Revised and effective October 30, 2024
This is the Privacy Policy of Yeti Cycling, LLC, a Colorado limited liability company (“we”, “us”, “our, or “Yeti”). We take your privacy seriously, and we know you do too. This Privacy Policy (“Policy”) describes how we collect, process, and share Personal Data, your rights & choices, and other important information about how we handle your Personal Data. Additional information for users in the US and the EU/EEA/UK/Switzerland is available in our Regional Supplements section.
To make it easy for you to learn how we use your data, we’ve summarized how we process data in specific contexts. Learn more:
· Digital Services
· Cookies and other tracking technologies
· Posts and Social Media
· Account Registration
· Orders and Transactions
· Marketing Communications
· Contests and Promotions
· Demos and Events
· Contact Us; Service Requests
· Professional Engagement
SCOPE
This Policy applies to your use of our “Services” which include the following:
Our “Offline Services”
- In-person services you use, such as when you visit one of our locations, pick up a product, or receive in-person maintenance or repair services.
Our “Digital Services”
- Our website, located at https://yeticycles.com (the “Site”), and any other website, application, or services where we post or link to this Policy; and
- Our social media pages and any other online services.
This Policy does not apply to information processed by third parties, for example, when you visit a third-party website or interact with third-party sites, except to the extent those parties collect or process information on our behalf. Please review any relevant third party’s privacy policy for information regarding their privacy practices.
Your use of our Services indicates your acknowledgment of the notices provided in this Policy.
CONTROLLER & CONTACT
The party that determines the purposes and means for processing of your Personal Data (“controller”) under this Policy is Yeti Cycling, LLC. You may contact our Data Privacy Team as follows (for our address and contact details in other regions, please see Regional Supplements):
General Inquiries:
Opt-Out of Data Sales or Sharing; Limit uses of Sensitive Personal Data:
visit the Cookie Preferences, or email us at privacy@yeticycles.com
Regional Data Rights:
email us at privacy@yeticycles.com.
Direct Marketing Disclosure Inquiries:
send us mail to the mailing address below or email privacy@yeticycles.com
Mailing Address:
Yeti Cycles
RE: Data Privacy
621 Corporate Circle
Golden, CO 80401
CATEGORIES AND SOURCES OF PERSONAL DATA
The following describes how we process data relating to identified or identifiable individuals and households (“Personal Data”).
Categories of Personal Data We Process
The categories of Personal Data we process may include:
Audio/Visual Data
- Recordings and images collected from audio files and records, such as voicemails, call recordings, photographs, and the like.
Biographical Data
- Data relating to professional or employment history, qualifications, and similar biographic information.
Transaction Data
- Information about the Services we provide to you and about transactions you make with us or other companies for products and services and similar information via our Services, e.g. bike, part, or equipment name; bike color and size; upgrades; payment method/type, price, and the like.
Contact Data
- Identity Data we can use to contact you, such as email and physical addresses, phone numbers, social media or communications platform usernames/handles.
Device / Network Data
- Browsing history, search history, and information regarding your interaction with a website, application, or advertisement (e.g. IP Address, MAC Address, SSIDs, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.
Identity Data
- Information such as your name; address; email address; telephone number; gender; date of birth; age and/or age range; account login details, e.g. username and password.
Inference Data
- Personal Data we create or use as part of a profile reflecting your preferences, characteristics, aptitudes, market segments, likes, favorites or your interests.
General Location Data
- Non-precise location data, e.g. location information derived from social media tags/posts, or from IP address.
Sensitive Personal Data
- Unless prohibited by local law, and subject to your consent should it be required under local law, Personal Data defined as “sensitive” or “special categories of Personal Data” under local laws. As described further below, we may collect the following categories of Sensitive Personal Data:
· “Payment Data” - Data that includes financial account log‐in information, or financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to such financial account, Information such as bank account details, payment card information, including similar data protected as Sensitive Personal Data under applicable law.
See your Rights & Choices for information on how to opt-out or limit processing of Sensitive Personal Data.
User Content
- Unstructured/free-form data that may include any category of Personal Data, e.g. data that you give us in free text fields such as the contact us request form.
Sources of Personal Data We Process
We collect Personal Data from various sources, which include:
Data you provide us
- We receive Personal Data when you provide it to us, when you purchase our products or services, complete a transaction via our Services, or when you otherwise use our Services.
Data we collect from your devices
- We automatically collect Personal Data about or generated by any device used to access our Services.
Service Providers
- We receive Personal Data from service providers performing services on our behalf, including payment processors or web hosting service providers.
Dealers and Retailers
- We may receive your Personal Data from local retailers or dealers who may have hosted you at a Yeti demo event, fulfilled your order, serviced your bike, or otherwise interacted with you in connection with our Services.
Social Media Companies
- We receive Personal Data from social media companies and Targeted Advertising vendors when we engage in Targeted Advertising and social media marketing, or if you interact with that social media or other company on or in connection with our Services (e.g. our pages on social media sites).
Data we create or infer
- We, certain partners, social media companies, and third parties operating on our behalf, create and infer Personal Data such as Inference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Policy, and we may correlate this data with other data we process about you.
DATA PROCESSING CONTEXTS / NOTICE AT COLLECTION
Digital Services
Generally
We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Inference Data when you use our Digital Services, including our Site. You may also be able to complete an order or transaction, register for an account, or enroll in Marketing Communications through our Digital Services.
We use this Personal Data as necessary to operate our Services, such as keeping you logged in, delivering pages, etc., for our Business Purposes, and our other legitimate interests, such as ensuring the security of our Sites and other technology systems and analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services. We may also process this Personal Data for our Commercial Purposes (which may involve data sales or “sharing” under US law.)
See sections Data Retention | Regional Notices | Legal Bases
Cookies and other tracking technologies
We process Identity Data, Device/Network Data, Contact Data, Inference Data, General Location Data, and other non-Personal Data in connection with our use of cookies and similar technologies on our Services. We may collect this data automatically, subject to your consent as described further below.
We and authorized third parties may use cookies and similar technologies for the following purposes, subject to your consent where required, as described below:
· We automatically collect data using cookies and similar technologies for “essential” purposes necessary for our Services to operate (such as maintaining user sessions, CDNs, and the like). This processing is mandatory.
· Additionally, with your consent or subject to your opt-out right (as applicable), we may collect data using cookies and similar technologies:
· for “functional” purposes, such as to enable certain features of our Services (for example, to allow a customer to maintain an online shopping cart);
· for “analytics” purposes or to improve our Services, such as to analyze the traffic to and on our Services (for example, we can count how many people have looked at a specific page, or see how visitors move around the website when they use it, to distinguish unique visits/visitors to our Services, and what website they visited prior to visiting our website, and use this information to understand user behaviors and improve the design and functionality of the website);
· for “retargeting,” Targeted Advertising, or other advertising and marketing purposes, including technologies that process Inference Data or other data so that we can deliver, buy, or target advertisements which are more likely to be of interest to you; and
· in connection with our integration with “social media” services e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter.
We may also process this Personal Data for our Business Purposes and Commercial Purposes (which may involve data sales or “sharing” under US law).
If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Cookie Preferences Link. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out. See your Rights & Choices for more information about how to opt-out of cookies and similar technologies directly on our Services.
Third parties may have access to information collected via cookies or web beacons on our websites. We, or these third-party providers, may be able to use these technologies to identify you across platforms, devices, sites, and services. Social Media companies and third parties engaged in Targeted Advertising are third-party controllers and may have their own privacy policies, and their processing is not subject to this Policy. For a list of current third-party providers, please view the cookie list in our Cookie Preferences tool.
See sections Data Retention | Regional Notices | Legal Bases
Posts and Social Media
We process Identity Data, Inference Data, Contact Data, and User Content you post (e.g. comments, social media posts, etc.) on our Services. We also process Identity Data, Contact Data, and User Content if you interact with or identify us on social media platforms (e.g. if you post User Content that engages with or tags our official accounts).
We process this Personal Data for our Business Purposes and Commercial Purposes (which may involve data sales or “sharing” under US law).
Posts may be public or reposted on our Services. Content you provide may be publicly available when you post it on our Services, or in some cases, if you reference, engage, or tag our official accounts.
See sections Data Retention | Regional Notices | Legal Bases
Account Registration
We process Identity Data, Inference Data, and Contact Data when you register and create an account for our Services. We process Payment Data if you associate payment information with that account. Subject to your rights and choices under applicable law, we may obtain certain Inference Data from Data Aggregators.
We use this Personal Data to create and maintain your account, to provide the products and services you request, and for our Business Purposes. We may process Identity Data, Inference Data, and Contact Data for Commercial Purposes (which may involve data sales or “sharing” under US law). We do not sell or “share” or process Payment Data for Business Purposes not permitted under applicable law. In certain jurisdictions, such as the EU/EEA, UK, and Switzerland we process data for Commercial Purposes only with your consent. See our Regional Supplements for more information.
See sections Data Retention | Regional Notices | Legal Bases
Orders and Transactions
We process Transaction Data, Identity Data, Device/Network Data, Payment Data, Inference Data, and Contact Data when you configure a bike, order a build kit, purchase gear or apparel, or otherwise complete a purchase or sale transaction. We do not permanently store your Payment Data, except at your request. If you elect to receive updates about your build via SMS, we may process Contact Data in order to deliver those important updates.
We process this Personal Data as necessary to customize your build, perform or initiate a transaction with you, process your order, payment, or refund, carry out building and delivery, document transactions, and for our Business Purposes.
We may process Identity Data, Transaction Data, Contact Data, and Device/Network Data for Commercial Purposes (which may involve data sales or “sharing” under US law). We do not sell or “share” or process Payment Data for Business Purposes not permitted under applicable law. We do not share Contact Data collected as part of SMS updates with third parties for their own marketing or Commercial Purposes unless you elect to receive such SMS communications from those third parties. In certain jurisdictions, such as the EU/EEA, UK, or Switzerland, we process data for Commercial Purposes only with your consent. See our Regional Notices for more information.
See sections Data Retention | Regional Notices | Legal Bases
Marketing Communications
We process Device/Network Data, Contact Data, Identity Data, and Inference Data in connection with marketing communications (e.g. emails, SMS, or similar communications) and (subject to your consent where required) when you open or interact with those communications (“Marketing Communications”).
You may receive Marketing Communications if you consent and, in some jurisdictions where permitted by law, as a result of account registration, purchase, or other inquiry or transaction that allows us to send Marketing Communications without consent. Marketing Communications will include information such as offers, demo and event recommendations, newsletters, feedback requests, and other information relating to our services or promotional material we believe will interest you.
We process this Personal Data to contact you about relevant products or services and for our Business Purposes. We may also use Device/Network Data, Contact Data, Identity Data, and Inference Data for our Commercial Purposes (which may involve data sales or “sharing” under US law). See the Regional Supplements section for information regarding this processing in your jurisdiction.
You can withdraw your consent to receive Marketing Communications by clicking on the unsubscribe link in an email (for email), by responding with “opt-out” or other supported unsubscribe message (for SMS), or for other communications, by contacting us using the information above. To opt out of the collection of information relating to email opens, configure your email so that it does not load images in our emails. See your Rights & Choices for more information. We do not share Contact Data collected as part of SMS marketing campaigns with third parties for their own marketing or Commercial Purposes unless you elect to receive such SMS communications from those third parties.
See sections Data Retention | Regional Notices | Legal Bases
Contests and Promotions
We collect and process Identity Data, Inference Data, certain Contact Data, and User Content when you enter a contest/sweepstakes or take part in a promotion. If you are a winner of a contest, sweepstakes, or certain other promotions, we may (where permitted by law) collect Government ID Data.
We process this Personal Data as necessary to provide the contest/promotion, notify you if you have won, or to process delivery of a prize, for our Business Purposes, and other legitimate interests, such as:
· verifying your identity for authentication, anti-fraud, and security purposes (in which case we may process Government ID Data to complete verification);
· to improve our Services and to create a personalized user experience; and
· to contact you about relevant products or services, and in connection with Marketing Communications and Targeted Advertising.
If you win a special promotion (e.g., a sweepstakes), your acceptance of a prize may allow us to make certain Personal Data public, e.g. posting your first name and last initial, hometown and/or state on a winner’s list (or making physical copies of the winner’s list available, upon request or as required by law). See the special program agreement(s) for additional details and terms.
We may process Identity Data, Contact Data, and User Content information for our Commercial Purposes (which may include Targeted Advertising or the use of Consumer Profiles, and which may involve data sales or “sharing” under US law). See the Regional Supplements section for information regarding this processing in your jurisdiction. We do not sell, “share,” or process Government ID Data for any Commercial Purposes or any Business Purposes not permitted under applicable law.
See sections Data Retention | Regional Notices | Legal Bases
Demos and Events
We process Identity Data, Contact Data, and Transaction Data when you register for and attend a factory demo, a demo event, an annual Yeti Gathering, a trade show, or any other in-person event with us. We process User Content if you provide it to us in connection with an event.
We process this Personal Data to help you get registered for the event, to communicate with you about logistics, and for our Business Purposes and our Commercial Purposes (which may include Targeted Advertising or the use of Consumer Profiles, and which may involve data sales or “sharing” under US law).
See sections Data Retention | Regional Notices | Legal Bases
Contact Us; Service Requests
We collect and process Identity Data, Contact Data, and User Content when you contact us, e.g. through a contact us form, or for a service request. If you call us via phone, we may collect Audio/Visual data from the call recording.
We process this Personal Data to respond to your request, and communicate with you, as appropriate, and for our Business Purposes. If you consent or if permitted by law, we may use Identity Data and Contact Data to send you Marketing Communications and for our Commercial Purposes (which may include targeted advertising or the use of Profiles, and which may involve data sales or “sharing” under US law). See the Regional Supplements for information regarding this processing in your jurisdiction.
See sections Data Retention | Regional Notices | Legal Bases
Professional Engagements
We process Identity Data, Contact Data, Government ID Data, Biographical Data, User Content, and Payment Data in connection with your application for employment or to become an independent contractor or your engagement as a racer or an ambassador.
We process this Personal Data as necessary to evaluate, establish, and maintain the professional relationship, including, but not limited to, to conduct background checks, to provide employment benefits, and for financial administration. We may also process this Personal Data for human resources purposes, such as managing identity and credentials, administering security and loss prevention, or analyzing and consolidated reporting. We may further process Personal Data in this context for our Business Purposes. We do not sell or share Personal Data processed in this context. We process Sensitive Personal Data only for Business Purposes permitted under applicable law.
See sections Data Retention | Regional Notices | Legal Bases
PROCESSING PURPOSES
Business Purposes
We and our Service Providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. See our Regional Supplements and Legal Basis Descriptions for information about the specific legal basis for processing.
We and our Service Providers generally process Personal Data for the following “Business Purposes.”
Service Delivery
We process Personal Data as necessary to provide our Services and the products and services you purchase or request. For example, we process Personal Data to authenticate users and their rights to access the Services, to communicate with our team to build your custom bike, or as otherwise necessary to fulfill our contractual obligations to you, provide you with the information, features, and services you request, and create relevant documentation.
Internal Processing and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate interests in improving the design of our Service, understanding how our Services are used or function, for customer service purposes, for internal research, technical or feature development, to track use of our Service, QA and debugging, audits, and similar purposes.
Security and Incident Detection
We may process Personal Data in connection with our legitimate interest in ensuring that our Services are secure, identify and prevent crime, prevent fraud, and verify or authenticate users/individuals, and ensure the safety of our guests. Similarly, we process Personal Data on our Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns, and characteristics, maintain and analyze logs, and process similar Personal Data in connection with our information security activities.
Aggregated Data
We process Personal Data in order to identify trends, including to create aggregated and anonymized data about buying and spending habits, use of our Services, and other similar information (“Aggregated Data”). Aggregated Data that does not contain Personal Data is not subject to this Privacy Policy.
Compliance, Health & Safety
We may also process Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law, for the establishment and defense of legal claims, where we must comply with requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals (e.g. in an emergency at one of our demo events) to the extent required or permitted under applicable law. Please see the How We Share Personal Data section for more information about how we disclose Personal Data in extraordinary circumstances.
Commercial Purposes
Consumer Profiles
In order to understand our customers’ preferences, and better recommend products and services to our customers, we may create a “Consumer Profile” by linking together and analyzing Personal Data (excluding Sensitive Personal Data) collected in the various contexts as described in this Policy. We may also augment Consumer Profiles with Personal Data that we create (such as Inference Data) or that we receive from third parties and may include Personal Data such as products you have purchased.
We use Consumer Profiles for market research and in connection with the improvement of our Services. For example, we may analyze the Personal Data of people who have made a purchase for a particular item in the past and compare them with other people in our database. If we identify people in the database who have similar Personal Data to the previous customers, we may then target marketing or content to the new people.
Personalized Marketing Communications
Our marketing communications may be personalized based on your Consumer Profile. Where allowed, our marketing communications may involve targeting, including, but not limited to, targeted marketing.
Targeted Advertising
We and our third-party advertising providers may engage in display advertising or place advertisements on third-party sites, including, but not limited to, social media platforms. Such advertising may involve the processing of Personal Data in order to tailor the advertisements you see based on your interests (“Targeted Advertising”). The profiles and interests used for Targeted Advertising may be inferred or derived from Personal Data that we or those third parties obtain or infer from your activities across non-affiliated websites, applications, or services (e.g. through cookies and other tracking technologies). These third parties, including, but not limited to, Google, may use cookies and/or device identifiers to collect Personal Data such as unique IDs, IP addresses, device information, OS/browser type, and other similar data, as well as information about your visits to our site and the ads you see and view to develop and assess aspects of your Consumer Profile, to deliver more relevant advertisements and offers, and to determine whether and how ads you see are effective. Note that Targeted Advertising includes various parties and service providers, including, but not limited to, third-party data controllers engaged in the processing of Personal Data in connection with Targeted Advertising. These parties may be able to identify you across sites, devices, and over time. In some cases, these third parties may build or augment user profiles using your Personal Data, and may track whether you view, interact with, or how often you have seen an ad, or whether you purchased advertised goods or services.
DISCLOSURE/SHARING OF PERSONAL DATA
We may share Personal Data with the following categories of third-party recipients and/or for the following reasons. Note that some parties may be third-party controllers who process data subject to their own privacy policies.
Affiliates
- we will share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies in order to streamline certain business operations, and in support of our Business Purposes and Commercial Purposes.
Service Providers
- We may share your Personal Data with service providers who provide certain services or process data on our behalf in connection with our general business operations, product/service fulfilment and improvements, to enable certain features, and in connection with our (or our Service Providers’) Business Purposes.
Dealers and Retailers
- We may share your Personal Data with local retailers or dealers who may host a Yeti demo fleet, fulfil your order, service your bike, or provide products and services to you on our behalf, and in connection with our (or our Service Providers’) Business Purposes.
Social Media Platforms
- We may share certain Personal Data with social media platforms in support of our Business Purposes and Commercial Purposes. We may allow these third parties to operate on or through our Services. We may also share certain Personal Data when you interact with Yeti on social media. We may allow these third parties to operate through our Site, such as through a social media icon link on our homepage. We do not share Contact Data collected in connection with Yeti’s marketing communications with these parties.
Public Disclosure
- If you use any social media plugin, API, or other similar feature, or otherwise interact with us or our Services via social media, we may make your post available on our Services or to the general public. We may share, rebroadcast, or redisplay Personal Data or other information in the post to the extent permitted by the relevant social media service.
Event Partners
- We may share your Personal Data with Event Partners who have engaged us to provide Services on their behalf in connection with the events that are provided or promoted by that third party, such as the Gathering or other mountain bike tours. You may also direct us to disclose this data to or interact with these third parties as part of attending an event or making a purchase (which does not involve a data sale by us). However, in other cases, these parties may also receive data for our Business Purposes and in connection with Data Sales and Sharing. We do not share Contact Data collected in connection with SMS marketing or build updates with Event Partners unless you elect to receive such SMS communications from those third parties.
Data Aggregators
- We may share Personal Data with third party data suppliers in support of our Commercial Purposes and in connection with Data Sales and Sharing. These disclosures/sales can help better personalize our Services, the services of third parties, enrich Profiles, and help ensure that you see advertisements that are more relevant to your interests.
Successors
- We may share Personal Data if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Lawful Recipients
- In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, in the vital interests of us or any person (such as where we reasonably believe the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety) or in such other circumstances as may be required or permitted by law. These disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
If you are located outside the US, we may transfer or process your Personal Data in the US, UK, European Union (EU) and European Economic Area (EEA), and other jurisdictions where Yeti or our service providers operate. Where required by local law, we ensure your data remains protected in connection with any international transfers. See the “Regional Supplement” section below for more information.
YOUR RIGHTS & CHOICES
You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law. See the following sections for more information regarding your rights/choices in specific regions:
· US States/California
· EU/EEA/UK/Switzerland
Your Rights
You may have certain rights and choices regarding the Personal Data we process. See the “Regional Supplement” section below for rights available to you in your jurisdiction. To submit a request, contact our Data Privacy Team. We verify your identity in connection with most requests, as described below.
Verification of Rights Requests
If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
We may require that you match Personal Data we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Data to you if prohibited by law.
Your Choices
Marketing Communications
You can withdraw your consent to receive Marketing Communications by clicking on the unsubscribe link in an email (for email), by responding with “opt-out” or other supported unsubscribe message (for SMS), by adjusting the push message settings for our Mobile Apps using your device operating system (for push notifications), or for other communications, by contacting us using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
Withdrawing Your Consent/Opt-Out
You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
Cookies, Similar Technologies, and Targeted Advertising
General - If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Cookie Preferences link. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services with Google directly, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.
Targeted Advertising - You may opt out or withdraw your consent to Targeted Advertising by emailing us at privacy@yeticycles.com or through our Cookie Preferences link. In some cases, you may be able to opt-out with third parties directly by submitting requests to third-party partners, including for the parties listed below
· Facebook Custom Audience Pixel
· Digital Advertising Alliance’s opt-out
· Network Advertising Initiative opt-out
Global Privacy Control (GPC) - Our Services may support certain automated opt-out controls, such as the Global Privacy Control (“GPC”). GPC is a specification designed to allow Internet users to notify businesses of their privacy preferences, such as opting-out of Targeted Advertising or the sale/sharing of Personal Data. To activate GPC, users must enable a setting or use an extension in the user’s browser or mobile device. Please review your browser or device settings for more information regarding how to enable GPC.
Please note: We may not be able to link GPC requests to your Personal Data in our systems, and as a result, some Targeted Advertising or other sales/sharing of your Personal Data may occur even if GPC is active. See the “Regional Supplements” section below for more information regarding other opt-out rights.
Do-Not-Track - Our Services do not respond to your browser’s do-not-track request.
DATA SECURITY
We implement and maintain reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others. When we process information, we may pseudonymize data (i.e. store or use Personal Data using only a non-identifying number) or anonymize data (i.e. store data in a form that is not linked to or reasonably able to identify you personally) in order to protect your Personal Data during processing.
CHILDREN
Our Services are neither directed at nor intended for use by persons under the age of 13 in the US, or under the age of 13 to 16 in the EU/EEA, UK, and Switzerland. Further, we do not knowingly collect Personal Data from children under such ages. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
DATA RETENTION
We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):
· Retention periods established under applicable law;
· Industry best practices;
· Whether the purpose of processing is reasonably likely to justify further processing;
· Risks to individual privacy in continued processing;
· Applicable data protection impact assessments;
· IT systems design considerations/limitations; and
· The costs associated continued processing, retention, and deletion.
We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.
CHANGES TO OUR POLICY
We may change this Policy from time to time. We will post changes on this page. We will notify you of any material changes, if required, via email or notices on our Services. Your continued use of our Services constitutes your acknowledgment of any revised Policy.
REGIONAL SUPPLEMENTS
US States/California
US State & California Privacy Rights & Choices
Under the California Consumer Privacy Act (“CCPA”) and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.
Confirm
- Right to confirm whether we process your Personal Data
Access/Know
- Right to request any of following: (1) the categories of Personal Data we have collected, sold/“shared,” or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the purposes for which we collected or sold/“shared” your Personal Data; (4) the categories of third parties to whom we have sold/“shared” your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.
Portability
- Right to request that we provide certain Personal Data in a common, portable format
Deletion
- Right to delete certain Personal Data that we hold about you.
Correction
- Right to correct certain Personal Data that we hold about you.
Opt-Out (Sales, Sharing, Targeted Advertising, Profiling)
- Right to opt out of the following:
· If we engage in sales of data (as defined by applicable law), you may direct us to stop selling Personal Data.
· If we engage in Targeted Advertising (aka “sharing” of personal data or cross-context behavioral advertising,) you may opt out of such processing.
· If we engage in certain forms of “profiling” (e.g. profiling that has legal or similarly significant effects), you may opt out of such processing.
Non-Discrimination
- California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA
List of Direct Marketers
- California residents may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Submission of Requests
You may submit requests, as follows (please our review verification requirements section). If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at privacy@yeticycles.com or call us at 303-278-6909. We will respond to any request to appeal within the time period required by law.
Access/Know, Confirm Processing, Portability,
Deletion, and
Correction
· You may or email us at privacy@yeticycles.com, together with your email address, phone number or address on file, along with your request.
Opt-Out of Sales, “Sharing,” Targeted Advertising or Profiling
Opt-out
· You may or email us at privacy@yeticycles.com, together with your email address, phone number or address on file, along with your request.
· You may disable Targeted Advertising as described in the Cookies and Similar Technology Choices section above.
· Global Privacy Control (GPC) to opt out of Targeted Advertising/“sharing”. Services supporting GPC (or similar standards) will treat the request as a request to opt-out of Targeted Advertising/“sharing” on the device where the GPC setting is active.
List of Direct Marketers
Remove Minors’ User Content
· Contact us via email to our privacy team at privacy@yeticycles.com.
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:
Category of Personal Data
Category of Recipients
Audio/Visual Data; Transaction Data; Contact Data; Device/Network Data; Identity Data; Inference Data; General Location Data; User Content
Affiliates; Service Providers; Dealers and Retailers; Public Disclosures; Event Partners, Data Aggregators; Successors; Lawful Recipients
Sensitive Personal Data
Affiliates; Service Providers
Categories of Personal Data Sold, Shared, or Disclosed for Commercial Purposes
For purposes of the CCPA, we have “sold,” “shared,” or disclosed for Commercial Purposes in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:
Category of Personal Data
Category of Recipients
Transaction Data; Contact Data; Device/Network Data; Identity Data; Inference Data; General Location Data; User Content
Service Providers; Social Media Platforms; Data Aggregators; Public Disclosures
Categories of Sensitive Personal Data Used or Disclosed
For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Data: Government ID Data and Payment Data. However, we do not sell or “share” Sensitive Personal Data or use it for purposes other than those listed in CCPA section 7027(m).
EU/EEA/UK/Switzerland
Controller
Yeti and its affiliates operate worldwide. Yeti Group LLC is a controller with respect to the processing of your Personal Data jointly with the Yeti affiliate that you transact or engage with when you use our Services. Residents of the EU/EEA may transact with the following Yeti affiliate in their region:
Germany
Yeti Cycles GmbH
Alte Miesbacher Str. 11, 83734 Hausham, Germany
yetieurope@yeticycles.com
Rights & Choices
Residents of the EU/EEA, UK, and Switzerland have the following rights. Please review our verification requirements. Applicable law may provide exceptions and limitations to all rights.
Access
- You may have a right to access the Personal Data we process.
Consent
– To the extent we rely on your consent to process Personal Data, you may withdraw your consent at any time. We may continue processing on alternative or additional legal bases. Withdrawal of consent does not affect the lawfulness of processing undertaken prior to withdrawal.
Deletion
- You may request that we delete your Personal Data. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.
Data Export
- You may request that we send you a copy of your Personal Data in a common portable format of our choice.
Fate of your data
- If you live in France, you have the right to set guidelines for your Personal Data after your death.
Restriction
- You may request that we restrict the processing of Personal Data to what is necessary for a lawful basis.
Objection
- You may have the right under applicable law to object to any processing of Personal Data based on our legitimate interests. We may not cease or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing:
· for Profiling purposes;
· for direct marketing purposes (we will cease processing upon your objection); and
· involving automated decision-making with legal or similarly significant effects (if any).
Rectification
- You may correct any Personal Data that you believe is inaccurate.
Regulator Contact
- You have the right to file a complaint with regulators about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority. Competent regulators for the controllers listed above are:
Germany
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Tel: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
poststelle@lda.bayern.de
Submission of Requests
Withdraw consent or object to certain processing, including:
· Opt-out of Sales, Sharing, Targeted Advertising or Profiling
· Opt-out/Limit Use, and Disclosure of Sensitive Personal Data
· You may disable Targeted Advertising as described in the Cookies and Similar Technology Choices section above.
· Global Privacy Control (GPC) to opt out of Targeted Advertising/“sharing”. Services supporting GPC (or similar standards) will treat the request as a request to opt-out of Targeted Advertising/“sharing” on the device where the GPC setting is active.
· Contact us via email to our Data Privacy Team at privacy@yeticycles.com
Access, Rectification, Data Export, Deletion, Restriction, Correction, or to Withdraw Consent
· You may visit our Privacy Request Portal
· Contact us via email to our Data Privacy Team at privacy@yeticycles.com
· You may send postal mail to our physical address (see controller section / Contact Us above) with your email address, phone number, and address we have on file, along with your request.
Data Processing & Lawful Basis
The following table summarizes our processing of Personal Data, the purposes of processing (and corresponding legitimate interests, if applicable.) For additional detail, please review the corresponding sections in this Policy.
International Transfers
We process data in the United States, and other countries where our subprocessors are located. In cases where we transfer Personal Data to jurisdiction that have not been determined to provide “adequate” protections by your home jurisdiction, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with applicable law. Those safeguards may include the use of EU standard contractual clauses, reliance on the recipient’s Binding Corporate Rules program, the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework, or requiring the recipient to certify to a recognized adequacy framework. You can obtain more information about transfer measures we use for specific transfers by contacting us using the information above.