NEW Hybrid Apparel Privacy Notice

Effective Date: January 1, 2023

Hybrid Promotions, LLC dba Hybrid Apparel and its affiliated companies (including Junk Food Clothing LLC, collectively “Hybrid,” “we,” “us,” “our” or “Company”) created this Privacy Policy to help you become familiar with how we collect, use, disclose, share, and protect Personal information (defined below) and otherwise comply with applicable consumer privacy laws, including the choices we offer with respect to your Personal Information. We encourage you to read this Privacy Policy in full before using hybridapparel.com, junkfoodclothing.com, any other website (collectively, the “Website” or “Websites”), or any other online service that posts a link to this Privacy Policy, opening our e-mails or otherwise submitting Personal information to us (collectively, the “Service” or our “Services”). Should you have any questions or requests, see the section titled “Contact Us” below for further contact information.

This Privacy Policy together with our posted Terms of Use explains how we collect, use, and safeguard information in the course of providing and operating the Service. By visiting or otherwise using the Service, you agree to the Service’s Terms of Use.

This Privacy Policy does not apply to our job applicants, current employees, former employees, or independent contractors (“Personnel”), however, our California Personnel may obtain a separate privacy notice that applies to them by contacting our human resources department at HRPrivacy@hybridapparel.com. To the extent that Hybrid processes your PI as a processor to our business customers, this Privacy Policy does not apply to those processing activities.

Your State Privacy Rights: Residents of California and Nevada have certain privacy rights detailed in Section 10, State Privacy Notice. To the extent there is a conflict between this Privacy Policy and the State Privacy Notice section, the State Privacy Notice section will control.

1. INFORMATION WE COLLECT

a. Information About You That You Provide.

Hybrid and/or its Service Providers (defined below), may collect information you provide directly to Hybrid and/or its Service Providers via the Service. For example, Hybrid collects information when you use or create an account on our Website, subscribe to notifications, participate in promotional activities, or communicate or transact through the Service. In some instances, we may need to supplement the information you provided with certain Personal Information about you obtained from third parties to process your online transaction. In addition, when you interact with Third-Party Services (defined below), you may be able to provide information to those third parties and those Third Parties, in turn, may provide information to us.

We, our Service Providers and/or Third-Party Services may collect your “Personal information,” including:

  • Contact Information: Name, title, addresses, email addresses, telephone numbers, facsimile number, and IP address.
  • Transaction Information: Payment card information, purchases, special requests, delivery details, and communications you have with us.
  • Preference Information: Preferences you indicate to us or that we have observed such as your marketing preferences, areas of interest, and subscriptions to Hybrid communications.
  • Legal Information: Transaction fraud checks or flags, payment card refusals, and information or copies of documents you provide where the law requires you to prove your identity.
  • Voluntary Information: Other information you voluntarily give us such as feedback, complaints, and survey responses.
  • Observed Information: Information we collect about you while you use our Websites such as the pages, services, or areas of our Websites that you visit, your location, or which link has brought you to our Website. This information may be identifiable to you if you register at our Website.

b. Information Collected Automatically

We, our Service Providers and/or Third-Party Services may also automatically collect certain information about you when you access or use the Services (“Usage Information”). Usage Information may include IP address, device identifier, browser type, operating system, information about your use of the Service, the device you use, the web page you visited before coming to our sites, and identifiers associated with your devices and you (depending on their settings) may also transmit location information to the Service.

The methods that may be used on the Services to collect Usage Information include cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, device recognition technologies, in-app tracking methods, device and activity monitoring and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about interactions with the Website or e-mails, including information about your browsing and purchasing behavior. Such Tracking Technologies may include:

  • Cookies: We use “cookies” to store specific information about you. A “cookie” is a small text file that is sent to your browser and stored on your device, such as session ID cookies or tracking cookies. Tracking cookies remain longer and help in understanding how you use the Services and enhance your user experience. Cookies may remain on your hard drive for an extended period of time. If you use your browser’s method of blocking or removing cookies, some but not all types of cookies may be deleted and/or blocked and as a result, some features, and functionalities of the Services may not work.
  • Web Beacons (“Tracking Pixels”): Web beacons are small graphic images, also known as “Internet tags” or “clear gifs,” embedded in web pages and e-mail messages. Web beacons may be used, without limitation, to count the number of visitors to the Service, to monitor how users navigate the Service, and to count content views.
  • Embedded Scripts: An embedded script is programming code designed to collect information about your interactions with the Service. They are temporarily downloaded onto your computer from Hybrid’s web server, or from a third party with which Hybrid works and are active only while you are connected to the Service and deleted or deactivated thereafter.
  • Device Recognition Technologies: Device Recognition Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), attempt to recognize or make assumptions about users and devices to identify a user across devices (e.g., that a user of multiple devices is the same user or household) (“Cross-device Data”).
  • Device and Activity Monitoring: Suchtechnologies may monitor, and may record, certain interactions with the Service, including recording and transcribing consumer support calls and chats (both live and automated) including without limitation, keystrokes, and/or collect and analyze information from your device, such as, without limitation, your operating system, plug-ins, system fonts, and other data, for purposes such as identification, security, fraud prevention, troubleshooting, tracking and/or improving the Services and customizing or optimizing your experience on the Services.

Some information about your use of the Service and certain other online websites may be collected using Tracking Technologies across time and Services and used by us and third parties for purposes such as to associate different devices you use and deliver relevant ads and/or other content to you on the Website and certain other online websites, in accordance with applicable data protection laws. See Section 9: Choices: Tracking and Communications Options.

c. Information We Collect from Other Sources

We may also obtain information about you from other sources, including Service Providers and Third-Party Services. We are not responsible or liable for the accuracy of the information provided by third parties or for third party policies and practices.

d. Limitations

To the extent non-PI, or PI collected outside of the Service or by Third-Party Services, is combined by or on behalf of us with PI we collect directly from you on the Service (“Hybrid-Collected PI”), we will treat it in accordance with this Privacy Policy. Notwithstanding the foregoing or anything to the contrary, unless required by applicable law, this Privacy Policy is not intended to limit our activities regarding information that does not personally identify you such that it does not constitute Personal Information, including Personal Information that has been “De-identified” (i.e., the removal or modification of the personally identifiable elements, or the extraction of non-personally identifiable elements), and non-Hybrid Collected-PI (including third-party-sourced, or non-Service-sourced, information) that is not combined with Hybrid-Collected PI. We will not attempt to reidentify data that we treat and maintain as de-identified.

2. WHY WE COLLECT INFORMATION

We may use information about you for any purposes not inconsistent with our statements under this Privacy Policy, or otherwise made by us in writing at the point of collection, and not prohibited by applicable law, including, without limitation, for the following purposes:

  • To Deliver Our Services:
    • To deliver the Products or Services you have requested.
    • To process your order, payment authorization, and collection of sums owed.
    • To give you Service notices and deal with any customer care issues you may have.
    • To manage registered accounts you have with us.
    • To create and secure an on-line account, if you choose to establish one.
    • To notify you of any changes to our Services.
    • To provide services and fulfill your orders.
  • Marketing:
    • To advertise our products and services to you if they are relevant and appropriate to you.
    • To maintain a profile of our ongoing relationship that allows us to better serve you and tailor our offers so that they are more likely to be of interest to you.
    • To share with other companies within the Hybrid brand affiliates as needed for reasonable management, analysis, planning and decision making, including in relation to making decisions regarding expansion and promotion of our Websites and Services and for use by those companies for the other purposes described in this policy.

Please visit Section 9(b): the Communications subsection of the Choices: Tracking and Communications Options, Communications section for information regarding your choices as to promotional communications.

  • Research and Development:
    • To obtain your feedback, provide customer service, and track our performance.
    • To ensure that our online content that you access (whether as part of a Service or not) is presented in the most effective manner for you.
    • To operate our websites more effectively and to promote our Services on our Website.
    • To manage, conduct research, and improve how we operate and promote our Services including, without limitation, using non-personal anonymous, aggregate, and statistical information.
  • Analysis and Profiling:
    • To analyze your responses to our marketing communications (e.g., whether you open communications and/or how you interact).
    • To analyze your browsing and purchasing activity.
    • To use the analyses mentioned above, together with other demographic data, to contact you with information on products and offers relevant to you.
    • To analyze customer choices in respect of our services to understand our target audience for the purposes of selecting similar customers for advertising purposes.
  • Legal Requirements:
    • To pursue legal claims, prevent crime, and detect and prevent fraud and related matters.
    • To address issues relating to your personal safety and the safety of others.
    • To comply with applicable law, to respond to requests from government authorities, enforce our rights and protect property, and to satisfy our record keeping, regulatory, and legal obligations.

3. DISCLOSING YOUR INFORMATION

Generally, we may disclose information about you for any purpose not inconsistent with our statements under this Privacy Policy, or statements otherwise made by us in writing at the point of collection, and not prohibited by applicable law, including, without limitation:

  • To our agents, vendors, consultants, and other service providers (collectively “Service Providers”) in connection with their work on our behalf, including assisting in the provision of the Service. These parties may provide services including authentication, billing and collections, payment processing, customer support, or data storage.
  • To other third parties to meet legal, regulatory, insurance, audit, and other similar administrative needs.
  • Within our affiliated companies, we occasionally share your information as needed for purposes as described in Section 2: Why We Collect Information section.
  • To shipping companies to fulfill your order, at your direction.

In addition, we may share information about you as follows:

  • Marketing: Subject to your communications choices in Section 9(b): the Communications subsection of the Choices: Tracking and Communications Options, Communications section, and the rights of data subjects or consumers in certain jurisdictions explained in Section 10, State Privacy Notice and in accordance with applicable law.
  • With Your Disclosure or Consent: As more fully described in Section 4: Third-Party Consent, Third-Party Services, Advertising and Analytics, your activities on the Service may, by their nature, result in the sharing of your information with third parties to the extent permissible under applicable law. Such third-party data receipt and collection is subject to the privacy and business practices of that third party, not us.
  • Corporate Transactions: Finally, in the event we go through a merger, sale, bankruptcy, or other business transaction, we reserve the right to transfer or assign your information that we have collected as part of any business transaction in accordance with applicable law. In some cases, such as bankruptcy, we may not be able to control how your personal information is used.

4. THIRD-PARTY CONTENT, THIRD-PARTY SERVICES, ADVERTISING, AND ANALYTICS

The Service may include or link to Third-Party Services, apps, locations, platforms, code (e.g., plug-ins, application programming interfaces, and software development kits (“SDKs”)), or other websites (collectively, “Third-Party Service(s)”). These Third-Party Services may use their own cookies, web beacons, and other Tracking Technologies to independently collect information about you and may solicit Personal information from you.

Certain functionalities on the Service permit interactions that you initiate between the Service and Third-Party Services. Examples of such interactions include connecting the Service to a Third-Party Service (e.g., to pull or push information to or from the Service). If you enable such interactions, both we and the third party may have access to certain information about you and your use of the Service and any Third-Party Service.

We may engage and work with Service Providers, Third-Party Services, and other third parties to serve advertisements on the Website and/or on other online websites. Some of these ads may be tailored to your interest based on your browsing of the Website and elsewhere on the Internet, which may include use of precise location and/or cross-device data, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”) (where permitted under applicable law), which may include sending you an ad on another online website after you have left the Website (i.e., “retargeting”).

We are not responsible for, and make no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Service Providers and Third-Party Services associated with the Website, and encourage you to familiarize yourself with and consult their privacy policies and terms of use. Please refer to Section 9, Choices: Tracking and Communications Options, Communications, for more on certain choices offered by some third parties regarding their data collection and use, including regarding Interest-based Advertising and analytics.

5. INTERNATIONAL TRANSFERS

We are based in the U.S. and the information we and our Services collect is governed primarily by U.S. law. If you are accessing the Service from outside of the U.S., please be aware the information collected through the Service may be transferred to, processed, stored, or used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence

6. CHILDREN’S PRIVACY

We do not knowingly collect any Personal information from children under the age of 16 through our Services. If you are under 16, please do not give us any Personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal information to us without their permission. If you have reason to believe that a child under the age of 16 has provided Personal information to us, please contact us at privacy@junkfoodclothing.com, and we will endeavor to delete that Personal information from our databases. California residents under 16 have additional rights as set forth in the Do Not Sell / Share section of our State Privacy Notice (Section 10(b)(v)).

7. ACCESSING AND CHANGING INFORMATION

To the extent required by applicable law, we may provide web pages or other mechanisms allowing you to delete, correct, or update some of your information that we have collected and retained, and potentially certain other information about you (e.g., profile and account information). Further, except to the extent prohibited by applicable law, we reserve the right to retain data: (a) as required by applicable law; and (b) for so long as reasonably necessary to fulfill the purposes for which the data was collected.

8. HOW WE SAFEGUARD YOUR INFORMATION

The security of your Personal information is important to us. We employ reasonable technical and organizational measures to protect against the loss of, or unauthorized access to, the information under our control. Although we take reasonable and appropriate measures to protect your information, we cannot guarantee that your information will always remain secure.

9. CHOICES: TRACKING AND COMMUNICATIONS OPTIONS

a. Tracking Technologies Generally

Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options, so you may need to set them separately. Also, tools from browsers may not be effective with regard to certain Tracking Technologies. Please be aware that if you disable or remove these technologies, some parts of the Services may not work and when you revisit the Services your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online websites you visit. Like many online websites, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. However, for information on how we address so-called Global Privacy Control signals and online privacy preference signals, see the State Privacy Notice.

b. Analytics and Advertising Tracking Technologies

You may choose whether to receive some Interest-based Advertising by submitting opt-outs. Some of the advertisers and Service Providers that perform advertising-related services for us and third parties may participate in the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, including use of Cross-device Data for serving ads, visit http://www.aboutads.info/choices/, and http://www.aboutads.info/appchoices for information on the DAA’s opt-out program specifically for mobile apps (including use of precise location for third party ads). Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain Interest-based Advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective. We support the ad industry’s Self-regulatory Principles for Online Behavioral Advertising and expect that ad networks we directly engage to serve you Interest-based Advertising will do so as well, though we cannot guarantee their compliance.

You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on. We may also use Microsoft Advertising Websites. To learn about the data Microsoft collects and how your data is used by it and to opt-out of certain Microsoft browser Interest-based Advertising, please visit here.

We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

c. Communications

You can opt out of receiving certain promotional communications from us at any time by following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt out of receiving promotional communications, we may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or our ongoing business relations.

10. STATE PRIVACY Notice

This U.S. State Privacy Notice (“Notice”) applies to “Consumers” as defined under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA”), Chapter 603A of the Nevada Revised Statutes, and all laws implementing, supplementing, or amending the foregoing, including regulations promulgated thereunder (collectively, “U.S. Privacy Laws”).

This Notice is designed to meet our obligations under U.S. Privacy Laws and supplements the any other privacy policies of Hybrid Promotions, LLC. In the event of a conflict between any other Company policy, notice, or statement and this Notice, this Notice will prevail as to Consumers unless stated otherwise.

Applicability:

  • Section 10(a) of this Notice provides notice of our data practices, including our collection, use, disclosure, and sale of Consumers’ Personal Information or Personal information (collectively, “PI”).
  • Sections 10(b)-(d) of this Notice provide information regarding Consumer rights and how you may exercise them.
  • Section 10(e) of this Notice provides additional information for California residents.

For California residents the term “Consumer” is not limited to data subjects acting as individuals regarding household goods and services and includes data subjects in a business-to-business context.

The description of our data practices in this Notice covers the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.

We may Collect your PI directly from you (e.g., when you register for an account); our affiliates; service providers; or other businesses or individuals.

Generally, we Process your PI to provide you services and as otherwise related to the operation of our business, including for one or more of the following Business Purposes: Performing Services; Managing Interactions and Transactions; Security; Debugging; Advertising & Marketing; Quality Assurance; Processing Interactions and Transactions; and Research and Development. We may also use PI for other Business Purposes in a context that is not a Sale or Share under U.S. Privacy Laws, such as disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”), to the Consumer or to other parties at the Consumer’s direction or through the Consumer’s action; for the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice); as required or permitted by applicable law; to the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm; and to assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”) (“Additional Business Purposes”). Subject to restrictions and obligations under U.S. Privacy Laws, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.

We may also use and disclose your PI under this Notice for Commercial Purposes, which may be considered a “Sale” or “Share” under applicable U.S. Privacy Laws, such as when Third-Party Digital Businesses (defined below) Collect your PI via third-party cookies, and when we Process PI for certain advertising purposes. In addition, we may make your PI available to Third-Parties for their own use.

We provide more detail on our data practices in the two charts that follow.

a. PI Collection, Disclosure, and Retention – By Category of PI

We collect, disclose, and retain PI as follows:

Category of PI

Examples of PI Collected and Retained

Categories of Recipients

1. Identifiers

Real name, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, e-mail address, and account name.

Disclosures for Business Purposes:

  • General IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers);
  • Shipping vendors;
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

2. Personal Records

Name, signature, address, telephone number, and financial information (e.g., payment card information). Some PI included in this category may overlap with other categories.

Disclosures for Business Purposes:

  • General IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers);
  • Shipping vendors;
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

3. Customer Account Details/Commercial Information

Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Disclosures for Business Purposes:

  • General IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers);
  • Shipping vendors;
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

4. Internet Usage Information

When you browse our sites or otherwise interact with us online, we may Collect browsing history, search history, and other information regarding your interaction with our sites, applications, or advertisements.

Disclosures for Business Purposes:

  • General IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers);
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

5. Geolocation Data

If you interact with us online we may gain access to the approximate location of the device or equipment you are using.

Disclosures for Business Purposes:

  • General IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers);
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

6. Sensory Data

We may Collect audio, electronic, or similar information when you contact us through our customer service line.

Disclosures for Business Purposes:

  • General IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers);
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

7. Inferences from PI Collected

Inferences drawn from PI to create a profile about a Consumer reflecting preferences, predispositions, behavior, and attitudes.

Disclosures for Business Purposes:

  • General IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers);
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

8. Sensitive PI

Government Issued Identification Numbers (e.g., social security, driver’s license, state identification card, or passport number)




Disclosures for Business Purposes:

  • Vendors (e.g., data analytics providers, data processors, data storage providers, and payment processors);
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

Account Log-In (e.g., username and password to online account with Company)

Disclosures for Business Purposes:

  • General IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers);
  • Other members of our corporate group; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

There may be additional information we Collect that meets the definition of PI under applicable U.S. Privacy Laws but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category. Because there are numerous types of PI in each category, and various uses for each PI type, actual retention periods vary. We retain specific PI pieces based on how long we have a legitimate purpose for the retention.

b. Your Consumer Rights and How to Exercise Them

As described more below, subject to meeting the requirements for a Verifiable Consumer Request (defined below), Company provides California and Nevada Consumers the privacy rights described in this section.

If you are a customer or Website visitor of Junk Food Clothing or an authorized agent of a customer or Junk Food Clothing Website visitor, you can submit a request to exercise your Consumer privacy rights, by using our Consumer Rights Request Portal [here], or calling us at 855-655-8976. If you are a business contact, job applicant, current or former employee, current or former contractor, intern, or an authorized agent of such a Consumer, complete our U.S. Data Subject Action Request Form [here] and submit via email to HRPrivacy@hybridapparel.com or call us at 866-737-2515 and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.). The Consumer rights we accommodate are as follows:

i. Right to Limit Sensitive PI Processing

We only Process Sensitive PI for purposes that are exempt from Consumer choice under U.S. Privacy Laws.

ii. Right to Know/Access

Residents of California are entitled to access PI up to twice in a 12-month period.

iii. Categories

California residents have a right to submit a request for any of the following for the period that is 12-months prior to the request date:

  • The categories of PI we have Collected about you.
  • The categories of sources from which we Collected your PI.
  • The Business Purposes or Commercial Purposes for our Collecting, Selling, or Sharing your PI.
  • The categories of Third Parties to whom we have disclosed your PI.
  • A list of the categories of PI disclosed for a Business Purpose and, for each, the categories of recipients, or that no disclosure occurred.
  • A list of the categories of PI Sold or Share about you and, for each, the categories of recipients, or that no Sale or Share occurred.

iv. Specific Pieces

You may request to confirm if we are Processing your PI and, if we are, to obtain a transportable copy, subject to applicable request limits, of your PI that we have collected and are maintaining. For your specific pieces of PI, as required by applicable U.S. Privacy Laws, we will apply the heightened verification standards as described below. We have no obligation to re-identify information or to keep PI longer than we need it or are required to by applicable law to comply with access requests.

v. Do Not Sell / Share

California has an opt-out from “Selling” and “Sharing” for Cross-Context Behavioral Advertising (use of PI from different businesses or services to target advertisements). We may Sell or Share your PI and, as these terms apply under U.S. Privacy Laws (e.g., use for targeted advertising). However, we provide U.S. Consumers an opt out of Sale/Sharing.

Third-Party digital businesses (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that Collect PI about you on our services, or otherwise Collect and Process PI that we make available about you, including digital activity information. We understand that giving access to PI on our services, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Share under some state laws and thus we will treat such PI (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) collected by Third-Party Digital Businesses, where not limited to acting as our Service Provider (or Contractor or Processor), as a Sale and/or Share and subject to a Do Not Sell/Share opt-out request. We will not Sell your PI, Share your PI for Cross-Context Behavioral Advertising, or Process your PI for Targeted Advertising if you make a Do Not Sell/Share opt-out request.

Opt-out preference signals (also known as global privacy control or GPC): Some of the U.S. Privacy Laws require businesses to process GPC signals, which is referred to in California as opt-out preference signals (“OOPS”), which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the Sale or Sharing of personal information. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC. We have configured the settings of our consent management platform to receive and process GPC signals on our Websites with cookies and other tracking technologies from Third-Party Digital Businesses. We process OOPS/GPC with respect to Sales and Sharing that may occur in the context of Collection of cookie PI by tracking technologies online by Third-Party Digital Businesses, discussed above, and apply it to the specific browser on which you enable OOPS/GPC. We currently do not, due to technical limitations, process OOPS/GPC for opt-outs of Sales and Sharing in other contexts (e.g., non-cookie PI). We do not: (1) charge a fee for use of our service if you have enabled OOPS/GPC; (2) change your experience with any product or service if you use OOPS/GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the OOPS/GPC.

Opt-out for non-cookie PI: Customers or Website Visitors of Junk Food Clothing can opt-out of the Sale/Sharing of your non-cookie PI (e.g., use of your email address for targeted advertising), by using our Consumer Rights Request Portal [here], or calling us at 855-655-8976. If you are a business contact, job applicant, current or former employee, current or former contractor, or intern, complete our U.S. Data Subject Action Request Form [here] and submit via email to HRPrivacy@hybridapparel.com or call us at 866-737-2515 and respond to any follow-up inquiries we make.

Opt-out for cookie PI: If you want to opt-out of the Sale/Sharing of such PI to Third Party Digital Businesses, which only occurs on our Junkfood website, you need to exercise a separate opt-out request on our cookie management tool [here]. This is because we have to use different technologies to apply your opt-out of cookie PI and to non-cookie PI. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our cookie management tool. Note that if you use ad blocking software, our cookie banner may not appear when you visit our services and you may have to use the link above to access the tool.

We do not knowingly Sell or Share the PI of Consumers under 16, unless we receive affirmative authorization (“opt-in”) from either the Consumer who is between 13 and 16 years old, or the parent or guardian of a Consumer who is less than 13 years old. If you think we may have unknowingly collected PI of a Consumer under 16 years old, please Contact Us as described in Section 11.

We may disclose your PI for the following purposes, which are not a Sale or Share: (i) if you direct us to disclose PI (for example, to a shipping company to ship your order to you); (ii) to comply with a Consumer rights request you submit to us; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.

vi. Right to Delete

Except to the extent we have a basis for retention under applicable law, you may request that we delete your PI. Our retention rights include, without limitation:

  • to complete transactions and services you have requested;
  • for security purposes;
  • for legitimate internal Business Purposes (e.g., maintaining business records);
  • to comply with law and to cooperate with law enforcement; and
  • to exercise or defend legal claims.

Please also be aware that making a deletion request does not ensure complete or comprehensive removal or deletion of PI or content you may have posted.

Note also that, depending on where you reside (e.g., California), we may not be required to delete your PI that we did not Collect directly from you.

vii. Correct Your PI

Consumers may bring inaccuracies they find in their PI that we maintain to our attention and we will act upon such a complaint as required by applicable law. You can also make changes to your online account in the account settings section of the account. That will not, however, change your information that exists in other places.

viii. Automated Decision Making/Profiling

We do not engage in Automated Decision Making or Profiling.

ix. How to Exercise Your Consumer Privacy Rights

If you are a customer or Website visitor of Junk Food Clothing or an authorized agent of a customer or Junk Food Clothing Website visitor, you can submit a request to exercise your Consumer privacy rights, by using our Consumer Rights Request Portal [here], or calling us at 855-655-8976. If you are a business contact, job applicant, current or former employee, current or former contractor, intern, or an authorized agent of such a Consumer, complete our U.S. Data Subject Action Request Form [here] and submit via email to HRPrivacy@hybridapparel.com or call us at 866-737-2515 and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.).

x. Your Request Must be a Verifiable Consumer Request

As permitted or required by applicable U.S. Privacy Laws, any request you submit to us must be a Verifiable Consumer Request, meaning when you make a request, we may ask you to provide verifying information, such as your name, e-mail, phone number and/or account information. We will review the information provided and may request additional information (e.g., transaction history) via e-mail or other means to ensure we are interacting with the correct individual. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. We do not verify opt-outs of Sell/Share or Limitation of Sensitive PI requests unless we suspect fraud.

We verify each request as follows:

  • Right to Know (Categories) (available for California residents only): If you do not have a password-protected account, we verify your Request to Know Categories of PI to a reasonable degree of certainty. If we cannot do so, we will refer you to this Notice for a general description of our data practices.
  • Right to Know (Specific Pieces): If you do not have a password-protected account, we verify your Request to Know Specific Pieces of PI to a reasonably high degree of certainty. If you fail to provide requested information, we will be unable to verify you sufficiently to honor your request, but we will then treat it as a Right to Know Categories Request if you are a California resident.
  • Do Not Sell/Share & Limit SPI: No specific verification required unless we suspect fraud.
  • Right to Delete: If you do not have a password-protected account, we verify your Request to Know Specific Pieces of PI to a reasonably high degree of certainty or to a reasonably high degree of certainty, depending on the sensitivity of the PI and the risk of harm to the Consumer posed by unauthorized deletion. If we cannot verify you sufficiently to honor a deletion request, you can still make a Do Not Sell/Share and/or Limit SPI request.
  • Correction: If you do not have a password-protected account, we verify your Request to Correct PI to a reasonable degree of certainty or to a reasonably high degree of certainty, depending on the sensitivity of the PI and the risk of harm to the Consumer posed by unauthorized correction.

To protect Consumers, if we are unable to verify you sufficiently, we will be unable to honor your request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

xi. Agent Requests

You may use an authorized agent to make a request for you, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you. Authorized agents of a customer or Junk Food Clothing Website visitor can submit a request on behalf of a Consumer by using our Consumer Rights Request Portal [here], or calling us at 855-655-8976. If you are an authorized agent of a business contact, job applicant, current or former employee, current or former contractor, intern, complete our U.S. Data Subject Action Request Form [here] and submit via email to HRPrivacy@hybridapparel.com or call us at 866-737-2515. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.). Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of the CCPA.

xii. Our Responses

Some PI that we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in response to those requests. If we deny a request, in whole or in part, we will explain the reasons in our response.

We will make commercially reasonable efforts to identify Consumer PI that we Process to respond to your Consumer request(s). In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Consistent with applicable U.S. Privacy Laws and our interest in the security of your PI, we will not deliver to you your account password in response to a Consumer privacy rights request; however, you may be able to access some of this information yourself through your account if you have an active account with us.

xii. Non-Discrimination/non-retaliation

We will not discriminate or retaliate against you in a manner prohibited by applicable U.S. Privacy Laws for your exercise of your Consumer privacy rights. We may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI.

c. Notice of Financial Incentive Programs

We may offer discounts or other rewards (“Incentives”) from time-to-time to Consumers that provide us with PI, such as name, phone number, e-mail address, IP address, or location. You may opt-in to Incentives by subscribing to our newsletter to receive 15% off on your next purchase, or other loyalty and Incentive programs we may offer from time-to-time (“Program(s)”). Each Program may have additional terms, available on the Program page or at Program sign-up. The Incentives will be described in the Program page, or at Program sign-up. If you subsequently wish to withdraw from the Programs, the method for doing so will be explained in the Program terms. We do not limit Program participation to consumers that do not exercise their CCPA rights. However, a deletion request will not delete Program PI because it is necessary to maintain your participation in the Program. If you desire to delete Program PI, terminate your participation in the Program before making a CCPA deletion request.

d. Our Rights and the Rights of Others

Notwithstanding anything to the contrary, we may collect, use, and disclose your PI as required or permitted by applicable law and this may override your rights under U.S. Privacy Laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

e. Additional Notice for California Residents

In addition to the CCPA, certain Californians are entitled to certain other notices, as follows:

This Notice provides information on our online practices and your California rights specific to our online services. Without limitation, Californians that visit our online services and seek to acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights:

i. California Minors

Although our services are intended for an audience over the age of majority, any California residents under the age of eighteen (18) who have registered to use our services, and posted content on the service, can request removal by contacting us by completing our U.S. Data Subject Action Request Form [here] and submitting via email to HRPrivacy@hybridapparel.com or, if you are a customer or Junk Food Clothing website visitor, you can submit a request by using our Consumer Rights Portal [here] or calling us at 855-655-8976, detailing where the content is posted and attesting you posted it. We will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines we do not control.

ii. Shine the Light

We may share “personal information,” as defined by California’s “Shine the Light” law, with third parties for such third parties own direct marketing purposes. California residents may opt-out of this sharing by contacting us at HRPrivacy@hybridapparel.com or 10700 Valley View St., Cypress, CA 90630 (Attn: Privacy). We will not accept Shine the Light requests by telephone or by fax, and are not responsible for requests not labeled or sent properly, or that are incomplete. This right is different than, and in addition to, CCPA rights, and must be requested separately. You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. However, a Do Not Sell/Share opt-out is broader and will limit our sharing with third parties for their own direct marketing purposes without the need for making a separate Shine the Light request. You can opt out by making a Do Not Sell / Share request as described in Section 10(b)(v) above.

11. Contact Us

If you have any questions, comments, or concerns about our privacy practices, please contact us by:

Email: HRPrivacy@hybridapparel.com

Address: 10700 Valley View St., Cypress, CA 90630 (Attn: Privacy)

Please note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.