Last Updated: January 1, 2021
YOUR CONSENT TO THIS POLICY
PERSONAL INFORMATION WE COLLECT
We may collect or may have collected the following categories of information about you. In some cases, the information we collect may fall within more than one category:
- Contact information and personal identifiers, such as your name, address, email address, telephone number, and username or social media handle.
- Device identifiers, such as information about your device like your IP address, or other online identifiers.
- Demographic information, such as your age, sex, and gender (some of which may be protected by applicable law).
- Physical characteristics, such as your shoe size.
- Commercial information, such as the products or services you have purchased, returned or considered, and your product preferences.
- Payment information, such as your method of payment and payment card information (including payment card number, expiration date, delivery address and billing address).
- Biometric information, such as facial images (for example, if you post a picture to one of our social media pages).
- Identity verification information, in order to verify you when you call customer support or make other requests.
- Online or network activity information, such as information regarding your interaction with the Site, digital properties, and advertisements, information about your browsing and search history on the Site, and log file information, which includes, but may not be limited to, your browser type, webpages you visit, and other electronic network activity.
- Audio information, such as recordings of your voice when you call our customer support.
- User Content, such as your communications with us and any other content you provide (including photographs, videos, reviews, articles, survey responses, and comments).
- Inferences drawn from or created based on any of the information identified above.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We may collect or may have collected personal information about you from various sources. The categories of sources from which we may collect personal information are:
- Directly from you, such as when you make a purchase or return on the Site, contact us with a question or complaint, create an account on the Site, inquire about a warranty, respond to a survey, or sign-up to receive marketing communications.
- From your friends or family members, such as when your friend or family member sends you a gift or tags you on a post to one of our social media pages.
- Through other technologies, such as call recording technology when you speak to customer support.
- From our business partners and service providers, such as demographic companies, analytics providers, advertising companies and networks, third-party retailers, and other third parties that we choose to collaborate or work with.
- From social media platforms and networks, such as Facebook, Twitter, Pinterest, and Instagram. For example, we may obtain your information from a social media platform or network if you interact with us on social media or choose to log-in to the Site using your social media credentials.
- From our affiliates that you have interacted with.
HOW WE USE YOUR PERSONAL INFORMATION
We may use or may have used the information we have about you:
- To provide products and services to you, such as fulfilling orders and processing payments, creating, servicing and/or maintaining your account with us, assisting with product selection and replenishment, and managing current or past purchases.
- To communicate with you, including to respond to your inquiries or complaints, and to help you place an order.
- To administer your participation in special events, contests, surveys, and promotions.
- For marketing and advertising, such as to send you marketing and advertising materials via postal mail, text message or email, and to show you advertisements for products and/or services tailored to your interests on social media and other websites.
- For analytics purposes, such as to understand how you use the Site, understand your preferred method of purchasing with us; determine what browser and devices you use to visit the Site; and to evaluate and improve our products, services, advertisements, and website and mobile applications.
- To operate and improve our business, including to provide quality assurance, conduct research and development to develop new products and services, and perform accounting, auditing and other internal business functions.
- For legal and security purposes, such as to detect, prevent, and prosecute harmful, fraudulent, or illegal activity, loss prevention, identify and repair bugs on the Site or mobile applications, and to comply with applicable legal requirements, relevant industry standards and our policies.
We also may use or may have used the information in other ways for which we provide specific notice at the time of collection.
HOW WE SHARE YOUR PERSONAL INFORMATION
In general, we do not share personal information about you with third parties for such third-parties’ own marketing or advertising purposes. We do share personal information with third parties for other purposes. For example, we share personal information with:
- The BOA family of brands and companies, such as our affiliates, parents, and subsidiaries;
- Brand Partners, such as shoe companies that offer products with the BOA Fit System, if you click on a link on our Site to shop on one of our Brand Partner’s sites;
- Service providers that provide products or services to us, that help us market or advertise to you (including co-branded marketing and advertising), or that provide products or services to you (such as delivering packages to you). Even with this access to personal information necessary to perform these functions, those third parties are not authorized by BOA to disclose your information for any other purposes;
- Parties to business transactions such as those we deal with in mergers, acquisitions, joint ventures, sales of assets, reorganizations, divestitures, dissolutions, bankruptcies, liquidations, or other types of business transactions. In these types of transactions, personal information may be shared, sold, or transferred, and it may be used subsequently by a third party;
- Online third-party companies for our own advertising purposes, including to: serve advertisements across the Internet; track and categorize your activity and interests over time on the Site and mobile application, and on third-party websites and mobile applications; and to identify the different device(s) you use to access websites and mobile applications. We share information with these companies, and these companies may collect information—including automatically collected information when you use the Site or mobile application. These third-party companies also may possess or obtain information about you from your interactions: directly with the third-party companies; with other websites, mobile applications, or companies that the third-party companies work with; or from your interactions with advertisements the third-party companies help to display to you. The information that these companies collect or that we share may be used to customize or personalize the advertisements that are displayed to you. We may share personal information with the third-party companies we work with for our purposes, though in general we do not share personal information about you with third parties for third-party marketing or advertising purposes. We may also share other information at our discretion, including automatically collected information, which may be used by third parties for third-party marketing, advertising, and other purposes; and
- Additional third parties such as law enforcement, government entities, courts, or other third parties as required or allowed by applicable law, or otherwise to help prevent harm or fraud to us, you, our customers, or other third parties. We also may share personal information with third parties upon your request or with your approval, though we may not be able to accommodate all requests.
DO WE COLLECT CHILDREN’S INFORMATION?
The Site is not directed at or intended for children under the age of 13 and we do not knowingly collect personal information from such individuals. If you become aware that your child has provided us with personal information without your consent, please contact us at [email protected] and we will take steps to remove such information within a reasonable time.
HOW WE SECURE PERSONAL INFORMATION
CALIFORNIA PRIVACY RIGHTS
Under the California Consumer Privacy Act (“CCPA”), California residents have certain rights regarding the personal information that businesses have about them. This includes the rights to request access or deletion of your personal information, as well as the right to direct a business to stop selling your personal information.
Right to Notice. You have the right to be properly notified of the following:
Right to Access Your Information: You have the right to request the following covering the 12 months preceding your request:
- The specific pieces of personal information we have collected about you
- The categories of personal information that we have collected about you
- The categories of sources from which we collected the personal information
- The purpose for collecting or selling the personal information
- The categories of personal information that we have disclosed about you, the purpose for disclosing such personal information and the categories of third parties with whom we disclosed such personal information
The categories of personal information that we have sold about you, as well as the categories of third parties to whom we sold such personal information If you would like to exercise your right to request access, please submit your request by emailing us at [email protected].
Right to Deletion: You have the right to request that we delete any personal information about you that we have collected from you. Please note that there are exceptions where we do not have to fulfill a request to delete information, such as when the deletion of information would create problems with the completion of a transaction or compliance with a legal obligation. If you would like to exercise your right to request deletion, please submit your request by emailing us at [email protected].
Right to Opt-Out of Sale: While we do not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and wish to provide you with control over how your personal information is collected and shared. You have the right to direct us to not sell your personal information. If you would like to exercise your right to request opt-out of sale, please click DNS or submit an email to [email protected].
Please note that we may still use aggregated and de-identified personal information that does not identify you or any individual; we may also retain information as needed in order to comply with legal obligations, enforce agreements, and resolve disputes.
Right to Non-Discrimination: We will not discriminate against you (e.g., through denying goods or services, or providing a different level or quality of goods or services) for exercising any of the rights afforded to you.
Verifiable Consumer Requests: Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access to your personal information twice within a 12-month period. The verifiable consumer request must: 1) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of that person; and 2) Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it. We cannot respond to your request to exercise your access and/or deletion rights if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format: We attempt to respond to a verifiable consumer request within 45 days after we receive it. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing within 45 days after we receive your initial request. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period prior to the date we receive the verifiable consumer request. The response we provide will also provide the reasons we cannot comply with a request, if applicable. For access requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Financial Incentive: We may offer you various financial incentives such as discounts and special offers when you provide us with contact information and identifiers such as your name and email address. When you sign-up for our loyalty program, email list or other discounts and special offers, you opt-in to a financial incentive. You may withdraw from a financial incentive at any time by opting out from our email or closing your loyalty member account. Generally, we do not assign monetary or other value to personal information, however, California law requires that we assign such value in the context of financial incentives. In such context, the value of the personal information is related to the estimated cost of providing the relevant financial incentive(s) for which the information was collected.
TRANSFERS OF PERSONAL INFORMATION OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)
BOA operates globally, but its main administrative offices are based in the United States and that’s where our data processing activities primarily occur.
You acknowledge and agree that any Personal Information we collect from your use of the Site will be transferred to, processed, and stored in the United States. The United States does not have an adequacy decision from the European Commission, which means that the Commission has determined that the laws of the United States do not provide legal protection that is equivalent to EU data protection laws. This means that in certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities of the United States may be entitled to access your personal data. Nevertheless, we have implemented appropriate safeguards to protect the Personal Information we collect from the Site.
DATA SUBJECTS IN EEA
Legal basis for processing: We only use your personal information as permitted by law. We are required to inform you of the legal basis of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at [email protected].
Legal BasisTo provide the Services
Processing Purpose You have entered a contract with us and we need to use your personal information to provide services you have requested or take steps that you request prior to providing services.
To send you marketing communications/advertisements These processing activities constitute our legitimate interests. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
For security, compliance, fraud prevention and safety Processing is necessary to prosecute or defend legal claims.
For compliance with law Processing is necessary to comply with our legal obligations.
With your consent Processing is based on your consent. Where we rely on your consent, you have the right to withdraw it anytime in the manner indicated in the Services or by contacting us at [email protected].
Your rights: European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
Right of access. The right to obtain access to your personal data.
Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
Right to object. You have a right to object to processing based on legitimate interests and direct marketing. You can submit these requests by email at [email protected]. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
Complaints: If you have a complaint about how we handle your personal information or respond to your request, you may be able to complain to your data protection authority. We ask that you kindly contact us first, so that we have an opportunity to resolve your complaint.
RETAINING YOUR PERSONAL DATA
How long we retain personal information varies according to the type of information in question and the purpose for which it is used. We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose). This does not affect your right to request that we delete your personal data before the end of its retention period. We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures. We also may retain personal information for fraud prevention or similar purposes.
OPT-OUT FROM MAILINGS
The Site provides you with several opportunities to agree to receive communications about special offers or programs from BOA, and any of our affiliated brands or divisions. If at any time you wish to stop receiving communications from us please send us an email to [email protected] with the phrase "Privacy Opt-out: BOA Mailings" in the subject line, or write to us at the address provided below, and we will remove you from our mailing list. Alternatively, for e-mail communications, you may opt out of receiving such communications by following the unsubscribe instructions set forth at the bottom of our promotional e-mail messages.
WHAT CHOICES DO YOU HAVE?
When corresponding with BOA or our representatives, or when making a request for information or otherwise interacting with BOA or others through the Site, you choose what information to supply, whether you wish to receive further information, and by what method of communication such information should be delivered. Please take care to share only such information as is needed or that you believe is appropriate. If you would like to exercise any of rights of access, correction, deletion, etc., please contact us by email at [email protected].
WHO CAN YOU CONTACT FOR MORE INFORMATION?
If you have any questions or suggestions about the Site, BOA, or our privacy practices, please contact us at [email protected].