Skip to content

Welcome to Art Supplies!

Cart

Art Therapy Supplies Privacy Policy

Privacy Policy

Art Therapy Supplies Privacy Policy

Last Updated: April 17, 2023

  1. Introduction.

Art Therapy Supplies (“Company” or We”) respects your privacy and is committed to protecting it through our compliance with this policy.

This policy describes the personal data collected or processed by the Company when you interact with the Company, including through our website www.ooly.com, social media accounts, chat services, email, or one of our other services or methods of communicating with you, all of which are part of the Company’s platform (“Platform”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy does not apply to information collected by any third party, including by any social media sites or through any application or content (including advertising) that may link to or be accessible from or through the Platform.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Platform. By accessing or using the Platform, you agree to this privacy policy.

  1. Children Under the Age of 13.

Our Platform is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Platform. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Platform. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at

support@arttherapysupplies.com

.

California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information.

  1. Information We Collect.

Our Platform collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information that is excluded under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act.

 

Our Platform has collected the following categories of personal information and/or sensitive personal information from consumers within the last twelve (12) months for which “yes” is marked in the “Collected” column:

Category of Personal Information

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

 

NO

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

NO

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

I. Professional or employment-related information.

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

NO

L. Sensitive Personal Information

See categories of sensitive personal information below.

YES

 

Category of Sensitive Personal Information

Collected

1. Social security, driver's license, state identification card, or passport number.

NO

2. Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

YES

3. Precise geolocation.

NO

4. Racial or ethnic origin, religious or philosophical beliefs, or union membership.

NO

5. Contents of a mail, email, and text messages unless We are the intended recipient of the communication.

NO

6. Genetic data.

NO

7. Biometric information for the purpose of identifying a consumer.

NO

8. Personal information collected and analyzed concerning a consumer's health.

NO

9. Personal information collected and analyzed concerning a consumer's sex life or sexual orientation.

NO

 

  1. How the Platform Collects Information.

Our Platform obtains the categories of personal information listed above from the following general categories of sources:

  • Directly from you when you provide it to us.
  • Automatically as you engage with the Platform. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies from you.
  • From third parties, for example, our business partners.
  • Information You Provide to Us.

The information we collect on or through our Platform may include:

  • Information you provide by filling in forms on our Platform. This may include such things as information provided at the time of registering to use our Platform or creating an account, purchasing products, or requesting further services or information. We may also ask you for information in connection with a promotion or when you report a problem with our Platform.
  • Details of transactions you carry out through our Platform and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Platform.
  • Records and copies of your correspondence (including email addresses) if you contact us.
  • Your responses to surveys that we might ask you to complete or other forms of feedback you may provide.
  • Your activities on the Platform including, without limitation, product searches, search queries, features used, and pages accessed.
  • Information you provide to us through our interactive chat service.
  • Information you provide to us in messages sent via social media platforms (e.g. Instagram or Facebook).

 

  • Information We Collect Through Automatic Data Collection Technologies.

As you navigate through and interact with the electronic elements of our Platform, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to our Platform, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Platform.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Platform and to deliver a better and more personalized service, including by enabling us to:

  • Estimate our audience size and usage patterns.
  • Store information about your preferences, allowing us to customize our Platform according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to our Platform.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies).A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Platform. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
  • Web Beacons.Pages of our website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
  • Flash Cookies.Certain features of our website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
  1. Use of Personal Information.

We use information that we collect about you or that you provide to us, including any personal information:

  • To present our Platform and its contents to you.
  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request information or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
  • To provide, support, personalize, and develop our Platform, products, and services.
  • To create, maintain, customize, and secure your account with us.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your Platform experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Platform, third-party sites, and via email or text message (with your consent, where required by law).
  • To help maintain the safety, security, and integrity of our Platform and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve our Platform, products, and services.
  • To respond to your comments, questions, and requests.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

We may also use your information to contact you about our own and third-parties’ goods and services that may be of interest to you.

  • Disclosures of Personal Information.

We may disclose your information to certain outside persons or organizations (“Outside Person”), including but not limited to business purpose disclosures to service providers. We make business purpose disclosures under written contracts that, among other things: (i) describe the business purposes; (ii) require the Outside Person to comply with the CCPA, including providing the same level of privacy protection as the CCPA requires; (iii) require the Outside Person to notify Us if the Outside Person can no longer meet its obligations under the CCPA and prohibit the Outside Person; and (iv) prohibit using the disclosed information for any purpose except performing such contract. In the preceding twelve (12) months, Company has disclosed personal information as indicated in the chart below.

Personal Information Category

Type of Disclosures

Business Purpose Disclosures

Sales

A: Identifiers.

Service Provider

None

B: California Customer Records personal information categories.

Service Provider

None

C: Protected classification characteristics under California or federal law.

None

None

D: Commercial information.

Service Provider

None

E: Biometric information.

None

None

F: Internet or other similar network activity.

Service Provider

None

G: Geolocation data.

None

None

H: Sensory data.

None

None

I: Professional or employment-related information.

None

None

J: Non-public education information.

None

None

K: Inferences drawn from other personal information.

None

None

L: Social security, driver's license, state identification card, or passport number.

None

None

M: Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

None

None

N: Precise geolocation.

None

None

O: Racial or ethnic origin, religious or philosophical beliefs, or union membership.

None

None

P: Contents of a mail, email, and text messages unless We are the intended recipient of the communication.

None

None

Q: Genetic data.

None

None

R: Biometric information for the purpose of identifying a consumer.

None

None

S: Personal information collected and analyzed concerning a consumer's health.

None

None

T: Personal information collected and analyzed concerning a consumer's sex life or sexual orientation.

None

None

 

  • Reselling Personal Information.

The CCPA prohibits an Outside Person from reselling personal information unless you have received explicit notice and an opportunity to opt-out of further sales, and this resale restriction has been expanded to include personal information about a consumer shared with a third-party for cross-context behavioral advertising purposes.

  1. Your Rights and Choices.

The CCPA provides certain consumers with specific rights regarding their personal information. This section describes these rights and explains how to exercise those rights.

  • Right to Know and Data Portability.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • The specific pieces of personal information we collected about you (also called a data portability request).
    • Right to Delete.

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
  • We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
    • Right to Rectify.

You have the right to request that we rectify certain inaccurate personal information about you (the “right to rectify”). Once we receive your request and confirm your identity, we will review your request.

  • Exercising Your Rights to Know, Delete, or Rectify.

To exercise your rights to know, delete, or rectify as described above, please submit a request by either:

 

Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or rectify related to your personal information.

You may also make a request to know, delete, or rectify on behalf of your child by contacting us and providing the necessary information about you and your child.

You may only submit a request to know twice within a 12-month period. Your request to know, delete, or rectify must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. 
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You do not need to create an account with us to submit a request to know, delete, or rectify.

We will only use personal information provided in the request to verify the requestor's identity or authority to make it.

  • Response Timing and Format.

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us using one of the methods specified above.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

  • Personal Information Sales and Sharing Opt-Out and Limiting the Use of Sensitive Personal Information.

If you are age 16 or older, you have the right to direct us to not sell your personal information, to not share (as defined in the CCPA) your personal information, and to limit the processing of your sensitive information (collectively, the “right to opt-out”). Consumers who opt-in to personal information sales, sharing, or expanded use of sensitive personal information may opt-out of the foregoing at any time.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by sending an email to care@ooly.com.

    Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales, personal information sharing, and expanded use of sensitive personal information. However, you may change your mind and opt back in at any time by submitting a request, as set forth above with respect to Exercising Your Right to Know, Delete, or Rectify.

    You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

    1. Non-Discrimination.

    We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

    • Deny you goods or services.
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or services.
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

    However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any such permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

    1. Data Security.

    We have implemented measures designed to protect your information. However, the safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Platform. The information you share in public areas may be viewed by any user of the Platform.

    Unfortunately, the transmission of information via the internet is not completely secure. Although we take measures to protect your information, we cannot guarantee the security of your personal information transmitted to our Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform.

    1. Data Retention.

    We may retain your personal information for the longest of: (i) as long as necessary for the purposes set forth in this policy or otherwise communicated to you, including providing our services to you; or (ii) as long as your account is active. We also retain your personal information to the extent necessary to comply with our legal obligations.

    1. “Do Not Track” Policy.

    Our Platform does not respond to Do Not Track signals.

    1. Your State Privacy Rights.

    State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.

    Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

    • Confirm whether we process their personal information.
    • Access and delete certain personal information.
    • Data portability.
    • Opt-out of personal data processing for targeted advertising and sales.

    Colorado, Connecticut, and Virginia also provide their state residents with rights to:

    • Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
    • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

    To exercise any of these rights or appeal a decision, please contact us using one of the contact methods provided above. However, please note that the laws of a particular state may not apply to you or the Company depending on a variety of circumstances.

    1. Changes to Our Policy.

    We reserve the right to amend this policy at our discretion and at any time. When we make changes to this policy, we will post the updated notice on applicable elements of our Platform and update the notice's effective date. Your continued use of such elements of our Platform following the posting of changes constitutes your acceptance of such changes.

    1. Application of Policy.

    Given that the Internet allows users from around the world to view certain electronic elements of our Platform, not all provisions of this policy may apply to every visitor or user of the Platform. The applicability of certain provisions may depend on a variety of factors including, but not limited to, in which country or state the visitor resides and which laws and regulations apply to the Company. Accordingly, the Company reserves the right to disclaim the applicability of any provisions in this policy if the Company is not actually subject to and required to comply with the particular law which the provision is meant to address

    1. Contact Information.

    To ask questions or comment about this privacy policy and our privacy practices, contact us at support@arttherapysupplies.com.