Last Updated: November 1, 2021
Transfer of Information to the United States and Other Countries
Additional Disclosures for Individuals in Europe
COLLECTION OF INFORMATION
Information You Provide to Us
We collect information you provide directly to us. For example, you share information directly with us when you create an account, fill out a form, submit or post content through our Services, make a purchase, communicate with us via third-party platforms, request customer support, or otherwise communicate with us. The types of personal information we may collect include your name, email address, postal address, phone number, credit card and other payment information, and any other information you choose to provide.
Information We Collect Automatically When You Interact with Us
When you access or use our Services or otherwise transact business with us, we automatically collect certain information, including:
Activity Information: We collect information about your activity on our Services, such as search terms you enter, pages you have visited, and other information you provide to us.
Transactional Information: When you make a purchase, we collect information about the transaction, such as product details, purchase price, and the date and location of the transaction.
Device and Usage Information: We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Services.
Information We Collect from Other Sources
We obtain information from third-party sources. For example, we may collect information about you from internet service providers, advertising networks, data analytics providers, and operating systems. Additionally, if you create or log into your Obsidian account through a third-party platform (such as Google), we will have access to certain information from that platform, such as your name or birthday in accordance with the authorization procedures determined by such platform.
Information We Derive
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your location based on your IP address or infer that you are looking to purchase certain products based on your browsing behavior and past purchases.
USE OF INFORMATION
We use the information we collect to administer your account, deliver products and services you request, and provide you with updates. We also use the information we collect to:
Provide, maintain, and improve our products and services;
Process transactions and send you related information, including confirmations, receipts, invoices, and customer experience surveys;
Personalize and improve your experience on our Services;
Send you technical notices, security alerts, and support and administrative messages;
Respond to your comments and questions and provide customer service;
Communicate with you about products, services, and events offered by Obsidian and others and provide news and information that we think will interest you (see the Your Choices section below for information about how to opt out of these communications at any time);
Monitor and analyze trends, usage, and activities in connection with our Services;
Personalize the advertisements you see on third-party platforms and websites (for more information, see the Advertising and Analytics section below);
Personalize the advertisements you see when you use our Services based on information provided by our advertising partners;
Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Obsidian and others;
Debug to identify and repair errors in our Services;
Comply with our legal and financial obligations; and
Carry out any other purpose described to you at the time the information was collected.
SHARING OF INFORMATION
We share personal information in the following circumstances or as otherwise described in this policy:
We share personal information with vendors, service providers, and consultants that need access to personal information in order to perform services for us, such as companies that assist us with web hosting, shipping and delivery, payment processing, fraud prevention, customer service, and marketing and advertising.
If you submit a product review or post content in another public area of our Services, we share this information publicly on our Services.
We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
We may share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Obsidian, our users, the public, or others.
We share personal information with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
We may share personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
Personal information is shared between and among Obsidian and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.
We share personal information with your consent or at your direction.
We also share aggregated or de-identified information that cannot reasonably be used to identify you.
ADVERTISING AND ANALYTICS
We also work with third parties to serve ads to you as part of customized campaigns on third-party platforms (such as Facebook and Instagram). As part of these ad campaigns, we or the third-party platforms may convert information about you, such as your email address and phone number, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and serve you advertising that is customized to your interests. Note that the third-party platforms may offer you choices about whether you see these types of customized ads.
TRANSFER OF INFORMATION TO THE UNITED STATES AND OTHER COUNTRIES
Obsidian is headquartered in the United States, and we have operations and service providers in the United States and other countries. Therefore, we and our service providers may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.
DO NOT TRACK NOTICE
This website does not currently support certain browser settings or otherwise respond to Do Not Track requests.
This website is not intended for or directed at children under the age of 13. In addition, we do not knowingly collect personal information from children under the age of 13.
You may update and correct certain account information at any time by logging into your account or contacting us through our contact page. If you wish to delete your account, please email us at firstname.lastname@example.org, but note that we may retain certain information as required by law or for our legitimate business purposes.
You may opt out of receiving promotional emails from Obsidian by following the instructions in those communications. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
ADDITIONAL DISCLOSURES FOR INDIVIDUALS IN EUROPE
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data, and this section applies to you.
Legal Basis for Processing
When we process your personal data, we will do so in reliance on the following lawful bases:
To perform our responsibilities under our contract with you (e.g., processing payments for and providing the products and services you requested).
When we have a legitimate interest in processing your personal data to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.
We store personal data associated with your account for as long as your account remains active. If you close your account, we will delete your account data within 90 days. We store personal data for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
Data Subject Requests
Subject to certain limitations, you have the right to request access to the personal data we hold about you and to receive your data in a portable format, the right to ask that your personal data be corrected or erased, and the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, please contact us at email@example.com.
Questions or Complaints
If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:
For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
For individuals in the UK: https://ico.org.uk/global/contact-us/
For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html