Effective Date: April 3, 2020

1. Introduction and Overview
This Privacy Policy describes how the BORO Sugar Shack. (“BORO Sugar Shack”, “Sugar Shack”, “we,” “our,” or “us,”) collects, uses, and shares information about you as well as your rights and choices about such use and sharing, and applies to your use of any online service location that posts a link to this Privacy Policy and all features, content, and other services that we own, control, and make available through such online service location (collectively, the “Service”). This Privacy Policy does not apply to our information collection activities outside of the Service (unless otherwise stated below or at the time of collection).

By using the Service, you agree to our Terms of Use and to our collection, use and disclosure practices, and other activities as described in this Privacy Policy. If you do not agree and consent, discontinue use of the Service.

If you have any questions about our privacy practices, please contact us as set forth in the section entitled “Contact Us” below.

2. Information Collection
A. Information You Provide.
We collect several types of information from and about users of our Service, such as when you register an account, update your account, access our content, make a purchase, subscribe to emails for sweet news or deals, participate in a rewards program, survey, contest or other promotion (“Promotion”), or contact customer support or apply for a job. We may use Service Providers (defined below) to collect this information.

The information we collect includes information that identifies you personally (whether alone or in combination). Some examples of information we collect include the following:

  • Contact Data. We collect your first and last name, postal address, e-mail address, telephone number, and other similar contact data, and the same data for third parties if you ask us to ship products to third parties.
  • We collect passwords, password hints, and other information for authentication and account access.
  • Demographic Data. We collect demographic information including your date of birth and country.
  • We collect data about your product and communication preferences to better serve your needs and interests.
  • Payment Data. We collect data necessary to process your payment if you make a purchase, including your payment instrument number (such as a credit card number), and the security code associated with your payment instrument.
    We collect the content of messages you send to us, such as survey responses for research purposes, feedback and correspondence, or questions and information you provide to customer support. We also collect the content of your communications as necessary to provide you with the services you use.
  • Search Queries. We collect search queries to better serve customer interest and needs.
  • Resume Data. We collect data as necessary to consider you for a job opening if you submit an application to us, including your employment history, transcript, writing samples, and references.

You may choose to voluntarily submit other information to us through the Service that we do not request, and, in such instances, you are solely responsible for such information.

B. Information Collected Automatically.
We automatically collect information about your device and how your device interacts with our Service. We may use Service Providers to collect this information. Some examples of information we collect include the following:

  • Service Use Data. We collect data about the features you use, the pages you visit, the e-mails and advertisements you view, the products you purchase, the time of day you browse, your referring and exiting pages, and other similar information.
  • Device Connectivity and Configuration Data. We collect data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data also includes IP address, MAC address, device advertising Id (e.g., IDFA or AAID), and other device identifiers.
  • Location Data. We collect data about your device’s location, which can be precise (e.g., latitude/longitude data) or imprecise (e.g., location derived from an IP address or data that indicates a city or postal code level).

We use various current – and later – developed technologies to collect this information (“Tracking Technologies”), including the following:

  • Log Files. A log file is a file that records events that occur in connection with your use of the Service, such as your service use data.
  • A cookie is a small data file stored on your device that acts as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate the Service and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising both on and off the Service. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
  • Pixels. A pixel (also known as a web beacon) is code embedded in a website, video, e-mail, or advertisements that send information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, video, e-mail, or advertisement that contains a pixel, the pixel may permit us or a third party to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from third parties that allow us to track our conversions, bring you advertising both on and off the Service, and provide you with additional functionality, such as the ability to connect our Service with your social media account.
  • Device Fingerprinting, which is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your browser and device.
  • Location-Identifying Technologies, which are technologies used to collect your location. Location data may be used for purposes such as verifying your device’s location and delivering or restricting relevant content and advertising based on that location.

Some information about your use of the Service and certain Third Party Services (defined below) may be collected using Tracking Technologies across time and services and used by us and third parties for purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the Service and certain Third Party Services.

For further information on Tracking Technologies and your rights and choices regarding them, see the sections entitled “Third Parties” and “Your Rights and Choices” below.

C. Information from Other Sources.
We also obtain information about you from other third party sources. To the extent we combine such third party sourced information with information we have collected about you through the Service, we will treat the combined information in accordance with the practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data. These third party sources vary over time, but have included:

  • Social networks when you reference our Service or grant permission to BORO Sugar Shack to access your data on one or more of these services.
  • Data brokers from which we purchase data or services to append data to supplement the data we collect.
  • Data brokers from which we purchase data or services to monitor social media activity.
  • Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.

For further information on Third Party Services, see the section entitled “Third Parties” below.

3. How We Use Your Information.
We use information about you for our legitimate interests, including to:

  • Manage our Service, including your registration and account.
  • Perform services requested by you, such as filling orders, respond to comments, questions, and requests, and provide customer service.
  • Send you technical notices, updates, security alerts, information regarding changes to our policies, products, or services and support and administrative messages.
  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • Respond to and evaluate your inquiries related to employment opportunities or other requests.
  • Prevent and address fraud, breach of policies or terms, and threats or harm.
  • Make telephone calls to you, from time to time, as a part of secondary fraud protection or to solicit your feedback.
  • Monitor and analyze trends, usage, and activities.
  • Improve the Service of BORO Sugar Shack websites, marketing efforts, products and services.
  • Develop and send you direct marketing, including newsletters, surveys, offers, Rewards Program materials, Promotions and communications about our and third-party products, offers, promotions, rewards, events, and services.
  • Verify your eligibility and deliver prizes in connection with Promotions you have entered.
  • Serve advertising tailored to your interests on our Services and Third Party Services.
  • Fulfill any other purpose disclosed to you with your consent.

We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law. For information about your rights and choices regarding how we use your information, please see the section entitled “Your Rights and Choices” below.

4. Sharing of Information
We share information about you as follows:

Service Providers. We share your information with our agents, vendors, and other service providers (collectively “Service Providers”) in connection with their work on our behalf. Service Providers assist us with services such as payment processing, data analytics, marketing, and promotional services, Promotions, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information that does not identify you or de-identified data for other purposes.

  • We may share your information with our related entities including our parent and sister companies. For example, we may share your information with our affiliates for customer support, marketing, and technical operations.
  • Business Partners. We may share your information with our business partners in connection with offering you co-branded services, selling or distributing our products, or engaging in joint marketing activities.
  • Promotions. Our Promotions may be jointly sponsored or offered by third parties. If you voluntarily choose to enter a Promotion, we may share your information with third parties a set forth in the official rules that govern the Promotion as well as for administrative purposes and as required by law (e.g., on a winners list). By entering a Promotion, you agree to the official rules that govern that Promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.
  • Third Parties. We may share your information with third parties for purposes of facilitating your requests (such as when you choose to share information with a social network about your activities on the Service) and in connection with tailoring advertisements, measuring and improving our Service and advertising effectiveness, and enabling other enhancements.
  • Security and Compelled Disclosure. We may share your information to comply with the law or other legal processes, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share your information to protect the rights, property, life, health, security and safety of us, the Service or any third party. This includes but is not limited to exchanging information with other organizations for the purposes of fraud protection and credit risk reduction.
  • We may share your information for any other purpose disclosed to you and with your consent.

Without limiting the foregoing, in our sole discretion, we may share aggregated information that does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the section entitled “Your Rights and Choices” below.

5. Public Information
Certain areas of the Service such as posts or information you transmit to other users of the Service or third parties, are designed to help you share information with the world. If you make information public through our Service, other people will have access to it. Please think carefully before making information public as you are solely responsible for any information you make public. Although you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of our Service with whom you may choose to share your information with. Therefore, we cannot and do not guarantee that your information will not be viewed by unauthorized persons. Once you have posted information, you may not be able to edit or delete such information; however, California residents have additional rights as set forth in “Your Rights and Choices” below.

6. Third Parties
A. Third Party Services.
Our Service contains content from and hyperlinks to websites, locations, platforms, and services operated and owned by third parties (“Third Party Services”). These Third Party Services may use Tracking Technologies to independently collect information about you and may solicit information from you. The information collected and stored by third parties, whether through our Service, a Third Party Service, a Third Party Feature (defined below), or a third party device, remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

B. Third Party Features.
We may allow you to connect our Service to a Third Party Service or offer our Service through a Third Party Service (“Third Party Features”). If you use a Third Party Feature, both we and the applicable third party may have access to and use information associated with your use of the Third Party Feature, and you should carefully review the third party’s privacy policy and terms of use. Some examples of Third Party Features include the following:

  • Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Service that allows you to “like” or “share” content on, or log-in to your the BORO Sugar Shack account through, Third Party Services, including social networks such as Facebook and Twitter. If you choose to engage with such a Third Party Service through our Service, we may collect any information you have authorized the Third Party Service to share with us (such as your user ID, billing information, public profile information, e-mail address, birthday, friends list, and other account and profile data). Likewise, if you choose to engage with such a Third Party Service through our Service or visit our Service while logged in to that Third Party Service on your device, the Third Party Service may receive information about your activities on our Service and be able to associate that information with information the Third Party Service already has about you.
  • Brand Pages and Chatbots. We may offer our content on social networks such as a Facebook, Instagram and Twitter. Any information you provide to us when you engage with our content (such as through our brand page or via our chatbot on Facebook Messenger) is treated in accordance with this Privacy Policy. Also, if you publicly reference our Service on a Third Party Service (e.g., by using a hashtag associated with the BORO Sugar Shack in a tweet or post), we may use your reference on or in connection with our Service

C. Analytics and Interest-Based Advertising.
Our Service contains Tracking Technologies owned and operated by Third Parties. For example, we use Tracking Technologies from third-party analytics provides, such as Google Analytics, to help us analyze your use of the Service, compile statistic reports on the Service’s activity, and provide us with other services relating to the service activity and internet usage. We also work with ad serving services, advertisers, and other third parties to serve advertisements on the Service and/or on Third Party Services, such as Facebook Custom Audiences. These third parties may use Tracking Technologies on our Service and Third Party Services (including in e-mails and advertisements) to track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you on the Service and Third Party Services or third party devices after you have left the Service (“Interest-based Advertising”).

We serve ads on and through Third Party Services, such as Facebook and Google, that are targeted to reach people (or people similar to people) who have visited our Service or are identified in one or more of our databases (“Matched Ads”). This is done by us uploading a customer list to the Third Party Service or incorporating a pixel from the Third Party Service on our Service, and the Third Party Service matching common factors between our data and their data. To opt-out of receiving Matched Ads, please contact the applicable Third Party Service. If we use Facebook Custom Audiences to serve Matched Ads on Facebook services, you should be able to hover over the box in the right corner of such Facebook ads and find out how to opt-out. We are not responsible for such Third Party Service’s failure to comply with your opt-out instructions.

For further information on Tracking Technologies and your rights and choices regarding them, please see the sections entitled “Information Collected Automatically” above and “Your Rights and Choices” below.

7. Your Rights and Choices
A. Review and Update of Account Information.
You may access, update, or remove certain account information that you have voluntarily submitted to us through the Service by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below. We may require additional information from you to allow us to confirm your identity. If you would like to delete your information, you will need to delete your user account. When we delete information, it will be deleted from the active database, but may remain in our archives. Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, fraud prevention, and enforce our agreements. California residents have additional rights as set forth in the sections entitled “Your California Privacy Rights” below.

B. Tracking Technology Choices.

  • Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
  • Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

Please be aware that if you disable or remove Tracking Technologies some parts of the Service may not function correctly.

C. Analytics and Interest-Based Advertising.
If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by checking the relevant box located on the form on which we collect your data (the order form/registration form). You can also always opt-out by logging into the Service and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes or by sending us an email stating your request to the email address set forth in the section entitled “Contact Us” below.

You can opt-out of your data being used by Google Analytics through cookies by visiting https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.

Some of the third parties that collect information from or about you on the Service in order to provide more relevant advertising to you participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. This program offers a centralized location where users can make choices about the use of their information for online behavioral advertising. To learn more about the DAA and your opt-out options for their members, please visit (i) for website opt-out, http://www.aboutads.info/choices; and (ii) for mobile app opt-out, http://www.aboutads.info/appchoices. In addition, some of these third parties may be members of the Network Advertising Initiative (“NAI“). To learn more about the NAI and your opt-out options for their members, please visit http://www.networkadvertising.org/choices/. Please note that if you opt-out of online behavioral advertising using any of these methods, the opt-out will only apply to the specific browser or device from which you opt-out. Further, opting-out only means that the selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

You may also limit our use of information collected from or about your mobile device for purposes of serving online behavioral advertising to you by going to your device settings and selecting “Limit Ad Tracking” (for iOS devices) or “Opt out of Interest-Based Ads” (for Android devices).

D. Communications.

  • E-mails. You can opt-out of receiving promotional e-mails from us at any time by following the instructions as provided in e-mails to click on the unsubscribe link or e-mailing us at the e-mail address set forth in the section entitled “Contact Us” below with the word UNSUBSCRIBE in the subject field of the e-mail. Please note that you cannot opt-out of non-promotional e-mails, such as those about your account, transactions, servicing, or the BORO Sugar Shack’ ongoing business relations.
  • Text Messages and Calls. You can opt-out of receiving text messages or calls to your phone number at any time by (i) for text messages, texting “STOP” in response to any text message you receive from us or contacting us as set forth in the section entitled “Contact Us” below and specifying you want to opt-out of text messages; and (ii) for calls, requesting opt-out during any call you receive from us or contacting us as set forth in the section entitled “Contact Us” below and specifying you want to opt-out of calls.

Please note that your opt-out is limited to the e-mail address, device, and phone number used and will not affect subsequent subscriptions.

8. Children
The Service is intended for a general audience and not directed to children under thirteen (13) years of age. The BORO Sugar Shack do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe the BORO Sugar Shack have collected such information in a manner not permitted by COPPA, please contact us as set forth in the section entitled “Contact Us” below, and we will remove such data to the extent required by COPPA.

9. Data Security
We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. All information you provide to us is stored on our secure servers behind firewalls or on third party servers. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.

10. International Transfer
We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Service from outside of the U.S., please be aware that information collected through the Service may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Service or provision of any information, therefore, constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information in the U.S. and other jurisdictions as set forth in this Privacy Policy.

11. Changes to this Privacy Policy
We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you with additional notice to your e-mail address.

12. Contact Us
If you have any questions or comments about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us:

By e-mail:

sales@borosugarshack.com

By mail:

BORO Sugar Shack
15 East Main Street
Westborough, MA 01581