Last updated: March 2, 2022
We help empower you and other participants of The Buy Nothing Project to communicate with your communities and share gifts. To do these things, you will sometimes need to share personal data—like your name and email address—with us and select third parties. We are grateful you entrust us with this data and take our responsibility to protect it very seriously.
The Buy Nothing Project supports communities around the planet and we think a right to privacy is an important, global right. For this reason, we treat any data that relates to an identified or identifiable individual or that is linked or linkable to them by us as “personal data,” and we treat this personal data the same no matter where you live.
This means data that directly identifies you–like your personal name—or data that could reasonably identify you—like your email address—is personal data. Conversely, aggregated or anonymized data is not personal data.
As you know, The Buy Nothing Project is passionate about gifting, but we don’t believe you should have to gift your personal data. This means we strive to only collect the personal data we need.
The type of personal data we collect depends on how you use our services. Listed below are the data categories we collect directly from you.
How The Buy Nothing Project Uses Personal Data
- Personal information. Your name, email address, location or address, and date of birth (if signing up with email/password).
- Device information. Data about your device or from which your device could be identified, such as your IP address or device serial number.
- Contact information. Data such as your real name, email address, and physical address/location.
- Payment information. Data about your billing address and method of payment, which is collected by our payment processor, Stripe.
- Transaction information. Data about the in-app transactions that we help facilitate through our services.
- Photos and personal data you voluntarily post. Photos and personal data you voluntarily post on The Buy Nothing Project.
The Buy Nothing Project uses personal data to help you facilitate your gifting, to operate and improve our services, to communicate with you, for security and fraud prevention, and to comply with laws and regulations.
To expand on the above, we use personal data for the following purposes:
- To meet or fulfill the reason you provided the information to us, including to help facilitate your delivery or receipt of a gift.
- To communicate with you about our services, including updates or new offers.
- To provide you with support and assistance.
- To create and manage your account or other user profiles.
- To personalize the services based on your preferences.
- To respond to user inquiries and fulfill user requests.
- To improve and develop the services, including testing, research, analysis and product development.
- To protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security and integrity of our services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- For any other business purpose stated when collecting your personal data or as otherwise set forth in applicable data privacy laws.
As noted in the list above, we may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you informational offers or important product updates. If you do not want to receive these communications from us, you may unsubscribe from them. How The Buy Nothing Project Shares Personal Data
Not only do we strive to collect only personal data we need, but we only disclose personal data to third parties as described below.
Cookies and Other Technologies
- To select recipients. These are third parties we share personal data with at your direction, including the public (where you choose to post information publicly), other users (as necessary to facilitate a gifting transaction on our services), or social media services (if you intentionally interact with them through your use of our services).
- Service providers. These are third parties that help us provide our services, including payment processors, security and fraud prevention providers, hosting and other technology and communications providers, analytics providers, and staff augmentation and contract personnel.
- To acquirers. These are parties who acquire your personal data through an acquisition or other change of control. Personal data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
Of course, we want our users to feel empowered to interact with our services however they determine best. To that end, you can decide whether to accept or delete cookies through your internet browser’s settings.Data Security and Retention
Protecting your personal data is extremely important to us and so we seek to protect it from unauthorized access, use and disclosure by using appropriate physical, technical, organizational, and administrative security measures based on the type of personal data we collect and the way we process it. For example, our services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal data you provide to us.
We retain personal data about you for as long as you have an open account with us or as otherwise necessary to provide you with our services. In some cases, we retain personal data for longer if doing so is necessary to comply with our legal obligations, resolve disputes, or is otherwise permitted or required by applicable law, rule, or regulation. Children and Personal Data
, we do not knowingly collect or solicit personal data about children under 17 years of age. If you are a child under the age of 16, please do not attempt to register for use our services or send us any personal data. If we learn we have collected personal data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided us personal data, please contact us.Further Information
State Specific Privacy Rights and DisclosuresCalifornia Residents
You have the right to request certain information about our collection and use of your personal data over the past 12 months. In response, we will provide you with the following information:
- The categories of personal data that we have collected about you.
- The categories of sources from which that personal data was collected.
- The business or commercial purpose for collecting or selling your personal data.
- The categories of third parties with whom we have shared your personal data.
- The specific pieces of personal data that we have collected about you.
If we have disclosed your personal data to any third parties for a business purpose over the past 12 months, we will identify the categories of personal data shared with each category of third-party recipient. If we have sold your personal data over the past 12 months, we will identify the categories of personal data sold to each category of third-party recipient.Deletion
You have the right to request that we delete the personal data that we have collected about you. Under the California Consumer Privacy Act, this right is subject to certain exceptions: for example, we may need to retain your personal data to provide you with the services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.Exercising Your Rights
To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use personal data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request by emailing us at [email protected]
You may also authorize an agent to exercise your rights on your behalf. To do this, you must provide your authorized agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your authorized agent when they make a request on your behalf.Personal Data Sales Opt-Out and Opt-In
We will not sell your personal data and have not done so over the last 12 months.No Discrimination
We will not discriminate against you for exercising your rights under the California Consumer Privacy Act. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the California Consumer Privacy Act. However, we may offer different tiers of our services as allowed by applicable data privacy laws (including the California Consumer Privacy Act) with varying prices, rates or levels of quality of the goods or services you receive related to the value of personal data that we receive from you.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at [email protected]Nevada Residents
We do not sell your personal data as sales are defined in Nevada Revised Statutes Chapter 603A.