as you expect it to. For example, we use the information we collect through first-party cookies to allow you to navigate between pages efficiently, analyze how well our website is performing, and understand the content that you spent the most time reviewing. In some cases, we use first-party cookies to store information that we use for targeted advertising.
We also incorporate cookies and similar technologies, such as pixels, tags, and web beacons, from outside our website’s domain (“third-party cookies”). Third-party cookies gather information to enable our vendors to provide a range of services to us, including targeted advertising and measuring the success of our advertising campaigns.
Below is a detailed list of the categories of first- and third-party cookies we use on our website. You can prevent the collection of data by non-essential performance, functional, and marketing cookies by clicking the “Cookie Setting Button” on our website or by clicking on “Do Not Sell or Share My Personal Information” in our footer and toggling off the related functionality.
Cookies, web beacons and pixels share data with third parties, some of whom are located in other countries including but not limited to the People’s Republic of China. By clicking “Accept All”, you consent to our use of this technology. To learn more about the cookies, please visit our Cookie Policy here: Cookie Policy | CD Baby.
How we use cookies
We make use of cookies under the following circumstances and for the following reasons:
- ➢ Provide you with services available through the website and to enable you to use some of its features
- ➢ Authenticate users and prevent fraudulent use of user accounts
- ➢ Identify if users have accepted the use of cookies on the website
- ➢ Compile data about website traffic and how users use the website to offer a better website experience
- ➢ Understand and save visitor preferences for future visits, such as remembering your login details or language preferences, to provide you with a more personal experience and to avoid you having to re-enter your preference every time you use the website
- ➢ Track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website
Necessary Cookies
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Non-Essential Cookies
Non-essential cookies are not essential to the website functionality but serve some other unique purpose in three subcategories:
- “Functional” cookies (sometimes called preference cookies) help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features. For example, functional cookies can collect:
- Usernames
- Passwords
- Regions and language preferences
- “Performance” cookies (sometimes referred to as static cookies) are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. For example:
- Pages the user visits.
- Ads the user views.
- Ads or site features that the user clicks.
- “Marketing” cookies (sometimes called analytics, tracking, or advertisement cookies) are used to understand how visitors interact with the website. Analytical cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc. Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns. These cookies may track:
- Content the user views
- Links the user follows
- The user’s browser and device information and IP address
- Please note: Organizations can use marketing cookies to track and influence users by building user profiles or displaying advertisements.
Cookie Management
You can control and manage cookies associated with your browser. If you are interested in controlling and managing cookies from your browser including any set by our website(s), please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on different ways to configure your browser’s cookie settings.
If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three third party programs that clean out tracking cookies.
- http://www.adaware.com/adaware-privacy
- http://www.spybot.info/en/download/index.html
- http://www.webroot.com/consumer/products/spysweeper/
You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:
Do Not Track (DNT) is a privacy preference that you can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals (with the exception of Global Privacy Controls and Universal Opt-Out Mechanisms as explained above in the section of this policy on “Opt-Out Preference Signals”).
DAA and NAI
Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain self-regulatory programs along with websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info, or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.
- To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering found here: https://youradchoices.com/appchoices.
Non-Participant Opt-Out Options
- Some of our vendors do not participate in the DAA or NAI self-regulatory programs for online behavioral advertising or have developed their own processes for allowing consumers to opt-out: https://branch.app.link/optout
- Some devices and apps do not have access to web-based browser cookie opt-outs. To learn more about the advertising opt-outs provided by your mobile device’s operating system (like iOS and Android) or the device manufacturer, click here.
12. External Links
Our website contains links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our websites.
13. Passwords
The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.
14. Children Under the Age of 16
We do not knowingly sell or share the personal information of consumers under 16 years of age.
15. How We Protect the Information that We Collect
The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:
- ➢ We use internal encryption on (i) data in transit and (ii) sensitive data at rest.
- ➢ We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.
- ➢ We restrict access to private information to those who need such access in the course of their duties for us.
16. Consumer Rights
Based on your state of residence, you may have some or all of the following rights:
- Right to Know. The right to request (1) the categories of personal information we have collected about you, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your personal information (or, in certain states and at our option, a list of specific third parties, other than natural persons, to which we have shared your personal information or any personal information), (5) the categories of personal information that we have sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared, and (6) the categories of personal information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose;
- Right to Access. The right to request that we disclose to you, free of charge, the specific pieces of personal information we have collected about you and the right to data portability;
- Right to Delete. The right to request that we delete personal information that we collected from you, subject to certain exceptions;
- Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;
- Right to Opt-Out. The right to opt-out of certain uses of your personal information;
- The right to designate an authorized agent to submit one of the above requests on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify;
- The right to not be discriminated or retaliated against for exercising any of the above rights; and
- The right to appeal our refusal to take action on a request.
You can submit any of the above types of consumer requests through [email protected].
How We Will Verify That it is Really You Submitting the Request
When you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through [email protected], we will ask you to provide some information in order to verify your identity and respond to your request.
Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, postal address or other contact information, name or UPC of the last submission, and/or date of your last transaction with the business.
Responding to Your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests (California, Colorado, Connecticut, Montana, Oregon, Texas, and Virginia Residents)
Upon receiving a verifiable request, we endeavor to respond within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessary information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.
Responding to Your Request to Opt-Out of the Selling or Sharing of Your Personal Information (California Residents)
We will act upon a consumer request to opt-out within fifteen (15) days of its receipt. We will notify all third parties to whom we have sold or shared personal information of your request and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.
A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.
Responding to Your Right to Opt-Out of Targeted Advertising, Sale of Personal Information, and Profiling (Colorado, Connecticut, Montana, Oregon, Texas, and Virginia Residents)
Upon receiving a request, we endeavor to respond within 45 calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request.
Right to Appeal (Colorado, Connecticut, Montana, Oregon, Texas, and Virginia Residents Only)
You have the right to appeal our refusal to take action on a consumer request within a reasonable time after receipt of the decision. If you are a Colorado or Oregon resident, we shall notify you in writing of our decision within 45 days of the date that we receive the appeal and the reasons for the decision. If you are a Colorado resident and we require more time (up to an additional 60 calendar days, or 105 days total), we will inform you of the reason and extension period in writing. If you are a Connecticut, Montana, Texas, or Virginia resident, we shall notify you in writing of any action taken or not taken in response to an appeal within 60 days, including a written explanation of the reasons for the decision.
California Shine the Light:
The California Civil Code permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email [email protected], or write to us at the address listed below. Please mention that you are making a “California Shine the Light” inquiry and include the email address we have on file for you so that we may properly identify your account.
17. Consent to Terms and Conditions
By using this website, you consent to all terms and conditions expressed in this Privacy Policy.
18. Changes to Our Privacy Policy
As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.
19. Consumers With Disabilities
This policy is in a form that is accessible to consumers with disabilities.
20. Questions About the Policy
This website is owned and operated by Audio and Video Labs, Inc. d/b/a CD Baby, 9600 NE Cascades Parkway, Ste 180, Portland, OR 97220. If you have any questions about this Privacy Policy, please contact us at [email protected].