RESERVE WHEELS PRIVACY POLICY

Adopted October 2019

RESERVE WHEELS PRIVACY POLICY

At Santa Cruz Bicycles, LLC, your privacy is important to us. For that reason, we want you to understand how Santa Cruz Bicycles, LLC and its affiliates collectively, “SCB,” “the Company,” “we” or “us” collect, use and disclose information.  This Privacy Policy describes our practices in connection with information that we collect:

- Through websites operated by us from which you are accessing this Privacy Policy (the “Websites”),

- through the software applications made available by us for use on or through computers and mobile devices (the “Apps”),

- through our social media pages that we control from which you are accessing this Privacy Policy. (collectively, our “Social Media Pages”)

- through HTML-formatted email messages that we send to you that link to this Privacy Policy

Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Services”).

PERSONAL INFORMATION

“Personal Information” is information that identifies you as an individual or relates to an identifiable individual  

Which personal data we collect depends on which websites, products or service you use. Generally, there are two categories of personal data we collect or use:

a.      Personal Data You Provide: This is the personal data you provide and enter when you use our website, product, or services. This may include, without limitation, your name, email address, physical address, phone number, credit card number, billing information, passwords, and other information.

b.     Metadata and Log Files:

i.     This is data that is collected or generated automatically when you use the websites, products, or services of Reserve Wheels. Metadata is often collected or generated when using a computer or device when you send data via a computer network, such as the Internet.

ii.     This may include Internet Protocol (IP) address, geographic location, device identifier, hardware information, browser type, browser language, the number of times you access the Site, when you access the Site, information about referring websites, and other information.

Collection of Personal Information

We and our service providers collect Personal Information in a variety of ways, including: 

Through the Services 

- We collect Personal Information through the Services, for example, when you sign up for a newsletter, complete the Contact Us form or a Warranty claim form, register an account to access the Services, or make a purchase.

Offline 

- We collect Personal Information from you offline, e.g., when you visit our stores, attend one of our trade shows, complete an iPad waiver at a Demo Event, place an order over the phone, or contact customer service.

From Other Sources 

- We receive your Personal Information from other sources, for example:

1. publicly available databases
2. joint marketing partners, when they share the information with us;

- If you connect your social media account to your Services account, you will share certain Personal Information from your social media account with us, for example, your name, email address, photo, list of social media contacts, and any other information that may be or you make accessible to us when you connect your social media account to your Services account.

We need to collect Personal Information in order to provide the requested Services to you.  If you do not provide the information requested, we may not be able to provide the Services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy. 

Use of Personal Information

We and our service providers use Personal Information for legitimate business purposes including:

Providing the functionality of the Services and fulfilling your requests.

- To provide the Services’ functionality to you, such as arranging access to your registered account, and providing you with related customer service.

- To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request a quote for or other information about our Services.

- To complete your transactions, and provide you with related customer service.

- To send administrative information to you, such as changes to our terms, conditions and policies.

- To allow you to send messages to another person if you choose to do so.

We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation. If you give us credit card information, we will use it solely to check your financial qualifications and collect payments. We may use a third party service provider to manage credit card processing.

Providing you with our newsletter and/or other marketing materials and facilitating social sharing

- To send you marketing related emails, with information about our services, new products and other news about our company.

- To facilitate social sharing functionality that you choose to use.

We will engage in this activity with your consent or where we have a legitimate interest.

Analysis of Personal Information for business reporting and providing personalized services.

- To analyze or predict our users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our Services.[1]

- To better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests.

- To better understand your preferences so that we can deliver content via our Services that we believe will be relevant and interesting to you.

We will provide personalized services either with your consent or because we have a legitimate interest.

Allowing you to participate in sweepstakes, contests or other promotions.

- We may offer you the opportunity to participate in a sweepstakes, contest or other promotion.

- Some of these promotions have additional rules containing information about how we will use and disclose your Personal Information.

We use this information to manage our contractual relationship with you.

Aggregating and/or anonymizing Personal Information.

- We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose.

Accomplishing our business purposes.

For data analysis, for example, to improve the efficiency of our Services;

- For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;

- For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;

- For developing new products and services;

- For enhancing, improving, or modifying our current products and services;

- For identifying usage trends, for example, understanding which parts of our Services are of most interest to users;

- For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and

- For operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests; 

We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.

Disclosure of Personal Information 

We disclose Personal Information:

To our affiliates for the purposes described in this Privacy Policy.

- You can consult the list and location of our affiliates here [http://www.pon.com/en/our-business/bedrijven].

To our third party service providers, to facilitate services they provide to us or to permit them to send you marketing communications, consistent with your choices.

- RSV may share your personal data also with third party service providers to perform certain processing activities. This may include but is not limited to: customer relationship management, marketing automation and email distribution, customer service tools, digital surveys and liability waivers, shipping, and payment processing.

- We provide these companies with only the information they need to perform their services and require these service providers to process and protect your personal data diligently. These companies are prohibited from using this information for their own marketing purposes and from sharing this information with anyone else.

- Other than set out in this policy, RSV will not sell, rent, lease, or provide your personal data to third parties nor allow them to use your personal data for their own purposes.

To third-party sponsors of sweepstakes, contests, and similar promotions.

By using the Services, you may elect to disclose Personal Information

- On message boards, chat, profile pages, blogs and other services to which you are able to post information and content (including, without limitation, our Social Media Pages).  Please note that any information you post or disclose through these services will become public and may be available to other users and the general public.

- Through your social sharing activity.  When you connect your Services account with your social media account, you will share information with your friends associated with your social media account, with other users, and with your social media account provider. By doing so, you authorize us to facilitate this sharing of information, and you understand that the use of shared information will be governed by the social media provider’s privacy policy.

- This Site may use social media plugins, including plugins for Facebook, Twitter, Instagram, Vimeo, YouTube, and others. When you use those services, web pages you visit may be linked to your account and make known to others, and data may be sent to those service providers. This means that those third parties may be made aware you have visited the Site and may collect related data. Those third parties may store portions of your information even if you have not established an account or profile with them. For information regarding the policies and practices of those third parties, please visit their respective websites. You may be able to avoid or block third parties from collecting your data by changing your personal settings on the third party’s website or through the use of a suitable add-on for your browser.

Other Uses and Disclosures

We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:

To comply with applicable law and regulations.

- This can include laws outside your country of residence.

To cooperate public and government authorities.

- To respond to a request or to provide information we believe is important

- These can include authorities outside your country of residence.

To cooperate with law enforcement.

- For example, when we respond to law enforcement requests and orders or provide information we believe is important.

For other legal reasons.

- To enforce our terms and conditions; and

- To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

In connection with a sale or business transaction.

- We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) Such third parties may include, for example, an acquiring entity and its advisors.

OTHER INFORMATION

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual

- Browser and device information

- App usage data

- Information collected through cookies, pixel tags and other technologies

- Demographic information and other information provided by you that does not reveal your specific identity

- Information that has been aggregated in a manner such that it no longer reveals your specific identity

If we are required to treat Other Information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy.

Collection of Other Information

We and our service providers may collect Other Information in a variety of ways, including: 

Through your browser or device: 

- Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using.  We use this information to ensure that the Services function properly. 

Using cookies 

- Cookies are pieces of information stored directly on the computer that you are using.  Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other traffic data.  We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience.  We also gather statistical information about use of the Services in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them.  Cookies further allow us to select which of our advertisements or offers are most likely to appeal to you and display them while you are on the Services.  We may also use cookies or other technologies in online advertising to track responses to our ads.

- If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website.  You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services.  You also may not receive advertising or other offers from us that are relevant to your interests and needs.

Using pixel tags and other similar technologies 

- Pixel tags (also known as web beacons, web bugs and clear GIFs) may be used to, among other things, ensure levels of service, analyze trends, administer and improve the Site, gather demographic information about the Site’s user base, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates. 

Analytics

- We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends.  This service may also collect information regarding the use of other websites, apps and online resources. 

- Among other things, this allows us to provide you targeted advertising in the future. If you prefer not to receive this type of advertising from us, you can opt out at any time by using the DoubleClick opt-out page or the Network Advertising Initiative opt-out page. We will assume you have consented to such use unless you so opt-out or specifically advise otherwise.

- You can learn about Google’s practices by going to www.google.com/policies/privacy/‌partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. 

- We also use Hotjar, a web analysis service from Hotjar Ltd. which uses a snippet of code to enable visual analysis of use of the Site, including anonymized information about how and when users view specific parts of pages and forms or take specific actions on the Site. HotJar uses this information to compile reports about Site activities to provide additional insight into use of the Site.

California “Do Not Track” Notice. Unlike some websites, we do not track your website activities over time and across third party websites. For that reason, we do not respond to Do Not Track (DNT) signals. 

Using Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies

- We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Services.  If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel.  You can also go to the Global Storage Settings Panel and follow the instructions (which may explain, for example, how to delete existing Flash LSOs (referred to as “information”), how to prevent Flash LSOs from being placed on your computer without your being asked, and  how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time).  Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications. 

IP Address 

- Your IP address is automatically assigned to your computer by your Internet Service Provider.  An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited.  Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services.  We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services.  We may also derive your approximate location from your IP address.

Physical Location 

- We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals.  We may use your device’s physical location to provide you with personalized location-based services and content.  We may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns.  In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you do, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content.

Uses and Disclosures of Other Information

We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law.  In some instances, we may combine Other Information with Personal Information.  If we do, we will treat the combined information as Personal Information as long as it is combined.

SECURITY

We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization.  Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

CHOICES AND ACCESS

Your choices regarding our use and disclosure of your Personal Information

We give you choices regarding our use and disclosure of your Personal Information for marketing purposes.  You may opt-out from: 

- Receiving electronic communications from us:  If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by:  clicking the “unsubscribe” link at the bottom of one of our marketing emails.

- Our sharing of your Personal Information with affiliates for their direct marketing purposes:  If you would prefer that we discontinue sharing your Personal Information on a going-forward basis with our affiliates for their direct marketing purposes, you may opt-out of this sharing by: using our Contact Us form to send an email to privacy@reservewheels.com.

- Our sharing of your Personal Information with unaffiliated third parties for their direct marketing purposes:  If you would prefer that we discontinue sharing your Personal Information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt-out of this sharing by: using our Contact Us form to send an email to privacy@reservewheels.com.

We will try to comply with your request(s) as soon as reasonably practicable.  Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.

How you can access, change or delete your Personal Information 

If you would like to request to review, correct, update, suppress, restrict or delete Personal Information, object to the processing of Personal Information, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us via privacy@reservewheels.com or via post:

Santa Cruz Bicycles, LLC

Attn: Web Administrator

2841 Mission Street

Santa Cruz, CA 94560

Phone: 831.459.7560

Fax: 831.459.7561

We will respond to your request consistent with applicable law.

In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database.  For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.  We will try to comply with your request as soon as reasonably practicable. 

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion).

RETENTION PERIOD

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. 

The criteria used to determine our retention periods include: 

- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);

- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or

- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). 

THIRD PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link.  The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.

THIRD PARTY ADVERTISING

We use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services.

- You may receive advertisements based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties.  These companies place or recognize a unique cookie on your browser (including through the use of pixel tags).  They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop.  If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Policy, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/.   You may download the AppChoices app at www.aboutads.info/appchoices to opt out in mobile apps.

USE OF SERVICES BY MINORS

The Services are not directed to individuals under the age of thirteen (13), and we do not knowingly collect Personal Information from individuals under 13

JURISDICTION AND CROSS-BORDER TRANSFER

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.  In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

ADDITIONAL INFORMATION REGARDING THE EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here [hyperlink to EU Commission’s adequacy list online:  https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en]. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, binding corporate rules, to protect your Personal Information. You may obtain a copy of these measures by email to privacy@pon.com.

SENSITIVE INFORMATION

Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.

THIRD PARTY PAYMENT SERVICE

We may use a third-party payment service to process payments made through the Services. If you wish to make a payment through the Services, your Personal Information will be collected by such third party and not by us, and will be subject to the third party’s privacy policy, rather than this Privacy Policy.  We have no control over, and are not responsible for, this third party’s collection, use and disclosure of your Personal Information.

UPDATES TO THIS PRIVACY POLICY

The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised.  Any changes will become effective when we post the revised Privacy Policy on the Services.  Your use of the Services following these changes means that you accept the revised Privacy Policy.

CONTACTING US

Santa Cruz Bicycles, LLC located at 2841 Mission Street, Santa Cruz, CA 94560, is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Policy.

If you have any questions about this Privacy Policy, please contact us at privacy@pon.com, or:

Santa Cruz Bicycles, LLC

Attn: Web Administrator

2841 Mission Street

Santa Cruz, CA 94560

Phone: 831.459.7560

Fax: 831.459.7561

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

ADDITIONAL INFORMATION REGARDING THE EEA

You may also:

- Contact our Data Protection Officer (DPO) at privacy@pon.com.

- Lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs.  A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

PRIVACY NOTICE ADDENDUM FOR CALIFORNIA RESIDENTS

If you are a California resident, the California Consumer Privacy Act (“CCPA”) may provide you with additional rights regarding our use of your personal information. The following supplements the information contained in the RSV Privacy Policy.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Personal information does not include:

- Publicly available information from government records.

- De-identified or aggregated consumer information.

- Information excluded from the CCPA's scope, like:

- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;

- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

- Directly from our customers. For example, from documents that our customers provide to us related to the products or services for which they engage us.

- Indirectly from our customers. For example, through information we collect from our clients in the course of providing products or services to them.

- Directly and indirectly from activity on our website (reservewheels.com, shop.reservewheels.com, santacruzbicycles.com, shop.santacruzbicycles.com, julianabicycles.com, and  shop.julianabicycles.com). For example, from submissions through our website portal or website usage details collected automatically.

- From third-parties that interact with us in connection with the products we sell and the services we perform.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

- Auditing Interactions with California Consumers: Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

- Security: Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

- Debugging/Repair: Debugging to identify and repair errors that impair existing intended functionality.

- Certain Short-term Uses: Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.

- Performing Services: Performing services on behalf of RSV or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.

- Internal Research for Technological Development: Undertaking internal research for technological development and demonstration.

- Quality and Safety Maintenance and Verification: Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by RSV, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

- As described to you when collecting your personal information or as otherwise set forth in the CCPA.

To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose.  When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A:      Identifiers.
Category B:      California Customer Records personal information categories.
Category C:      Protected classification characteristics under California or federal law.
Category I:       Professional or employment-related information.

We disclose your personal information for a business purpose to the following categories of third parties:

- Our affiliates.

- Service providers.

- Third parties to whom you authorize us to disclose your personal information in connection with products or services we provide to you.

In the preceding twelve (12) months, we have not sold any personal information.

Your Rights and Choices

The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

- The categories of personal information we collected about you.

- The categories of sources for the personal information we collected about you.

- Our business or commercial purpose for collecting or selling that personal information.

- The categories of third parties with whom we share that personal information.

- The specific pieces of personal information we collected about you (also called a data portability request).

If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

- sales, identifying the personal information categories that each category of recipient purchased; and

- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

- Calling us at 833-603-4003

- Visiting https://www.reservewheels.com/tech-support

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

- Deny you products or services.

- Charge you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties.

- Provide you a different level or quality of products or services.

- Suggest that you may receive a different price or rate for products or services or a different level or quality of products or services.

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.

Contact Information

If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Santa Cruz Bicycles, LLC

Attn: Web Administrator

2841 Mission Street

Santa Cruz, CA 94560

Phone: 831.459.7560

Fax: 831.459.7561

RESERVE WHEELS Cookie Policy

Scope

The Reserve Wheels Website is offered to you by Santa Cruz Bicycles LLC (“SCB”). SCB aims to make your online experience and interaction with our websites as informative, relevant and supportive as possible. One way of achieving this is to use cookies, web beacons or similar techniques, which store information about your visit to our site on your computer. We feel that it is very important that you know what cookies our website uses and for what purposes. This will help protect your privacy, while ensuring our website's user-friendliness as much as possible.

Below you can read more about the techniques used by and via our website and the purposes for which they are used. This is only a statement about privacy and our use of website techniques and is not a contract or agreement.

What are cookies, web beacons and similar techniques?

A cookie is a tiny data file, which is stored on your computer within the web browser, when certain web pages are visited. A cookie does not contain or collect information in isolation, but when read by a server via a web browser; it can give information to facilitate a more user friendly service such as detecting errors.  We do not retain a cookie longer than necessary.

Web beacons are small graphic images (also called "pixel tags" called or "clear POISON's") that may be installed on or in our websites, communication services, applications and other used tools. Web beacons are used for different purposes, including measuring performance of our websites, tracking the number of visitors to our web sites and how to navigate it accordingly.

Under similar techniques for storing information we understand other technologies that store information on your browser or device and that use local shared objects or local storage. Examples include flash cookies, HTML 5 cookies and other web application software methods.

For simplicity, we use the term cookie in our policy to cover the total scope of cookies, web beacons and similar techniques.

To use our website fully, you will need to have cookies enabled. If you do not wish to enable cookies, you can still browse the site; however certain features of the site may be limited.

This information is outlined as part of our efforts to comply with recent legislation and to ensure that we are open, honest and clear about cookies and privacy. Please refer to our RESERVE WHEELS Privacy Policy for more information about privacy..

How do we use cookies?

You may notice the presence of different types of cookies generated on your visit to this website. We use the following types of cookies:

- Functional cookies;

- Analytical cookies; 

- Advertising cookies;

- Social media cookies.

Functional cookies

These cookies are necessary to make it possible to surf the website(s) of SCB and use the website's functions, such as accessing protected areas of the website. Without these cookies, such functions, including shopping baskets and electronic payment, are not possible.

We might use these cookies for:

- Authentication of users for a secured login;

- Remembering products that you add to your shopping basket during online purchasing;

- Remembering information that you fill in on the various pages when paying or ordering so that you don't have to fill in all your details repeatedly;

- Passing on information from one page to the next, for instance if a long survey is being filled in or if you need to fill in a large number of details for an online order;

- Storing preferences such as language, location, the number of search results to be displayed etc;

- Storing settings for optimal video display, such as buffer size and your screen's resolution details;

- Reading your browser settings so that we can display our website optimally on your screen;

- Locating misuse of our website and services, for example by recording several consecutive failed log-in attempts;

- Loading the website evenly so that it remains accessible;

- Offering the option of storing log-in details so that you don't have to enter them every time;

- Making it possible to place a reaction on our website.

Analytical cookies

These cookies gather information about the surfing behavior of visitors to our websites, such as which pages are visited often and whether visitors receive error messages. By doing this we are able to make the structure, navigation and content of the website as user-friendly as possible for you. We do not link the statistics and other reports to individuals.

We might use these cookies for:

- Keeping track of the number of visitors to our web pages;

- Keeping track of the length of time that each visitor spends on our web pages;

- Determining the order in which a visitor visits the various pages on our website;

- Assessing which parts of our site need to be improved;

- Optimizing the website.

We might use software like Google Analytics to analyze page use, page interactions and the routes taken through our sites. These are known as "website metrics" or ‘analytics’.

Google Analytics is a web analysis service that is offered by Google Inc. (Google). Google Analytics uses cookies to analyze the usage of the website by Users. Google uses aggregated statistical data to give SCB an insight in the way Users use the website.

Google may only provide this data to third parties if Google is required to do so by law, or to the extent necessary for third parties processing this data on behalf of Google.

You can prevent collection of the data generated by the cookie and pertaining to their use of the website (including your IP address) by Google and the processing of such data by Google by downloading and installing the following browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=en-GB.

Advertising cookies

Our aim is to provide visitors to our website with information that is as relevant as possible to them. We therefore endeavor to adapt our site as much as possible to every visitor. We do this not only through the content of our website, but also through the advertisements shown.

To make it possible for these adaptations to be carried out, we try to acquire a picture of your likely interests on the basis of the websites of SCB that you visit in order to develop a segmented profile. Based on these interests, we then adapt the content and the advertisements on our website for various groups of customers.

We might use these cookies for:

- keeping track of which advertisements you have already been shown so that you are not always shown the same ones;

- keeping track of how many visitors click on the advertisement;

- keep track of how many orders are placed by way of the advertisement;

- the websites recording your visit and, as a result assessing your interests;

- checking to see if you have clicked on an advertisement;

- information about your surfing behavior to be passed to other websites;

- using third-party services to show you advertisements;

- displaying more interesting advertisements on the basis of your social media usage.

Third parties that set cookies via our website may also try to find out what your interests are in this way. In this case, the information about your current website visit may be combined with information from previous visits to websites other than ours.

Social Media cookies

The articles, pictures and videos that you look at on our website can be shared and liked via social media by means of buttons. Cookies from the social media parties are used to enable these buttons to function, so that they recognize you when you wish to share an article or video.

These cookies make it possible for:

- logged-in users of selected social media to share and like certain content from our website directly.

These social media parties may also collect your personal data for their own purposes. SCB has no influence over how these social media parties make use of your personal data. For more information regarding the cookies set by the social media parties and the possible data that they gather, please refer to the privacy statement(s) made by the social media parties themselves. Below we have listed the privacy statements of the main Social Media channels that are used the most by SCB:

- Facebook

- Instagram

- Twitter

- YouTube

Your choices

SCB places and uses the functional cookies when you explore our website to ensure the proper functioning of the website. Only after you have given your consent, SCB places the analytical, advertising and social media cookies. We provide you the choice to set your preference related to the use of the kind of cookies for the first use of the website. We will store you preference for your next visit.

How to control cookies

You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being used. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Policy changes

We may change this Cookie Policy from time to time. We will inform you when we update the cookie policy but we also encourage you to take notice of this policy regularly. This policy was last modified on July 2022.

Questions and feedback

Please send us your questions and comments about cookies or privacy to privacy@reservewheels.com.

Have you discovered a vulnerability? Let us know.

At Pon Holdings B.V. and its subsidiaries, we naturally consider the security of our systems and our network to be of the utmost importance. We are convinced that good security is essential to maintain the trust that our clients, suppliers and employees place in us. Despite the care invested in the security of our systems, however, it is still possible that vulnerabilities could be discovered.

By means of our responsible disclosure policy, we ask anyone who has discovered a vulnerability to report it as quickly as possible, so that we can take adequate countermeasures. We would be happy to work with you to solve the vulnerability. Our responsible disclosure policy is not an invitation to actively scan our company network in detail to discover vulnerabilities, as we are already monitoring the network.

We ask that you:

- Report your discoveries as quickly as possible to rd@pon.com. If you would like to encrypt your report before you send it, please inform us in your e-mail and we will give you instructions;

- Provide us with enough information to reproduce the vulnerability, so that we can solve it as quickly as possible. Usually the IP address or URL for the affected system and a description of the vulnerability are sufficient, but more complex vulnerabilities may require additional information;

- Not to abuse the vulnerability by downloading, viewing, deleting or editing data;

- Not sharing vulnerabilities with others until they can be solved. If you have inadvertently obtained confidential information, then we ask that you delete the data immediately;

- Not to use attacks on the physical security or applications of third parties, social engineering, distributed denial of service (DDoS), spam or hacking tools such as vulnerability scanners.

What can you expect:

- We will always take your report seriously. We will also investigate any suspected vulnerabilities;

- We will reply to your report within 5 working days with our evaluation of the report and an expected date for the solution;

- We will keep you informed of the progress made in solving the vulnerability;

- If you abide by the conditions stipulated above, then we will not take legal action against you pertaining to the report. The Public Prosecutor’s Office retains the right to decide whether additional investigation is necessary;

- We will treat your report with confidentiality, and will not share your personal data with third parties without your permission unless required to do so by law, such as when your data are requested by the police or the courts;

- If you submit an anonymous report, we may not be able to contact you with information about the subsequent steps and the progress made in solving the vulnerability;

- We may express our appreciation with a maximum value of € 50. This will be based on the severity of the vulnerability and the quality of the report;

- At your request, we can mention your name as the person who discovered the vulnerability in any communications about the incident;

- We strive to analyse, and if needed solve, any vulnerabilities as quickly as possible after they are discovered. We will also keep all stakeholders informed about the issue.

This responsible disclosure policy is based on the Responsible Disclosure Guideline published by the National Cyber Security Centre, and the sample Responsible Disclosure written by Floor Terra.

If you have difficulty using this website please give us a call at 831.459.7560 /  1-844-894-7870 (Toll Free) or fill out our Contact Form and we'll work with you to find the information you need in the communication method that's accessible for you and consistent with your local laws.

We see accessibility as an ongoing effort and as Reserve grows we're taking steps to further enhance the accessibility of this website.

Updated: July 2022