Updated 24 November 2021
“Personal Information” is any information from which one would be able to identify an individual person/consumer/or household, directly or indirectly, such as your email address, name, shipping and billing address, telephone number, credit card information, any form of identification number or one or more factors specific to your physical, physiological, mental, economic, cultural, genetic, or social identity.
For the purposes of the EU General Data Protection Regulation 2016/679 (the “GDPR”), the data controller is 1stdibs Design Manager, Inc., whose registered office is at 51 Astor Place, 3rd Floor, New York, NY 10003 United States.
2. Information Design Manager collects from you.
a) Information you give us
Communicating with us. In general, you can visit the Site without directly providing us with Personal Information or signing up, but you cannot use the Software or Services anonymously. In addition, if you correspond with us through our Contact Us page, by phone, live chat, email or otherwise, we may retain the Personal Information and Business Data that you provide. This includes Personal Information and Business Data you provide when participating in discussion boards or social media functions on the Site or through the Services, and when you report a problem with the Site/Services. “Business Data” refers to information which (a) you provide to us, (b) a reasonable person would consider to be confidential from the nature of the information and/or the circumstances of the disclosure, (c) you consider confidential, (d) pertains to your business, operations, marketing, intellectual property, and/or personnel, and (e) which is not publicly known.
Creating an account. To take advantage of our Services you are required to register and create an account. When you open an account at Design Manager, we ask you to provide Personal Information (such as your name, address, phone number, email address, business affiliation and contact information) and certain Business Data. All Design Manager account holders are required to create a user password that, combined with your login email address, allows access to your account. This Personal Information is used to identify you as a Design Manager registered user. You may also choose to invite other persons (such as your accountants or financial advisors) to use our Services in which case you (or they) will also be asked to provide information which may include Personal Information/Business Data relating to such third parties. Please ensure that those third parties have consented to the use of their Personal Information/Business Data by DM. When you purchase Software/Services, we will ask you to provide credit card or other payment details.
b) Information we collect about you
With regard to each of your visits to the Site/use of the Services we automatically collect some or all of the following information:
Technical Information. This may include browser type and version (e.g. Internet Explorer, Firefox, Chrome, Safari), operating system (e.g. Windows, Macintosh), IP address, device type, time zone setting and Internet domain (e.g. AOL, Hotmail).
Information about your visit. This may include the pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, cursor movements, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
Location information. Design Manager asks mobile users whether they will permit us to collect information about their location. We collect location information only from mobile users who have agreed to provide that information.
We do not treat this information as Personal Information, except where the information can identify you when associated with other Personal Information we hold or where we are required to do so under applicable law.
3. Children’s privacy
Design Manager is not designed nor intended to be attractive to use by children under the age of 13. Our Terms of Service require that users must be 18 years old or older in order to register an account and use our Services. If you are under the age of 18, please do not submit any information to us.
5. Uses of your Personal Information
a) We may use the Personal Information/Business Data you give us for our legitimate commercial interests including, among other things:
– to respond to your inquiries and to provide you with the information, products and services that you request from us;
– to verify that you are authorized to use the Services;
– to send you communications about (1) our own products and services, (2) products and services offered by our affiliates and (3) products and services of third parties that we think you may find of interest, provided you have given your consent;
– where the processing is required in order to enforce or apply our Terms and Conditions and other agreements you have entered into;
– to allow integration or interoperation with third party products and services that are available from, linked from, or interconnected with, our Services; and
– to contact you as necessary.
b) We may use the Personal Information/Business Data we collect in either an identifiable or an anonymized form (independent of any personal identifiers):
– to administer the Site/Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
– to improve the Site/Services and to customize the content you see on the Site or through the Services;
– as part of our efforts to keep the Site and Services safe and secure;
– to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
– to do internal research on our Site visitors’ and Service-users’ interests and behaviors to better understand and serve our members.
We use email as the primary form of communicating transactional and relationship information with Service users. We may send mobile users notifications through the application. Preferences can be changed via Settings at any time. We may also use your street addresses and telephone numbers to provide these communications.
6. Sharing of your Personal Information/Business Data
We reveal your Personal Information/Business Data to unaffiliated third parties when you request or authorize it, or to help complete a transaction for you which you have requested.
Where you use our Site/the Services to enter into a transaction or correspond with another individual or business, we may provide your Personal Information/Business Data to that other party in order to facilitate the transaction or the correspondence you have requested.
Third parties who will have access to your Personal Information/Business Data include (without limitation) payment processors completing a transaction at your request or third parties who provide ancillary services (e.g., accounting programs) that may be available or linked from, or otherwise interconnected (e.g., through an API) with, our Services. Third parties will have their own privacy practices regarding the information they receive. We encourage you to read such applicable privacy policies. We are not responsible for the processing of your Personal Information/Business Data by such third parties.
We share your Personal Information/Business Data with our affiliates. We may share your Personal Information/Business Data with other companies or agents who have a business relationship with Design Manager who have been carefully selected and who perform functions on our behalf (e.g., analyzing data, providing marketing assistance, providing customer service, processing orders, etc.). We will only transfer your Personal Information/Business Data to trusted third parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.
Where third parties are processing Personal Information/Business Data on our behalf, they will be required to agree, by contractual means or otherwise, to process the Personal Information/Business Data in accordance with applicable law. This contract will stipulate, amongst other things, that the third party and its representative shall act only on our instructions, or as permitted by law.
These companies may use your information for their own purposes including marketing to you where you have consented to receive notifications relating to their products and services. We may also disclose your Personal Information/Business Data to comply with law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce our Terms and Conditions or other agreements, or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a consumer reporting agency for fraud protection etc.).
In the event of a corporate transaction, such as the purchase, sale or other transfer of all or part of our services or assets, we may transfer your Personal Information/Business Data along with those assets or services to a prospective transferee.
7. International transfers
The Personal Information/Business Data we receive may be held on our computers and systems in the European Union and in the computers and systems of our offices and data centers in the United States and may be accessed by or given to our staff working either inside outside the European Union.
Your Personal Information/Business Data may be processed by us in the United States, where laws regarding data protection may be less stringent than the laws in your country. By using the Site/Services and by providing any Personal Information/Business Data to the Site, all users, including without limitation users in Canada and the European Union, fully understand and unambiguously consent to the collection and processing of such Personal Information/Business Data in the United States.
8. How you can access and amend your Personal Information/Business Data.
You are required to provide us with accurate and up to date Personal Information/Business Data. Design Manager gives you the ability to amend your Personal Information/Business Data at any time by emailing firstname.lastname@example.org, or by accessing your account on our Site (including by clicking on Settings when using the Thread application, by accessing the Account Management portal at my.designmanager.com or by accessing the Company Settings window), modifying the Personal Information/Business Data and clicking save.
You can ask us whether we are keeping Personal Information about you and you can ask to receive a copy of that Personal Information. Before sending you any Personal Information, we will ask you to provide proof of your identity. If you are not able to provide proof of your identity, we reserve the right to refuse to send you any Personal Information. We will respond as quickly as we reasonably can to your requests for details of Personal Information we hold about you.
As a registered user of the Site, you are responsible for maintaining the confidentiality of your username and password. Please keep your user ID and password confidential.
If you share your computer, we recommend that you log-out, close your browser window, and close your Citrix Receiver application (if applicable to the product you are accessing) after visiting the Site in order to help protect the confidentiality of your Personal Information/Business Data including your credit card information, your transactional history, and other confidential or sensitive financial data.
You agree to accept responsibility for all activities that occur under your account or password. You agree to notify us immediately of any unauthorized use of your account or any other breach of security. We reserve the right to refuse service, terminate accounts, or remove or edit content at our sole discretion.
We use reasonable physical, electronic, and administrative safeguards to help us protect the security, integrity and confidentiality of data stored on our system. The Site/Services encrypts your credit card number and other confidential or sensitive financial data/Personal Information/Business Data using transport layer security (TLS, as successor to SSL) technology to provide for the secure transmission of the Personal Information/Business Data from your PC to our servers.
TLS is an industry-standard protocol for encryption over the Internet. While no system is 100% secure, we believe that the measures we have implemented minimize the risk of a security breach to an appropriate level given the types of Personal Information/Business Data involved. Please note that (a) any Personal Information/Business Data you provide us by email is unencrypted; and (b)transmission of Personal Information/Business Data via the internet is not completely secure and although we will endeavor to protect your information, we cannot guarantee the security of your information transmitted to our Site; any transmission is therefore at your own risk. Once we have received your information, however, we will use procedures and security features deemed reasonably appropriate to the nature and sensitivity of the information to endeavor to prevent unauthorized access.
If you do not wish to receive offers or other notices from us in the future, you can “opt-out” (but not of certain mandatory account information) by clicking unsubscribe in any email we send you or by contacting us at the address indicated at the end of this policy. We will try to complete your request as promptly as possible. You can elect not to receive emails from us (other than ones pertaining directly to your subscription) either by “unsubscribing” to an email you receive or by contacting us as indicated below. Any changes will affect only future uses of your information.
11. Privacy Rights (Europe).
For individuals within the EEA only. Note: because we do not currently provide services to EEA residents we do not expect this paragraph to be applicable; however, we have included it in case it should become applicable in the future. Under the GDPR, in certain circumstances, you have the right to: (a) request access to any Personal Information we hold about you and related information, (b) obtain without undue delay the rectification of any inaccurate Personal Information, (c) request that your Personal Information is deleted provided the Personal Information is not required by Design Manager for compliance with a legal obligation under European or Member State law or for the establishment, exercise or defense of a legal claim, (d) prevent or restrict processing of your Personal Information, except to the extent processing is required for the establishment, exercise or defense of legal claims; and (e) request transfer of your Personal Information directly to a third party where this is technically feasible.
12. Privacy Rights (California).
California Consumer Privacy Act (“CCPA”)
Under the CCPA, effective January 1, 2020, verified California residents have the right to:
- request and receive disclosure of Design Manager’s personal information data collection practices during the prior twelve (12) months, including the categories of personal information we collect, the categories of sources of such information, our business purpose* for collecting or sharing such information, and the categories of third parties with whom we share such information;
- request and receive a copy of the personal information we have collected about them during the prior twelve (12) months;
- request and receive disclosure of our information sharing practices during the prior twelve (12) months, including a list of the categories of personal information sold with the category of third party recipients and a list of the categories of personal information that we disclosed for a business purpose;
- request that we not sell personal information about them; and
- request that we delete (and direct our service providers to delete) their personal information (subject to certain exceptions).
If you have questions about your CCPA Rights, please email us at email@example.com or visit our affiliate’s (parent’s) CCPA Request Page. For purposes of the CCPA, personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Making CCPA Requests. In order to make a request for disclosure, California residents may email us at firstname.lastname@example.org or visit our affiliate’s (parent’s) CCPA Request Page. We will ask you for information that allows us to verify that you are the person about whom we collected personal information, and will use that information only for that purpose. We may request that you submit a signed statement that you are the individual you claim to be. We will acknowledge receipt of your request within ten (10) days and will endeavor to respond within forty-five (45) days of receipt of your request, but if we require more time, we will notify you of our need for additional time and may take up to an additional forty-five (45) days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.
You may make a request for disclosure of our information collection practices, the information we collected about you, or our information sharing practices twice within a twelve (12) month period, and may make a deletion request at any time. We will try to respond within forty-five (45) days of receipt of your request, but if we require more time, we will notify you of our need for additional time and may take up to an additional forty-five (45) days.
For requests for a copy of the personal information we have collected during the previous twelve (12) months prior to your request, we will try to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to you.
If you request that we delete your personal information, please note that California law permits us to retain necessary information and under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations.
We will not discriminate against you as a result of your exercise of any of these rights.
Sale of Information. We do not disclose personal information in exchange for payment of money; however, we may disclose personal information to certain third parties that provide us with services such as helping us with advertising, data analysis and security, which may fall under the definition of “consideration” and be considered a “sale” under the CCPA. This includes Identifiers, Commercial, Electronic Network Activity, and/or Geolocation information, and other information as listed below. If you would like to instruct us not to sell your personal information, and are over the age of 16 years old, please visit our Do-Not-Sell web page. We do not sell personal information of individuals we know are less than 16 years of age. Once we receive your Do-Not-Sell request we will wait at least twelve (12) months before asking you to reauthorize personal information sales.
Using an Authorized Agent. If you designate an authorized agent to act on your behalf with regard to a CCPA request you must verify your own identity directly with us and provide us with legal authorization indicating your consent to have the authorized agent’s representation. Examples of acceptable forms of legal authorization would be a fully executed Power of Attorney, a notarized affidavit or any other legally executed document that indicates the authority to represent you as it pertains to your CCPA request.
Categories of Information. During the past twelve (12) months, we have (or may have) collected the following categories of information from the listed sources, used (or may have used) it for the listed business purposes and shared it (or may have shared it) with the listed categories of third parties. The categories of information include information we collect from our website visitors, registered users, employees, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals. For instance, we may collect different information from applicants for employment or from vendors or from customers.
|Category of Information collected||Source||Business Purpose(s)* for collection/use||Categories of Third-Parties receiving information|
|Identifiers (name, alias, postal address, email address, phone number, account name, Social Security number, driver’s license number, passport number, IP address)||Individuals submitting information to us; Information we automatically collect from site visitors; Information we may receive from third-party marketing and data partners.||Auditing relating to transactions; Security detection, protection and enforcement; Functionality, error repair; Ad customization; Performing services; Internal research and development; Quality control.||Service providers (such as payment processors, marketing partners, shipping partners, employee benefits partners); Affiliated companies; Government regulators; Law enforcement; Strategically aligned businesses.|
|Sensitive Information (name with financial account, medical, health, health insurance information, username and/or password)||Individuals submitting information; Employment applications; Employees.||Auditing relating to transactions; Security detection, protection and enforcement; Functionality /error repair; Performing services; Internal research and development; Quality control.||Service providers (such as payment processors, marketing partners, shipping partners, employee benefits partners); Government regulators; Law enforcement.|
|Protected Classification Information (race, gender, ethnicity)||Individuals submitting information (e.g., applicants for employment).||Auditing relating to transactions; Security detection, protection and enforcement; functionality debugging/error repair; Ad customization; Performing services; Internal research and development; Quality control.||Service providers (such as payment processors, marketing partners, shipping partners); Government regulators.|
|Commercial Information (transaction history, products/services purchased, obtained or considered, product preference)||Individuals submitting information; Information we automatically collect from site visitors; Information we may receive from third-party marketing or data partners.||Auditing relating to transactions; Security detection, protection and enforcement; Functionality /error repair; Ad customization; Performing services; Internal research and development; Quality control.||Service providers (such as payment processors, mail houses, marketing partners, shipping partners), Affiliated companies, Government regulators, Law enforcement, Strategically aligned businesses,|
|Electronic Network Activity (browsing or search history, website interactions, advertisement interactions)||Information automatically collected from site visitors.||Auditing relating to transactions; Security detection, protection and enforcement; Functionality debugging/error repair; Ad customization; Performing services for you; Internal research and development; Quality control.||Service providers (such as payment processors, marketing partners); Affiliated companies; Government regulators; Law enforcement; Strategically aligned businesses.|
|Audio, Video or Similar Information (customer service calls, emails, security monitoring)||Individuals submitting information; Information we collect for security purposes.||Auditing relating to transactions; Security detection, protection and enforcement; Functionality /error repair; Ad customization; Performing services; Internal research and development; Quality control.||Service providers (such as payment processors, marketing partners, shipping partners); Affiliated companies; Government regulators; Law enforcement; Strategically aligned businesses.|
|Geolocation||Information we automatically collect from site visitors.||Auditing relating to transactions; Security detection, protection and enforcement; Functionality /error repair; Ad customization; Performing services; Internal research and development; Quality control.||Service providers (such as payment processors, marketing partners, shipping partners, employee benefits partners); Affiliated companies; Government regulators; Law enforcement; Strategically aligned businesses.|
|Professional, Educational, or Employment-related Information||Information submitted by individuals; Information received from third parties in connection with vendor or employment status or applications; Information we observe related to vendor or employment oversight.||Employee management and vendor oversight.||Service providers (such as payment processors, employee benefits partners); Government regulators.|
|Inference from the above (preferences, characteristics, behavior, attitudes, abilities, etc.)||Internal analytics||Auditing relating to transactions; Security detection, protection and enforcement; Functionality /error repair; Ad customization; Performing services; Internal research and development; Quality control.||Service providers (such as payment processors, mail houses, marketing partners, shipping partners, employee benefits partners); Affiliated companies; Government regulators; Law enforcement; Strategically aligned businesses;|
*For your reference, ‘Business Purposes’ include:
- Performing services for clients.
- To administer or otherwise carry out our obligations in relation to any agreement to which we are a party;
- To assist in completing a transaction or order;
- To prepare and process invoices;
- To respond to queries or requests and to provide services and support;
- To provide aftersales customer relationship management;
- To create and manage customer accounts;
- To notify about changes to our services and products;
- To administer any promotion, contest, survey, or competition;
- To provide information regarding our products and services;
- To offer our products and services in a personalized way, for example, we may provide suggestions based on previous requests to identify suitable products and services more quickly.
- Advertising customization.
- For marketing and promotions we believe of interest and to provide, or allow selected third parties to provide, information about products and services of interest.
- Auditing relating to transactions, internal research and development.
- To provide for internal business administration and operations, including troubleshooting, website customization, enhancement or development, testing, research, administration and operation of our website and data analytics;
- To create products or services that may meet client needs;
- To measure performance of marketing initiatives, ads, and websites “powered by” another company on our behalf.
- Security detection, protection and enforcement; functionality debugging, error repair.
- As part of our efforts to keep our website safe and secure;
- To ensure the security of client accounts and our business, preventing or detecting fraud, malicious activity or abuses of our website, for example, by requesting verification information in order to reset account passwords;
- To resolve disputes, to protect the rights, safety and interests ourselves, our users or others, and to comply with our legal obligations.
- Quality control.
- To monitor quality control and ensure compliance with our legal obligations, codes and ordinances, policies and procedures;
- To develop and improve our products and services, for example, by reviewing visits to the website and various subpages, demand for specific products and services and user comments.
13. Links to third-party sites
When you use the Site or our Services, you may be directed to other websites that are beyond our control. These may include payment processors for your own end users when you are using our Services (e.g., Stripe or TSYS) and/or other third parties providing services that are complementary or ancillary to those we provide (e.g., accounting software).
We may also allow third party sites or applications to link to the Site or Services. We are not responsible for the privacy practices of any third parties or the content of linked sites, and we encourage you to read the applicable privacy policies and terms and conditions of such parties or websites.
14. Contact Design Manager