Carlton One Engagement Corporation (CarltonOne, we, or our) takes great care to protect the privacy of visitors (you or your) to applefromklarna.com (the Website). We treat your personal information, personal data, or the equivalent terminology in your region (collectively, Personal Data) with respect and transparency.
As the merchant of record, we operate the technology platform on which this Website resides. We work together with Klarna Inc. (Klarna) to facilitate the purchasing lifecycle of products listed on the Website.
This Apple from Klarna Privacy Notice (the Privacy Notice) describes what Personal Data we collect, how & why we use your Personal Data, and how & and why we share your Personal Data (collectively, Process) when you visit the Website. The Privacy Notice also explains your options for accessing, updating, or otherwise controlling the Personal Data shared through the Website.
If you have any questions about the Privacy Notice, you may contact our privacy team by email at privacy@carltonone.com or by mail at “Attn: CarltonOne Privacy, 60 Columbia Way, Markham, ON L3R 0C9.
Data Collection
We Process Personal Data to deliver the best possible user experience on the Website, facilitating the purchase, return, and trade-in of products listed on the Website. The categories of Personal Data we may Process include:
- Order Fulfillment: name, mailing address, phone number, and email address;
- Website Usage: Website Usage: information about your browser, device, operating system, IP address, cookie information, and Website usage or traffic data;
- Customer Service Inquiry: Customer Service Inquiry: information necessary to address an issue you may have with the Website; and
- Return or Trade-In: information necessary to process a product return or trade-in request.
We collect Personal Data through order, return, and trade-in intake forms, cookies, pixels, tags, usage logs, and any other direct communications you make with us.
Data Usage
We Process Personal Data for limited business-related purposes and compliance with applicable laws (collectively, Purposes) only when supported by a valid legal justification (Justification). The Purposes include:
- to facilitate the services offered on the Website;
- to facilitate the delivery and measurement of ads related to products on the Website; and
- to ensure compliance with applicable laws.
We rely on the Justification of performance of a contract and legitimate interests to Process Personal Data for the following activities:
- facilitating a purchase, return, or trade-in of a product listed on the Website;
- responding to a customer service inquiry;
- detecting, preventing, and addressing fraud, malware, security risks, and other improper use of the Website;
- improving the Website and troubleshooting Website errors; and
- facilitating the delivery and measurement of ads related to products on the Website.
We rely on the Justification of legal obligations to Process Personal Data for the following activities:
- responding to and enforcing requests you make regarding your privacy rights.
Data Sharing
We may disclose, share, or sell (collectively, Share) your Personal Data with the following entities or categories of entities for the described purposes:
- Klarna. We Share your Order Fulfillment information with Klarna to facilitate the services offered on the Website, including purchasing of listed products. We may also Share some Website Usage information with Klarna for the purpose of facilitating the delivery and measurement of ads related to products on the Website.
- Suppliers. We Share your Order Fulfillment information with product suppliers to facilitate the fulfillment of orders you make on the Website.
- Trade-In Partners. We Share your Return or Trade-In information with entities that accept product trade-ins or returns (Trade-In Partners) to facilitate return or trade-in requests you make regarding products purchased on the Website.
- Vendors and Service Providers. We have third-party vendors and service providers that provide products and services that support the Website. As such, we may disclose some of your Personal Data to them for the Purposes, including, for example, fraud detection.
- Legal Requirements. We may be required to disclose some of your Personal Data where we believe in good faith that such disclosure is required by law.
- Outsourced Call Center. We may make use of an outsourced call center to provide customer service, in which case we may disclose Customer Service Inquiry information.
Data Rights
Data Access
You are permitted to request a report of the Personal Data contained in our platforms. To request a report, you may do any of the following:
- Use the provided tools on the Website (if available) and generate the report on an as needed basis.
- Contact our privacy team at privacy@carltonone.com
Data Editing
You are permitted to update your user profile information at any time using the provided tools on the Website.
Data Deletion
You are permitted to request to delete your Personal Data from our platform. This may have the following consequences:
- We may be unable to provide you with customer support regarding any placed orders:
- Unable to handle any order status / delivery updates
- Unable to handle any product returns
- Unable to provide any refunds
- Unable to provide any warranty proof-of-purchase
- We may be unable to provide you with any historical account of your activities in the system.
- We may be unable to reactivate your account and/or reissue any terminated account balances
Similarly to Personal Data reports, you may request to have your Personal Data removed from our platform in any of the following ways:
- Use the provided tools on the Website (if available) and trigger a deletion request
- Contact our customer service team directly and submit the request by way of phone or email
- Contact our privacy team at privacy@carltonone.com
Data Handling
Data Security
We are committed to upholding the security of the Personal Data we Process. We follow generally accepted industry standards protect the integrity and confidentiality of Personal Data we Process, both during transmission and once received and stored. Such technical, administrative, and physical security standards include encryption, firewalls, technical and physical controls which limit access, and security awareness training. We regularly review our security measures and policies. We perform penetration testing with external network and SaaS platforms.
In all cases, we require that our sub-processing partners provide the same level of security and privacy to your Personal Data that we provide. Through technical and administrative controls, we require that sub-processors do not have access to Personal Data unless permitted to and not prior to service initialization.
Data Storage
Data is stored securely at multiple locations, in conjunction with our technology partners.
Data Retention
We retain personal data only for as long as necessary to provide services and thereafter for legitimate legal or business purposes. These include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- required for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
If you have any questions about the security or retention of your personal data, you can contact us at privacy@carltonone.com
International Transfers of Collected Information
Our data centers are located within Canada. Using the Website from the United States will result in transferring your Personal Data across international borders. When you call us or initiate a chat, we may provide you with support from one of our global locations outside of the United States. In these cases, your Personal Data is handled securely and in accordance with this Privacy Notice and applicable data protection and privacy laws.
Compliance with Legal, Regulatory, and Law Enforcement Requests
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any Personal Data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your Personal Data to third parties as part of legal process.
'Do Not Track' Notifications
Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. To find out more about “Do Not Track,” you may visit www.allaboutdnt.com.
California – CCPA Rights
Residents of California have the following rights under the California Consumer Privacy Act and California Privacy Rights Act (collectively CCPA):
- you have the right to know and access:
- the categories of Personal Data and specific pieces of Personal Data we have collected;
- the categories of Personal Data we have disclosed for a business purpose to third parties in the preceding 12 months;
- the categories of sources from which we collect Personal Data;
- the business or commercial purposes for collecting, sharing, or selling your Personal Data; and
- the categories of third parties with whom we disclose, sell, or share personal information with;
- you have the right to request deletion of Personal Data that we have collected, subject to certain exceptions;
- you have the right to request correction of inaccurate Personal Data;
- you have the right not to receive discriminatory treatment for exercising your privacy rights conferred by the CCPA; and
- you have the right to limit the use and disclosure of sensitive Personal Data.
Under CCPA, providing Personal Data to third parties for the purposes of ‘cross-context behavioral advertising’ constitutes a ‘sale’ or a ‘share’ of personal information, as theses terms are defined in the CCPA. When you visit the Website, you may enable a “Do not Sell” or a “Do not Share” option in the cookie consent request. When you exercise such an option, we will not Process any Personal Data for the purpose of facilitating the delivery and measurement of ads related to products on the Website.
Age Restrictions
The Website is available only for those over the age of 16. The Website is not targeted to, intended to be consumed by or designed to entice individuals under the age of 16. If you know of or have reason to believe anyone under the age of 16 has provided us with any personal data, please contact us at privacy@carltonone.com
List of Sub-Processors
- Sub-Processor
- eStruxture Data Centers
- Description/Purpose
- Colocation; houses production environment and primary data center. Data is stored at colocation until purged due to request (individual request or program cessation).
- Location
- Toronto, Canada
- Sub-Processor
- AWS Canada
- Description/Purpose
- Hybrid-cloud services; storage of replicated backups; on-prem DR landing zone. Backups are stored for 90 days and then removed.
- Location
- Montreal, QC, Canada
- Sub-Processor
- Freshworks
- Description/Purpose
- Customer service ticketing solution. System manages the inbound/outbound communication between CarltonOne and the end-user help requests. Data is stored until purged due to request (individual request or program cessation).
- Location
- San Mateo, CA, United States
- Sub-Processor
- MicroSourcing
- Description/Purpose
- Outsourced customer call center. Call center staff may have access to Customer Service Inquiry information in order to provide contracted services through each of CarltonOne & Freshworks platforms. Data is accessed on case-by-case basis to provide end-user help request support. No data is stored.
- Location
- Manila, Philippines
- Sub-Processor
- Fusion CX
- Description/Purpose
- Outsourced customer call center. Call center staff may have access to Customer Service Inquiry information in order to provide contracted services through each of CarltonOne & Freshworks platforms. Data is accessed on case-by-case basis to provide end-user help request support. No data is stored.
- Location
- San Salvador, El Salvador
Privacy Notice Changes
We reserve the right to modify this Privacy Notice at any time. If we decide to change our Privacy Notice, we will post those changes to this documentation and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
This Privacy Notice was last updated November 23rd, 2024.