PRIVACY POLICY
Last updated: May 13, 2024
Whatnot Inc. and its affiliates (“Whatnot” the “Company” “we” and “us”) provides a marketplace to bring together collectors and enthusiasts and make it easy and safe to connect, buy and sell. This Privacy Policy is designed to help you understand how we collect, use, and share your personal information and to help you understand and exercise your privacy rights.
2. PERSONAL INFORMATION WE COLLECT
3. HOW WE USE YOUR PERSONAL INFORMATION
4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
5. YOUR PRIVACY CHOICES AND RIGHTS
6. SECURITY OF YOUR PERSONAL INFORMATION
7. INTERNATIONAL DATA TRANSFERS
8. RETENTION OF PERSONAL INFORMATION
9. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
10. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
SCOPE
This Privacy Policy applies to personal information processed by us, including when providing our services, on our websites, mobile applications, social media pages and handles, newsletters, and other online or offline offerings. To make this Privacy Policy easier to read, our websites, mobile applications, and other services, offerings, sales, marketing or events are collectively called " Services."
Controller
Which Whatnot entity is responsible for the collection and processing of your personal information in connection with the Services depends on the region in which you reside and how you use our Services.
In general:
If you live in the UK, Switzerland or the European Economic Area ("Europe"), Whatnot Europe Limited (an Irish company) provides the Services to you under the Terms of Service for European Users found here (when “Europe” is selected as Region) and is the controller, jointly with Whatnot, Inc. of your personal information.
If you live outside of Europe, Whatnot Inc., (a US company) provides the Services to you under the general Terms of Service found here (when any Region other than “Europe” is selected) and is the controller of your personal information.
For information on how to contact us, please refer to the "Contact Us" section below.
PERSONAL INFORMATION WE COLLECT
The categories of personal information we collect depend on how you interact with us, use our Services, and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.
Personal **Information You Provide to Us **
We may collect the following personal information that you provide to us:
- Your Account Data. You provide us with information when you create an account or use our Services, such as first and last name, email address, postal address, phone number, and other contact data. Some of this information is required to create a Whatnot account to use the Services. If you do not provide us with this information, you will not be able to create an account to use the Services. You can add other optional information to your account, such as a profile picture and "bio" information.
- Your Credentials Data. If you have a Whatnot account, we need to collect passwords, password hints, and similar security information used for authentication and account access. If you do not provide us with this information, you will not be able to create or access your Whatnot account.
- **Identity Verification Data. **To apply to be a seller, or a verified buyer, or make purchases via the Services, we need to first verify your identity. You will be required to submit a picture of your government-issued ID for automated identity verification by our partner Stripe. You may find their privacy policy at https://stripe.com/privacy.
- Your Payment and Purchase Data. We collect personal information and details regarding bids, purchases or sales that you provide in a transaction and your payment information (e.g., credit card and account numbers, billing address, transaction details and form of payment). Any payments made via our Services are processed by our payments service provider Stripe. You may find their privacy policy at https://stripe.com/privacy. We do not directly collect or store any payment card numbers entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
- **Additional Seller Identity Data. **If you are a seller, we will collect additional identification information from you, including your tax identification number (e.g., social security number or local equivalent), date of birth, identification documents and information contained on IDs and other information that you provide when using our Services as a seller.
- Your Communications Data. We may collect personal information such as your email address, phone number or mailing address when you communicate with us, such as when you request information about our Services, register for our newsletter or loyalty program, request customer or technical support, apply for a job, or otherwise communicate with us.
- Survey Data. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.
- Your User Content Data. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., livestreams, photographs, direct messaging and chat features, commenting functionalities, forums, blogs, and social media pages) and the associated metadata (such as when, where and by whom the content was created). Any information you provide using the public sharing features of the Services (referred to herein as " User Content") will be considered "public," unless otherwise required by applicable law, and is not subject to this Privacy Policy. Please exercise caution before revealing any information that may identify you in the real world to other users.
- **Streaming (Video on Demand) Data. **When you stream on our Services, we record and store your streaming session, including your image and voice, for a limited period of time.
- Livestream Clipping. When you stream on our Services, you and the users in your livestream will be able to take a clip of your stream, including your image and voice, and publish and share it on their Whatnot profile or to their personal social media channels outside the Services.
- **Local Pickup Data. **If you are using the Local Pickup feature, we collect your postal address to determine your distance from other users to facilitate local pickups from buyers near you. If you are a seller and choose to allow for a local pickup, your zip/postal code will be made public and your postal address will be shared with buyers who opt to do a local pickup from you. If you are a seller, you can choose to publish your postal address on your profile.
- Promotions Data. We collect personal information you provide for any sweepstakes, contests, or other promotions that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
- Event Data. We collect personal information from individuals who attend conferences, trade shows, and other events that we host or participate in
- Business Development Data. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
- Job Applicant Data. We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information (such as desired pay, education and work history and visa status) that you submit with your application to assess your qualifications. You may also choose to provide your gender, ethnicity, veteran status, disability status and links to your website, blog, portfolio or LinkedIn profile.
- Other Information. We may collect any other personal information that you decide to share with us.
Personal **Information Collected Automatically. **
When you use our Services, we automatically collect personal information about you, your computer or mobile device, and your browsing actions and use patterns, such as:
- Device Data. This includes technical data collected from your devices (including mobile devices) that you use our Services with, such as Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique online identifiers, browser or device information, your general location information (including approximate location (e.g., city and country) derived from your IP address), and Internet service provider.
- Usage Data. This includes information collected and processed about you when you're accessing or using of our Services, such as your actions with the Services, including dates, time, pages that you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services, including information that is linked to your Whatnot account (e.g. when you place items in a shopping cart, place items on a watch list, save sellers, searches, interests, or follow users). Where required by law, we will ask for your consent to collect this information. In addition, we may collect information that other people provide about you when they use our Services, including information about you when they tag you.
We may collect this information through our Services or with the help of technologies, such as cookies and other similar tracking technologies. For more information about our use of these technologies and your choices, see the "Cookies and Other Technologies" section below.
Personal Information Collected from Other Sources.
We may obtain personal information about you from other sources, including through third-party services and organizations. For example:
Authentication Partners: If you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect personal information about you from that third-party application that you have made available via your privacy settings. For example, we allow you to use providers of single sign-on services (such as Google, Facebook, or Apple) with whom you may already have an account to create a Whatnot account or to link to your Whatnot account to such single sign-on services. You can determine the personal data that we can access when authorizing the connection with the single sign-on service.
Social Networks: We allow you to share personal data with social networks (such as Facebook) or to link your Whatnot account to a social network. These social networks may automatically provide us with access to certain personal data they store about you (e.g., content you have viewed or enjoyed, information about advertisements you have been shown or clicked on, etc.). You can determine the personal data that we access through your privacy setting of each social network.
Payment partners and transaction fulfillment providers: We receive information about you from payment and transaction fulfilment providers, such as payment confirmation details, and information about the delivery of products you have purchased through the Services.
Advertising and marketing partners. We receive inferences from certain advertising, and marketing partners. These inferences are the partners' understanding of your interests and preferences. They may also share information, such as mobile identifiers for advertising, hashed email address and phone numbers and cookie identifiers, which we use to help match you and your actions outside of the Services, with your Whatnot account. This allows us to deliver more relevant ads and marketing to you.
**COOKIES AND OTHER TECHNOLOGIES **
We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies ("Technologies") to automatically collect information through your use of our Services.
- Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Our uses of these Technologies fall into the following general categories:
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
- Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below); and
- Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed.
Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver tailored content, including ads, more relevant to your interests, on our Services or on third-party websites. This is also known as interest-based advertising, targeted advertising, or sharing for the purposes of cross-context behavioral advertising. An example of tailored advertising is when an advertising partner has information suggesting you like sneakers. This would enable us to show you content and ads related to sneakers.
See "Your Privacy Choices and Rights" below to understand your choices regarding these Technologies.
Analytics. We may use Technologies and other third-party tools to automatically collect Usage Data and Device Data for analytics purposes. Some of our analytics partners include:
- Google Analytics. For more information, please visit Google Analytics' Privacy Policy. To learn more about how to opt-out of Google Analytics' use of your information, please click here.
- AppsFlyer. For more information about AppsFlyer, please visit AppsFlyer's Privacy Policy.
- Facebook Connect. For more information about Facebook's use of your personal information, please visit Facebook's Data Policy. To learn more about how to opt-out of Facebook's use of your information, please click here while logged in to your Facebook account.
- Social Media Platforms. Our Services may contain social media buttons such as Instagram, TikTok, Twitter and Facebook (that might include widgets such as the "share this" button or other interactive mini programs). These features may collect information such as your IP address, which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.
See "Your Privacy Choices and Rights" below to understand your choices regarding these Technologies.
HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information for a variety of business purposes, including to provide our Services, for business operations purposes, and to market our products and Services, as described below.
Service Delivery
We use your personal information to provide you with our Services, such as:
Setting up an account for you to access the Services or provide the Whatnot app when you download it on your device;
Sharing personal information with third parties as needed to provide the Services;
Providing access to certain areas, functionalities, and features of our Services (including allowing you to create and consume content, interact with others and utilize social features);
Fulfilling and managing your orders, payments, returns, and exchanges made through the Services (including transmission of personal data to other users where necessary to perform the transaction e.g., by sharing your address with a seller for shipping label generation, or your return address as a seller so a buyer may return an item);
Processing of general location data (such as IP address or postal code) in order to provide you with location-based services (such as radius search and other content that is personalized on the basis of your general location data);
When you stream on our Services, we use such recordings for transaction verification and fraud prevention purposes. For the same purpose such recordings can be accessed by users of our Services who purchased an item from you in your stream. Other users who only watched your stream do not have access to the recordings.
Administering prize draws and competitions when you elect to participate in competitions;
Answering requests for customer or technical support;
Enabling our payment processor to process your financial information and other payment methods for products or Services purchased;
Administrative Purposes
We use your personal information for various administrative purposes related to the provision of the Services, such as:
Communicating with you about your account, activities on our Services, and policy changes;
Managing your information and Whatnot account;
Responding to your inquiries and processing and responding to support requests;
Allowing you to register for events;
Providing you with updates and support regarding any purchase you make through the Services;
Responding to and processing your queries, claims or disputes (including when you tell us about a problem, or ask for a copy of your information).
**Security, Trust, and Safety **
We process your personal information to keep the Services secure, to detect and prevent fraud and to ensure the safety and well-being of our users, such as:
Verifying your identity in order to use certain features, such as to become a seller or verified buyer, to ensure that you are old enough to use the Services (as required by law), or in other instances where verification is required;
Maintaining the safety and security of the Services, including verifying accounts and activity, investigating suspicious activity, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
Reviewing or otherwise processing your User Content (including, if permitted by applicable law, direct messages and chat communications and associated metadata) to; assist in responding to Support requests; or to determine, analyze or scan for violations of our terms, conditions, policies and Community Guidelines, fraud and abuse prevention ;
Identifying and combatting technical or security issues (such as technical bugs, spam accounts, and detecting abuse, fraud and illegal activity);
Ensuring internal quality control and safety.
**Legal obligations and Compliance **
We process your personal information to enforce our agreements and rights and for legal compliance purposes, such as
Complying with our legal obligations, including co-operating with public and government authorities, courts and regulators in accordance with our legal obligations under applicable laws;
Enforcing our terms, guidelines and policies;
Auditing relating to interactions, transactions and other compliance activities;
Taking appropriate action with reports of intellectual property infringement and inappropriate content.
**Processing Job Applications **
We process your personal information if you apply for a job with Whatnot, to evaluate your application and make hiring decisions, communicate with you and inform you of current and future career opportunities (unless you tell us that you do not want us to keep your details for such purposes), manage and improve our recruiting and hiring processes, or to conduct reference and background checks where required or permitted by applicable local law.
Service Improvements
We process your personal information to review, test, improve and develop the Services, including:
Measuring interest and engagement in our Services and other research and development activities (such as market research and surveys);
Debugging to identify and repair errors with our Services.
**Marketing and Advertising **
We may use personal information to tailor and provide you with marketing content and advertisements as permitted by applicable law and in accordance with your marketing preferences.
We may send you direct marketing messages about features of the Services that we think will interest you. We may also send you promotions, contents or marketing campaigns of event information.
Some of the ways we market to you include email campaigns, custom audiences advertising, and "interest-based" or "personalized advertising," including through cross-device tracking, as further explained in the "Cookies and Other Technologies" [LINK]section. We may also use your information to design marketing campaigns for people with similar interests to yours.
If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth in "Contact Us" below.
Other Purposes
We also use your personal information for other purposes as requested by you or as permitted by applicable law.
Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or where required, with your consent.
Automated Decision Making. We may engage in automated decision making, including profiling, for anti-fraud purposes. We will not make automated decisions about you that significantly affect you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. You will find information on your right to object to this processing of your data below under the _"Your Privacy Choices and Rights" _section below. If you have questions about our automated decision making, you may contact us as set forth in "Contact Us" below.
Customizations. We may use your personal information to improve and personalize your user experience on the Services, such as by providing content recommendations in your feed such as sellers, items, or products that you may find interesting based on the actions you take on the Services.
De-identified and Aggregated Information. We may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified purchase information, information about the device from which you access our Services, or other analyses we create. This information does not identify you or other users.
Share Content with Friends. Our Services may offer various tools and functionalities. For example, we may allow you to provide personal information about your friends, or your friends to provide personal information about you, through our referral services. Our referral services may allow you to forward or share certain content with a friend, such as an email inviting your friend to use our Services. Please only share with us contact information of people with whom you have a relationship (e.g., relative, friend, neighbor, or co-worker).
Account suggestions. To support social functions of the Services, including to permit you and others to connect with each other (for example, through our Find Friends function), to suggest accounts to you and others, including when a user chooses to sync their contacts with the Services and for you and others to share, download and otherwise interact with User Content posted through the Services;
Find a Friend. When you create an account on the Whatnot mobile application on your mobile device, Whatnot will ask your permission to access your phone contacts to determine if you are already connected to existing Whatnot users, so that you can follow such contacts and invite contacts who are not users to join the Services. We may also receive your contact information when another user shares your contact information with us, so that that user may follow you on Whatnot or invite you to join the Services. You are solely responsible for obtaining consent from your contacts. You can always change whether to allow Whatnot to access your contacts through the privacy settings on your mobile device.
HOW WE DISCLOSE YOUR PERSONAL INFORMATION
We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
Disclosures to Provide our Services
The categories of third parties with whom we may share your personal information are described below.
Service Providers. We may share your personal information with our third-party service providers who use that information to help us provide, support and protect our Services. This includes service providers that provide us with IT support, cloud hosting, payment processing, content delivery, marketing, analytics, customer service, and related services.
We share Information You Provide, Automatically Collected Information and Information From Other Sources with these service providers as necessary to enable them to provide their services.
We do not share text messaging originator opt-in or consent data with third parties.
Business Partners. We may share your personal information with business partners, such as celebrities, brands, and influencers, to provide you with a product or service you have requested. We may also share your personal information to business partners with whom we jointly offer products or services.
This may include Information You Provide and Information From Other Sources.
Payment and Transaction Fulfilment Providers. When you make a purchase through the Services, we share your payment and purchase data related to the transaction with the payment and transaction fulfillment providers and other service providers. For example, we will share the order items, contact details and delivery information so your order can be processed.
Affiliates. We may share any or all of the personal information we collect with our company affiliates as necessary for our business operations purposes, including activities such as IT management, for them to provide services to you or support and supplement the Services we provide. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us. See our "International Data Transfers" for additional information.
Other Users/Website Visitors. As described above in "Personal Information We Collect," our Services allow you to share your Account Data and/or User Content with other users/publicly, including to those who do not use our Services. Please consult the "settings" in the Whatnot app for further information about the choices available to you. When onboarding as a new seller, we may automatically add you to a group chat with Whatnot and other new sellers so you can share your experiences and receive shoutouts from Whatnot for your first livestreams and accomplishments. These other sellers will be able to view information about you in the group chat such as your messages, any shoutouts we send about your activity, and information associated with your profile, including your username and profile picture. You can leave this chat at any time.
Advertising Partners. Our advertising, marketing, and analytics vendors described above in "Analytics" may receive your personal information, including Information You Provide, Information From Other Sources and Automatically Collected Information (but not your payment information). These third-party analytics and advertising partners may set Technologies and other tracking tools on our Services to automatically collect Usage Data and Device Data, such as information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as "Interest-based advertising" or "personalized advertising", as further described in the "Cookies and Other Technologies" section.
APIs/SDKs. We may use third-party Application Program Interfaces ("APIs") and Software Development Kits ("SDKs") as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in "Contact Us" below.
We may also share aggregated or deidentified Usage Data with third parties to help us perform analysis and make improvements. Additionally, we may share anonymous Usage Data on an aggregate basis in the normal course of operating our business. For example, we may share information publicly to show trends in the use of our Services.
Disclosures to Protect Us or Others
We may access, preserve, and disclose any of the personal information we collect to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others' rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfers
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, all of the personal information we collect may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
YOUR PRIVACY CHOICES AND RIGHTS
You have rights and choices when it comes to your information. Some of these rights apply generally, while others apply in certain circumstances and depending on appliable law. Depending on the scenario, these rights may be subject to some limitations. Whatnot will respond to your request within the relevant time periods provided by law.
Your Privacy Choices.
Email and Telephone Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications unless you close your account (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy). We process requests to be placed on do-not-mail, do-not-phone, and do-not-contact lists as required by applicable law.
Text Messages. You may opt out of receiving text messages from us by texting “STOP,” updating your preferences in your account, or by otherwise contacting us as described in "Contact Us" below.
Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device.
" Do Not Track. " Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada. Please note you must separately opt out in each browser and on each device.
Your Privacy Rights.
Access Personal Information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information;
Request Correction of or a change to your personal information where it is inaccurate, incomplete or outdated. In some cases, we may provide self-service tools that enable you to update your personal information. For example, you can change much of your information through in-app controls and settings (such as your Account Data);
Request Deletion, Anonymization or Blocking of your personal information, for example, when processing is based on your consent or when processing is unnecessary, excessive or noncompliant;
Request Restriction of or Object to our processing of your personal information, for example, when our processing is non-compliant;
Request to withdraw your Consent to our processing of your personal information. Please contact us at any time, as set forth in "Contact Us" below. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. If you refrain from providing personal information or withdraw your consent to processing, some features of our Service may not be available. If we are not able to fulfill your request, we will explain the reason;
Request data portability and receive an electronic copy of personal information that you have provided to us where we rely on consent or contractual necessity as our legal basis. This means you have the right to receive your information in a structured, commonly used and machine-readable format and to share it with a third party;
Be informed about third parties with which your personal information has been shared; and
Request the review of decisions taken exclusively based on automated processing if that could affect data subject rights.
Request to Opt-Out of or Object to Certain Processing Activities including, as applicable, if we process your personal information in reliance on legitimate interests or for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws) if we “sell” your personal information (as “sell” is defined by applicable privacy laws), or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects” concerning you (as such terms are defined by applicable privacy laws).
**Appeal our Decision **to decline to process your request.
How to exercise your rights. If you would like to exercise any of these rights, please contact us as set forth in "Contact Us" below. We will review and process such requests in accordance with and to the extent required under applicable laws.
You may be entitled, in accordance with applicable law, to submit a request through an authorized agent. To designate an authorized agent to exercise choices on your behalf, please provide evidence that you have given such agent power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
We will respond to your request consistent with applicable law and subject to proper verification. We will verify your request by asking you to send it from the email address associated with your account or to provide information necessary to verify your account.
We encourage you to "Contact Us if you are not satisfied with how we have responded to any of your rights requests. You also have the right to complaint to a supervisory authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in EEA and UK are available here.
SECURITY OF YOUR PERSONAL INFORMATION
We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. We maintain internal policies and procedures that govern how we collect, use, disclose, store, protect and destroy personal information. While we use these precautions to safeguard your information, no system is 100% secure, and we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system's breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.
INTERNATIONAL DATA TRANSFERS
All the information processed by us may be transferred, processed, and stored anywhere in the world, both internally and across our offices and data centers and externally with the third parties described in this Privacy Policy.
This means your information will be transferred or transmitted to, or stored and processed in the United States or other countries which may not be the country where you live and which may have data protection laws that are different from the laws where you live, with some providing more protection than others.
Regardless of where your information is processed, we apply the same protections described in this Privacy Policy.
If we transfer personal information to countries outside the European Economic Area, UK, Switzerland,
or Canada we will put in place appropriate mechanisms to ensure that this transfer complies with the
applicable laws and regulations. For example, for information we collect:
- We utilize standard contractual clauses approved by the European Commission and by other relevant authorities.
- We rely on determinations from the European Commission, and from other relevant authorities, about whether other countries have adequate levels of protection.
- As described in the DPF notice below, Whatnot participates in the EU-US Data Privacy Framework, the UK the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework.
For more information, please contact us as set forth below.
EU – U.S. Data Privacy Framework, UK Extension to the Data Privacy Framework and Swiss – U.S. Data Privacy Framework
Whatnot Inc. participates in and has certified its compliance with the EU-U.S. Data Privacy Framework (“US DPF”), the UK Extension to the EU-U.S. DPF (the “UK DPF”) and the Swiss–U.S. DPF (the “Swiss DPF,”) (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. We are committed to subjecting all personal information received from European Economic Area ("EEA"), the United Kingdom and Switzerland in reliance on the DPF to the DPF Principles. We will not rely on Swiss DPF until it enters into force_. _To learn more about the DPF Principles, and to view our certification, please visit the DPF website by clicking here.
Types of personal information we collect and use: The personal information we collect from you and the purposes for which we collect it are described in the section “Personal Information We Collect” above. To see how Whatnot Inc. uses such personal information, please refer to “How We Use Your Personal Information” above.
Transfers to third parties: Information about the types of third parties to which we disclose personal information and the purposes for which we do so are described in the “How We Disclose Your Personal Information” section above. If we have received your personal information in the United States and subsequently transfer that information to a third party acting as an agent, and such third-party agent processing your personal information in a manner inconsistent with the DPF Principles, we will remain liable unless we prove we are not responsible for the event giving rise to the damage.
Enforcement: Whatnot Inc. may be required to disclose personal information that we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Whatnot Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission ("FTC").
**Your choices. **We will give you the opportunity to opt-out where personal information we control about you is to be disclosed to an independent third party or is to be used for a purpose that is materially different from those set out in this Privacy Policy. If you otherwise wish to limit the use or disclosure of your personal information, please contact us via the contact details below.** **
Questions and disputes: If you have any inquiries or complaints about our handling of your personal information under the DPF, or about our privacy practices generally, please email us at: [email protected].
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Whatnot Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities ("DPAs") and the UK Information Commissioner’s Office ("ICO") and the Swiss Federal Data Protection and Information Commissioner ("FDPIC") with regard to unresolved complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
If your complaint is still unresolved, in certain circumstances, the DPF provides the right to invoke binding arbitration not resolved by other means, including by pursuing binding arbitration through the Data Privacy Framework Panel. To learn more about the Data Privacy Framework Panel, visit here.
RETENTION OF PERSONAL INFORMATION
We keep your personal information where we have an ongoing legitimate business need to do so (for example, to provide you with our Services or to comply with applicable legal, tax or accounting requirements). In certain circumstances, we will need to keep your information for legal reasons after your account has been deleted. Factors determining the appropriate retention period for personal information include the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process the personal information, whether we can achieve those purposes through other means, and the applicable legal requirements.
When we have no ongoing legitimate business purpose or legal reason to process your personal information, we will either delete or anonymize it (so that it is no longer personally identifiable with you) or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (as amended, "CCPA"). The CCPA provides California residents with the right to know what categories of personal information Whatnot has collected about them and whether Whatnot disclosed that personal information for a business purpose (e.g., to a service provider), whether Whatnot “sold” that personal information, and whether Whatnot “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. California residents can find this information below:
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in "Personal Information We Collect" and "How We Use Your Personal Information" and “How We Disclose Your Personal Information” above, respectively. We will retain personal information in accordance with the time periods set forth in “Retention of Personal Information.”
We “share” your personal information when we provide you with “cross-context behavioral advertising” about Whatnot’s products and services. We do not “sell” your personal information.
Additional Privacy Rights for California Residents
Opting Out of “Sales” of Personal Information and/or “Sharing” for Cross-Context Behavioral Advertising under the CCPA. California residents have the right to opt out of the “sale” of personal information and the “sharing” of personal information for “cross-context behavioral advertising.” California residents may exercise the right to opt out of “selling” or “sharing” by clicking on the “Do Not Sell or Share My Personal Information” link on our Services.
Disclosure Regarding Individuals Under the Age of 16. Whatnot does not have actual knowledge of any “sale” of personal information of minors under 16 years of age. Whatnot does not have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising.”
Disclosure Regarding Sensitive Personal Information.** **Whatnot only uses and discloses sensitive personal information for the following purposes:
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at Whatnot and to prosecute those responsible for those actions.
- To verify user identity in limited circumstances (e.g., government ID verification).
- For purposes that do not infer characteristics about individuals.
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in "Contact Us" below.
Verification. To protect your privacy, we will take steps the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Services.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in "Contact Us" below. We will process such requests in accordance with applicable laws.
De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.
Refer-a-Friend and Similar Financial Incentive Programs. As described above in How We Use Your Personal Information ("Share Content with Friends"), we may offer referral programs or other incentivized data collection programs. For example, we may offer incentives to you such as discounts or promotional items or credit in connection with these programs, wherein you provide your personal information in exchange for a reward or provide personal information regarding your friends (such as their email address) and receive rewards when they sign up to use our Services. (The referred party may also receive rewards for signing up via your referral.) These programs are entirely voluntary and allow us to grow our business and provide additional benefits to you. The value of your data to us depends on how you ultimately use our Services, whereas the value of the referred party's data to us depends on whether the referred party ultimately becomes a user and uses our Services. Said value will be reflected in the incentive offered in connection with each program.
Accessibility. This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium's Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.
California Shine the Light. The California "Shine the Light" law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties.
Right for minors to remove posted content. Where required by law, California residents under the age of 18 may request to have their posted content or information removed from the publicly-viewable portions of the Services by contacting us directly as set forth in Contact Us below or logging into their account and removing the content or information using our self-service tools.
SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. To request that we do not sell your information in the future, you may contact us at [email protected] with the subject line "Nevada Do Not Sell Request" and providing us with your name and the email address associated with your account. If you have any questions, please contact us as set forth in Contact Us below.
**SUPPLEMENTAL NOTICE FOR EUROPEAN RESIDENTS **
The information provided in this notice applies only to individuals in the United Kingdom (“UK”), the European Economic Area (“EEA”) and Switzerland (we collectively refer this group of countries as “Europe”).
The personal information that we collect from you is identified and described in greater detail in the section of the Privacy Policy entitled “Personal Information We Collect” above.
Legal bases for processing. European data protection law requires that we have a "legal basis" for each purpose for which we process your personal information. Depending on the purpose for collecting your information, we may rely on one of the following legal bases:
- The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
- The processing is necessary to pursue our legitimate interests or those of a third party and we are confident that your privacy rights will be appropriately protected (“Legitimate Interests”).
- We have your specific consent to carry out the processing for the purpose in question (“Consent”). Generally, we do not rely on Consent as a legal basis for using your personal information other than in the context of direct marketing communications where required by applicable law.
The table below identifies the legal bases we rely on in respect of the relevant purposes for which we use your personal information. For more information on these purposes and the categories of personal information involved, see the section in this Privacy Policy entitled How We Use Your Personal Information.
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
CHILDREN'S INFORMATION
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. As stated in our Terms of Service, you must be at least 18 years old in order to create an Account or use the App.
If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, you may contact us as described in "Contact Us" below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child's account.
OTHER PROVISIONS
Third-Party Websites/Applications. The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
Changes to our Privacy Policy. We may revise this Privacy Policy from time to time in our sole discretion. When we update the Privacy Policy, we will notify you by updating the "Last updated" date at the top of the new Privacy Policy, posting the new Privacy Policy, or providing any other notice required by applicable law. We recommend that you review the Privacy Policy each time you access or use the Services to stay informed of our privacy practices.
CONTACT US
We have designated employees who are accountable for our privacy practices. If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please email us at [email protected] or contact us at:
F.A.O Legal
Whatnot, Inc.
578 Washington Boulevard #1019
Marina Del Rey, CA 90292
United States
**For users in the European Economic Area, Switzerland, or the UK, you can contact us at the following postal address: **
F.A.O Legal
Whatnot Europe LTD
First Floor, Penrose 2, Penrose
Dock, Cork, T23 YY09, Ireland
If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please email us at [email protected] or contact our Data Protection Officer at [email protected]