We are guided by the General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA).
We have taken steps to be compliant with the requirements of GDPR and CCPA to protect the security of your personal information. We will only use and disclose your personal information for the primary purposes of our business when you have given express consent to do so. We do not disclose your personal information to any third party.
APPLICATION OF POLICY
This Policy applies to any visitor to our website www.distacart.com users of our services; individuals who contact us or with whom we communicate via phone, email, or otherwise; and customers.
We provide buyers and sellers (referred to as, respectively, “buyers” and “sellers” and, together, “users”) with an e-commerce platform www.distacart.com (the “site”, “service”) that enables the sale and purchase of products.
CATEGORIES OF INFORMATION WE MAY COLLECT
We may process the following categories of personal information about you:
Sellers: Activities on Distacart business portal, credit card information in an encrypted format, sales data, contact numbers, addresses, countries, location, cities, websites, passwords in an encrypted form, actual stock and price information on a specific location, consumers who liked offers.
Buyers: Email ids, passwords in an encrypted form, phone numbers, names, interests on categories, activities on Distacart, business following, offers liked.
Consent records: records of any consents you may have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
Views, opinions, and interests: any views, opinions, and interests that you or other users choose to send to us, or leave with us while using our services or publicly post about us on social media platforms or while using our services, including on forums.
Search data: Anonymized search data of users to enable us to provide better services.
SENSITIVE PERSONAL INFORMATION
We do not seek to collect or otherwise Process your Sensitive Personal Information. Where we need to Process your Sensitive Personal Information for a legitimate purpose, we do so in accordance with applicable law.
We do not collect or otherwise process Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offenses or penalties, or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information”) in the course of our business.
CHILDREN PERSONAL DATA
We do not encourage children to participate in providing us with any personally identifiable information. We do not knowingly collect any personal data from children under the age of 18. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this Policy by instructing their children never to provide personal data through our services. If you have reason to believe that a child under the age of 18, without a parent or guardian's consent has provided personal data to us through the services, please contact us at firstname.lastname@example.org, and we will use commercially reasonable efforts to delete that information.
HOW WE COLLECT OR CREATE INFORMATION
We may collect or obtain user information about you: directly from you (e.g., where you contact us); (e.g., if you make a purchase); when you make your personal information public (e.g., if you make a public post about us on social media); when you download, install, or use any of our services; when you visit our Site; when you register to use any of our services; or when you interact with any seller or buyer on our Site or services. We may also receive your information about you from third parties (e.g., social network sites). We may also create your information about you, such as records of your interactions with us. Distacart is not responsible for personal information you volunteer about yourself in public areas of the Services. This Policy does not cover the practices of third parties who may provide information about you to Distacart.
PURPOSES FOR WHICH WE MAY PROCESS YOUR INFORMATION
We may process user information for the following purposes: providing the services to you; communicating with you; providing advertising to you on the services; analyzing engagement with our sellers or buyers; observing user engagement and purchase activity across the service; marketing our services and offerings to current and prospective customers; managing our IT systems; financial management; conducting surveys; ensuring the security of our systems; conducting investigations where necessary; compliance with applicable law; and improving our Services.
We keep your personal data for as long reasonably necessary for the purposes set above. Except as noted below, we will retain your account profile data as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention and other business administrative purposes); generally, where we no longer have a legitimate business purpose to retain it, we will anonymize or delete such personal data within 180 days after the closing of your account. However, we will maintain your personal information longer where required for tax or accounting purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need to retain, though we will generally not keep personal data for longer than five (5) years following the last date of communication with you. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
COOKIES AND OTHER TRACKING TECHNOLOGIES
Cookies and pixel tags are used to help recognize a returning visitor, and to help customize the visitor’s online experience. Unless a visitor specifically informs us of his/her identity (e.g. by registering with us), we will not know who the individual visitor is. We collect data from the users about their on site browsing behavior including the products they are looking at, they are adding to the cart, abandoning at the checkout and making purchases, with the help of third party cookies (Facebook pixel, Google pixel, Pinterest pixel, Quora pixel, Klaviyo pixel etc.).
HOW WE PROTECT PERSONAL INFORMATION
Security – We follow generally accepted industry standards such as GDPR and CCPA to protect personal information, during transmission and once we receive it. We use administrative, physical, and technical measures designed to protect it from unauthorized access, loss, misuse, disclosure, alteration or destruction.
Encryption - Any data collected by Distacart for the purposes of assessment is protected by encryption. This means we keep data in an unreadable state unless a user or process presents the appropriate key. In accordance with GDPR and CCPA, this simple control method restricts data processing only for authorized use, and restricts the amount of time that you are identifiable by your data. Our data is encrypted at rest and in transit. Encryption prevents unauthorized data manipulation; limits data access to authorized users, and monitors key usage to ensure that the data cannot be changed without authorization. Distacart’s use of encryption together with our access controls provides users to have confidence in their data’s integrity.
Transit – When we need to transfer information out of our firewall, we use SSL encryption to store your data. We use the highest standards commercially available to protect your personal information, no method of transmission over the internet or method can ever guarantee its absolute security.
The CCPA and GDPR provides consumers with specific rights about their personal information. Below are the list of your rights and how to exercise those rights:
Right of access and modification – In general, you have the right to access your personal information and to correct or update the personal information that you have provided to Distacart. If you wish to do so, please contact us with proof of identity, as provided in the Contact Us section (below). You can expect a response to your request within 5 business days.
Right to be forgotten – If you wish to cancel your account or request that we no longer use your information to provide you services, please contact us with proof of identity, as provided in the Contact Us section (below). We will accommodate your request to the extent practicable and to the extent that it does not otherwise conflict any of our other obligations. We reserve the right to retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
Right to opt-out of the use of your personal information – You may unsubscribe from receiving a newsletter by contacting us as set out in the Contact Us section (below) or clicking on the unsubscribe link provided in the newsletter.
If you wish to opt-out of direct marketing communications you can always do so by contacting us as set out in the Contact Us section (below). In some cases, we may not be able to remove your Personal Information, in which case we will let you know this and explain why.
Right to Block Cookies – You have the right to block cookies and pixel tags. Most browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies, or prompt you before accepting a cookie from the Site that you visit. If you decide not to accept our cookies, you will be able to access those parts of our Site that are available to the general public, but you will not be able to access most of our Services.
Non-Discrimination – We will not discriminate you for exercising any of your CCPA rights.
33701 Whimbrel Road Fremont, CA 94555, USA