Get news, updates, & more from the Autism Speaks Shop
And receive $5 off your first order!
Newsletter
Last modified: May 24, 2023
Turnkey Merchandise Programs, a Michigan L.L.C., (the "Company" or "We") respect your privacy and are committed to protecting it through our compliance with this policy.
This privacy policy (the “Privacy Policy”) describes the types of information we may collect from you or that you may provide when you visit the website https://shop.autismspeaks.org/ (our "Website") and our practices for collecting, using, maintaining, protecting and disclosing that information.
This Privacy Policy applies to information, including Personal Data (defined herein), we collect:
It does not apply to information collected by:
Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see “Changes to Our Privacy Policy” section herein). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information, including Personal Data to or on the Website. We do not knowingly collect information, including Personal Data (defined herein) from children under 13 years of age. If you are under 13 years of age, do not use or provide any information on this Website or on or through any of its features, do not make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn that we have collected or received Personal Data (defined herein) from a child under 13 years of age without verification of parental consent, we will delete that Personal Data. If you believe we might have any information from or about a child under 13 years of age, please contact us at dataprivacy@tmpcompany.com.
The information, including Personal Data, we collect may include:
We collect several types of information, including Personal Data, including information:
We collect this information, including Personal Data:
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
The information we collect automatically is statistical data and may include Personal Data, or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
Technologies we use for this automatic data, including Personal Data, collection may include:
We use information, including Personal Data, that we collect about you or that you provide to us, including any Personal Data:
We may also use your information, including Personal Data, to contact you about our own and third parties' goods and services that may be of interest to you. If you do not want us to use your information, including Personal Data, in this way, please adjust your user preferences in your account profile and opt out by unsubscribing therefrom.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose Personal Data that we collect, or you provide as described in this Privacy Policy:
We may also disclose your Personal Data:
In addition, we will not send you e-mails that you have not agreed to receive, nor will we provide your information to third parties. We may periodically send you e-mail announcing news, updates and event information, and, if you choose to supply your postal address, you can receive mailings from us as well.
We strive to provide you with choices regarding Personal Data you provide to us. We have created mechanisms to provide you with the following control over your information:
Additionally, this section of the Policy applies solely to all visitors, users, and others who reside in the State of California (collectively, "consumers" or "you"). We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and any terms defined in the CCPA have the same meaning when used in this Policy.
The description of Information We Collect is included in the Information, Including Personal Data, We Collect About You and How We Collect It section of this Policy.
For this CCPA Section, Personal Data shall not include:
In particular, the Company has collected the following categories of Personal Data from consumers within the last twelve (12) months on with regards to information submitted or purchases made on https://shop.autismspeaks.org/:
Category | Examples | Collected |
---|---|---|
A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | Yes |
B. Personal Data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | Yes |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | No |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Yes |
G. Geolocation data. | Physical location or movements. | Yes |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | No |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | No |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
K. Inferences drawn from other Personal Data. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
We do not sell Personal Data.
We may disclose your Personal Data for business purpose. In the preceding twelve (12) months, Company has disclosed the following categories of Personal Data to the categories of third parties indicated in the chart below.
Personal Data Category | Business Purpose Disclosures |
---|---|
A: Identifiers | None |
B: California Customer Records Personal Data categories. | None |
C: Protected classification characteristics under California or federal law. | N/A |
D: Commercial information. | None |
E: Biometric information. | N/A |
F: Internet or other similar network activity. | None |
G: Geolocation data. | None |
H: Sensory data. | N/A |
I: Professional or employment-related information. | N/A |
J: Non-public education information. | N/A |
K: Inferences drawn from other Personal Data. | N/A |
The CCPA provides consumers (i.e. California residents) with specific rights regarding their Personal Data. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your Personal Data over the past 12 months (the "right to know"). Once we receive your request and confirm your, we will disclose to you:
You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We will delete or deidentify Personal Data not subject to one of these exceptions from our records and will direct our service providers to take similar action.
To exercise your rights to know or delete described above, please submit a request to the address indicated in the Contact Information section of this Policy.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
We will only use Personal Data provided in the request to verify the requestor's identity or authority to make it.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Data's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email using contact information provided in this Policy.
State consumer privacy laws, other than the CCPA and the "Shine the Light" law, such as Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
To exercise any of these rights please contact us at dataprivacy@epiinc.com. The appeal procedure from a decision regarding a consumer rights request is addressed in each of the above state laws.
Nevada provides its residents with a limited right to opt-out of certain Personal Data sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: dataprivacy@epiinc.com. However, please know we do not currently sell data triggering that statute's opt-out requirements.
Additionally, if the processing of your Personal Data falls within the scope of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (the “GDPR”), then such processing shall also be performed in accordance with GDPR requirements. Therefore, in addition to the above terms, Company provides you with the following information:
You may also send us an email at dataprivacy@epiinc.com to request access to, correct or delete any Personal Data that you have provided to us. We may not accommodate a request to change your Personal Data if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration and disclosure. All Personal Data you provide to us is stored on our secure servers behind firewalls.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security thereof transmitted to our Website. Any transmission of personal information, including Personal Data, is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
The Company will not retain your Personal Data longer than is necessary for the purpose it was collected.
It is our Privacy Policy to post any changes we make to our Policy on this page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Policy to check for any changes.
To ask questions or comment about this Policy and our privacy practices, contact us at: dataprivacy@tmpcompany.com.