Skip To ContentSkip To Footer
Account icon

PRIVACY POLICY

Effective Date: November 1, 2022

1. OVERVIEW

This privacy policy (“Policy”) applies to this website, www.truff.com, offered by Sauce Ventures, LLC (“Sauce,” “we,” “us,” or “our”). We strive to deliver outstanding products and services and value our customers’ business and loyalty. We recognize that privacy is an important issue. We have developed this Policy to explain our practices regarding the personal information we collect from you or about you when you purchase products from us, through written or verbal communications with us, when you use this website or mobile applications. While this Policy broadly describes the practices we have adopted within North America, local laws vary, and some jurisdictions may place restrictions on our collection, use, or disclosure of personal information. Our actual practices in such jurisdictions may be more limited than those described in this Policy to comply with local requirements.

If you are a resident of one of these specific jurisdictions, please visit the correspondence Appendix to learn about your additional, specific privacy rights:

  • California Residents – Appendix A
  • Canada Residents – Appendix B
  • Colorado Residents – Appendix C
  • Connecticut Residents - Appendix D
  • EU / UK Residents – Appendix E
  • Nevada Residents – Appendix F
  • Utah Residents – Appendix G
  • Virginia Residents – Appendix H

By accessing or using our websites, mobile applications (“apps”), or submitting information to us, or otherwise agreeing to this Policy, e.g., in the context of registering for any of our products or services, you understand and consent to our collection and use of your personal information as described herein.

In addition, you agree to our Messaging Terms (https://terms.pscr.pt/legal/shop/truff-hot-sauce/terms_of_service) and Messaging Privacy Policy (https://terms.pscr.pt/legal/shop/truff-hot-sauce/privacy_policy).

2. PERSONAL INFORMATION WE COLLECT

We collect personal information directly from you through our websites and apps and in our contact with you at our stores.  We may also collect information related to conversations, including records or copies of your correspondence with us or customer service calls for quality assurance and training purposes, and other communications such as website chat support, in-app messages, or SMS.

We collect personal information in certain common cases, such as:

Purchase of Goods: In connection with your purchase of goods from us at our stores or through our website, we collect personal information.  The information we collect in these cases may include first name, last name; shipping address, city, county, state, zip code; billing address, city, county, state, zip code; telephone number; e-mail address; gender; age; account name, account password; goods purchased; customer comments; date of purchase; a copy of your original invoice; invoice number; credit card number, expiration date and security code. We use this information to facilitate the purchase transaction.  The personal information described in this paragraph is the “Purchase Data.”

Newsletter: If you subscribe to our newsletter we collect personal information including first name, last name; e-mail address; telephone number; zip code, gender and date of birth.  We use this information to provide our newsletter and other information about our goods and services to you and to help us understand the demographics of our customers.  The personal information described in this paragraph is “Newsletter Data”

Social Media: If you choose to participate in one of our sponsored social media activities or offerings, we may collect certain information from your social media account consistent with your settings within the social media service, such as location, check-ins, activities, interests, photos, status updates, and friends list. We may also allow you to enter into contests to provide photos, such as of products you have purchased, which you may share with your connections on social media for votes, shared offers or other promotions.  We use this information for providing information about our goods and services and for understanding the needs and preferences of our customers.  The personal information described in this paragraph is the “Social Data.”

Contests and Sweepstakes: We may run contests or sweepstakes in which you may choose to participate. The personal information we collect may include first name, last name, e-mail address, telephone number, address, date of birth and other individual responses as indicated at the time of collection. Prize winners may be required to provide a social security number for tax reporting purposes.  We use this information to facilitate the contest or sweepstakes.  The personal information described in this paragraph is the “Contest and Sweepstakes Data.”

Customer Surveys: We may collect personal information at various events through surveys in which you may choose to participate. The information we collect may include age; date collected; purchase history, habits, and preferences; email; first name; last name; and other individual survey responses as indicated at the time of collection.  We use this information to understand the needs and preferences of our customers so that we can improve our goods and services.  The personal information described in this paragraph is the “Survey Data.”

Automatically Collected Personal Information: By its nature, our websites and apps also automatically collect some personal information about you. In order for you to view or interact with our website or apps, we receive individual identifiers like your IP address, and some network information like the date and time that pages are visited. We may collect this personal information even if you are not logged in.  We collect some personal information automatically using cookies or other tracking technologies as described below in Section 7. The personal information automatically collected may be collected by or on behalf of third parties who may provide us with inferences or aggregate reporting based on analysis of such personal information.   We use this information to understand how our customers are using our websites and apps.  The personal information described in this paragraph is the “Use Data.”

Employee Data: We collect personal information in the context of your role as an applicant to, an employee of, director of, or officer of, our business. The personal information we collect in these cases may include name, social security number, address, date of birth, gender, race, ethnicity, bank account and routing number, tax filing status, emergency contact information, telephone number, family member names, educational background, criminal background and employment history, medical provider information, dependent name(s), date of birth, gender and address, medical insurance provider, compensation and benefits data, workplace, and title. We only use this information for purposes of evaluating qualifications related to your job application or your job duties; evaluating your performance; or for providing compensation, benefits and services in the context of the employment relationship. The personal information described in this paragraph is the “Employee Data.”

Individuals Representing Businesses.  We collect personal information in the context of your role as a representative of a business.  The personal information we collect in these cases may include, name, address, email address, telephone, date of birth, gender, social security number and personal financial information.  We use this information for communicating with you in your role as a representative of a business or if you are an owner of a business to evaluate your creditworthiness.  The personal information described in this paragraph is the “Biz Rep Data”

In addition to the information we collect from you directly, we may also infer information about you based on the information you provide to us or from other information we collect.

3. PERSONAL INFORMATION FROM OTHER SOURCES

We may collect personal information about you from a number of sources in addition to those means of collection indicated above, including offline or through sources unrelated to your use of our websites or apps or interaction with us.  For example, we may collect personal information from publicly accessible sources (e.g., property records); directly from a third party, (e.g., credit reporting agencies or customer due diligence providers); or from a third party with your consent (e.g., your bank). We may merge or co-mingle that personal information with the personal information we maintain about you and other data collected on or through our website.

4. PURPOSES FOR WHICH WE COLLECT PERSONAL INFORMATION

In addition to the purposes set forth in Section 2 above, we may collect your personal information for the following purposes:

  • Auditing related to a current interaction with you, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
  • Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes;
  • Debugging to identify and repair errors that impair existing intended functionality;
  • Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with us provided that your personal information is not disclosed to a third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction with us;
  • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage or providing similar services on our behalf;
  • Providing advertising and marketing services to you, except for cross-context behavioral advertising.
  • Undertaking internal research for technological development and demonstration; and
  • Undertaking activities to verify or maintain the quality or safety of our products and services and to improve, upgrade, or enhance our products and services.
  • Advance our commercial or economic interests, such as by inducing a person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.

5. LIMITED USE

We will only use your personal information for the purposes for which we have collected it, unless we reasonably determine we need to use it for another reason and that reason is compatible with the original purpose. For example, we consider de-identification, aggregation, and other forms of anonymization of personal information to be compatible with the purposes listed above and in your interest, because the anonymization of such information reduces the likelihood of improper disclosure of that information.

If you wish to receive an explanation as to how the processing for a particular purpose is compatible with the original purpose, please contact us via the information specified in the Contact section below.

PLEASE NOTE THAT WE MAY PROCESS YOUR PERSONAL INFORMATION WITHOUT YOUR KNOWLEDGE OR CONSENT, IN COMPLIANCE WITH THE ABOVE RULES, WHERE THIS IS REQUIRED OR PERMITTED BY LAW.

6. HOW WE SHARE PERSONAL INFORMATION

In order to provide you with the best products and services, we disclose your personal information to our affiliates, service providers, contractors and other third parties as described below.

6.1 Affiliates. We may disclose your personal information to our parent company and entities under shared corporate control (“Affiliates”) for the purposes described in Sections 2 and 4 above.

6.2 Contractors. We disclose personal information to entities that help us fulfill a business or commercial purpose including, but not limited to, shipping companies that deliver our products to you (“Contractors”).  Contractors are not permitted to sell or share your personal information or to use your personal information other than to perform the tasks we assign to them.

6.3 Service Providers. We disclose your personal information to companies that process personal information on our behalf for a business or commercial purpose, including, but not limited to,  website hosting, app design, database management, web analytics, app analytics, billing, payment processing, communicating with you about our products or services (“Service Providers”).  Service Providers are not permitted to sell or share your personal information or to use your personal information other than to perform the tasks we assign to them.

6.4 Third Parties. In addition to third parties in the foregoing categories, we may disclose personal information to the following categories of third parties: advertising networks, internet service providers, data analytics providers, government entities, internet service providers, operating systems and platforms, social networks and data brokers.  For the purposes of this Policy, “third party” or “third parties” are entities that may sell, retain, use, or disclose personal information for purposes beyond providing services directly to us for our business or commercial purposes.

6.5 Compliance with Laws. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose your personal information to government or law enforcement officials or private parties in response to lawful requests when we believe disclosure or sharing is necessary to comply with any legal obligation, enforce or apply our terms and conditions, respond to claims and legal process, protect our services, members, dealers, our rights and/or the safety of the public or any person, or prevent or stop any illegal, unethical or legally actionable activity (including for the purposes of fraud protection).

6.6 Sale or Transfer of Business or Assets. We may disclose some or all of your personal information in connection with a merger, bankruptcy, or other transaction in which another entity assumes control of all or part of our business.  If another company or individual acquires our business, or assets, that company or individual will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Policy.

7. COOKIES AND OTHER TRACKING TECHNOLOGIES

Third parties, including Google and Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information from our websites and elsewhere on the internet and use that information to provide measurement services and target ads. You can opt-out of the collection and use of information for ad targeting using the options described in the Opting Out section below. The tracking technologies we utilize include the following:

7.1 Cookies. We may use different types of cookies when providing different types of web-related services. If you do not know what cookies are, or how to control or delete them, then we recommend you visit www.aboutcookies.org for detailed guidance. Cookies allow us to identify and authenticate visitors, track aggregate behavior, and enable important service features. We use both session ID cookies and persistent cookies. Session ID cookies are used to maintain your browser state as you browse through services, and they expire when you close your browser. A persistent Cookie remains on your hard drive for an extended period, and we use that to identify you should you return to services and want to find information you had previously entered or accessed.

We may also contract with analytics services, third-party affiliate services, and third-party advertising companies to collect similar information. These cookies allow the ad servers to recognize your computer each time they send you an online advertisement, and compile information about you or others who use your computer. This information allows such advertising networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you.

You may disable cookies through your web browser. For information about opting out of these collection services, please see the Your Choices section below.

7.2 Web Beacons/Tags. We may automatically collect aggregate anonymous information through files embedded in our services and emails known as “web beacons.” We may deliver a web beacon to you through our services from an advertising network with which we have contracted. Web beacons allow third parties to provide anonymized and aggregated auditing, research, and reporting for us. Web beacons also allow us to tell whether email recipients are able to properly view messages or if email messages have been opened, to ensure that we are sending only messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to users. We do not tie the information gathered by web beacons to personal information.

7.3 Flash LSOs. When we post videos, third parties may use local shared objects, known as “Flash cookies,” to store your preferences for volume control or to personalize certain video features. Flash cookies are different from browser cookies because of the amount and type of data and how the data is stored. The cookie management tools provided by many popular browsers will not remove Flash cookies. To learn how to manage Flash cookie privacy and storage settings, click here.

7.4 Analytics. We may use analytics tools or similar tools provided by third parties (“Data Analytics Providers”) to help analyze how you and other users utilize our services. Analytics tools use cookies and other tracking technologies to collect information such as how often users visit our website, what pages they visit, and what other websites they have used prior to visiting our website. We use the information we get from analytics tools only to improve services. Analytics tools collect the IP address or other unique identifier assigned to you on the date you visited services. We do not combine the information generated through the use of analytics tools with your other personal information. Analytics tools provided by third parties plant a persistent cookie on your web browser to identify you as a unique user the next time you visit our website, and the treatment of that information is governed by the third party’s terms of use and/or privacy policy. To learn about how Google uses data related to website analytics when you use our site or apps, click here: https://policies.google.com/technologies/partner-sites. For information about how Facebook uses cookies and other storage technologies, click here: https://www.facebook.com/policies/cookies/.

7.5 Third Parties. The following third parties may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage and how you interact with our properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes.  For more information about the collecting, use and sale of your personal data and your rights with respect to these third parties, please see the links listed below:

Name:Link:
Adquickhttps://www.adquick.com/privacy
Amazon Adshttps://advertising.amazon.com/resources/ad-policy/eu-data-protection-and-privacy
Hotjarhttps://www.hotjar.com/privacy/
Black Crow AIhttps://www.blackcrow.ai/legal/privacy-policy
Elevarhttps://www.getelevar.com/legal/privacy/
Facebookhttps://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Fairinghttps://fairing.co/privacy
Flowcodehttps://www.flowcode.com/privacy-policy
FullStoryhttps://www.fullstory.com/legal/privacy-policy/
Google Analyticshttps://policies.google.com/technologies/partner-sites
Google Adshttps://policies.google.com/technologies/partner-sites
Google Optimizehttps://policies.google.com/technologies/partner-sites
Gorgiashttps://www.gorgias.com/legal/privacy
GRINhttps://grin.co/privacy/
JustUnohttps://www.justuno.com/legal/privacy-policy/
Klarnahttps://www.klarna.com/us/privacy/
Klaviyohttps://www.klaviyo.com/legal/privacy/privacy-notice
Lucky Orangehttps://a.storyblok.com/f/110013/x/f7d78e39f6/lucky-orange_privacy-statement_12-01-22-69623277v9-c.pdf
Microsoft Clarityhttps://privacy.microsoft.com/en-US/privacystatement
Northbeamhttps://www.northbeam.io/privacy-policy
Postscripthttps://postscript.io/privacy
LiveRecoverhttps://liverecover.com/privacy-policy
Pinteresthttps://policy.pinterest.com/en/privacy-policy
PostPilothttps://www.postpilot.com/privacy-policy
Share Local Mediahttps://sharelocalmedia.com/privacy-policy
Postiehttps://postie.com/privacy-policy/
Reddithttps://www.reddit.com/policies/privacy-policy
ShareASalehttps://www.awin.com/us/privacy?utm_source=shareasale-website&utm_medium=text-link&utm_campaign=shareasale-website
Shopifyhttps://www.shopify.com/legal/privacy
Snapchathttps://snap.com/en-US/privacy/privacy-policy
Tapcarthttps://www.tapcart.com/privacy-policy
Tapjoyhttps://dev.tapjoy.com/en/legal/Privacy-Policy
Tatarihttps://www.tatari.tv/privacy-policy#:\~:text=Tatari%20Inc%20shall%20endeavor%20and,user's%20personal%20information%20under%20our
TikTokhttps://www.tiktok.com/legal/privacy-policy-us?lang=en
TVDNhttps://tvdatanow.co/terms/
Wunderkindhttps://www.wunderkind.co/privacy/
Yotpohttps://www.yotpo.com/privacy-policy/

7.6 BY USING OUR WEBSITE, YOU GIVE CONSENT FOR US TO SHARE YOUR DATA WITH THESE PROCESSORS, AND FOR THEM TO TRANSFER THIS INFORMATION ONWARD TO THEIR PARTNERS IN CONNECTION WITH PROVIDING YOU SERVICES.

8. OPTING OUT

You can make the following choices regarding your personal information:

8.1 Promotional and Other Emails. You may choose, during the account registration processes on one of our websites, or otherwise, to provide us with your email address for the purpose of allowing us to send newsletters, surveys, offers, and other materials related to our services. You can stop receiving these emails by sending a request to the email address in the Contact Us section below. If you decide not to receive these emails, we may still send you communications related to your current or former membership.

8.2 Behavioral Advertising. Our services may use behavioral advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our websites so that they can provide advertising about products and services tailored to your interests. That advertising may appear either on our website, or on other websites not operated by us. If you do not want third parties to collect information about your use of our services, you can opt-out of such at the Digital Advertising Alliance in the US, the Digital Advertising Alliance of Canada in Canada, or the European Digital Advertising Alliance in Europe.

PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING SERVICES. IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.

8.3 Analytics. Many analytics providers allow end-users to opt out of the retention of their information, including our third-party analytics providers. Please note that, typically, unless you create an account with the analytics provider, your choice to opt out applies only to the device from which you make the request, because the providers use cookies on that device to recognize your choice. If you get a new device, install a new web browser, update your browser, or otherwise erase/alter your browser cookie files you may clear the opt-out cookie.

You may learn more about the use of information by and opting-out of analytics from our third-party provider by visiting its opt-out page at the following links:

8.4 Cookies. You may disable, or delete cookies in your Web browser, but doing so may impact the usability of the website. To block cookies, you can also browse our service using your browser’s anonymous usage setting (called “Incognito” in Chrome, “In Private” for Internet Explorer, “Private Browsing” in Firefox and Safari, etc.).

8.5 Do Not Track. Our website does not recognize and respond to “Do Not Track” requests available through many popular web browsers.

9. INTERNATIONAL TRANSFERS OF INFORMATION

Your personal information may be processed in the country in which it was collected and in other countries, where laws regarding personal information may be less stringent than the laws in your country. Therefore, in some circumstances, you might be left without a legal remedy in the event of a privacy breach or other use that is prohibited in your country. By submitting your personal information, you agree to this transfer, storage and/or processing, including all associated risks.

10. INFORMATION SECURITY

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. We make efforts to protect your personal information from improper or unauthorized loss, misuse, access, disclosure, alteration, or destruction. If you have questions about the security of your personal information, contact us at the email or regular mail address specified in the Contact section below.

11. DATA RETENTION

We will retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and the applicable legal requirements.  We do not store or retain any financial information you provide us to complete a transaction.

12. THIRD-PARTY LINKS

Our websites or apps may contain links to other websites or apps. We are not responsible for the privacy practices or the content of these other websites or apps. You should read the policy statement of these other websites or apps to understand their policies. When you access linked websites or apps, you may be disclosing private information. It is your responsibility to keep such information private and confidential.

13. CHILDREN UNDER THE AGE OF 13

We are concerns about the privacy protection of children who access the Internet, and we comply with the Children’s Online Privacy Protection Act (COPPA).  Accordingly, this website is not intended for use by anyone under the age of 13 without the supervision or a parent or guardian, and we do not knowingly collect information from anyone under 13 years of age without the consent of a parent or guardian.  If you are under the age of 13, please do not submit any personal information to us, you must rely on your parent or guardian to assist you.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Policy from time to time, in our sole discretion. When we do so, we will post the new Policy on our website. You should consult this Policy regularly for any changes. Continued use of services following posting of such changes constitutes your acknowledgement of such changes and agreement to be bound by the changes. If you do not agree, you should immediately discontinue your use of our website and services.

15. CONTACT US

If you have questions regarding this Policy, its appendices, or our treatment of your personal information, you may contact us at:

Sauce Ventures, LLC

3080 Bristol Street

Suite 530

Costa Mesa, CA 92626

Attention: Privacy Team

Email: support@truff.com with the subject “Privacy Policy Questions”


APPENDIX A: CALIFORNIA PRIVACY RIGHTS

Effective: November 1, 2022

Your California Privacy Rights:

Under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”) and certain other California privacy and data protection laws, as applicable, residents of California have the following rights with respect to their personal information.

Right to Know About Our Collection, Disclosure, Sharing and Sale of Personal Information about You.

Personal information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you, including the following categories: (a) identifiers; (b) categories described in California Civil Code §1798.80(e); (c) characteristics of protected classes; (d) commercial information; (e) biometric information; (f) internet or other electronic network activity; (g) geolocation data; (h) audio, electronic, visual, thermal, olfactory or similar information; (i) professional or employment related information; (j) education information; and (k) inferences drawn from such information to create a consumer profile.  You have the right to know the categories of personal information we have collected about you; the categories of sources from which we collect personal information; our business or commercial purpose for collecting, disclosing, sharing or selling personal information; the categories of third parties to whom we disclose, share or sell personal information, if any; and the specific pieces of personal information we have collected about you.  Personal information includes “sensitive” personal as described below.

Right to Know About Our Collection, Disclosure, Sharing and Sale of “Sensitive” Personal Information about You.

Although we do not collect, disclose, share or sell “sensitive” personal information, it is defined as personal information that reveals: (a) your social security, driver’s license, state identification card, or passport number; (b) your account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) your precise geolocation; (d) your racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of your mail, email, and text messages unless we are the intended recipient of the communication; (f) your genetic data. “Sensitive” personal information also includes biometric information that is processed for the purpose of identifying you, information that is collected and analyzed concerning your health; or your sex life or sexual orientation.

You have the right to know the categories of “sensitive” personal information we have collected about you, the categories of sources from which we collect personal information, our business or commercial purpose for collecting, selling or sharing “sensitive” personal information, the categories of third parties with whom we sell or share “sensitive” personal information, if any, and the specific pieces of “sensitive” personal information we have collected about you.

Right to Delete Your Personal Information

Subject to the exceptions set out below, and upon your submission of a verifiable request, you have the right to deletion of your personal information from our records, and to have us direct our service providers, contractors and third parties to delete your personal information from their records.

We are not required to, and reserve our right to not delete your personal information if it is necessary to: (i) complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; (ii) help to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for those purposes; (iii) debug to identify and repair errors that impair existing intended functionality; (iv) exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; (v) comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code; (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent; (vii) enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information; and (viii) comply with a legal obligation.

Right to Correct Inaccurate Personal Information.

Subject to the exceptions set out below, and upon your submission of a verifiable request, you have the right to correct any inaccurate personal information in our records, and to have us direct our service providers, contractors and third parties to correct any inaccurate personal information from their records.

If we cannot verify your identity pursuant to the CCPA and its regulations we may deny a request to correct.  In such event, we shall inform your that your identity cannot be verified.

In determining the accuracy of the personal information that is the subject of your request to correct, we shall consider the totality of the circumstances relating to the contested personal information. We may deny your request to correct if we determine that the contested personal information is more likely than not accurate based on the totality of the circumstances.

Right to Be Free from Discrimination

You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, on the basis of the exercise of your rights thereunder, among other things, deny goods or services to you, charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; provide a different level or quality of goods or services to you; or suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services or retaliate against you as an employee, applicant for employment or independent contractor.

How to Exercise Your Rights

Unless otherwise specified, to exercise any of your rights described in this Appendix A, please submit your request to us at support@truff.com with the subject “CCPA Consumer Request.”  You can also exercise these rights by clicking the following link: https://www.truff.com/pages/consumer-privacy-request-form.

In order to verify your request, we may need you to provide us with enough information to identify you (e.g., your full name, address, and customer or matter reference number), proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill), and a description of what right you wish to exercise along with any information to which your requests relates.  If feasible, we will match the indemnifying information provided by you with the personal information that we already maintain about you.

You may designate an authorized agent to make a request under the CCPA on your behalf. In order to fulfill your request to know or delete submitted by an authorized agent, you must provide the authorized agent written permission to do so, and we may require that you verify your own identity with us directly or provide us with a copy of the written permission given.

We reserve our right not to grant a consumer request if we cannot verify that the person making the request is the person about whom we have collected information, or someone authorized to act on such person’s behalf. You may only make a request to access or receive copies of personal information twice within a 12-month period. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

Your Right to Opt-Out of the Sharing of Personal Information

We may disclose your personal information to third parties for cross-context behavioral advertising purposes (“Share” or “Sharing”).  You have the right to opt-out of the Sharing of your personal information and you may exercise your right by clicking the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the Sharing of your personal information, we would refrain from Sharing your personal information, unless you subsequently provide express authorization for the sharing of your personal information.

Your Right to Opt-Out of the Sale of Personal Information

We may disclose your personal information to third parties in exchange for monetary or other consideration.  Such disclosures are considered to be “Sales” under the CCPA.  You have the right to opt-out of the Sale of your personal information and you may exercise your right by clicking on the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the Sale of your personal information, we would refrain from Selling your personal information, unless you subsequently provide express authorization for the Sale of your personal information.

Your Right to Opt-Out by Using Opt-Out Preference Signals.

We will process any opt-out preference signal that (a) is in a format commonly used and recognized by businesses (for example, in an HTTP header field) and (b) is sent from a platform, technology, or mechanism that makes it clear to the consumer, whether in its configuration or in disclosures to the public, that the use of the signal is meant to have the effect of opting the consumer out of the sale and sharing of their personal information (“Opt-Out Preference Signal”).  We shall treat the Opt-Out Preference Signal as a valid request to opt-out of the sale or sharing of personal information for your browser or device, and, if known, for you.

If the opt-out preference signal conflicts with other privacy settings that you have submitted to us, we will process the opt-out preference signal but may notify you of the conflict and provide you with the opportunity to consent to the sale or sharing of your personal information.

If the Opt-Out Preference Signal conflicts with your participation in a financial incentive program, we shall notify you of the conflict and request your affirmation that you intend to withdraw from the financial incentive program.  If you affirm your intent to withdraw we shall process the Opt-Out Preference Signal.  If you do not affirm your intent to withdraw, we will not process the Opt-Out Preference Signal.

Your Right to Limit the Use or Disclosure of “Sensitive” Personal Information

We do not collect any “sensitive” personal information.  If we were to collect and use your “sensitive” personal information other than is necessary to provide our goods and perform our services, you would have the right to limit our use or disclosure of your “sensitive” personal information to that which is necessary to provide our goods and services to you.

Children’s Right to Opt-In to the Sale of Personal Information

We do not knowingly collect or sell the personal information of minors under 16 years of age without affirmative authorization. For minors who wish to opt-in to the sale of their personal information, we have established the following processes:

Minors between 13 and 16 years of age:

In the case of consumers between 13 and 16 years of age, we require the consumer to affirmatively authorize the sale of the consumer’s personal information.  In order to opt-in minors in this age range, as part of the account registration process for our products which may be targeted toward minors, we require the consumer or consumer’s parent or guardian to verify the consumer’s identity by providing at least two data points with data points maintained by the business, which we have determined to be reliable for the purpose of verifying the consumer.

Minors under 13 years of age:

In the case of consumers who are less than 13 years of age, we require the consumer’s parent to affirmatively authorize the sale of the consumer’s personal information. In order to opt-in minors in this age range, as part of the account registration process for our products which may be targeted toward minors, we require that the consumer’s parent or guardian verify the consumer’s identity, which we have determined to be reliable for the purpose of verifying the consumer.

We reserve the right to require additional information or not complete your request if we cannot verify your identity. If you are a parent or guardian seeking to opt-out on behalf of their child, please email us at support@truff.com with the subject “Minor Opt-Out.”

Our Collection and Disclosure of Personal Information

Sources from Which We Receive Personal Information

We may receive personal information from the following categories of sources:

  • You, the consumer
  • Advertising networks
  • Internet Service Providers
  • Data Analytics Providers
  • Government Entities
  • Operating Systems and Platforms
  • Social Networks
  • Data Brokers

Third Parties with Whom We Share Personal Information

We routinely share personal information with the following categories of third parties:

  • Affiliates
  • Advertising Networks
  • Internet Service Providers
  • Data Analytics Providers.
  • Government Entities
  • Operating Systems and Platforms
  • Social Networks
  • Data Brokers
  • Service Providers

Categories of Personal Information Collected, Sold or Shared and Disclosed Sold within the past 12 months.

Category of Personal InformationInformation CollectedSold or Shared in the Past 12 Months?Categories of Third Parties to Whom Sold or SharedDisclosed for a Business Purpose in Past 12 Months?Categories of Third Parties to Whom Disclosed
Individual IdentifiersPurchase Data; Newsletter Data; Social Data; Use Data; Employee Data; Biz Rep DataYesContractors; Service Providers; Affiliates; Third Parties; ShopifyYesContractors; Service Providers; Government Entities; Affiliates
Categories Described in California Consumer Records Act, Civil Code §1798.81.5Purchase Data; Newsletter Data; Social Data; Use Data; Employee Data; Biz Rep DataYesContractors; Service Providers; Affiliates; Third Parties; ShopifyYesContractors; Service Providers; Government Entities; Affiliates
Characteristics of protected classifications under California or federal law.Purchase Data; Newsletter Data; Employee Data; Biz Rep DataNoNot ApplicableNoNot Applicable
Commercial information.Purchase Data; Social Data; Use Data; Employee Data; Biz Rep DataYesContractors; Service Providers; Affiliates; Third Parties; ShopifyYesContractors; Service Providers; Government Entities; Affiliates
Biometric information.Employee DataNoNot ApplicableNoNot Applicable
Internet or other electronic network activity.Use DataYesContractors; Service Providers; Affiliates; Third Parties; RakutenYesService Providers
Geolocation data.Social Data; Use DataNoNot ApplicableNoNot Applicable
Audio, electronic, visual, thermal, olfactory, or similar information.NoneNoNot ApplicableNoNot Applicable
Professional or employment-related information.Employee DataNoNot ApplicableNoNot Applicable
Education information.Employee DataNoNot ApplicableNoNot Applicable
Inferences drawn from any of the information identified above.NoneNoNot ApplicableNoNone

Categories of “Sensitive” Personal Information Collected, Disclosed, and Sold within the past 12 months.  We do not collect, disclosure, share or sell any “sensitive” personal information.

Shine the Light Request.

Individual consumers who reside in California and have provided us with their personal information may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes. Such requests must include your name, street address, city, state, and zip code, and be submitted to us at one of the following addresses: support@truff.com with the subject “California Shine The Light Request” or Sauce Ventures, LLC, 3080 Bristol St, Suite 530, Costa Mesa, CA 92626, Attention: Privacy Team. Within thirty days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.

Minor’s Right to Remove Posted Content.

If you are a California resident under the age of 18, and a registered user of any website where this Policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information that you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to support@truff.com with the subject “Privacy Rights for Minors.”  Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

APPENDIX B: CANADA PRIVACY RIGHTS NOTICE

This Section provides additional information to individuals located in Canada at the time their personal information is collected by Us.

You may request details about Our privacy practices, access or correct your personal information, or make a complaint by contacting Our privacy officer in writing:

Sauce Ventures, LLC

3080 Bristol Street

Suite 530

Costa Mesa, CA 92626

Attention: Privacy Team

support@truff.com

If you are not satisfied with Our response to your inquiry, you may contact the Office of the Privacy Commissioner of Canada: 1-800-282-1376 (toll-free) or priv.gc.ca


APPENDIX C: COLORADO PRIVACY RIGHTS NOTICE

1. YOUR COLORADO PRIVACY RIGHTS

Under the Colorado Privacy Act (the “CPA”) if you are a resident of Colorado, acting only in an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your personal data are described below.

1.1 Disclosure of Our Personal Data Collection and Processing Practices.

Personal data as defined in the CPA means any information that is linked or reasonably linkable to you.  Our main Privacy Policy and Appendix A describe our collection and processing of personal data (therein also referred to as “personal information”) practices, including:

a.     the categories of personal data that we collect or process (Section 2);

b.     the purposes for processing the personal data (Sections 2 and 4);

c.     the categories of personal data shared with third parties (Appendix A, Section 3.1)

d.     the categories of third parties with whom we share personal data (Appendix A, Section 3.1)

e.     our sale of personal data to third parties or targeted advertising (Appendix A, Section 3.1, therein “targeted advertising” is referred to as “sharing for cross-context behavioral advertising”)

1.2 Right of Access.

You have the right to confirm whether or not we are processing personal data concerning you and to access to your personal data.

1.3 Right to Correction.

You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data.

1.4 Right to Deletion

You have the right to delete personal data concerning you.

1.5 Right to Data Portability.

When exercising the right to access personal data, you have the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

1.6 Right to Opt Out.

You have the right to opt out of the processing of your personal data for (a) targeted advertising, (b) sale of personal data, or (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

We may disclose your personal data to third parties for targeted advertising purposes. This means the targeting of advertising to you based on your personal data that we obtain from your activity across businesses, distinctly-branded websites, applications, or services, other than our business, distinctly-branded website, application, or service. We may share personal data with advertising networks so they may help us to deliver advertisements to you based on your activity on our website or apps and/or your activity on other websites or apps.

You have the right to opt-out of the processing of your personal data for targeted advertising or profiling and you may exercise your right by clicking the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the processing of your personal data for targeted advertising or profiling, we will refrain from processing your personal data for targeted advertising or profiling, unless you subsequently provide express authorization for the sharing of your personal data.

We may disclose your personal data to third parties in exchange for monetary or other consideration.  We may sell your personal data to advertising networks so they may help us to deliver advertisements to you based on your activity on our website or apps and/or to recommend our services and products to you based on your activity on other websites or apps.  We may sell your personal data to data analytics providers who may use your personal data for their own behavioral advertising analysis purposes.

You have the right to opt-out of the sale of your personal data and you may exercise your right by clicking on the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the sale of your personal data, we will refrain from selling your personal data, unless you subsequently provide express authorization for the sale of your personal data.

We will process any opt-out preference signal that (a) is in a format commonly used and recognized by businesses (for example, in an HTTP header field) and (b) is sent from a platform, technology, or mechanism that makes it clear to the consumer, whether in its configuration or in disclosures to the public, that the use of the signal is meant to have the effect of opting the consumer out of the sale and sharing of their personal data (“Opt-Out Preference Signal”).  We shall treat the Opt-Out Preference Signal as a valid request to opt-out of the sale or sharing of personal data for your browser or device, and, if known, for you.

1.7 Your “Sensitive Data” May Not Be Processed without Your Consent

“Sensitive Data” means (a) personal data revealing your racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, or citizenship or citizenship status; (b) the processing of genetic or biometric data for identification purposes and (c) personal data from a known child.  We will not process your “Sensitive Data” without your consent or in the case of a known child, the consent or a parent or lawful guardian.

2. HOW TO EXERCISE YOUR CPA RIGHTS

Unless otherwise specified, to exercise any of your rights described in this Appendix C, please submit your request to us at support@truff.com with the subject “CPA Consumer Request.”  We shall respond to your request within 45 days of receipt.  The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 day response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request.  The notification will include a justification for declining to take action and instructions on how you may appeal.

Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including an written explanation of the reason for the decisions.  If we deny the appeal, you may contact the Colorado Attorney General at https://complaints.coag.gov/s/?varCFT=2 or (720) 508-6000.

We shall provide information in response to your request free of charge, except that, for a second or subsequent request within a 12 month period, we may charge an amount as provided in the CPA.  If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request.  If we cannot authenticate you and your request we will not be able to grant your request.

You may designate another person to serve as your authorized agent and act on your behalf. We will comply with an opt-out request received from an authorized agent if we are able to verify, with commercially reasonable effort, your identity and the authorized agent’s authority to act on your behalf.


APPENDIX D: CONNECTICUT PRIVACY RIGHTS NOTICE

1. YOUR CONNECTICUT PRIVACY RIGHTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

1.1 Disclosure of Our Personal Data Collection and Processing Practices.

Personal data as defined in the CDPA means any information that is linked or reasonably linkable to you.  Our main Privacy Policy and Appendix A describe our collection and processing of personal data (therein also referred to as “personal information”) practices, including:

a.     the categories of personal data that we collect or process (Section 2);

b.     the purposes for processing the personal data (Sections 2 and 4);

c.     the categories of personal data shared with third parties (Appendix A, Section 3.1)

d.     the categories of third parties with whom we share personal data (Appendix A, Section 3.1)

e.     our sale of personal data to third parties or targeted advertising (Appendix A, Section 3.1, therein “targeted advertising” is referred to as “sharing for cross-context behavioral advertising”)

1.2 Right of Access.

You have the right to confirm whether or not we are processing personal data concerning you and to access to your personal data, except if doing so would require us to reveal a trade secret.

1.3 Right to Correction.

You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data.

1.4 Right to Deletion

You have the right to delete personal data concerning you.

1.5 Right to Data Portability.

When exercising the right to access personal data, you have the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

1.6 Right to Opt Out.

You have the right to opt out of the processing of your personal data for (a) targeted advertising, (b) sale of personal data, or (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

We may disclose your personal data to third parties for targeted advertising purposes.  This means the targeting of advertising to you based on your personal data that we obtain from your activity across businesses, distinctly-branded websites, applications, or services, other than our business, distinctly-branded website, application, or service. We may share personal data with advertising networks so they may help us to deliver advertisements to you based on your activity on our website or apps and/or your activity on other websites or apps.

You have the right to opt-out of the processing of your personal data for targeted advertising or profiling and you may exercise your right by clicking the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the processing of your personal data for targeted advertising or profiling, we will refrain from processing your personal data for targeted advertising or profiling, unless you subsequently provide your express authorization.

We may disclose your personal data to third parties in exchange for monetary or other consideration.  We may sell your personal data to advertising networks so they may help us to deliver advertisements to you based on your activity on our website or apps and/or to recommend our services and products to you based on your activity on other websites or apps.  We may sell your personal data to data analytics providers who may use your personal data for their own behavioral advertising analysis purposes.

You have the right to opt-out of the sale of your personal data and you may exercise your right by clicking on the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the sale of your personal data, we will refrain from selling your personal data, unless you subsequently provide express authorization for the sale of your personal data.

We will process any opt-out preference signal that (a) is in a format commonly used and recognized by businesses (for example, in an HTTP header field) and (b) is sent from a platform, technology, or mechanism that makes it clear to the consumer, whether in its configuration or in disclosures to the public, that the use of the signal is meant to have the effect of opting the consumer out of the sale and sharing of their personal data (“Opt-Out Preference Signal”).  We shall treat the Opt-Out Preference Signal as a valid request to opt-out of the sale or sharing of personal data for your browser or device, and, if known, for you.

1.7 Your “Sensitive Data” May Not Be Processed without Your Consent

“Sensitive Data” means (a) personal data revealing your racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, or citizenship or immigration status; (b) the processing of genetic or biometric data for identification purposes; (c) personal data from a known child (individual under the age of 13); precise geolocation data.  We will not process your “Sensitive Data” without your consent or in the case of a known child, the consent or a parent or lawful guardian.

2. HOW TO EXERCISE YOUR CDPA RIGHTS

Unless otherwise specified, to exercise any of your rights described in this Appendix D, please submit your request to us at support@truff.com with the subject “CDPA Consumer Request.”  We shall respond to your request within 45 days of receipt.  The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 day response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request.  The notification will include a justification for declining to take action and instructions on how you may appeal.

Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.  If we deny the appeal, you may contact the Connecticut Attorney General to submit a complaint at https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page or (860) 808-5318.

We shall provide information in response to your request free of charge, except that, for a second or subsequent request within a 12 month period, we may charge an amount as provided in the CDPA.  If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request.  If we cannot authenticate you and your request we will not be able to grant your request.

You may designate another person to serve as your authorized agent and act on your behalf. We will comply with an opt-out request received from an authorized agent if we are able to verify, with commercially reasonable effort, your identity and the authorized agent’s authority to act on your behalf.


APPENDIX E: EEA / UK / SWITZERLAND PRIVACY RIGHTS NOTICE

This Section provides additional information to individuals located in the EEA, the United Kingdom or Switzerland at the time their personal information is collected by Us. All capitalized terms in this Section have the meaning as defined in the General Data Protection Regulation (GDPR) and/or, as applicable, the GDPR as it is saved and incorporated into United Kingdom law following Brexit (UK-GDPR) or the Swiss Data Protection Act (including, but not limited to “Personal Data”, “Processing”, “Controller”, “Processor”, “Data Subject”, “Consent”).

1.         Data Controller, Data Protection Officer and EU Representative

The Controller for the Processing described in this Privacy Policy is:

Sauce Ventures, LLC, 3080 Bristol Street, Suite 530, Costa Mesa, CA 92626, Attention: Privacy Team, support@truff.com

You can contact the Company’s Data Protection Officer using: support@truff.com.

For Data Subjects in the EU and the UK:
We value your data subject rights under GDPR and UK-GDPR and therefore appointed the following entities as representatives according to Art 27 GDPR and Art. 27 UK-GDPR in order to provide you with an easy way to submit to us privacy related request like a request to access or erase your personal data. If you want to make use of your data subject rights, please contact the Data Protection Officer, as set forth above.

2.         Legal Basis of Our Processing. The Legal basis of Our Processing of your Personal Data within the scope of application of the GDPR, the UK-GDPR or the Swiss Data Protection Act is as follows:

  • Contract (Art. 6 (1) b GDPR), where we Process your purchase transactions (e.g. orders, exchanges and returns, shipping notifications) and answer your support and customer service requests as this is necessary for the performance of Our contract with you;
  • Legitimate Interests (Art. 6 (1) f GDPR):
    • In our legitimate interest in providing a secure Website user experience, we Process Your Personal Data to administer Our Programs and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • For an appealing surfing experience, we Process your Personal Data to allow you to participate in interactive features of our Website or our social media accounts, when you choose to do so;
    • Responding to your comments and questions is part of Our legitimate business interests in providing you with first class services;
    • In our legitimate interest in expanding marketing offers to potential customers, we Process your Personal Data to share it with our advertising and marketing partners;
    • To protect Our financial interests or to otherwise protect Ourselves against fraud or unauthorized transactions, we Process your Personal Data, e.g. we conduct credit card screenings, and perform monitoring to identify potential unauthorized users or hackers;
    • Our legitimate interest in promoting Our business is the purpose for Processing your Personal Data to facilitate any contests, sweepstakes, or promotions and process and deliver entries and rewards;
    • If you want to work with Us and apply for a job, We Process your Personal Data to evaluate your application;
    • To protect Our rights and interests (e.g. protect the Company against legal claims) we can use your data with, or otherwise distribute, share or disclose your Personal Data to any of the Company’s professional advisors such as attorneys or accountants in order to facilitate their professional advice.
  • Consent (Art. 6 (1) a GDPR):
    • Unless consent is not required under applicable law, we send you promotional communication about Our products, services, offers, and events offered by Us and others, and provide news and information We think will be of interest to you only after you have consented to such communication. You can withdraw your consent at any time with future effect, e.g. by clicking the unsubscribe-link in each promotional email;
    • We request your explicit consent to monitor and analyze your usage of Company Programs and advertising to understand their effectiveness, and to personalize your experience when you use a Company Program;
    • We also request your consent to facilitate your use of various social media sharing features or other integrated tools (such as the Facebook “Like” button) which you may use as part of social media pages.
  • Compliance with Legal Obligations (Art. 6 (1) c GDPR):
    • We Process your Personal Data for compliance purposes as may be required by applicable laws or regulations or as requested by any judicial process or governmental agency (including without limitation for Company’s tax reporting) or as may be requested e.g. under any subpoena or court order.

3.         Social Media Accounts We maintain accounts with various social media networks. When you visit these social media networks, a variety of Data Processing operations are triggered. We use your Personal Data when you visit Our profiles on these social media networks, or when you click on the like-button on one of our social media advertisements. When you visit Our profiles, your Personal Data is not only used by Us but also by the social network provider, regardless of whether you have a profile in the social network or not. The individual Processing and its scope differ from provider to provider, and they are not completely transparent to Us. Details about the Processing of the social network providers can be found in the relevant social media network’s Privacy Policy:

The social network providers collect your usage information to provide us with usage statistics. To learn more about how such tracking takes place and to understand how we use social media plugins on our Site please review previous sections of this Policy.

4.         International Transfers We may share your Personal Data with recipients (including our group members, service providers or business partners, as described in this Policy), located in the EEA, the UK and Switzerland; or in the United States and/or otherwise in countries outside the EEA, the UK and Switzerland which do not provide for an adequate level of data protection from an EU or Swiss law perspective. For such transfers, we will ensure that the recipients are subject to appropriate safeguards as permitted under the applicable data protection laws, e.g. by entering into appropriate data transfer agreements on the basis of updated EU standard contractual clauses issued by the Commission, on the basis of the UK’s International Data Transfer Agreement (IDTA) or by reliance upon the Article 49 GDPR derogations or corresponding derogations under the UK-GDPR or Swiss Data Protection Act, as applicable. A copy of the respective appropriate safeguards is available upon request.

5.         Duration of Our Data Processing We retain Personal Data you provide to Us for as long as necessary for the purpose such Personal Data was originally collected or otherwise processed for, e.g. in order to meet Our contractual obligations towards you, until you withdraw your consent, or as long as you maintain a customer account with Us. If required under applicable law, We will store your Personal Data for a period of up to ten more years (e.g. under tax law). Apart from that We can further store your Personal Data for the establishment, exercise or defense of legal claims.

We may also retain aggregate information beyond this time for research purposes and to help us develop and improve Our Services.

6.         Your Data Protection Rights under the GDPR You have the following rights pursuant to the GDPR, where applicable, which can be exercised using the contact details of the Controller listed above:

  • Right of Access, pursuant to GDPR Article 15, to obtain from Us confirmation as to whether or not Personal Data has been Processed and, if so, access to that Personal Data and additional information about the categories of Personal Data and its source, and how it has been Processed, e.g. the purpose, the categories of recipients, the planned retention period, the existence of the Data Subject’s rights;
  • Right to Rectification, pursuant to GDPR Article 16, to request the correction of incorrect Personal Data or any completed Personal Data stored by Us;
  • Right to Erasure, pursuant to GDPR Article 17, to request the deletion of the Personal Data stored by Us, except for the allowed continued uses permitted by the GDPR;
  • Right to Restriction, pursuant to GDPR Article 18, to demand the restriction of the Processing of the Personal Data where one of the following applies: (i) as far as the accuracy of the Personal Data is disputed by you; (ii) the Processing of the Personal Data is unlawful, but you reject its deletion; (iii) We no longer need the Personal Data, but you require it to exercise or defend legal claims; or (iv) you have objected to the Processing in accordance with GDPR Article 21;
  • Right to Data Portability, pursuant to GDPR Article 20, to receive your Personal Data as provided to Us, in a structured, common and machine-readable format or to request the transfer to another Controller;
  • Right to Withdrawal, pursuant to GDPR Article 7(3), you have the right to withdraw, at any time, your once granted consent. As a result, We are no longer allowed to continue the Processing based on that consent for the future, but such withdrawal does not affect the lawfulness of the Processing based on such consent before such withdrawal; and
  • Right to Lodge a Complaint with a Supervisory Authority, pursuant to GDPR Article 77, to complain to a Supervisory Authority (e.g. that of Your usual place of residence or work or place of the alleged infringement). You can find details of EEA Supervisory Authorities here: https://edpb.europa.eu/about-edpb/board/members_en. The Supervisory Authority in the UK is the Information Commissioner’s Office (ICO): casework@ico.org.uk or 0303 123 1113 / +44 1625 545 700; www.ico.org.uk.

To exercise these rights, please contact us at set forth in Section 15 of this Policy.

APPENDIX F: NEVADA PRIVACY RIGHTS NOTICE

Under Nevada Revised Statues Section 603A., et. seq., residents of Nevada have certain rights with respect to the personal information that we collect on this website.

1.         The categories of personal information that we collect and the categories of third parties with whom we share personal information are described in the chart in the above Appendix A. California Privacy Rights Notice.

2.         You may review and request changes to the personal information that we collect or process on this website by sending an e-mail to support@truff.com.

3.         Any material changes to this notice shall be posted in this Appendix B to this Policy.

4.         When you use our websites, we may share personal information about your online activities over time and across different internet sites or online services with third parties.

APPENDIX G: UTAH PRIVACY RIGHTS NOTICE

YOUR UTAH PRIVACY RIGHTS UNDER THE UTAH CONSUMER PRIVACY ACT

Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below.

1.1 Disclosure of Our Personal Data Collection and Processing Practices.

Personal data as defined in the UCPA means any information that is linked or reasonably linkable to you.  Our main Privacy Policy and Appendix A describe our collection and processing of personal data (therein also referred to as “personal information”) practices in general, including:

a.     the categories of personal data that we collect or process (Section 2);

b.     the purposes for processing the personal data (Sections 2 and 4);

c.     the categories of personal data shared with third parties (Appendix A, Section 3.1)

d.     the categories of third parties with whom we share personal data (Appendix A, Section 3.1)

e.     our sale of personal data to third parties and processing of personal data for targeted advertising (Appendix A, Section 3.1, therein “targeted advertising” is referred to as “sharing for cross-context behavioral advertising” )

1.2 Right of Access.

You have the right to confirm whether or not we are processing personal data concerning you and to access to your personal data.

1.3 Right to Correction.

You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data.

1.4 Right to Deletion

You have the right to delete personal data concerning you.

1.5 Right to Data Portability.

When exercising the right to access personal data, you have the right to obtain the personal data in a portable, and to the extend technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

1.6 Right to Opt Out.

You have the right to opt out of the processing of your personal data for (a) targeted advertising or (b) sale of personal data.

We may disclose your personal data to third parties for targeted advertising purposes.  This means the targeting of advertising to you based on your personal data that we obtain from your activity across businesses, distinctly-branded websites, applications, or services, other than our business, distinctly-branded website, application, or service. We may share personal data with advertising networks so they may help us to deliver advertisements to you based on your activity on our website or apps and/or your activity on other websites or apps.

You have the right to opt-out of the processing of your personal data for targeted advertising and you may exercise your right by clicking the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the processing of your personal data for targeted advertising, we will refrain from processing your personal data for targeted advertising, unless you subsequently provide express authorization for the sharing of your personal data.

We may disclose your personal data to third parties in exchange for monetary consideration.  We may sell your personal data to advertising networks so they may help us to deliver advertisements to you based on your activity on our website or apps and/or to recommend our services and products to you based on your activity on other websites or apps.  We may sell your personal data to data analytics providers who may use your personal data for their own behavioral advertising analysis purposes.

You have the right to opt-out of the sale of your personal data and you may exercise your right by clicking on the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the sale of your personal data, we will refrain from selling your personal data, unless you subsequently provide express authorization for the sale of your personal data.

We will process any opt-out preference signal that (a) is in a format commonly used and recognized by businesses (for example, in an HTTP header field) and (b) is sent from a platform, technology, or mechanism that makes it clear to the consumer, whether in its configuration or in disclosures to the public, that the use of the signal is meant to have the effect of opting the consumer out of the sale and sharing of their personal data (“Opt-Out Preference Signal”).  We shall treat the Opt-Out Preference Signal as a valid request to opt-out of the sale or sharing of personal data for your browser or device, and, if known, for you.

1.7 Your “Sensitive Data” May Not Be Processed without Your Consent

“Sensitive Data” means (a) personal data revealing your racial or ethnic origin; religious beliefs; sexual orientation; citizenship or immigration status; or medical history, mental or physical health condition, or medical treatment or diagnosis by a health care professional; (b) the processing of genetic or biometric data for identification purposes and (c) specific geolocation data.  We will not process your “Sensitive Data” without your consent or in the case of a known child, the consent or a parent or guardian.

2. HOW TO EXERCISE YOUR UCPA RIGHTS

Unless otherwise specified, to exercise any of your rights described in this Appendix G, please submit your request to us at support@truff.com with the subject “UCPA Consumer Request.”  We shall respond to your request within 45 days of receipt.  The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 day response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request.

We shall provide information in response to your request free of charge, except that, for a second or subsequent request within a 12 month period, we may charge an amount as provided in the UCPA.  If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request.  If we cannot authenticate you and your request we will not be able to grant your request.


APPENDIX H: VIRGINIA PRIVACY RIGHTS NOTICE

YOUR VIRGINIA PRIVACY RIGHTS UNDER THE VCDPA

Under the Virginia Consumer Data Protection Act, as amended (the “VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your personal data.

1.1 Disclosure of Our Personal Data Collection and Processing Practices.

Personal data as defined in the VCDPA means any information that is linked or reasonably linkable to you.  Our main Privacy Policy and Appendix A describe our collection and processing of personal data (therein also referred to as “personal information”) practices, including:

a.      the categories of personal data that we collect or process (Section 2);

b.     the purposes for processing the personal data (Sections 2 and 4);

c.     the categories of personal data shared with third parties (Appendix A, Section 3.1)

d.      the categories of third parties with whom we share personal data (Appendix A, Section 3.1)

e.      our sale of personal data to third parties or targeted advertising (Appendix A, Section 3.1, therein “targeted advertising” is referred to as “sharing for cross-context behavioral advertising”)

1.2 Right of Access.

You have the right to confirm whether or not we are processing personal data concerning you and to access to your personal data.

1.3 Right to Correction.

You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data.

1.4 Right to Deletion

You have the right to delete personal data concerning you.

1.5 Right to Data Portability.

When exercising the right to access personal data, you have the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

1.6 Right to Opt Out.

You have the right to opt out of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

We may disclose your personal data to third parties for targeted advertising purposes.  This means the targeting of advertising to you based on your personal data that we obtain from your activity across businesses, distinctly-branded websites, applications, or services, other than our business, distinctly-branded website, application, or service. We may share personal data with advertising networks so they may help us to deliver advertisements to you based on your activity on our website or apps and/or your activity on other websites or apps.

You have the right to opt-out of the processing of your personal data for targeted advertising or profiling and you may exercise your right by clicking the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the processing of your personal data for targeted advertising or profiling, we will refrain from processing your personal data for targeted advertising or profiling, unless you subsequently provide your express authorization.

We may disclose your personal data to third parties in exchange for monetary consideration.  We may share personal data with advertising networks so they may help us to deliver advertisements to you based on your activity on our website or apps and/or to recommend our services and products to you based on your activity on other websites or apps.  We may share your personal data with data analytics providers who may use your personal data for their own behavioral advertising analysis purposes.

You have the right to opt-out of the sale of your personal data and you may exercise your right by clicking on the following link: https://www.truff.com/pages/do-not-sell-or-share-my-personal-information. If you exercise your right to opt-out of the sale of your personal data, we will refrain from selling your personal data, unless you subsequently provide express authorization for the sale of your personal data.

1.7 Your “Sensitive Data” May Not Be Processed without Your Consent

“Sensitive Data” means (a) personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; (b) the processing genetic or biometric data for the purpose of uniquely identifying you; (c) the personal data from a known child; or (d) precise geolocation.  We do not process “Sensitive Data”  If we intend to do so, we will obtain your consent or in the case of a known child, the consent as required by the federal Children’s Online Privacy Protection Act.

2. HOW TO EXERCISE YOUR VCDPA RIGHTS

Unless otherwise specified, to exercise any of your rights described in this Appendix A, please submit your request to us at support@truff.com with the subject “VCPDA Consumer Request.”  We shall respond to your request within 45 days of receipt.  The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 day response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request.  The notification will include a justification for declining to take action and instructions on how you may appeal.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive.  If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request.  If we cannot authenticate you and your request we will not be able to grant your request.

Within a reasonable time, not to exceed 60 days, after you have received a notice that we have declined to take action your request, you may appeal by sending your appeal to support@truff.com with the subject “VCPDA Appeal.”  We shall respond to you within 60 days of receipt of the appeal in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.  If we deny your appeal, you may file a complaint with the Virginia Attorney General at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint  or call (804) 786-2042.

Copyright © 2022 Sauce Ventures, LLC.  All rights reserved.

Truff Logo

© 2024 TRUFF

Social

Twitter logo

© 2024 TRUFF

Stay Updated

Subscribe for weekly recipes, updates, and more.

Shop

Gifts

© 2024 TRUFF