PRIVACY POLICY
Last updated May 2024
Welcome to the Tiny Tidal Wave, on Etsy.com (the “Website” or “Services”). The Services are operated by Tiny Tidal Wave staff (“we,” “us,” or “our”). We believe that the privacy and security of your information and personal data (“Information”) is very important. This Privacy Policy (“Policy”) explains the type of Information we collect from users of the Services, how that Information is used, how the Information may be shared with other parties, and what controls our users have regarding their Information. We encourage you to read this Policy carefully.
Any updates or modifications to this Policy will be posted to this policy page on the Etsy website. By using or accessing the Services, you signify that you have read, understand and agree to be bound by this Policy.
Our Services are operated in the United States but can be accessed worldwide.
If you are located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom, we are subject to the UK General Data Protection Regulation (“UK GDPR”) and the EU General Data Protection Regulation (“EU GDPR”) and are the Controller of your data.
INFORMATION WE COLLECT AND HOW WE USE IT
Types of Information
We may collect the following types of Information through our Services:
(1) “Personal Data” such as your name, e-mail address and phone number, account or mailing address, and other information that can be used to directly identify and contact you (which, in some cases, may include certain Device Information or information from the signature block of your e-mail);
(2) “Device Information” which is information relating to the computer or device you are using when you access our Services, such as your computer’s IP address, your mobile device identifiers (including Apple IDFA or an Android Advertising ID), the type of browser and operating system you are using, the identity of your internet service provider, and your device and browser settings.
(3) “Usage Data” which is data related to your use of the Services such as the pages you visit, the sites you use before or after visiting ours, your actions within the Services, the type of content or advertisements you have accessed, seen, forwarded and/or clicked on, Wi-Fi connections, date and time stamps, log files, and diagnostic, crash, website, and performance logs and reports.
As described in more detail below, we collect Personal Data only when you provide it to us but may collect other types of Information whenever you use our Services through automated means such as software developer kits, cookies and web beacons (which are discussed in more detail below).
Personal Data
You may enter the Website and browse its content without submitting any Personal Data. However, we will need to collect relevant Personal Data to provide you with certain services offered by the Services, including if you choose to create an account on our website, contact us or otherwise communicate with us in any way, subscribe or opt in to our newsletter, alerts, or other communications, subscribe or opt in to SMS messages, sign up for product waitlists, participate in a contest or promotion, order our products, submit product reviews, questions, feedback or user comments, complete an optional survey, contact customer service or otherwise interact with the Services.
We use the Personal Data that we collect to respond to your requests, communicate with you regarding the Services and our content, send you promotional or marketing communications, guard against potential fraud, provide product information, service your requests and orders, and provide you with the applicable services, features or functionality associated with your submission. When you submit Personal Data through the Services, whether by directly providing it to us upon request or voluntarily disclosing it through comments, you are giving your consent to the collection, use and disclosure of your Personal Data as set forth in this Privacy Policy.
Device Information & Usage Data
Whether or not you submit Personal Data, any time you visit our Services, we or our service providers may collect, store or accumulate certain Device Information and Usage Data. This Information may be used in furtherance of the purposes described above with respect to Personal Data and in aggregate form for internal business purposes, such as optimizing the Services, evaluating the popularity of content, generating statistics and developing marketing plans, and otherwise for general administrative, analytical, research, optimization, and security purposes.
PERSONAL DATA RETENTION
We retain the Personal Data we receive as described in this Privacy Policy for as long as you use the Services or as necessary to fulfill the purpose(s) for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
PRIVACY AND SECURITY
We take reasonable precautions to protect our customers' Personal Data against loss, misuse, unauthorized disclosure, alteration, and destruction. However, please remember that no transmission of data over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any Information that you transmit to us or from us, and you do so at your own risk. You hereby acknowledge that we are not responsible for any intercepted information sent via the Internet, and you hereby release us from any and all claims arising out of or related to the use of intercepted information in any unauthorized manner.
If you believe your Personal Data is being improperly used by us or any third party, please immediately notify us via email at michelle.l.teems@gmail.com .
CHILDREN UNDER 16
Children under 16 years of age are not permitted to use the Services. We do not knowingly collect or solicit Personal Data directly from anyone under the age of 16. If you are under 13, please do not send any Personal Data about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Data from a child under age 13, we will delete that information as quickly as possible. If you are a parent or guardian of a child under 13 years of age and you believe your child has provided us with Personal Data, please contact us at michelle.l.teems@gmail.com .
YOUR RIGHTS
Disallowing Cookies and Location Data Collection
You can opt out of the collection and use of certain information, which we collect about you by automated means, by changing the settings in the device you use to access the Services. In addition, your browser may tell you how to be notified and opt out of receiving certain types of cookies. Please note, however, that without cookies you may not be able to use some or all of the features of the Services.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy, at:
http://optout.networkadvertising.org
http://www.youronlinechoices.eu
https://youradchoices.ca/choices
http://optout.aboutads.info
Your Right to Access, Review, and Delete Personal Data
Under certain laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), you may have the right to: obtain confirmation that we hold Personal Data about you, request access to and receive information about the Personal Data we maintain about you, restrict the use of the data, receive the data in a portable format, receive copies of the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, object to the continued processing or use of your Personal Data, complain to a supervisory authority, and have the Personal Data blocked, anonymized or deleted, as appropriate. The right to access Personal Data may be limited in some circumstances by local law. If you qualify, in order to exercise these rights, please contact us at michelle.l.teems@gmail.com .
We may ask you to provide additional information for identity verification purposes, or to verify that you are in possession of an applicable email account.
Please understand, however, that we reserve the right to retain an archive of such Personal Data for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such Information.
Do Not Track
We use analytics systems and providers and participate in ad networks that process Personal Information about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. We process or comply with any web browser’s “do not track” signal or similar mechanisms.
Note, however, that you may find information about how to opt out of online behavioral advertising and/or block or reject certain tracking technologies in the section caption “Disallowing Cookies and Location Data Collection” above.
YOUR CALIFORNIA PRIVACY RIGHTS
California residents, see our “California Privacy Notice” for more information about certain legal rights.
YOUR NEVADA PRIVACY RIGHTS
Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to michelle.l.teems@gmail.com .
INTERNATIONAL DATA TRANSFERS
If you are located outside the United States, including in the EEA, we transfer Personal Data for processing in the United States, including Personal Information sent via e-mails or when you make an order. Under the GDPR, we are considered a “controller” of the Personal Data of EEA Data Subjects. By using the Services outside the United States, you acknowledge that we will transfer your data to, and store your Personal Data in, the United States, which may have different data protection rules than in your country, and Personal Data may become accessible as permitted by law in the United States, including law enforcement and/or national security authorities in the United States. For transfers of data into and out of the EEA, pursuant to Article 46 of the GDPR, we use standard contractual clauses adopted by the European Commission.
Rights of EEA Residents
This section of the Privacy Policy is applicable to individuals located in the EEA, Switzerland, and the United (“EEA Data Subjects”).
Our purpose for collecting and processing Personal Data from EEA Data Subjects is to provide them with the features and functionalities of our Services and information regarding our Services. The legal basis for processing Personal Data is because it is necessary for performance of a contract between us to provide you with the Services and its related features and functionality and in other circumstances may be necessary for our legitimate interests in making the Services available and secure, or to exercise our rights or comply with legal obligations. We also rely on your consent to receive information about our Services. You may withdraw consent from receiving marketing and promotional communications by clicking the “Unsubscribe” link on the communication or sending an e-mail to michelle.l.teems@gmail.com with the subject line “Opt Out.” If EEA Data Subjects do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such individuals with certain features or functionalities of the Services or information regarding the Services, including processing orders. Note that we do not collect any sensitive personal information about you.
EEA Data Subjects may obtain information about the Personal Data that we hold about them by contacting us at michelle.l.teems@gmail.com .
CHANGES TO THIS PRIVACY POLICY
We reserve the right to change this Policy at any time.
