What information do we collect?
- We collect your name, company name, address, email address, phone number(s) and other contact details. All payment information is tokenized and not stored within the Vernon platform(s).
- We use this information to provide you with our Services; for example, to confirm your identity, contact you, provide you with advertising and marketing, and invoice you. We also use this information to make sure that we comply with legal requirements.
- We collect data about the Vernon websites that you visit. We also collect data about how and when you access your account and the Vernon platform, including information about your network connection, your IP address, and information about how you browse through the Vernon interfaces.
- We use this information to give you access to and improve our Services; for example, to make our platform interface easier to use. We also use this information to personalize the Services for you; for example, by shifting the order of products to show you items we believe may be of interest to you. Finally, we may use this information to provide you with advertising or marketing.
Where we need to verify your identity (for example, if there are concerns around identity theft, or if you call into support and we need to authenticate your account), we may request that you provide us with government-issued identification information.
When do we collect this information?
- We collect personal information when you register through one of our websites, place an order, or access our Services or otherwise provide us with the information.
Information from cookies and similar tracking technologies
What is a cookie? A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
- Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
- Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
How long do we retain your personal information?
- In general, we keep your personal information throughout your relationship with us.
- Once you terminate your relationship with us, we generally will continue to store archived copies of your personal information for legitimate business purposes and to comply with the law, except when we receive a valid erasure request, or, you terminate your account and your personal information is purged pursuant to our standard purge process.
- We will continue to store anonymous or anonymized information, such as website visits, without identifiers, in order to improve our Services.
What we don’t do with your personal information
- We do not and will never share, disclose, sell, rent, or otherwise provide personal information to other companies for the marketing of their own products or services.
How do we keep your personal information secure?
- We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other personal information entrusted to us. Our information security systems apply to people, processes and information technology systems on a risk management basis.
- We perform annual audits to ensure our handling of your credit card information aligns with industry guidelines. We are certified as a PCI DSS compliant service provider, and our platform is audited by a third-party qualified security assessor.
- No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.
Residents of the European Economic Area (“EEA”)
The Vernon Company works with users around the world, including in the EEA. As part of our service, we may transfer your personal information to other regions, including to Canada and the United States. In order to ensure that your information is protected when transferred out of the EEA, The Vernon Company relies on the EU-U.S. Privacy Shield (described in more detail below), as well as inter-company agreements between our partners that may process your information on behalf of The Vernon Company.
If you are located in the EEA, you have certain rights under European law with respect to your personal data, including the right to request access to, correct, amend, delete, port to another service provider, or object to certain uses of your personal data. If you are a customer or a visitor of The Vernon Company’s websites, or a user and/or customer of The Vernon Company’s services and wish to exercise these rights, please reach out to us using the contact information below.
Additionally, if you are located in the EEA, we note that we are generally processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above, unless we are required by law to obtain your consent for a particular processing operation. In particular we process your personal data to pursue the following legitimate interests:
- To provide users with our services and applications;
- To prevent risk and fraud on our platform;
- To provide communications, marketing, and advertising;
- To provide reporting and analytics;
- To provide troubleshooting, support services, or to answer questions;
- To test out features or additional services; and
- To improve our services, applications, and websites.
When we process personal information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organizational measures employed to protect that information can help mitigate the risks to the data subject.
How do we protect your personal information across borders?
While The Vernon Company is a US company, we provide services to individuals and our technology processes data from users around the world. Accordingly, The Vernon Company may transmit your personal information outside of the country, state, or province in which you are located.
If you are located in the EEA or in Switzerland and believe that your personal information has been used in a manner that is not consistent with the relevant privacy policies listed above, please contact us using the information below. If your complaint or dispute remains unresolved, you may also contact the International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA). This organization provides independent dispute resolution services, at no charge to you. ICDR/AAA can be contacted at http://go.adr.org/privacyshield.html.
If, after attempting to resolve a dispute through ICDR/AAA, you feel that your concerns about the use of your personal information have not been resolved, you may seek resolution of the issue through binding arbitration. For more information about the binding arbitration process, please visit http://www.privacyshield.gov.
By participating in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, The Vernon Company is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. For more information about the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, please visit https://www.privacyshield.gov.
In this Section, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these right.
Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
- You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.
- You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
- You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
- You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
- You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Control over and access to your personal information
The Vernon Company understands that you have rights over your personal information, and takes reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your personal information. If you are a customer, you can update many types of personal information online, such as payment or contact information, directly within your account settings. If you are unable to change your personal information within your account settings, or if you are concerned about data collected as you visit The Vernon Companies websites or use our support services, please contact us to make the required changes. It’s important to remember that if you delete or limit the use of your personal information, the Services may not function properly.
If you would like to request a change, deletion, or access to your data, please complete the form at https://www.vernoncompany.com/global-data-protection-rights/.
If you have any questions about your personal information or this policy, or if you would like to make a complaint about how The Vernon Company processes your personal data, please contact The Vernon Company by email at email@example.com or by using the contact details below:
The Vernon Company
Attn: Chief Privacy Officer
604 W 4th St N
Newton, IA 50208