Privacy Policy

At  Stone Stream ("Website" or "we"), we recognize that privacy is important. This privacy policy (“Privacy Policy”) applies to all access to and use of this Website, the purchasing of products via the Website, as well as the products and services available through this Website and its subsidiaries or affiliated companies (collectively, the "Services").

'Personally Identifiable Information' ("PII") is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. When you, the user, ("you" or "your") uses the Services, your PII will be processed subject to the terms of this Privacy Policy. Please read our Privacy Policy carefully to get a clear understanding of how we organize, collect, use, protect or otherwise handle your PII in accordance with our Website.

You are not legally required to provide PII, however, the Services require you to provide PII pursuant to this Privacy Policy. By using the Services you consent to this Privacy Policy, inclusive of the terms described herein.

If you have any questions about this Privacy Policy, please feel free to contact us at: https://www.stone-stream.com/contact

1. Information and How We Use It

The Website may collect, process and use the data which includes PII, the legal basis of which is your consent, which you give when you use the Services.  Types of PII that may be used include the following, without limitation.

1.1        We may process data about your use of our Website and Services ("User Data"). User Data may include your IP address, location, type of browser and version, operating system, referral source, visit length, page views and website navigation paths, information about the frequency and timing of your use of the service. The source of the User Data  is an analytics tracking system. User Data may be processed for the purposes of analyzing the use of the Website and Services, operating our Website, improving and customizing the Services, ensuring the security of our Services, maintaining back-ups of our databases and communicating with you.

1.2        When ordering or registering on our Website you may be asked to enter your name, email address, mailing address, telephone number, , gender, date of birth, billing address, shipping address, payment details including but not limited to credit card information or other payment information or other details, as well as any other information that users may choose to provide us, whether via email, social media platforms, or any other method ("Entered Data"). You are the source of such account data, and such data may be processed for the purposes of operating the Website, providing the Services, ensuring the security of the Website and Services, maintaining back-ups of our databases and communicating with you.

1.3        We may process information that you post for publication on our Website or through our Services, including without limitation to participation in a contest or  survey ("Publication Data"). The Publication Data may be processed for enabling such publication and administering of our Website and Services.

1.4        We may process information contained in any enquiry you submit to us regarding products and/or Services ("Enquiry Data"). The Enquiry Data may be processed for offering, marketing and selling relevant products and/or Services to you. 

1.5        We may process information relating to transactions that you enter into with us and/or through our Website, such as the purchasing of goods ("Transaction Data"). The Transaction Data may include your contact details, your card details or any other payment method, and the transaction details.  The Transaction Data may be processed for supplying the purchased goods and Services and keeping records of transactions.

1.6        We may process information that you provide to us for the purpose of subscribing to our email notifications, offering you services,  or promotions which may interest you ("Notification Data"). The Notification Data may be processed for the purposes of sending you relevant Notification Data.

1.7        We may process information contained in or relating to any communication that you send to us ("Correspondence Data"), for example, when sign up for our newsletter or respond to a survey or marketing communication. The Correspondence Data may include communication content and/or metadata associated with such communication. The Correspondence Data may be processed for communicating with you and record-keeping.

1.8        We may process any of the types of data described in this Section 1 if we are required  to do so by court-order, any legal obligation to which we are subject, or when necessary, for the  establishment, exercise or defense of legal claims. The legal basis for this processing is our legitimate interests, namely of the Website's legal rights, your legal rights and the legal rights of others.

1.9        Please do not supply any other person's PII to us without the specific and explicit consent of all parties, including the owner of such PII.

1.10        We value your privacy and the information you consent to share in relation to our SMS marketing service. We use this information to send you text notifications (for your order, including abandoned checkout reminders), text marketing offers, and transactional texts, including requests for reviews from us.Opt-in data and consent for text messaging will not be shared with any third parties except for messaging partners,for the purpose of enabling and operating our text messaging program. Opt-in data and consent for text messaging will not be shared with any third-parties except for messaging partners, for the purpose of enabling and operating our text messaging program. Our website uses cookies to keep track of items you put into your shopping cart, including when you have abandoned your checkout. This information is used to determine when to send cart reminder messages via SMS.

2. Providing your PII to others

2.1        We may disclose PII to any member of our group of companies, including subsidiaries, holding companies and all of their respective subsidiaries (if any), insofar as reasonably necessary for the purposes set out in this Privacy Policy.

2.2         We may disclose your PII to professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal and financial disputes.

2.3         Financial transactions relating to the Services  are handled by our payment service providers, [Stripe/PayPal]. We will share any necessary data with our payment services providers only to the extent necessary for the purposes of processing  payments and refunds (if applicable) and responding to complaints and questions  relating to such payments and refunds (when and if applicable). You can find information about the payment services providers' privacy policies and practices at [https://stripe.com/us/privacy https://www.paypal.com/us/webapps/mpp/ua/privacy-full].

2.4         We may disclose your Enquiry Data and/or Entered Data to one or more of selected third party suppliers of goods and services and/or third party platforms for the purpose of enabling them to contact you so that they can offer, market, ship, coordinate delivery, deliver, sell and return (if applicable)to you relevant goods and/or services. Each such third party will act as a data controller in relation to the enquiry data and/or Entered Data that we supply to it; each such third party has its own privacy policy, which will govern that third party's use of your PII.

3. International transfers of your PII

3.1         In this Section ‎3, we provide information about the circumstances in which your PII may be transferred to  including countries  inside and outside the European Economic Area ("EEA").

3.2         We and our other group companies have facilities in [Israel, USA]. "adequacy decisions"  of  the European Commission have been made with respect to the data protection laws of each of these countries, and with regards to the USA, our affiliates are compliant with Privacy Shield requirements.  

3.3         Transfers to countries inside and outside the EEA will be protected by appropriate safeguards, namely means the provisions of applicable law which relate to the protection of individuals with regards to the Processing of Personal Data to which a party is subject including, without limitation, the Data Protection Act 1998, the Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice (Interception of Communications) Regulation 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and, where applicable, the guidance and code of practice issued by the Information Commissioner’s Office from time to time, directions of any competent regulatory authority, relevant regulatory guidance and codes of practice (collectively “Data Protection Regulation”) OR to the extent transfers will cross borders to outside the EEA, such transfer shall be carried out in accordance with standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the Transfer of Personal Data to Processors established in Third Countries under the Directive (the “Model Clauses”).

3.4         The hosting facilities for our Website are situated in EEA and/or USA. The European Commission has made an "adequacy decision" with respect to the data protection laws regarding the entities located in the USA under privacy shield. Transfers to each of these countries will be protected by appropriate safeguards, namely the Data Protection Regulation the Model Clauses, and/or Privacy Shield requirements.

3.5          With respect to  subcontractors that are situated in the USA or EEA, the European Commission has made an "adequacy decision" with respect to the data protection laws of each of the EEA. Transfers to each of these countries or the USA will be protected by appropriate safeguards, namely the Data Protection Regulation and/or the Model Clauses, or under Privacy Shield standards and requirements, as applicable.  

3.6         Transfers of data to countries inside and outside the EEA will be protected by appropriate safeguards, namely means the provisions of applicable law which relate to the protection of individuals with regards to the Processing of Personal Data to which a party is subject including, without limitation, the Data Protection Act 1998, the Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice (Interception of Communications)) Regulation 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and, where applicable, the guidance and code of practice issued by the Information Commissioner’s Office from time to time, directions of any competent regulatory authority, relevant regulatory guidance and codes of practice (collectively “Data Protection Regulation”), or to the extent transfers will cross borders to outside the EEA, such transfer shall be carried out in accordance with standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the Transfer of Personal Data to Processors established in Third Countries under the Directive (the “Model Clauses”).

3.7         You acknowledge that PII submitted by you for publication through the Services may be available around the world via the internet.  We cannot prevent the use or misuse of published PII by others once you submit it for publication, nor are we liable for such third party use or misuse.

4. Retaining and Deleting PII

4.1         This Section 4 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

4.2         We will retain and delete your personal data as follows:

4.3         PII will be retained for  five years, at the end of which period it might be deleted from our systems.

4.4         Notwithstanding the other provisions of this Privacy Policy, we may retain your PII  where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

5. Your Rights 

5.1         In this Section 5, we have done our best to summarize the rights that you have under data protection law. These are complex, and not all of the details have been included herein.  In light of this, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

5.2         Your principal rights under data protection law are:

(a)     the right to access;

(b)     the right to rectification;

(c)     the right to erasure;

(d)     the right to restrict processing;

(e)     the right to object to processing;

(f)      the right to data portability;

(g)     the right to complain to a supervisory authority; and

(h)     the right to withdraw consent.

5.3  You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your PII by requesting an e-mail summary from: https://www.stone-stream.com/contact

5.4         You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

5.5         In some circumstances you have the right to the erasure of your personal data by providing adequate evidence attesting to your identity without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. There are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

5.6         In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

5.7         You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

5.8         To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

5.9         If you consider that our processing of your personal information infringes data protection laws, you have a legal right to file complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

5.10     To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

5.11     You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified in this Section 5.

6. Opt-in 

When you provide us with PII for a secondary reason, like marketing or other secondary reasons which we will convey to you from time to time if applicable, we will ask for your consent. After you opt-in, you may withdraw your consent at anytime, by contacting us at in the manner set forth in Section ‎20 below.

7. Information Security 

7.1         We follow generally accepted industry standards to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of PII. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your PII, we cannot guarantee its absolute security.

7.2         Your PII is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

7.3         We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your PII.

7.4         All transactions are processed through a gateway provider and are not stored or processed on our servers.

8. Cookies 

8.1         Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information.  For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

8.2         Among other purposes, we use cookies to:

8.2.1        Help remember and process the items in the shopping cart.

8.2.2        Understand and save user's preferences for future visits.

8.2.3        Keep track of advertisements.

8.2.4        Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

8.3         You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.

8.4         If you turn cookies off, Some of the features that make your site experience more efficient may not function properly. Some of the features that make your site experience more efficient and may not function properly.

8.5         Google's use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy. We have implemented the following:

8.5.1              Remarketing with Google AdSense

8.5.2              Google Display Network Impression Reporting

8.5.3              Demographics and Interests Reporting

8.5.4              DoubleClick Platform Integration

8.6         Google's advertising requirements can be summed up by Google's Advertising Principles. Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by using the Google Analytics Opt Out Browser add on.

8.7         We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our Website.

9. California Online Privacy Protection Act

9.1  CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: https://oag.ca.gov/privacy/privacy-laws

9.2         According to CalOPPA, we agree to the following:

9.2.1        Users can visit our site anonymously.

9.2.2        Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our Website.

9.2.3        Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.

10. Do Not Track Signals

10.1         We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

10.2         Note that we also allow third-party behavioral tracking.

11. COPPA (Children Online Privacy Protection Act)

11.1         When it comes to the collection of PII from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of Websites and online services must do to protect children's privacy and safety online.

11.2         We do not specifically market to children under the age of 13 years old, and 13 year olds are prohibited from using this Website without proper consents from guardians as detailed hereunder.

12. Fair Information Practices

12.1         The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect PII.

12.2         In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

12.3         We will notify you via email within 1 year of breach

12.4         We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

13. CAN SPAM Act

13.1         The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

13.2         We collect your email address in order to:

13.2.1        Send information, respond to inquiries, and/or other requests or questions

13.2.2        Process orders and to send information and updates pertaining to orders.

13.2.3        Send you additional information related to your product and/or service

13.2.4        Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

13.3         To be in accordance with CANSPAM, we agree to the following:

13.3.1        Not use false or misleading subjects or email addresses.

13.3.2        Identify the message as an advertisement in some reasonable way.

13.3.3        Include the physical address of our business or site headquarters.

13.3.4        Monitor third-party email marketing services for compliance, if one is used.

13.3.5        Honor opt-out/unsubscribe requests quickly.

13.3.6        Allow users to unsubscribe by using the link at the bottom of each email.

14. Third-party Providers 

14.1         In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, third party service/platform providers, etc. have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

14.2         For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For   example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your PII used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

14.3         Once you leave our store’s Website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Website’s Terms of Service.

15. Third-party Links

Occasionally, at our discretion, we may include or offer third-party products or Services on our Website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

16. Age of  Consent

By using this site, you represent that you are at least the age of majority in your state, province or country of residence, or that you are the age of majority in your state,  province or country of residence and you have given us your consent to allow any of your minor dependents to use this site.

17. Changes to the Privacy Policy 

17.1         We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

17.2         If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

18. Governing Law 

This Privacy Policy shall be governed by and construed in accordance with the laws of England and Wales.

19. Contacting Us

If there are any questions regarding this privacy policy, you may contact us and our Data Protection Officer using the information below:

https://www.stone-stream.com/contact

 

​20. Text Marketing Notifications:


By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form, or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed 8  a month. You acknowledge that consent is not a condition for any purchase.

If you wish to unsubscribe from receiving text marketing messages and notifications, reply with STOP to any mobile message sent from us, or use the unsubscribe link we provided within any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply.
 

For any questions, please text HELP to the number you received the messages from. You can also contact us at support@stone-stream.com for more information. If you wish to opt out, please follow the procedures above.