This Privacy Statement describes our privacy practices for personal information we collect from or about individuals through our services, sites, products (collectively, “Services”).
1. What Information We Collect.
We collect the following information:
Information You Give Us
Creating an account. When you create an account we collect information that allows us to set up or open your account, such as your name, company information, shipping address, billing address, email address, phone number, user ID and password.
Using our services. We receive information from you when you use our Services, such as information about your business, inventory, product details, invoices, orders, shipping information, customer details and financial information. We also collect additional information from you when you sign-in or otherwise use our Services.
Customer support, product research and feedback. When you reach out to us for support, give us feedback, participate in optional surveys, product research, events, or trainings, we also collect information that you choose to share.
Information We Get When You Use the Service
Device information. We may collect device information such as Internet Protocol (“IP”) addresses, log information, error messages, device type and unique device identifiers. For example, we collect IP addresses from you when you log into the Services as part of our log-in and security features.
Usage information. We may collect usage information such as the pages you viewed, the features you use, your browser type, error reports and any links you click on to leave or interact with our Services. We may also gather information about other applications you use on your device for analytics and advertising reasons.
Content. We also collect content that you provide through the Services, such as information about your business such as your invoices, expenditures or customer details; content you post on our community forums; content you provide to our customer care agents; and feedback you provide about the Services.
Information We Get from Third Parties
We also get information about you from other third parties where permitted by applicable law. For example, we receive information from:
- third parties with whom you have an account or receive a service when you choose to sync that third-party account/service with your NoverStock account, or integrate your data from that third party into the Services we provide to you;
- third-party service providers who help us to supplement the information you have provided and to ensure the accuracy of your information; and
- third parties who provide us with information about you or your interaction with our Services.
Some of the functionalities in our Services may require you to provide the information described above in order for you to use the Services. If you do not wish to provide the required information, you may not be able to use certain features or the Services. We will try to let you know what information is required and what information is optional. We may also combine information that you provided us with information about you that we get from other sources, in accordance with applicable law.
2. How Do We Use Your Information.
We use your information in order to provide you with the Services that you have accessed or requested; to personalize your experience; to provide technical support; to protect the security and safety of the Services, our customers, NoverStock and others; or to otherwise operate our business.
We use your information to improve, expand and develop our Services; to ensure that you receive our most up-to-date product offerings.
We use your information to communicate with you. From time to time we may communicate with you, including to: provide you with important information about the Services or your accounts, such as subscription related information; give you offers for third-party products and services that we think may be of interest to you; send you information about NoverStock.
In general, we will use the personal information we collect from you only for the purposes described in this Privacy Statement or for purposes we provide at the time we collect your personal information.
3. How We Share Your Information
We do not sell personal information to third parties. We do share personal information with third-parties for the business purposes described in this Statement.
From time to time, we may need to share your information, but we will only share your personal information in the following circumstances:
- We may share your personal information with third parties, but only for the following reasons:
- To provide functions and services on our behalf. We may share your information with third parties who provide various functions on our behalf and enable us to provide our Services and operate our business, such as service providers and business partners.
- For legal reasons. We may share your information with third-parties for legal reasons, including: when we reasonably believe disclosure is required or permitted in order to comply with a subpoena, court order, or other applicable law, regulation or legal process;
4. Processing Personal Information
Our legal basis for collecting and using the personal information described in this Privacy Statement will depend on the type of personal information and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you, including details of any legitimate interest we rely on to process your personal information.
5. Data retention
Unless you specifically ask us to delete your personal information, we retain your information as long as is necessary to maintain your NoverStock account or to provide you with our Services. Once you have terminated your account or otherwise cease using our Services (including if we determine your account has gone inactive), we will no longer retain your information except to the extent necessary:
- to send you marketing communications in accordance with your marketing preferences
- for our legal or regulatory compliance (e.g. maintaining records of transactions you have made with us), to exercise, establish or defend legal claims, and to protect against fraudulent or abusive activity on our Service; or
- for general product improvement purposes in accordance with this Privacy Statement, provided that any data retained for this purpose will be used only for a limited period and handled securely and in confidence.
If we no longer need your information for the above purposes, we will generally delete or de-identify it in accordance with our standard data retention practices. However, there may be occasions where we are unable to fully delete or de-identify your information due to technical or other operational reasons, for example where your information has been archived onto back-up systems. Where this is the case, we will take reasonable measures to securely isolate your information from any further processing until such time as we are able to delete or de-identify it.
6. Third-Party Services, Links and Integrations.
Third-party products, services and applications may use or integrate with our Services, or otherwise be offered through our Services (“Third-Party Services”). If you choose to use any of these Third-Party Services or link or sync any of these Third-Party Services with your NoverStock account you are permitting us to provide your information and any information associated with your account, including personal information, to the third party. We do not control such Third-Party Services and are not responsible for their content, their privacy policies, or their use of your information. Your interactions with these Third-Party Services are governed by the privacy statement of the company providing the relevant Third-Party Service.
In a cases where NoverStock needs to download data from third-parties, NoverStock will follow the guidelines for data protection and data retention of each of the offered third-party services.
7. Security of Your Information
- Data is transferred exclusively over https. Certificates are provided by AWS https://www.amazontrust.com/repository/ .
- Our Service is hosted entirely at Amazon Web Services. AWS has comprehensive levels of security, including ISO 27001, PCI-DSS, SOC 1-3, ISO 9001 and DoD SRG.
- Data are rest and data in transit rules are applied to ensure the inability of 3rd parties to access, process, tamper with or reproduce.
- All data and services are behind firewalls.
- 3rd parties used for the services are limited to only big and reputable companies like Amazon, EBay, Etsy, Direx.
- When integration with 3rd parties is provided it is through a limited API that does not provide direct access to data and all API enforce access credentials and encryption.
- No direct access to any database or container is allowed to any clients or 3rd parties and are only accessible by a limited number of trusted NoverStock employees who are with the corresponding level of training regarding security.
- All services and roles are configured under the minimal required permissions principal.
- All access credentials and confidential information related to accesses are stored in a world leading management software – Bit warden.
- Scheduled for regular penetration tests every 6 months.