METRO MATTRESS PRIVACY
PRIVACY POLICY
Metro Mattress respects our customer’s privacy and is highly sensitive to the privacy interests of all consumers. Metro Mattress believes that the protection of those interests is one of its most significant responsibilities. In acknowledgment of its obligations, Metro Mattress has adopted the following Privacy Policy applicable to information about consumers that it acquires in the course of its business:
Intended Audience
Metro Mattress has permanent establishment in the United States of America. Metro Mattress does not accept sales orders, sell or intend to sell, process, or solicit customers that reside or may be a citizen of a country that is outside of the United States. Our intended audience is a US citizen who resides permanently within the United States and specifically resides within the United States except for California, Alaska, and Hawaii and is further specified as primarily persons who reside in Upstate New York, Connecticut, Massachusettes, New Hampshire, Pennsylvania, Rhode Island or otherwise physically shop in our stores located throughout the Northeast or reside within our stated and intended delivery areas.
Acquisition of Information
Metro Mattress will not acquire any more information about consumers than is required by law or is otherwise necessary to provide a high level of service efficiently and securely. Metro Mattress will not sell, barter, or exchange any information about its consumers with any other company or service.
Our Employees and Privacy
Metro Mattress trains all of its employees about the importance of privacy. We give access to information about consumers only to those employees who require it to perform their jobs.
Disclosure to Third Parties
Metro Mattress will not disclose or process personal data except for the specific use of conducting Metro Mattress sales or marketing transactions to its Intended Audience. Metro Mattress may release account information about consumers to third parties only if: a) we are compelled to do so by order of a duly-empowered governmental authority, b) we have the express permission of the consumer; or c) it is necessary to process transactions and provide our services.
Notifications
We will promptly notify you if we receive a request to disclose, provide a copy, modify, block, or take any other action with respect to personal data, unless notice is prohibited by Applicable Law; and, except to the extent required by Applicable Law, we will not independently take any action in response to a request from the person/data subject without specific prior written instruction. We will cooperate with reasonable requests for access to Personal Data and other information and assistance as necessary to respond to a request or complaint by the person/data subject.
Representations
With regard to personal data you disclose and provide to us, you hereby represent and warrant: (i) the personal data has been collected in accordance with Applicable Law; (ii) the transfer to us for the purpose of providing the Services is authorized under Applicable Law; (iii) you will comply with Applicable Law as to requests from data subjects in connection with the Personal Data; (iv) you shall disclose to us only that Personal Data that is necessary for our provision of the Services; and (v) you shall not ask us to take any action with respect to the Personal Data that you are not permitted to take directly.
Records
We will keep reasonable records to evidence our compliance with our obligations under this policy and shall preserve such records for at least two (2) years from the date of the events reflected therein.
The California Consumer Privacy Act
We are not doing business in California for the purposes of the California Consumer Privacy Act of 2018 (“CCPA”) (Civil Code Section § 1798.100 et seq.), but this Section is adopted to comply with the CCPA. This Section applies only to those California residents who are visitors to our website and/or users of available third-party Apps and thus for the purposes of this Section, the words “you” and “your” mean only those California residents.
We collected and disclosed for a business purpose, within the last 12 months, the following categories of personal information: identifiers such as a real name, alias, online identifier, Internet Protocol address, email address, or other similar identifiers; and Internet or other similar network activity, such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
We do not sell personal information to third parties and, within the last 12 months, have not sold any of your personal information. We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light law”) with third-parties for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light law by contacting us in writing by letter to 3545 John Glenn Blvd Syracuse, NY 13209, (Attention: Legal Team). Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address.
Privacy Rights of California Residents
If you are a California resident, you may ask businesses to disclose what personal information they have about you and what they do with that information, to delete your personal information, to direct businesses not to sell or share your personal information, to correct inaccurate information that they have about you, and to limit businesses’ use and disclosure of your sensitive personal information:
Right to know: You can request that a business disclose to you: (1) the categories and/or specific pieces of personal information they have collected about you, (2) the categories of sources for that personal information, (3) the purposes for which the business uses that information, (4) the categories of third parties with whom the business discloses the information, and (5) the categories of information that the business sells or discloses to third parties. You can make a request to know up to twice a year, free of charge.
Right to delete: You can request that businesses delete personal information they collected from you and tell their service providers to do the same, subject to certain exceptions (such as if the business is legally required to keep the information).
Right to opt-out of sale or sharing: You may request that businesses stop selling or sharing your personal information (“opt-out”), including via a user-enabled global privacy control. Businesses cannot sell or share your personal information after they receive your opt-out request unless you later authorize them to do so again.
Right to correct: You may ask businesses to correct inaccurate information that they have about you.
Right to limit use and disclosure of sensitive personal information: You can direct businesses to only use your sensitive personal information (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the services you requested.
You also have the right to be notified, before or at the point businesses collect your personal information, of the types of personal information they are collecting and what they may do with that information. Generally, businesses cannot discriminate against you for exercising your rights under the CCPA. Businesses cannot make you waive these rights, and any contract provision that says you waive these rights is unenforceable.
You or an authorized agent acting on your behalf can exercise the rights above by contacting us in writing at 3545 John Glenn Blvd Syracuse, NY 13209, (Attention: Legal Team). You may only exercise your right to know up to two different times in a 12-month period. When you submit a request, we may ask you to fill out a request form. The CCPA only allows us to act on your request if we can verify your identity or your authority to make the request, so you will also need to follow our instructions for identity verification. If you make a verifiable request per the above, we will confirm our receipt and respond in the time frames prescribed by the CCPA.
Privacy Rights of Connecticut Residents
Connecticut law requires any person or entity that collects Social Security numbers from Connecticut residents in the course of business to create a privacy protection policy and to publish or display it publicly. It is our policy to protect the confidentiality of Social Security numbers in our possession from misuse and improper disclosure by maintaining and enforcing policies and physical and electronic safeguards against misuse and improper disclosure. Unlawful disclosure of Social Security numbers is prohibited, and access to them is limited to personnel who need access to such information in order to perform their job functions.
Children’s Privacy
Our business is intended for a general adult audience and not directed to children less than thirteen (13) years of age. We do not intend to collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) (“Children’s Personal Information”) in a manner that is not permitted by COPPA. If we obtain knowledge that we have collected Children’s Personal Information in a manner not permitted by COPPA, we will remove such data to the extent required by COPPA.
Any California residents under the age of eighteen (18) who have utilized the Services, can request removal by contacting us here in writing at 3545 John Glenn Blvd Syracuse, NY 13209, (Attention: Legal Team) detailing what Services were utilized, and attesting that you conducted the actions. We will then make reasonable, good-faith efforts to remove the data from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.