Who we are
We reserve the right to change this Policy at any time. We will notify you of any changes to this Policy by posting a new Policy to this page, and/or by sending notice to the primary email address specified in your account. You are advised to review this Policy periodically for any changes. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to notify you in advance of such change. Changes to this Policy are effective when they are posted on this page. You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Policy means that the collection, use and sharing of your Personal Information is subject to the updated Policy.
This Policy applies to our collection, use, and disclosure of personal information related to:
- The Solospace Platform, including without limitation our websites, mobile, virtual reality (VR) applications that link to or display this Policy, and the products and services we make available through our websites and mobile applications; and individuals that contact us or otherwise interact with us
This Policy does not apply to employees, job applicants or non-employee workers.
We may also use third party social media widgets such as buttons or similar mechanisms from Facebook, Twitter, Instagram, YouTube, and others. Such third party features may collect information about you, such as your IP address and the page(s) you visit on the Platform. Your interactions with those features are governed by the privacy policies of the third party social media networks that provide them.
If you are a Delaware or California resident, please review the Additional Information for California Residents section further below for more about our information practices and your rights under California privacy laws and Delaware Privacy laws.
2. Collection of Personal Information
The information we collect varies depending upon the circumstances and the Services you use.
Sources of Personal Information
We may collect personal information directly from individuals, such as when an individual registers as a member of Solospace, Solocity Application, signs up to receive our email offers, or provides a review about products or services. We may also collect personal information from third parties, such as client lists from our various partners, event providers, and other third parties. In addition, we automatically collect personal information related to the use of our Services.
Information We Collect From You. We may collect personal information directly from you, including:
- Account information: to access and use certain features of our Services, you must register for an account by providing us with certain required information, which may include your name, alias, zip code, email address, date of birth, and password, and other information that we may collect with your consent or as permitted or required by law
- Purchases and payments information: if you purchase products or services from us, such as wine, we collect information related to your order, which may include your name, shipping address, and telephone number. We work with external payment processors and fulfillment partners to process these payments, who may collect additional payment information from you in order to complete your purchase. Please review their privacy policies for more details.
- Communications and support: if you contact us by email, mail, phone, chat or otherwise regarding the Services, we collect and maintain a record of your contact details, communications and our responses. If you call or chat us, such as through Zendesk, we may also record calls and maintain logs and records of those calls.
- Inquiries and requests: we also collect personal information when you sign up for marketing and communications from us (such email offers). The information we may collect includes your email address and zip code and other information.
- Events, contests and promotions: we may also run promotions or participate in certain events (collectively, “Events”), online and offline. If you choose to participate in an Event, we may ask you for personal information, including your name, age, contact information, or other information. Certain Events may be co-branded with one of our partners or run on an external website, such as social media websites and platforms. In these instances, the collection of your personal information may occur directly or through the external social media website or platform. We encourage you to read their privacy policies for more information about how they collect and use your information.
- User content: if you choose to engage in reviews, forums, blogs, or similar features offered by us as part of the products, we may maintain records about the content you post, such as comments, reviews or questions, as well as date and time and other metadata associated with your user content. User content may also be viewable by other visitors and users of the Services.
Information We Collect Automatically. When you visit the Platform, whether you are logged in or just browsing without logging in, our servers automatically record information that your browser sends whenever you visit a website. The information sent automatically by your browser may include information such as the manufacturer and model of your mobile device; your Internet Service Provider (ISP); your device’s Internet Protocol (“IP”) address (or other device identifier), browser type, and operating system; referring/exit pages; clickstream data; pages of the Platform that you visit, the time spent on those pages, information you search for on the Platform, access times and dates; and other statistics. We may also use pixels in HTML emails to understand if individuals read the emails we send to them. (For more information, see the Cookies and Tracking Information section below.) We also may collect location information, including through the App and/or derived based upon the IP address of the device you use to access the Platform. In addition, we may derive certain insights about you based on this and other personal information we have collected about you.
Information We Collect from Third Parties. We also may enhance or update the personal information we have about you, with information obtained from data brokers, public records, our partners, and other third party sources. We also may collect device identifier and other information from third party platforms and mobile applications that you use when accessing our Platform. In addition, we may collect information about how individuals interact with us or comment about Solospace and our products and services through social media.
3. Use of Personal Information
We may use the personal information we collect for the following purposes:
- Providing our Services and related support: to provide and maintain our Services; to authenticate users; to perform technical operations, such as updating software; to provide and communicate with you about our Platform; to respond to your requests; to administer events that you participate in; to fulfill your orders, and process your payments; to provide technical support; and for other customer service and support purposes. Further, we may use the information we collect (including location information) to determine which products may or may not be available to sell and ship to a particular state or other jurisdiction.
- Analyzing and improving our Services: to better understand how users access and use our Services, for other research and analytical purposes, such as to evaluate and improve our Services and business operations, develop new features, products, or services, and to otherwise improve our Services and user experiences.
- Communicating with you: to provide you with the information or services that you have requested; to communicate with you about your use of our Services, to respond to your inquiries, and for other customer service purposes; and to administer surveys and questionnaires, such as for market research or user satisfaction purposes.
- Personalizing content and experiences: to tailor content, we send or display on the Platform in order to personalize your experiences.
- Advertising, marketing and promotional purposes: to contact you about our products or services or send you newsletters, offers or other information we think may interest you; to administer promotions and contests; to reach you with more relevant ads; and to measure and improve our advertising and marketing campaigns.
- In support of our general business operations: relating to audits and assessments of our business operations, security controls, financial controls, compliance with legal obligation, in connection with a merger, acquisition, reorganization or similar transaction and otherwise relating to the administration of our general business, accounting, record keeping and legal functions.
- Securing and protecting our assets and rights: to protect our business operations, secure our network and information technology, assets and services; to prevent and detect fraud, unauthorized activities, access and other misconduct; where we believe necessary to investigate, prevent or take action regarding suspected violations of our Terms and Conditions and other agreements or policies, as well as fraud, illegal activities and other situations involving potential threats to the rights or safety of any person or third party.
- Complying with legal obligations: to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
We may also use your personal information for other purposes, where we have your consent.
4. Disclosure of Personal Information
We disclose personal information in order to provide and improve our products and services, reach users with more relevant information and offers, and as otherwise set out below.
We may share or disclose the information (including personal information) that we collect as follows:
- With our corporate affiliates and subsidiaries.
- With third parties that perform services to support our core business functions and internal operations, which may include:
- database administrators
- cloud computing services
- payment processors
- advertising and marketing services
- compliance software services
- age verification services
- customer satisfaction and support
- order fulfillment and warehouse services
- application services providers.
- With third parties that we have partnered with to jointly create and offer a product, service or joint promotion.
- To support our audit, compliance, and corporate governance functions.
- In connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy).
- If we have a good-faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to detect or protect against fraud or security issues.
- If required or permitted by applicable law or regulation, including laws and regulations of the United States and other countries, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or in response to a request from law enforcement or other public authorities wherever Company may do business; (b) protect and defend the rights or property of Company; (c) act in urgent circumstances to protect the personal safety of users, customers, and contractors/employees of Company or others; or (d) enforce our Terms of Service or otherwise protect against any legal liability.
- With your consent or at your direction.
5. Cookies and Tracking Information
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. However, certain features on our Services may not be available or function properly if you block or disable cookies. The following sets out how we may use different categories of cookies and your options for managing cookie settings:
Type of Cookies
Because required cookies are essential to operate the Services, there is no option to opt out of these cookies.
These cookies collect information about how you use our Services, including which pages you go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identify you. Information is only used to improve how the Services functions and performs. From time-to-time, we may engage third parties to track and analyze usage and volume statistical information relating to individuals who visit the Services. We may also utilize Flash cookies for these purposes.
Functionality cookies allow our Services to remember information you have entered or choices you make and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. We may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on the Services to personalize your visit.
Targeting or advertising cookies
Pixel tags. Pixel tags are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use pixel tags (also referred to as web beacons, web bugs or clear GIFs), in connection with our Services to, among other things, help us manage ads and content, and compile statistics about usage of our Services. We may also use pixel tags in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
We have implemented safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.
7. Rights and Choices
In this section we describe the choices individuals have regarding our collection, use and handling of their personal information. If you are a California resident, see the Additional Information for California Residents section below for information about your rights under California privacy laws.
Access, Update and Deletion. You may cancel your registration to Solospace and/or Solocity Application through your dashboard and request the removal of your personal information from our member records by sending e-mail to [email protected]. You may also access and update certain of your personal information by accessing and adjusting your account settings or e-mailing us at [email protected] You may also contact us using the information in the Contact Us section below to make an access, correction or other privacy request. Your access to or correction of your personal information is subject to applicable legal restrictions and the availability of such information. Further, we may take reasonable steps to verify your identity before granting such access or making corrections. Please note that we may maintain copies of information that you have updated, modified or deleted, in our business records and in the normal course of our business operations, as permitted or required by applicable law. Further, we reserve the right to maintain information on registered users who have violated our Platform Terms and Conditions or who have had their access to the Services blocked in order to detect repeat offenders.
Other Choices. If you are a resident of the State of California, please see the Additional Information for California Residents section further below for more notices regarding your Personal Information.
Our Services are not targeted and directed at children under age 21 and we do not knowingly collect any personal information from a child under 21. If you believe we have inadvertently collected personal information about a child, please contact us and we will take steps to delete this information.
9. Contact Us
If you have any questions about this Policy or our privacy practices, please contact us at: [email protected]
10. Additional Information for California Residents
This section applies only to California residents. For purposes of this section, “personal information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA. The CCPA provides California consumers with several individual rights with respect to Personal Information. Note that these rights apply to individual consumers, not to companies. This section describes those rights in detail and provides information on how to exercise those rights.
11. Websites in the EU which use lines of browser-readable text known as cookies can only do so with users’ consent, and they must provide information about the use to site users.
The EU’s E-Privacy Directive of 2002 required that website visitors be given certain information about cookies.
From 26 May 2011 the law changed meaning that in addition to the provision of certain information visitors must give their consent to the placing of cookies. In the UK this change was implemented by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR).
From 25 May 2018 the General Data Protection Regulation (GDPR) came into force. It says that consent for data processing has to be given by users through a “clear affirmative action” and it must be freely given, specific, informed and unambiguous.
Because each EU country has some discretion in how it implements a Directive, the cookie laws in other European countries may differ from those of the UK which are set out in PECR.
The relevant rules are found in amended regulation 6, which reads as follows:
6. – (1) Subject to paragraph (4), a person shall not store or gain information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment –
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.
(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or program to signify consent.
(4) Paragraph (1) shall not apply to the technical storage of, or access to, information –
(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
What does this mean?
The consent requirement has been the subject of much discussion but it is difficult to see how anything other than prior consent will comply with the wording of the UK Regulations.
ICO guidance says: “If you do need consent, then – to be valid – consent must be knowingly and freely given, clear and specific…it must involve some form of very clear positive action – for example, ticking a box, clicking an icon, or sending an email – and the person must fully understand that they are giving you consent.”
The GDPR says that consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
The phrase “by a statement or by a clear affirmative action” was newly introduced by the GDPR and increases the burden on organizations to ensure that a user has taken a specific, measurable action to give consent, such as ticking a box or clicking to accept a message.
Its cookies guidance says: “You need to be confident that your users fully understand that their actions will result in specific cookies being set, and have taken a clear and deliberate action to give consent. This must be more than simply continuing to use the website. To ensure that consent is freely given, users should be able to disable cookies, and you should make this easy to do.”
Both the ICO and the UK government have not ruled out the use of browser settings to achieve compliance in the future, but the ICO advises businesses to obtain consent some other way.
As a result, a number of companies have developed cookie tools and privacy management software which allow an individual to set their cookies preferences by enabling them, for example, to reject the use of analytical, marketing or advertising cookies. Such tools are also a mechanism through which the website owner can seek to obtain and record the individuals’ consent so that they can evidence such consent at a later date. These tools also allow an individual to change their preferences. This is important as an individual has the right to withdraw their consent as easily as they have given it. As such tools and software are relatively new to the market they have not as yet been given any regulatory or supervisory authority approval.
Penalty for non-compliance
The Commissioner’s Data Protection Regulatory Action Policy sets out the ICO’s approach on sanctions. In deciding whether enforcement action is appropriate the ICO will be concerned with the impact of the breach of the cookie law on the privacy and other rights of website users, not just with if there has been a technical breach of PECR.
PECR currently carries a maximum fine of £500,000 for serious breaches. It is anticipated that this power will only be used in limited circumstances. Before this the fine was £5,000 and companies may have been willing to run the risk but with these increased powers the result of enforcement action is potentially more severe.
The ePrivacy Regulation is currently being debated within Europe. Under this proposal the fines under PECR are likely to come into line with the fines now available under the UK Data Protection Act 2018, which implements the GDPR. It is important to remember that consent under PECR applies where a cookie, other than a strictly necessary cookie, is used irrespective of whether personal data is collected by that cookie.
The Data Protection Act can also apply. The UK’s Data Protection Act of 2018 derives from the GDPR and demands that where personal information is collected then data subjects, including internet users, should be told of this collection or information about it should be made available to them. Even where it is possible to anonymise information, the information may still be classed as personal data under the Act if it can be traced back or put together with other information to identify the individual.
Therefore the requirements of the 2018 Act are that the owner of a website using cookies, the controller, must make its identity clear, the purposes for it having the information and anything else necessary in the circumstances to make the processing fair. This information must also be provided when personal data are collected from third parties.
Collection of personal data must be for explicit purposes; the data must be kept up to date, and consent for it must be freely given and clear.
Exercising Your Rights
To exercise any of the rights described in this section, please contact us at [email protected]. Please include (i) a complete description of your request, including the specific right(s) you wish to exercise and (ii) sufficient information about you so we can confirm that your request is a verifiable customer request, including at a minimum your name and email address. Once we have received your verifiable consumer request, we will respond consistent with applicable law. Please note that you may also designate an authorized agent to make a request on your behalf. In order for us to process a request from your authorized agent, we must (i) confirm that the agent is a natural person or business entity registered with the Secretary of State that you have authorized to act on your behalf, (ii) receive from you a copy of the written authorization that provides the authorized agent to act on your behalf, and (iii) verify your identity by asking you to provide us sufficient information in order to do so.
Access and Data Portability Rights
You have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
- Categories of and specific pieces of personal information we have collected about you.
- Categories of sources from which we collect personal information.
- Purposes for collecting, using, or selling personal information.
- Categories of third parties with which we share personal information.
- Categories of personal information disclosed about you for a business purpose.
- If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.
You have the right not to receive discriminatory treatment for the exercise of your rights under the CCPA, subject to certain limitations. Please note that we reserve the right to offer you certain financial incentives as permitted by the CCPA that may result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time by contacting us.
Statutory Categories of Personal Information Collected
The chart below describes the category of personal information we collect by reference to the statutory categories specified by the CCPA:
Email, full name, date of birth, full address, phone number
You and third party sources (e.g. our platform providers, payment processors)
Customer Record Information
Email, full name, full address, phone number, credit card number or other form of online payment for goods and services rendered
You and third party sources (e.g. our platform providers, payment processors, and our partners)
Protect Classification Characteristics
Date of Birth
Records of products/services purchased by you on the Services
Internet or other network activity
Browsing history, search history, information on a your interaction with a website, application, or advertisement
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Use of Personal Information
Under the CCPA, a “sale” means providing to a third party Personal Information for valuable consideration. At this time, we don’t believe any of our data practices in the last 12 months constitute a “sale” under the CCPA. In the last 12 months, we have used or disclosed certain Personal Information we collected for the following business purposes:
Categories of Personal Information
To provide, support, and develop our website, products, and services
Customer Record Information
Protected Classification Characteristics
Internet of other network activity
To create, maintain, customize, and secure your account with us
Protected Classification Characteristics
Customer Record Information
To process your requests, purchases, transactions, and payments and prevent transactional fraud
To directly respond to your requests or inquiries, including to investigate and address your concerns and monitor and improve our responses, or to otherwise meet the reason for which you provided the information.
Customer Record Information
Protected Classification Characteristics
Internet or other network activity
To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law)
Customer Record Information
Internet or other network activity
To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business
Additionally, we may have programs, such as sweepstakes, contests, or other similar promotional campaigns (collectively, the “Programs”). When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of personal information, they might be interpreted as a “financial incentive” program under California law. The value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program. This value is based on the expense related to offering those products, services, and benefits to Program participants. You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Visit the terms and conditions page of each Program to view full details, including how to join.
California Shine the Light Law
If you are a California resident and a customer, you have the right to request information from us once per calendar year regarding the customer information we share with third parties for the third parties’ direct marketing purposes. To request this information, please send an email to [email protected] with ‘Request for California Shine the Light Privacy Information’ in the subject line and in the body of your message. We will provide the requested information to you via an email response in a standardized format and the information will not be specific to you individually.