Introduction
Welcome! We take your privacy seriously and know you do too. In this Privacy Policy (“Privacy Policy”), we describe how Sea Island Acquisition, LLC, doing business as Sea Island Company (“Sea Island,” “us,” “our,” or “we”), may collect, process, and share your Personal Data (defined below). We also describe your Rights & Choices with respect to your Personal Data and other important information. Please read this Privacy Policy carefully.
Who We Are
Sea Island Company, LLC is a hotel/resort located at 100 Cloister Drive, Sea Island, GA 31561. You can contact us here.
Scope of this Policy
This Privacy Policy applies to Personal Data collected through our “Services”, which include:
- Our “Offline Services”- Services you use when you visit Sea Island or make reservations with us offline;
- Our “Digital Services” including:
- Websites that link to/post this Privacy Policy, including any subdomains or mobile versions; and
- On-premise or web-enabled technologies, such as on-premise WiFi (“Internet Service(s)”).
Note that certain third parties may be able to identify you across sites and services using the information they process, however, any such processing not done at the direction of Sea Island is outside the scope of this Privacy Policy. Please review those third parties’ privacy policies before disclosing information to them.
Contact Us / Controller
The controller of your Personal Data under this Policy is Sea Island Company, LLC. You may contact our Data Privacy Team as follows:
| Physical Address | Sea Island Attn: Legal 100 Cloister Drive Sea Island, GA 31561 |
|---|---|
| Data Request (where available under applicable law), Opt-Out of Data Sales or Sharing Visit our Privacy Rights Portal, or call (844) 993-9887. | Visit our Privacy Rights Portal, or call (844) 993-9887. |
| General Inquiries, Marketing Choices, Direct Marketing Disclosure Requests, and Data Updates: | [email protected] |
Categories and Sources of Personal Data
Categories of Personal Data we process
The categories of Personal Data we process may include:
| Identity Data | Personal Data about your identity, such as your name, gender, date of birth, age and/or age range, and other Personal Data you may provide in connection with your application to be a vendor, volunteer, employee, or otherwise join or support our team; your identity, public profile, and similar information from social networks such as Facebook; and information such as unique IDs and similar data collected or derived from the use of RFID enabled products such as keycards. |
|---|---|
| Contact Data | Personal Data that relates to how we can communicate with you, such as email address, physical address, phone number, social media or communications platform username, as well as a name or other salutation. |
| General Location Data | General Location Data Non-precise location data such as location information derived from social media tags/posts, dates and times of your visit, and which properties or general areas of our properties you visited. |
| Device/Network Data | Browsing history, search history, and information regarding your interaction with a web site, application, or advertisement (e.g. IP Address, MAC Address, SSIDs or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, browsing data, first party cookies, third party cookies, web beacons, clear gifs and pixel tags. |
| Transaction Data | Information about the Services we provide to you and about reservations and transactions you make with us or other companies operating through us or on our behalf (including travel agents), information relating to events and services at our properties and locations you attend/use, information about purchases, what has been provided to you, when and where and, if applicable, how much you paid, and similar information. |
| Inference Data | Personal Data used to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes, market segments, likes, favorites and other data or analytics provided about you or your account by social media companies or data aggregators, including household data, the products and services you use or intend to use or purchase, and your interests. |
| Audio/Visual Data | Recordings and images collected from our surveillance cameras when you visit our properties and locations and areas adjacent to them, as well as audio files and records, such as voice mails, call recordings, and the like. |
| User Content | Unstructured/free-form data that may include any category of Personal Data, e.g. data that you give us in free text fields such as comment boxes, when you interact with us on our social media pages, or when you participate in sweepstakes, contests, and surveys, including any other Personal Data which you may provide through or in connection with our Services. |
| Sensitive Personal Data | Personal Data deemed “sensitive” under California or other laws, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, etc. We collect the following categories of Sensitive Personal Data:
Account Log-in Data: Account login details, including your user name and password, or other account-related information. Government ID Data: Information relating to official government identification, such as driver’s license or passport numbers, including similar Identity Data protected as Sensitive Data under applicable law. Payment Data: Information such as bank account details, payment card information, including similar data protected as Sensitive Data under applicable law. Health Data: Information about your health (for example when you are reserving accommodations or activities requiring wheelchair access, when you request accommodation for allergies, or when we are responding to an accident or other health-related incident). |
Sources of Personal Data
We collect Personal Data from various sources, which include:
| Data you provide us | We will receive Personal Data you provide to us, such as when you make a reservation or stay with us, purchase our products or services, become a member of Sea Island, enter into a real estate purchase contract for property at Sea Island, complete a transaction via our Services, or when you otherwise use our Services. |
|---|---|
| Data we collect automatically | We collect Personal Data about or generated by any device you have used to access our Services, or when you use Wi-Fi at our properties. |
| Data we receive from service providers & Agents | We receive Personal Data from on-line travel agents such as Expedia or Booking.com or brick and mortar travel agents who transfer Personal Data to us when you book reservations for our Services through them, and other service providers performing services on our behalf. |
| Data we receive from aggregators and advertisers | Data we receive from aggregators and advertisers We receive Personal Data from ad networks, behavioral advertising vendors, market research, and social media companies or similar companies that provide us with additional Personal Data such as Inference Data. |
| Data we receive from social media companies | We receive Personal Data from Facebook and other social media companies who may transfer Personal Data to us when you interact with that social media company in connection with our Services. |
| Data we create and infer | Data we create and infer We, certain partners, social media companies, and third parties operating on our behalf create and infer Personal Data such as Inference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Policy, and we may correlate this data with other data we process about you. We may combine any Personal Data about you that we receive from you, from other companies within our family of companies, and from third parties. |
Data Processing Contexts / Notice at Collection
Note: please click the following links to view information on Data Retention or Regional Data Rights for any of the processing contexts listed below.
Purchases or other Transactions
We generally process Identity Data, Transaction Data, Payment Data, and Contact Data when you engage in a purchase and sale transaction, whether through our Digital Services, by phone, or in person. This may also include Government ID Data if you are applying to become a member of Sea Island, or if you purchase property at Sea Island, and in some cases for guest verification and security purposes. In addition, we may also collect or create Device/Network Data and Inference Data. We process this Personal Data as necessary to perform or initiate a transaction with you, process your reservation or order, to carry out fulfillment-related processing, and for our Business Purposes.
We may process Identity Data, Transaction Data, Contact Data, and Device/Network Data for Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or use it for Business Purposes not permitted under applicable law.
Visiting our Properties
General
We process Identity Data, Transaction Data, Payment Data, Contact Data, and sometimes Government ID Data when you interact with us offline at one of our properties. If you use our on premise Digital Services, we will collect Device/Network Data. We may process this data in combination with Inference Data and General Location Data that we collect and/or create as necessary to operate our properties and provide our Services to you, for our Business Purposes, and our other legitimate interests, including:
- verifying your identity for authentication and security purposes;
- preventing fraud; and
- returning lost property to its owner.
When you use electronic or RFID technologies (including your Sea Island card key), we may process General Location Data. We process this data to determine whether a key card or related Services registered to your party have been used to enter certain areas of the property, such as your room, the beach club, or the spa and fitness center.
We may collect Health Data, which is generally used so that we can tailor our Services to you (for example, a wheelchair accessible room) or in connection with our response to health-related incidents at our properties. We will process this information only with appropriate consent where required by law.
We use Identity Data, Transaction Data, Inference Data, and Contact Data collected in this context for our Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or Health Data.
Closed Circuit Television (CCTV)
We may operate CCTV or security cameras on and adjacent to our properties. In connection with these systems, we may collect and/or create Audio/Visual Data as necessary in connection with our Business Purposes, and our other legitimate interests, such as:
- preventing and detecting crime and to keep people who visit and work at our locations safe and secure; and
- recording and investigating health and safety and other incidents which have happened or may have happened at our properties.
Digital Services
General
We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Inference Data.
We use this data as necessary in connection with our Business Purposes, and our other legitimate interests, such as:
- fulfilling your requests for certain features or functions through our Services, such as keeping you logged in, delivering pages, etc.;
- ensuring the security of our websites, mobile applications and other technology systems; and
- analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services.
We may process Identity Data, Device/Network Data, General Location Data, Inference Data, and Contact Data collected in this context for Commercial Purposes (which may include data sales/sharing).
Cookies and other tracking technologies
We use cookies and similar technologies on our Digital Services. These technologies can be used to collect or create Identity Data, Device/Network Data, Contact Data, or Inference Data. Third parties may be allowed to view, edit, or set their own cookies or place web beacons on our websites. Cookies and web beacons allow us and third parties to distinguish you from other users of our websites, and some of these technologies can be used by us and/or our third party partners to identify you across platforms, devices, sites, and services. Third parties may engage in targeted advertising using this data.
We and authorized third parties may use cookies and similar technologies for the following purposes:
- for “essential” or “functional” purposes, such as to enable certain features of our Digital Services (for example, to allow a customer to maintain a basket when they are shopping at an online store);
- for “analytics” purposes, such as to analyze the traffic to and usage of our Digital Services (for example, how many people have looked at a page, how visitors move around the Site, what website they visited prior to visiting our Site, and use this information to understand user behaviors and improve the design and functionality of the website);
- for “retargeting” or similar advertising or commercial purposes, such as:
- for social media integration e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter;
- to collect information about your preferences and demographics to help target advertisements which are more likely to be of interest to you using behavioral advertising; and
- to allow us to carry out retargeting (this includes, for example, when advertisements are presented to you for products or services which you have previously looked at on a website but have not purchased).
The use of these technologies by third parties may be subject to their own privacy policies and is not covered by this Privacy Policy, except as required by law.
We may also use your Identity Data, Device/Network Data, Inference Data, and Contact Data collected in this context for Business Purposes and Commercial Purposes (which may include data sales/sharing). See your Rights & Choices for information regarding opt-out rights for cookies and similar technologies.
Marketing Communications
We process Device/Network Data, Contact Data, Identity Data, and Inference Data in connection with marketing emails, SMS, push notifications, telemarketing, or similar communications, and when you open or interact with those communications. You may receive marketing communications if you consent and, in some jurisdictions, as a result of account registration or a purchase.
We process this Personal Data to contact you about relevant products or services and for our Business Purposes. We may use this data for our Commercial Purposes (which may include data sales/sharing). Marketing communications may also be personalized as permitted by applicable law, but will not involve Targeted Advertising or the processing of Race or Ethnic Origin where users have opted out or not provided necessary consents. See your Rights & Choices to limit or opt out of this processing.
Contests and Promotions
We may collect and process Identity Data, Preference Data, certain Contact Data, User Content, and Government ID Data when you enter a contest/sweepstakes or take part in a promotion.
We process this Personal Data as necessary to provide the contest/promotion, notify you if you have won, or to process delivery of a prize, for our Business Purposes, and other legitimate interests, such as:
- verifying your identity for authentication, anti-fraud, and security purposes (in which case we may process Government ID Data to complete verification);
- to improve our Services and to create a personalized user experience; and
- to contact you about relevant products or services, and in connection with marketing communications and Targeted Advertising.
We may process Identity Data, Contact Data, and User Content information for our Commercial Purposes (which may include data sales/sharing).
Some programs and offers are operated/controlled by our third-party partners or their affiliates or partners. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply to data processed by third parties.
Your Personal Data may be public. If you win a contest/sweepstakes, we may publicly post some of your data. We do not post Personal Information without consent where required by law. See any program agreement(s) for additional details and terms.
Contact Us, Support
We collect and process Identity Data, Contact Data, and User Content when you contact us, e.g., through a contact us form, or for support. If you call us via phone, we may collect Audio/Visual data from the call recording.
We process this Personal Data to respond to your request, and communicate with you, as appropriate, and for our Business Purposes. If you consent or if permitted by law, we may use Identity Data and Contact Data to send you marketing communications and for our Commercial Purposes (which may include data sales/sharing). We may also share Personal Data collected in connection with a support request with our Service Providers.
Feedback and Surveys
We process Identity Data, Contact Data, Inference Data, Preference Data, and User Content collected in connection with feedback you provide to us, surveys or questionnaires.
We process this Personal Data as necessary to respond to your requests/concerns, for our Business Purposes, and other legitimate interests, such as analyzing customer satisfaction. We may process this Personal Data for our Commercial Purposes (which may include data sales/sharing). We may share Feedback/Survey data relating to third party partners with those partners, who may use it for their own purposes.
Posts and Social Media
We may process Identity Data, Contact Data, Inference Data, and User Content when you tag or identify us in your posts on social media, comment on our social media posts, or otherwise interact with us on social media.
We process this Personal Data for marketing purposes, such as reposting your social media photos on our website, our Business Purposes, and Commercial Purposes (which may include data sales/sharing).
Processing Purposes
Business Purposes
We and our Service Providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. We generally process Personal Data for the following “Business Purposes.”
Service Delivery
We process any Personal Data as is necessary to provide our Service, to provide you with the products and services you purchase or request, to authenticate users and their rights to access the Service, or various data, features, or functionality, and as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and services you request. Additionally, we use information to authenticate your right to access our properties and locations, deliver products and services, and for other related matters. Similarly, we may use Personal Data as necessary to audit compliance, and log or measure aspects of service delivery (e.g. to document ad impressions).
Internal Processing and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate business interests in improving the design of our Service, understanding how are Services are used or function, for customer service purposes, in connection with logs and metadata relating to service use, and for debugging and similar purposes relating to our identification of errors and improving the stability of the Service. Additionally, we may use Personal Data to understand what parts of our Service are most relevant to Users, how Users interact with various aspects of our Service, how our Service performs or fails to perform, etc., or we may analyze use of the Service to determine if there are specific activities that might indicate an information security risk to the Service or our Users.
Security and Incident Detection
Whether online or off, we work to ensure that our Services are secure. We may process any Personal Data we collect in connection with our legitimate business interest in ensuring that our properties and locations are secure, identify and prevent crime, prevent fraud, and ensure the safety of our guests. Similarly, we process Personal Data on our Digital Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.
Compliance, health, safety, public interest
We may also process any Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law and make requests, for the establishment and defense of legal claims, or where we must comply with our legal obligations, lawful requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent allowed under applicable law. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Aggregated data
We process Personal Data about our customers and users in order to identify trends (to create aggregated and anonymized data about our customers/users, buying and spending habits, use of our Services, and other similar information (“Aggregated Data”). We may pass Aggregated Data to certain third parties to give them a better understanding of our business and to improve our Services. Aggregated Data will not contain information from which you may be personally identified.
Personalization
We process certain Personal Data in connection with our legitimate business interest in personalizing our Services. For example, aspects of the Digital Services may be customized to you based on your interactions with our Digital Services and other content. This processing may involve the creation and use of Inference Data relating to your preferences.
Commercial Purposes
We and certain third parties process Personal Data we hold for certain commercial purposes, depending on the context of collection and your Rights & Choices, including:
Profiles
In order to understand our customers’ preferences, and better recommend products and services to our prior customers, we may create a “Profile” by linking together and analyzing Personal Data collected in the following contexts:
- Purchases or other Transactions
- Visiting our Properties
- Using Digital Services
- Contest and Promotion
- Contact Us; Support
- Feedback and Surveys
We may also augment Profiles with Personal Data that we create (such as Inference Data) or that we receive from our affiliates or third parties, and may include Personal Data such as Services you have used or purchased, information about when you have visited our properties and what activities you participated in, and demographic data.
We use Profiles for our legitimate interests in market research and statistical analysis in connection with the improvement of our Services. For example, we may analyze the Personal Data of people who have made a reservation for a particular itinerary in the past and compare them with other people in our database. If we identify people in the database who have similar Personal Data to the previous guests, we may then target marketing via emails to the new people. We may conduct the profiling and send these emails automatically. We may also use this information for other Commercial Purposes.
Personalized Marketing Communications
We may personalize Marketing Communications based on your Profile. If consent to Consumer Profiling or Targeted Advertising is required by law, we will seek your consent.
Targeted Advertising
We, and certain third parties operating on or through our Services, may engage in targeted advertising. This form of advertising includes various parties and services providers, including third party data controllers, engaged in the processing of Personal Data in connection with advertising. These parties may be able to identify you across sites, devices, and over time.
The parties that control the processing of Personal Data for Targeted Advertising purposes may create or leverage information derived from Personalization, Profiles, and Marketing Communications. In some cases, these parties may also develop and assess aspects of a Profile about you to determine whether you are a type of person a company wants to advertise to, and determine whether and how ads you see are effective. These third parties may augment your profile with demographic and other Preference Data, and may track whether you view, interact with, or how often you have seen an ad, or whether you purchased advertised goods or services.
We generally use Targeted Advertising for the purpose of marketing our Services and third-party goods and services, and to send marketing communications, including by creating custom marketing audiences on third-party websites or social media platforms.
Data Sales and “Sharing”
We may engage in “sales” or “sharing” of data as defined by applicable law. For example, we may “sell” certain Personal Data when we engage in marketing campaigns with or on behalf of sponsors, conduct Targeted Advertising, or we may sell, “share” for behavioral advertising purposes, or grant access to Personal Data to our marketing partners, and other advertisers in relation to Targeted Advertising as described below, joint promotions, and other marketing initiatives. See the California Rights & Disclosures section for a list of categories of Personal Data sold or shared.
Disclosure/Sharing of Personal Data
| Affiliates | We will share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies in order to streamline certain business operations, and in support of our Business Purposes, and Commercial Purposes. |
|---|---|
| Service Providers | We may share your Personal Data with service providers who provide certain services or process data on our behalf in connection with our general business operations, product/service fulfillment and improvements, to enable certain features, and in connection with our (or our Service Providers’) Business Purposes. |
| Successors | Your Personal Data may be shared if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction. |
| Lawful Recipients | In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties. |
| Sponsors, Advertisers, and Social Media Platforms: | We may share certain Personal Data with social media platforms, advertisers, ad exchanges, data management platforms, or sponsors in support of our Business Purposes and Commercial Purposes. We may allow these third parties to operate through our Services. |
| Data Aggregators: | We may share Personal Data with data aggregators in support of our Commercial Purposes and in connection with Data Sales. These disclosures/sales can help better personalize our Services, the services of third parties, enrich Profiles, and help ensure that you see advertisements that are more relevant to your interests. |
Your Rights & Choices
You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law. See the following sections for more information regarding your rights/choices in specific regions:
Your Rights
You may have certain rights and choices regarding the Personal Data we process. See the “Regional Supplement” section below for rights available to you in your jurisdiction. To submit a request, contact our Data Privacy Team. We verify your identity in connection with most requests, as described below.
Verification of Rights Requests
If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
We may require that you match personal information we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Data to you if prohibited by law.
Your Choices
Marketing Communications
You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email. You can also withdraw your consent to receive marketing communications or any other consent you have previously provided to us by contacting us. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
Withdrawing Your Consent/Opt-Out
Where we are processing your Personal Data based on your consent, you may change your mind and withdraw your consent at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalization or providing certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
Location Data
You may control or limit Location Data that we collect through our Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Services.
Cookies, Similar Technologies, and Targeted Advertising
General
– If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Manage Cookies page. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.
Targeted Advertising
– You may opt out or withdraw your consent to Targeted Advertising (including “sharing” for cross-context behavioral advertising) by visiting our Privacy Rights Portal. In some cases, you may be able to opt-out by submitting requests to third party partners, including for the vendors listed below:
- Google Ads
- Doubleclick
- Facebook Custom Audience Pixel
- Twitter Audience Pixel
- Digital Advertising Alliance’s opt-out
- Network Advertising Initiative opt-out
Do-Not-Track
– Our Services do not respond to your browser’s do-not-track request.
Data Security
We implement and maintain commercially reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.
Data Retention
We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):
- Retention periods established under applicable law;
- Industry best practices;
- Whether the purpose of processing is reasonably likely to justify further processing;
- Risks to individual privacy in continued processing;
- Applicable data protection impact assessments;
- IT systems design considerations/limitations; and
- The costs associated with continued processing, retention, and deletion.
We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.
Minors
Our Services are neither directed at nor intended for use by persons under the age of majority. It is our intent that any data regarding minors is provided to us by the parent or guardian of the minor (for example, a child’s parent or guardian would enroll the child in our various programs or activities intended for families or children). If you have reason to believe that your child has provided information to us directly, please inform us of this, and we will promptly delete any such Personal Data if requested by you, or if required by law. Individuals under the age of 18 must obtain a parent’s or guardian’s permission before sending any Personal Data (such as full name, address, email, address, etc.) to Sea Island. We encourage parents and guardians to get involved with their children’s online usage and to be aware of the activities in which their children are participating.
Changes to Our Privacy Policy
We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Digital Service following notice of any changes indicates acceptance of any changes.
Regional Supplement
US States/California
US State & California Privacy Rights & Choices
Under the California Consumer Privacy Act (“CCPA”) and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.
Confirm
– Right to confirm whether we process your Personal Data.
Access/Know
– Right to request any of following: (1) the categories of Personal Data we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the purposes for which we collected or sold/shared your Personal Data; (4) the categories of third parties to whom we have sold/shared your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.
Portability
– Right to request that we provide certain Personal Data in a common, portable format.
Deletion
– Right to delete certain Personal Data that we hold about you.
Correction
– Right to correct certain Personal Data that we hold about you.
Opt-Out (Sales, Sharing, Targeted Advertising, Profiling)
– Right to opt-out of the following:
- If we engage in sales of data (as defined by applicable law), you may direct us to stop selling Personal Data.
- If we engage in Targeted Advertising (aka “sharing” of Personal Data or cross-context behavioral advertising,) you may opt-out of such processing.
- If we engage in certain forms of “profiling” (e.g. profiling that has legal or similarly significant effects), you may opt-out of such processing.
Non-Discrimination
– California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.
List of Direct Marketers
– California residents may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Remove Minors’ User Content
– Residents of California under the age of 18 can delete or remove posts using the same deletion or removal procedures described above, or otherwise made available through the Services. If you have questions about how to remove your posts or if you would like additional assistance with deletion, contact us using the information below. We will work to delete your information, but we cannot guarantee comprehensive removal of that content or information posted through the Services.
Submission of Requests
You may submit requests as follows. If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at [email protected]. We will respond to any request to appeal within the period required by law.
| Access/Know, Confirm Processing, Portability, Deletion, and Correction,Opt-Out of Sales, Sharing, Targeted Advertising or Profiling | • Visit our Privacy Rights Portal, or call (844) 993-9887. • You will be directed to leave a voicemail where you will provide your email address, phone number and address we have on file, along with your request. • You may send mail to our Contact Us address above with your email address, phone number and address we have on file, along with your request. |
|---|---|
| List of Direct Marketers, Other Requests or Inquiries | • Contact us via email to our privacy team at [email protected]. |
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:
| Category of Personal Data | Category of Recipients |
|---|---|
| Identity Data Contact Data General Location Data Device/Network Data Transaction Data Inference Data Preference Data User Content |
Service Providers; Affiliates; Sponsors, Advertisers, and Social Media Platforms; Data Aggregators; Successors; Lawful Recipients |
| Payment Data | Service Providers; Affiliates; Successors; Lawful Recipients |
| Audio/Visual Data; Government ID Data; Health Data | Service Providers; Successors; Lawful Recipients |
| Account Log-in Data | Successors |
Categories of Personal Data Sold, Shared, or Disclosed for Commercial Purposes
For purposes of the CCPA, we have “sold” or “shared” in the preceding 12 months the following categories of Personal Data in the, to the following categories of recipients:
| Category of Personal Data | Category of Recipients |
|---|---|
| Identity Data Contact Data Device/Network Data Transaction Data Inference Data User Content |
Affiliates; Partners; Sponsors, Advertisers, and Social Media Platforms; Data Aggregators |
Categories of Sensitive Personal Data Used or Disclosed
For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Data: Account Log-in Data; Government ID Data; Payment Data; and Health Data. However, we do not sell or share Sensitive Personal Data, or use it for purposes other than those listed in CCPA section 7027(m).
EEA/UK/Switzerland/Cayman Islands
Controller
The controller of Personal Data relating to residents of the UK/EEA/Switzerland/Cayman Islands is: Sea Island Acquisition, LLC located at 100 Cloister Drive, Sea Island, GA 31561.
Rights & Choices
Residents of the EEA, UK, Switzerland, and the Cayman Islands have the following rights. Please our review verification requirements. Applicable law may provide exceptions and limitations to all rights.
Access
–You may have a right to access the Personal Data we process.
Rectification
–You may correct any Personal Data that you believe is inaccurate.
Deletion
–You may request that we delete your Personal Data. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.
Data Export
–You may request that we send you a copy of your Personal Data in a common portable format of our choice.
Restriction
–You may request that we restrict the processing of personal data to what is necessary for a lawful basis.
Objection
–You may have the right under applicable law to object to any processing of Personal Data based on our legitimate interests. We may not cease, or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing:
- for Profiling purposes.
- for direct marketing purposes (we will cease processing upon your objection); and
- involving automated decision-making with legal or similarly significant effects (if any).
Regulator Contact
–You have the right to file a complaint with regulators about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
Submission of Requests
| Access, Rectification, Data Export, Deletion, Restriction, or Correction; Privacy Questions | • Contact us via email to our privacy team at [email protected] • You may send postal mail to our physical address (see Contact Us/Controller section above) with your email address, phone number and address we have on file, along with your request. |
|---|
Lawful Basis for Processing
| Legal Basis | Description of Basis & Relevant Purposes | Relevant Contexts / Purposes / Disclosures |
|---|---|---|
| Performance of a contract | The processing of your Personal Data is strictly necessary in the context in which it was provided, e.g., to fulfill your subscription or perform an agreement you have with us, to provide products and services to you, to open and maintain your user accounts, or to process requests. | Contexts
• Contexts where Personal Data (excluding Sensitive Personal Data) is processed for purposes listed below
• Cookies and other tracking technologies (strictly necessary)
Purposes • Service Delivery Disclosures • Public Disclosure • Service Providers |
| Legitimate interests | This processing is based on our legitimate interests. For example, we rely on our legitimate interest to administer, analyze and improve our Services, to operate our business including through the use of service providers and subcontractors, to send you notifications about our Services or your subscriptions, for archiving, recordkeeping, statistical and analytical purposes, and to use your Personal Data for administrative, fraud detection, audit, training, security, or legal purposes. See the Business Purposes of Processing section above for more information regarding the nature of processing performed on the basis of our legitimate interests. | Contexts
• Contexts where Personal Data (excluding Sensitive Personal Data) is processed for specified legitimate interests or purposes listed below
Purposes • Internal Processing and Service Improvement • Security and Incident Detection • Targeted Advertising • Personalization • Aggregated Data • Profiles • Personalized Marketing Communications Disclosures • Affiliates • Service Providers • Sponsors, Advertisers, and Social Media • Data Aggregators • Successors • Lawful Recipients |
| Consent | This processing is based on your consent. You are free to withdraw any consent you may have provided, at any time, subject to your rights/choices, and any right to continue processing on alternative or additional legal bases. Withdrawal of consent does not affect the lawfulness of processing undertaken prior to withdrawal. | Contexts
• Contexts where Personal Data is processed for purposes listed below
• Processing of Sensitive Personal Data
• Marketing Communications
Purposes • Personalized Marketing Communications Disclosures • Affiliates • Service Providers |
| Compliance with legal obligations | This processing is based on our need to comply with legal obligations. We may use your Personal Data to comply with legal obligations to which we are subject, including to comply with legal process. See the Business Purposes of Processing section above for more information regarding the nature of processing performed for compliance purposes. | Business Purposes
• Compliance, Health, Safety, Public Interest
Disclosures • Lawful Recipients |
| Performance of a task carried out in the public interest | This processing is based on our need to protect recognized public interests. We may use your Personal Data to perform a task in the public interest or that is in the vital interests of an individual. See the Business Purposes of Processing section above for more information regarding the nature of processing performed for such purposes. | Business Purposes
• Compliance, Health, Safety, Public Interest
Disclosures • Lawful Recipients |
International Transfers
We process data in the United States, and other countries where our sub processors are located. In cases where we transfer Personal Data to jurisdiction that have not been determined to provide “adequate” protections by your home jurisdiction, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with applicable law. Those safeguards may include the use of EU standard contractual clauses, reliance on the recipient’s Binding Corporate Rules program, or requiring the recipient to certify to a recognized adequacy framework. We make transfers among Affiliates pursuant to our intragroup Standard Contractual Clauses. You can obtain more information about transfer measures we use for specific transfers by contacting us using the information above.