Privacy Policy - Solospace

Who we are

Your privacy is important to us. This Privacy Policy (“Policy”) applies to services provided by Solospace Inc. (“we”, “us”, “our” or “Solospace”) and our Platform and explains what information we collect from users of our Platform (a “user”, “you”, or “your”), including information that may be used to personally identify you (“Personal Information”) and how we use it. We encourage you to read the details below. This Policy applies to any user or visitor to or user of our Platform. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in the Terms and Conditions.

We reserve the right to change this Policy at any time. We will notify you of any changes to this Policy by posting a new Policy to this page, and/or by sending notice to the primary email address specified in your account. You are advised to review this Policy periodically for any changes. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to notify you in advance of such change. Changes to this Policy are effective when they are posted on this page. You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Policy means that the collection, use and sharing of your Personal Information is subject to the updated Policy.

1. Scope

This Policy applies to our collection, use, and disclosure of personal information related to:

The Solospace Platform, including without limitation our websites, mobile, virtual reality (VR) applications that link to or display this Policy, and the products and services we make available through our websites and mobile applications; and individuals that contact us or otherwise interact with us

This Policy does not apply to employees, job applicants or non-employee workers.

This Policy also does not apply to websites, apps, products, or services that we do not own or control, including any links to websites, apps, products, and/or services on our Platform. We have no control over these websites and they are subject to their own terms of use and privacy policies, which we encourage you to review for more information about their collection and use of your data. We are not responsible for the information practices of such third-party websites.

We may also use third party social media widgets such as buttons or similar mechanisms from Facebook, Twitter, Instagram, YouTube, and others. Such third party features may collect information about you, such as your IP address and the page(s) you visit on the Platform. Your interactions with those features are governed by the privacy policies of the third party social media networks that provide them.

If you are a Delaware or California resident, please review the Additional Information for California Residents section further below for more about our information practices and your rights under California privacy laws and Delaware Privacy laws.

2. Collection of Personal Information

The information we collect varies depending upon the circumstances and the Services you use.

Sources of Personal Information

We may collect personal information directly from individuals, such as when an individual registers as a member of Solospace, Solocity Application, signs up to receive our email offers, or provides a review about products or services. We may also collect personal information from third parties, such as client lists from our various partners, event providers, and other third parties. In addition, we automatically collect personal information related to the use of our Services.

Information We Collect From You. We may collect personal information directly from you, including:

Account information: to access and use certain features of our Services, you must register for an account by providing us with certain required information, which may include your name, alias, zip code, email address, date of birth, and password, and other information that we may collect with your consent or as permitted or required by law

Purchases and payments information: if you purchase products or services from us, such as wine, we collect information related to your order, which may include your name, shipping address, and telephone number. We work with external payment processors and fulfillment partners to process these payments, who may collect additional payment information from you in order to complete your purchase. Please review their privacy policies for more details.
Communications and support: if you contact us by email, mail, phone, chat or otherwise regarding the Services, we collect and maintain a record of your contact details, communications and our responses. If you call or chat us, such as through Zendesk, we may also record calls and maintain logs and records of those calls.
Inquiries and requests: we also collect personal information when you sign up for marketing and communications from us (such email offers). The information we may collect includes your email address and zip code and other information.
Events, contests and promotions: we may also run promotions or participate in certain events (collectively, “Events”), online and offline. If you choose to participate in an Event, we may ask you for personal information, including your name, age, contact information, or other information. Certain Events may be co-branded with one of our partners or run on an external website, such as social media websites and platforms. In these instances, the collection of your personal information may occur directly or through the external social media website or platform. We encourage you to read their privacy policies for more information about how they collect and use your information.
User content: if you choose to engage in reviews, forums, blogs, or similar features offered by us as part of the products, we may maintain records about the content you post, such as comments, reviews or questions, as well as date and time and other metadata associated with your user content. User content may also be viewable by other visitors and users of the Services.

Information We Collect Automatically. When you visit the Platform, whether you are logged in or just browsing without logging in, our servers automatically record information that your browser sends whenever you visit a website. The information sent automatically by your browser may include information such as the manufacturer and model of your mobile device; your Internet Service Provider (ISP); your device’s Internet Protocol (“IP”) address (or other device identifier), browser type, and operating system; referring/exit pages; clickstream data; pages of the Platform that you visit, the time spent on those pages, information you search for on the Platform, access times and dates; and other statistics. We may also use pixels in HTML emails to understand if individuals read the emails we send to them. (For more information, see the Cookies and Tracking Information section below.) We also may collect location information, including through the App and/or derived based upon the IP address of the device you use to access the Platform. In addition, we may derive certain insights about you based on this and other personal information we have collected about you.

Information We Collect from Third Parties. We also may enhance or update the personal information we have about you, with information obtained from data brokers, public records, our partners, and other third party sources. We also may collect device identifier and other information from third party platforms and mobile applications that you use when accessing our Platform. In addition, we may collect information about how individuals interact with us or comment about Solospace and our products and services through social media.

3. Use of Personal Information

We may use the personal information we collect for the following purposes:

Providing our Services and related support: to provide and maintain our Services; to authenticate users; to perform technical operations, such as updating software; to provide and communicate with you about our Platform; to respond to your requests; to administer events that you participate in; to fulfill your orders, and process your payments; to provide technical support; and for other customer service and support purposes. Further, we may use the information we collect (including location information) to determine which products may or may not be available to sell and ship to a particular state or other jurisdiction.

Analyzing and improving our Services: to better understand how users access and use our Services, for other research and analytical purposes, such as to evaluate and improve our Services and business operations, develop new features, products, or services, and to otherwise improve our Services and user experiences.
Communicating with you: to provide you with the information or services that you have requested; to communicate with you about your use of our Services, to respond to your inquiries, and for other customer service purposes; and to administer surveys and questionnaires, such as for market research or user satisfaction purposes.
Personalizing content and experiences: to tailor content, we send or display on the Platform in order to personalize your experiences.
Advertising, marketing and promotional purposes: to contact you about our products or services or send you newsletters, offers or other information we think may interest you; to administer promotions and contests; to reach you with more relevant ads; and to measure and improve our advertising and marketing campaigns.
In support of our general business operations: relating to audits and assessments of our business operations, security controls, financial controls, compliance with legal obligation, in connection with a merger, acquisition, reorganization or similar transaction and otherwise relating to the administration of our general business, accounting, record keeping and legal functions.

Securing and protecting our assets and rights: to protect our business operations, secure our network and information technology, assets and services; to prevent and detect fraud, unauthorized activities, access and other misconduct; where we believe necessary to investigate, prevent or take action regarding suspected violations of our Terms and Conditions and other agreements or policies, as well as fraud, illegal activities and other situations involving potential threats to the rights or safety of any person or third party.
Complying with legal obligations: to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.

We may also use your personal information for other purposes, where we have your consent.

4. Disclosure of Personal Information

We disclose personal information in order to provide and improve our products and services, reach users with more relevant information and offers, and as otherwise set out below.

We may share or disclose the information (including personal information) that we collect as follows:

With our corporate affiliates and subsidiaries.
With third parties that perform services to support our core business functions and internal operations, which may include:

database administrators
cloud computing services

payment processors
advertising and marketing services
compliance software services
age verification services
customer satisfaction and support

order fulfillment and warehouse services
application services providers.
authentication

With third parties that we have partnered with to jointly create and offer a product, service or joint promotion.
To support our audit, compliance, and corporate governance functions.

In connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy).
If we have a good-faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to detect or protect against fraud or security issues.
If required or permitted by applicable law or regulation, including laws and regulations of the United States and other countries, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or in response to a request from law enforcement or other public authorities wherever Company may do business; (b) protect and defend the rights or property of Company; (c) act in urgent circumstances to protect the personal safety of users, customers, and contractors/employees of Company or others; or (d) enforce our Terms of Service or otherwise protect against any legal liability.
With your consent or at your direction.

5. Cookies and Tracking Information

We and our third-party providers may use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities and use of our Platform. We may combine this “usage data” with other personal information we collect about you. We use this usage data to understand how our Platform is used, track bugs and errors, provide and improve our Platform, verify account credentials, allow logins, track sessions, prevent fraud, and protect our Platform, as well as for targeted marketing and advertising, to personalize content and for analytics purposes. Our Platform currently does not respond to “do not track” signals.

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. However, certain features on our Services may not be available or function properly if you block or disable cookies. The following sets out how we may use different categories of cookies and your options for managing cookie settings:

Type of Cookies

Description

Managing Settings

Required cookies

Required cookies enable you to navigate the Services and use their features, such as accessing secure areas of the Services. If you have chosen to identify yourself to us, we use cookies containing encrypted information to allow us to uniquely identify you. These cookies allow us to uniquely identify you when you are logged into the Services and to process your online transactions and requests.

Because required cookies are essential to operate the Services, there is no option to opt out of these cookies.

Performance cookies

These cookies collect information about how you use our Services, including which pages you go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identify you. Information is only used to improve how the Services functions and performs. From time-to-time, we may engage third parties to track and analyze usage and volume statistical information relating to individuals who visit the Services. We may also utilize Flash cookies for these purposes.

To learn how to opt out of performance cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

Functionality cookies

Functionality cookies allow our Services to remember information you have entered or choices you make and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. We may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on the Services to personalize your visit.

To learn how to opt out of functionality cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

Targeting or advertising cookies

From time-to-time, we may engage third parties to track and analyze usage and volume statistical information from individuals who visit the Services. We sometimes use cookies delivered by third parties to track the performance of our advertisements. For example, these cookies remember which browsers have visited the Services. Third parties, with whom we partner to provide certain features on the Services or to display advertising based upon your web browsing activity, may use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.

To learn more about these and other advertising networks and their opt out instructions, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

Pixel tags. Pixel tags are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use pixel tags (also referred to as web beacons, web bugs or clear GIFs), in connection with our Services to, among other things, help us manage ads and content, and compile statistics about usage of our Services. We may also use pixel tags in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

6. Security

We have implemented safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

7. Rights and Choices

In this section we describe the choices individuals have regarding our collection, use and handling of their personal information. If you are a California resident, see the Additional Information for California Residents section below for information about your rights under California privacy laws.

Access, Update and Deletion. You may cancel your registration to Solospace and/or Solocity Application through your dashboard and request the removal of your personal information from our member records by sending e-mail to help@solospace.org. You may also access and update certain of your personal information by accessing and adjusting your account settings or e-mailing us at help@solospace.org. You may also contact us using the information in the Contact Us section below to make an access, correction or other privacy request. Your access to or correction of your personal information is subject to applicable legal restrictions and the availability of such information. Further, we may take reasonable steps to verify your identity before granting such access or making corrections. Please note that we may maintain copies of information that you have updated, modified or deleted, in our business records and in the normal course of our business operations, as permitted or required by applicable law. Further, we reserve the right to maintain information on registered users who have violated our Platform Terms and Conditions or who have had their access to the Services blocked in order to detect repeat offenders.

Marketing Communications. We may use some of the information we collect for marketing purposes, including to send you promotional communications about new features, products, events, or other opportunities. If you wish to stop receiving these communications or to opt out of use of your information for these purposes, please follow the opt-out instructions, such as clicking “Unsubscribe” (or similar opt-out language) in email communications. For text message communications, you can text back “STOP” and we will send you a text message to confirm that you have been unsubscribed. You can also contact us at help@solospace.org to opt out. Despite your indicated email preferences, we may send you service-related communications, such as notices of updates to our terms of service or privacy policy.

Other Choices. If you are a resident of the State of California, please see the Additional Information for California Residents section further below for more notices regarding your Personal Information.

8. Children

Our Services are not targeted and directed at children under age 21 and we do not knowingly collect any personal information from a child under 21. If you believe we have inadvertently collected personal information about a child, please contact us and we will take steps to delete this information.

9. Contact Us

If you have any questions about this Policy or our privacy practices, please contact us at: help@solospace.org

10. Additional Information for California Residents

This section applies only to California residents. For purposes of this section, “personal information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA. The CCPA provides California consumers with several individual rights with respect to Personal Information. Note that these rights apply to individual consumers, not to companies. This section describes those rights in detail and provides information on how to exercise those rights.

11. Websites in the EU which use lines of browser-readable text known as cookies can only do so with users’ consent, and they must provide information about the use to site users.

The EU’s E-Privacy Directive of 2002 required that website visitors be given certain information about cookies.

From 26 May 2011 the law changed meaning that in addition to the provision of certain information visitors must give their consent to the placing of cookies. In the UK this change was implemented by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR).

From 25 May 2018 the General Data Protection Regulation (GDPR) came into force. It says that consent for data processing has to be given by users through a “clear affirmative action” and it must be freely given, specific, informed and unambiguous.

Because each EU country has some discretion in how it implements a Directive, the cookie laws in other European countries may differ from those of the UK which are set out in PECR.

PECR

The relevant rules are found in amended regulation 6, which reads as follows:

6. – (1) Subject to paragraph (4), a person shall not store or gain information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment –

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.

(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.

(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or program to signify consent.

(4) Paragraph (1) shall not apply to the technical storage of, or access to, information –

(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

What does this mean?

PECR means that a website operator must not store information or gain access to information stored in the computer or other web-enabled device of a user unless the user “is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information” and “has given his or her consent”. The consent requirement in the UK Regulations replaces the previous position which provided that visitors should be given the option to refuse cookies.

The only cookies that do not need users’ consent are those that are necessary to fulfil the user’s request. That will cover, for example, the use of cookies to remember the contents of a user’s shopping basket as they move between pages on a website. Other cookies, including those used to count visitors to a site and those used to serve advertising, will require consent. So will third party cookies that are used on the website.

The consent requirement has been the subject of much discussion but it is difficult to see how anything other than prior consent will comply with the wording of the UK Regulations.

ICO guidance says: “If you do need consent, then – to be valid – consent must be knowingly and freely given, clear and specific…it must involve some form of very clear positive action – for example, ticking a box, clicking an icon, or sending an email – and the person must fully understand that they are giving you consent.”

The GDPR says that consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

The phrase “by a statement or by a clear affirmative action” was newly introduced by the GDPR and increases the burden on organizations to ensure that a user has taken a specific, measurable action to give consent, such as ticking a box or clicking to accept a message.

Its cookies guidance says: “You need to be confident that your users fully understand that their actions will result in specific cookies being set, and have taken a clear and deliberate action to give consent. This must be more than simply continuing to use the website. To ensure that consent is freely given, users should be able to disable cookies, and you should make this easy to do.”

Although the ICO’s guidance suggests a number of methods to obtain consent it stops short of providing definitive guidance on how to achieve compliance, leaving it to businesses and organizations to review their use of cookies and consider how they might be able to obtain the necessary consent.

Both the ICO and the UK government have not ruled out the use of browser settings to achieve compliance in the future, but the ICO advises businesses to obtain consent some other way.

The guidance states: “At present, most browser settings are not sophisticated enough to allow you to assume that the user has given consent to allow your website to set a cookie. Also, not everyone who visits your site will do so using a browser. They may, for example, have used an application on their mobile device. So, for now we are advising organizations which use cookies or other means of storing information on a user’s equipment that they have to gain consent some other way”.

As a result, a number of companies have developed cookie tools and privacy management software which allow an individual to set their cookies preferences by enabling them, for example, to reject the use of analytical, marketing or advertising cookies. Such tools are also a mechanism through which the website owner can seek to obtain and record the individuals’ consent so that they can evidence such consent at a later date. These tools also allow an individual to change their preferences. This is important as an individual has the right to withdraw their consent as easily as they have given it. As such tools and software are relatively new to the market they have not as yet been given any regulatory or supervisory authority approval.

Penalty for non-compliance

The Commissioner’s Data Protection Regulatory Action Policy sets out the ICO’s approach on sanctions. In deciding whether enforcement action is appropriate the ICO will be concerned with the impact of the breach of the cookie law on the privacy and other rights of website users, not just with if there has been a technical breach of PECR.

PECR currently carries a maximum fine of £500,000 for serious breaches. It is anticipated that this power will only be used in limited circumstances. Before this the fine was £5,000 and companies may have been willing to run the risk but with these increased powers the result of enforcement action is potentially more severe.

The ePrivacy Regulation is currently being debated within Europe. Under this proposal the fines under PECR are likely to come into line with the fines now available under the UK Data Protection Act 2018, which implements the GDPR. It is important to remember that consent under PECR applies where a cookie, other than a strictly necessary cookie, is used irrespective of whether personal data is collected by that cookie.

The Data Protection Act can also apply. The UK’s Data Protection Act of 2018 derives from the GDPR and demands that where personal information is collected then data subjects, including internet users, should be told of this collection or information about it should be made available to them. Even where it is possible to anonymise information, the information may still be classed as personal data under the Act if it can be traced back or put together with other information to identify the individual.

Therefore the requirements of the 2018 Act are that the owner of a website using cookies, the controller, must make its identity clear, the purposes for it having the information and anything else necessary in the circumstances to make the processing fair. This information must also be provided when personal data are collected from third parties.

Collection of personal data must be for explicit purposes; the data must be kept up to date, and consent for it must be freely given and clear.

Exercising Your Rights

To exercise any of the rights described in this section, please contact us at help@solospace.org. Please include (i) a complete description of your request, including the specific right(s) you wish to exercise and (ii) sufficient information about you so we can confirm that your request is a verifiable customer request, including at a minimum your name and email address. Once we have received your verifiable consumer request, we will respond consistent with applicable law. Please note that you may also designate an authorized agent to make a request on your behalf. In order for us to process a request from your authorized agent, we must (i) confirm that the agent is a natural person or business entity registered with the Secretary of State that you have authorized to act on your behalf, (ii) receive from you a copy of the written authorization that provides the authorized agent to act on your behalf, and (iii) verify your identity by asking you to provide us sufficient information in order to do so.

Access and Data Portability Rights

You have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:

Categories of and specific pieces of personal information we have collected about you.
Categories of sources from which we collect personal information.
Purposes for collecting, using, or selling personal information.
Categories of third parties with which we share personal information.
Categories of personal information disclosed about you for a business purpose.
If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.

Deletion Rights

You have the right to request that we delete personal information about you that we have collected, subject to certain exceptions. You may also access, edit, or delete certain of your personal information through your account settings. Please review the sections above in our Privacy Policy titled Rights and Choices and Cookies and Tracking Information for more details.

Non-Discrimination

You have the right not to receive discriminatory treatment for the exercise of your rights under the CCPA, subject to certain limitations. Please note that we reserve the right to offer you certain financial incentives as permitted by the CCPA that may result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time by contacting us.

Statutory Categories of Personal Information Collected

The chart below describes the category of personal information we collect by reference to the statutory categories specified by the CCPA: