Last Updated: March 22, 2022
If you are an individual located in the European Economic Area (the “EEA”), the United Kingdom (“UK”), or Switzerland, the following GDPR Privacy Notice (see below on this page) applies to you.
A. Personal data we collect
The categories of personal data we collect depend on how you interact with us, our Services, and the requirements of applicable law. For example, we may collect different information from you depending on whether you are a visitor to our Website (“Visitors”), use our Services as a vendor or venue (together, “Vendors”), or request us to be featured as a couple (“Couples”). Please note that the category of “Visitors” includes Vendors and Couples, to the extent such Vendors and Couples utilize our Website. We primarily collect information that you provide to us or that we obtain automatically when you use our Services.
a. Information you provide to us directly
We may collect the following personal data that you provide to us:
- When you use the Services. When you use Services (for example, by submitting a wedding), we typically collect fields such as your first name, last name, email address, state/province, country, and telephone number. If you purchase subscription content through our Services, we or certain of our service providers that help us provide the Services (each, a “Service Provider”) may also collect information necessary to process your payment, such as your credit or debit card number and expiration date.
- Your communications with us. We may collect your name, email address, postal address, and/or telephone number when you request information about our Services, request user or technical support, or otherwise communicate with us. We also collect your preferences in receiving marketing communications from us and hashed identifiers derived from email addresses for purposes of targeted advertising;
- Surveys/Questionnaires. We may contact you to participate in surveys or other questionnaires to collect feedback. If you decide to participate, you may be asked to provide certain information, which may include personal data
b. Information we collect automatically
We also automatically collect certain information based on your use of our Services. This data would include your activities on our Website. For example, we, or our third-party partners, may collect:
- Activities. Details of the activities you carry out when using our Services, including visits to our Website. We may also collect your geographic location when you use a location-enabled device with our Services and sensor data from your device that may, for instance, provide data on nearby cell towers and Wi-Fi access spots;
- Technical information. The Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform; and
- Information about your visit to our Website. We collect and process your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.
c. Information we obtain from third parties
Carats and Cake may also obtain information about you from third parties, such as Vendors or Couples that submit a wedding in which you were involved and/or attended. We require that such Vendors and Couples obtain the consent of each Vendor and each party in a Couple prior to submitting their information to us, as well as the consent of wedding guest(s) whose photographs are submitted to us.
B. How we use your information
Carats & Cake collects only the personal data we need in order to offer and support our Services. We may also be required to collect, process, and retain your data in fulfillment of our legal obligations. We use your data for the following business purposes:
a. Provide, monitor, maintain, personalize, optimize, and improve the Services, including research and analytics regarding use of the Services, or to remember you when you leave and return to the Services;
b. Notify you about changes to our Services;
c. Provide you with news, events, promotions, updates, security alerts, and general information about other services that we offer that are similar to those that you have already inquired about, unless you have opted not to receive such information;
d. Allow you to participate in interactive features within our Services when you choose to do so;
e. Provide you with customer support;
f. Carry out our obligations relating to your contracts with us and to provide you with the information and Services that you request from us;
g. Provide you with more relevant content in marketing, promotional, or other communications to which you may be subscribed; and
h. Detect, investigate, and prevent technical issues or activities that may violate our policies or be fraudulent or illegal, including to conduct any related investigations.
We may combine information from the Services together and with other information we obtain from our business records or from third party sources.
We are required by law to store some of your data beyond the termination of your relationship with us. After such time, your data will only be accessed or processed as necessary.
C. How we disclose your information
Carats & Cake may share data to ensure that we can continue providing you with the Services you have contracted. We may share certain information with:
a. Service providers.
We share data with Service Providers who help us provide the Services (each, a “Service Provider”), including Service Providers located outside the U.S., UK, or EEA. Service Providers help us with things like Website hosting, data analysis, information technology and related infrastructure, customer service, paymenet processing and email delivery.
b. Third parties authorized by you.
We will share data with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings) and, in each case, any due diligence relating thereto.
d. Safety, legal purposes, and law enforcement.
We use and disclose data as we believe necessary: (i) under applicable law; (ii) to enforce our terms and conditions; (iii) to protect our rights, privacy, safety, or property, or the safety or property of yours or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
e. Advertising platforms.
We may share certain information with advertising platforms, such as Google and Facebook, to select and serve relevant adverts to you and others. The information shared may include device-level information and analytics, as discussed in “Information we collect automatically”, or hashed identifiers derived from email addresses.
f. Analytics and search engine providers.
We may share certain information with analytics and search engine providers that assist us in the improvement and optimization of our site.
D. Transfers to and outside the U.S.
Carats & Cake is headquartered in the United States. Personal data that we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our Service Providers maintain facilities. The laws of the United States and other countries regarding personal data may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. To the extent permitted by applicable law, by submitting your personal data to us, you agree to this transfer, storing, or processing.
Please review our GDPR Privacy Notice (see below) or contact us at firstname.lastname@example.org if you are a resident of the EEA, the UK, or Switzerland, and would like additional information on our transfer of personal data.
E. Service Providers and Third Parties
Our Services may, from time to time, integrate with or contain links to other websites, mobile applications, or digital properties that are not operated by us, including those of our Service Providers, which you may access either directly, via an authentication process, or otherwise through the Services. For example, we integrate with Stripe to facilitate payments made in connection with our Services. Likewise, other websites, mobile applications, or digital properties may reference or link to our Services. Similarly, if you access the Services through a social networking service (“SNS"), some personal data may be collected and/or made available, depending on the privacy settings that you have set with respect to that SNS. You have the ability to disable the connection between your Account and any SNS accounts that you have linked at any time by accessing the "Settings" section of the Website.
We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites, mobile applications, or digital properties. Providing personal data to them, both within or outside of our Website or our Services, is at your own risk.
F. Google and Facebook Advertising. Do Not Track Disclosure.
Further, you may stop or restrict the placement of third-party cookie technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, please note that cookie-based opt-outs are typically not effective on mobile applications. You may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.
To the extent we use Google or Facebook for advertising purposes on our Website, please see these links provided by these respective companies for opt-out purposes: Google/Facebook. We are not responsible regarding the scope of, or the honoring of, any such opt-outs, as opt-out preferences provided by these companies are not under our control.
G. Security of your information
You are responsible for keeping confidential any passwords you use to access our Services. We ask you not to share this password with anyone else and not to use this password for other services or products.
To the fullest extent permitted by applicable law, we do not accept liability for any unauthorized disclosure.
H. Children’s Privacy
Our Services are not intended for anyone under the age of 18. We do not knowingly collect personal data from anyone under the age of 18. If you are a parent or guardian and you believe that your child has provided us with their information, please contact us. If we become aware that a child has provided us with personal data in violation of applicable law, we will delete any personal data we have collected, unless we have a legal obligation to keep it.
I. Marketing communications
We will only use your data for marketing and promotional purposes if you “opt in” to such uses, and you can withdraw this permission at any time. We may combine your personal data to improve the value and specificity of these communications. You have the right to ask us not to contact you for marketing purposes by following the unsubscribe link or the instructions provided in any email we send or by contacting us at email@example.com. Please note that you may not opt out of communications related to a specific request that you have made.
K. Contact us
You may also write to us at:
750 Lexington Avenue
New York, NY 10022