Privacy Policy

Effective Date: February 20, 2024

Grocelio and its Affiliates (“Company”, “we”, “our” or “us”) value our customers, including you (“you” or “your”) and we respect your privacy and personal information which is information about an identifiable individual that identifies, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, (as defined by applicable privacy, personal information or data protection laws). This privacy policy (this “Policy”) applies to your use of our websites, mobile applications, software, and/or services (“Products”) and describes the kinds of personal information we collect about you, how we use it, how we protect it, and under what circumstances we share it with third parties. This Policy also describes the decisions you can make about your personal information. By using or accessing the Products, you agree to this Policy. You may require us to change or delete the personal information that you have provided to us at any time by submitting a request through Your Preferences or by submitting a support ticket. “Affiliates” means any entity directly or indirectly controlling or controlled by, or under control with, Grocelio. If this Policy changes in the future, we will post an updated version on our website at https://grocel.io (the “Website”). We recommend that you check this Website periodically in order to review our current Policy. You can tell if this Policy has changed by checking the effective date that appears at the top of this Policy. Depending on the circumstances, we may also decide to send you a notice in other ways at our discretion, such as via email or other contact information you have provided, that the Policy was changed. If you continue to use our Products after the Policy changed, you will be deemed to have accepted such changes.

If you are a resident of Quebec, the state of California or other U.S. states, such as Virginia, Colorado and Connecticut, you have additional consumer privacy rights. A separate notice will be provided to you in this privacy policy in the sections indicated below.

Personal Information We Collect

When you use our Products, we collect the following types of information:

(a) Account information: When you use our Products you may need to create an account with us. You can create an account with us through your Facebook account, Google account, Apple account, or email account. The range of personal data we collect on you is outlined below, and listed according to the type of service you choose:

  • Facebook account: In order to create an account through your Facebook account, you will need to provide us with your email address, your name and your profile picture.
  • Google account: In order to create an account through your Google account, you will need to provide us with your email address, your name and your profile picture.
  • Apple account: In order to create an account through your Apple account, you will need to provide us with your email address and your name.
  • Email account: In order to create an account through your email account, you will need to provide us with your email address, name and password.

(b) General usage data: When you use our Products we may collect technical properties of hardware and software utilized in conjunction with our Products. We do so in order to provide you with the most optimal technical experience. For example, we may collect the type and model of hardware, the height and width of the screen on your mobile phone, the type and version of operating system and web browser you are using, the version of the Grocelio mobile app you are using, the GPS information and IP address of your hardware (described in more detail below under the heading “Location Information”), your wireless service provider, the URL being requested, internet connection speed, and the date and time associated with this information. When you use our Products we may also collect information about your use of the Products. For example, we may collect the city, region, and country, the time of day and frequency of your access to the Products, your movement within the Products including the sections you look at, how often you open the Products, the items you browse within the Products, the items (and quantities of each) you add to your account while using the Products, the items you remove from your account while using the Products, the type of items you tap on while using the Products, and the items you purchased. We use your purchase history to provide you the reports about your purchases. We also collect crash data information for quality control purposes when you are using the Products.

(c) Third party information: If necessary to fulfill our identified purposes, we may combine the information you submit to us with information obtained from other sources or third-party offerings. For example, we may receive personal information about you from third parties involved in providing you with the products, services, and websites you are using, such as from social media websites to facilitate the integration of those products, services, and websites with our Products. We treat all such personal information in accordance with this Policy and the terms and conditions between us and such third parties, if any, may also apply. However, the third party's own use of your personal information in such cases will be determined by your agreement(s) with the third party, unless that third party is one of our service providers. We also use the online payment processor Stripe to process payments on the website and in the future, on the app. Our payment processors collect the data and personal information you submit when making a purchase on the Grocelio website or mobile app. The payment processors may be companies located in the United States or elsewhere and therefore your personal information and data may be transferred and stored on computers, systems, networks and other infrastructure located in the United States or elsewhere. By submitting your personal information to our payment processors, you consent to such collection and storage. Please review the privacy policy of the applicable payment processor for more information about how the payment processor collects, uses, discloses, and retains personal information. Notwithstanding any other parts of this Policy, the Company shall not be responsible or liable, directly or indirectly, for any damage or loss suffered by you which is caused or alleged to be caused by or in connection with the payment processor’s privacy policy, content on its websites generally, the collection, use, or disclosure of personal information by the payment processor, or the processing of payments.

(d) Cookies: In addition, when you visit our Website, we collect certain information about your activity on our Website, as described below under the heading “Our Use of Cookies, Log Files, Web Beacons, and Embedded Scripts”.

Some of the information we collect would not by itself identify you to us or be personally identifiable and is therefore considered non-personal information. If we combine any such non-personal information with other personal information available to us, the combined information will be treated as personal information in accordance with this Policy.

How we use your information

We use the personal information we collect about you:

(a) to understand and meet your needs and preferences, and/or to provide you with our Products, for example:

  • for purposes related to the billing, activation, provision, maintenance, support, troubleshooting, resolving of disputes, deactivation, upgrade, or update of Products;
  • to ensure Products are technically functioning as intended and to help identify and troubleshoot issues;
  • to fulfill or enforce any agreements or notices we provide and are associated with a particular Product (“Notices”);
  • to manage or respond to your inquiries;

(b) to develop new and enhance existing Products including to communicate with you about them using various means, for example to make available or send to you updates, or notices of updates of Products;

(c) to manage and develop our business and operations, for example;

  • to detect, monitor, investigate, mitigate or attempt to prevent fraud and technical or security issues or to protect our property;
  • to allow for business continuity and disaster recovery operations;
  • to enforce our legal rights;
  • for statistical purposes;

(d) to meet legal and regulatory requirements and to respond to emergency situations, for example:

  • to respond to court orders, warrants or other lawful requests or legal processes;
  • to provide emergency assistance in situations that may threaten the life or physical safety of you or others; or
  • for any other purposes for which you have consented, such as those that may be set out in Notices, and other purposes as permitted or required by any applicable law.

(e) to communicate with you about products and services, request feedback, share news, gifts or other information we think will be of interest to you;

(f) to personalize your online experience and the advertisements you see on other platforms based on your preferences, interests, and browsing behavior; and

(g) to facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards.

Notwithstanding anything to the contrary contained in this Policy, we may remove personal identifiers from your information and maintain and use it in a de-identified form that may be combined with other information to generate aggregated information. Such de-identified and/or aggregated information will be deemed to be owned by us and we shall have unrestricted title, rights, and interest to the de-identified and/or aggregated information which may include, without limitation, the right to use, distribute, transmit, transfer, license, trade, rent, share, assign, and sell the de-identified and/or aggregated information.

We will retain your personal information as long as necessary for the fulfillment of the identified purposes or as otherwise necessary to comply with applicable laws. You may update your communication preferences anytime by submitting a request through Your Preferences or submitting a support ticket.

What we share

In accordance with this Policy, we may share your personal information:

  • within Company and/or with our service providers such as a cloud service provider in Canada, and the United States for data storage;
  • with our financial, insurance, legal, accounting or other advisors that provide professional services to us;
  • if we have your consent;
  • with third parties involved in providing our Products to you which may include merchants of record, or payment processors;
  • as necessary to complete any transactions while using our Products;
  • respond to a subpoena, order, legal process, or government request;
  • protect, establish or exercise our legal rights or defend against legal claims;
  • investigate, detect, suppress, prevent or take action regarding illegal or prohibited activities, suspected fraud, situations involving potential threats to the reputation or physical safety of any person;
  • as otherwise required by law; or
  • if we are to be sold, merged, or amalgamated or substantially all of our assets are to be sold or disposed of, your personal information may be transferred to a potential purchaser if, and to the extent necessary, it is required for the purposes of deciding whether to proceed with the proposed transaction and completing it. If such a sale, merger, acquisition, or disposal is completed, we will use reasonable efforts to direct the transferee to use personal information you have provided to us in a manner that is consistent with this Policy. Following such a sale or transfer, you may contact the entity to which we transferred your personal information with any inquiries concerning the processing of that information.

If we disclose or release your personal information with a third party for any purpose other than the purpose for which we collected your personal data, we will first ask for your express consent.

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. You can request this information by submitting a request through Your Preferences or submitting a support ticket.

It should be noted that disclosing your personal information in accordance with a search warrant, court order, or similarly binding legal document does not fall within the definition of a sale of personal information.

Decisions about your personal information

At any time, you can contact us to:

  • Stop receiving emails from us;
  • Request access to, review and correct the personal information held by us in connection with your account (see the sections on “Access to Information” below);
  • Withdraw your consent for our use and disclosure of your information;
  • Request a list of third parties to which we may have provided your personal information;
  • Inquire about the collection, use, disclosure, and storage of your personal information;
  • Close your account; and
  • Amend your personal information.

You may do so by submitting a request through Your Preferences or submitting a support ticket. You can always unsubscribe from receiving promotional emails from us by simply clicking the “unsubscribe” link provided at the bottom of every promotional email from us.

If you contact us to do any of the things listed above, we may require you to provide sufficient personal information to allow us to identify you and tell you about the existence, use and disclosure of your personal information and this personal information will only be used for this purpose. If you contact us about your personal information, we will respond to your request within 10 days and provide the requested information within 30 days and at minimal or no cost to you in accordance with applicable laws.

Generally, you may withdraw at any time your consent for us to collect, use, and disclose your personal information in accordance with this Policy, subject to legal or contractual restrictions and reasonable notice. As such, we may continue to collect, use, and disclose your personal information as may be required to provide you with our Products, and to the extent that we are contractually obligated to do so or as necessary to enforce any contractual obligations you may have with us. If you refuse to provide us with the information we require or later contact us to withdraw your consent for us to use and disclose your personal information, we may no longer be able to provide you with our Products.

Data Retention & Destruction

Grocelio will only collect and retain your personal data for as long as required by law. Generally, we are permitted to retain your personal information for up to one (1) year after we have exhausted the use of your personal data before deleting it entirely. The retention period is to comply with privacy legislation that permits you to access a copy of the personal data we have collected from and processed about you. After the one-year term has expired, we will delete your personal data permanently. This one-year period does not apply to any other reasons permitted by law to retain personal information, including additional regulatory requirements that are binding on Grocelio. All personal data collected by Grocelio is hosted and stored in Canada and the United States.

Access to Information

As part of our efforts to uphold visibility and transparency with respect to our privacy program, we want to ensure that you can easily access your personal data. Additionally, for data quality purposes, we endeavor to maintain the ongoing accuracy of your personal information. If you would like a copy of the personal information collected by Grocelio, please submit a request through Your Preferences, or by submitting a support ticket. Once we have received your request, we will endeavor to respond to you within 30 business days. Please be aware that if your access request is inaccurate or vague, that the time to respond will not begin until we confirm the scope of your request.

Cookies, pixels and other tracking technologies

When you visit the Website, we collect certain information by automated means, such as through server log files, cookies (text files sent to and stored on your device when you access the Website), web beacons (also known as clear GIFs and pixel tags, which may be used to transmit information back to the Website), and embedded scripts (programming code that is designed to collect information about your interactions with the Website, such as the links you click on, and which is active only when you are accessing the Website).

The information we collect in this manner may include details about the computer, mobile phone, or other device used to access the Website (such as browser type, operating system, and IP address), referring URLs and information on actions taken or interaction with our digital assets. We may use third-party web analytics services such as Google Analytics to help us analyze how visitors use the Website. We may permit these third parties to operate directly on the Website, use their own technology (such as cookies or web beacons), and collect information about you on our behalf.

The information we collect in this manner is collected to enhance your user experience and to personalize your online experience and the advertisements you see on other platforms. For example, this information allows us to pre-fill form fields as well as provides you with contextual recommendations while using the Website.

When you visit our Website, we may allow some third parties (such as advertising networks and data analytics companies) to collect information about your online activities over time and across different websites. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. However, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” visit http://www.allaboutdnt.com. In some instances, we may also combine information we receive about you from third parties with information we collect through the Website.

Security

We aim to provide you with a safe experience. We have in place certain physical, technical, and administrative safeguards designed to appropriately protect the security and privacy of your personal information against loss, theft, and unauthorized access, disclosure, copying, use, or modification. Please note, however, that we cannot guarantee that the measures we maintain will guarantee the security of the information.

The file containing your personal information will be kept on our servers or those of our service providers and employees who require it for the purposes of their duties will have access to this file. We limit access to your personal information within the Company to individuals with a need to know.

Your personal information may be collected, used, processed, transferred, and retained in multiple countries including Canada and the United States which may be outside the region in which you are situated and may have different privacy or data protection legislation, and may therefore be subject to the laws of these countries. If you are a resident of the European Economic Area or a country which restricts data transfers outside of that jurisdiction or region without your consent, by using our Products, you consent to your personal information being transferred outside of the European Economic Area or your country for processing or storage by or on behalf of us.

Links to Other Sites

We provide links on our Website to third party sites we think you will enjoy. These sites operate independently of us and may have established their own privacy and security policies. Any personal information you provide on linked pages or other sites is subject to that third party’s privacy policy. We strongly encourage you to review these policies at any site you visit. This Policy does not apply to such linked pages or other sites, and we are not responsible for the content or practices of any linked websites which are provided solely for your convenience.

Children’s Online Privacy Protection

The Website and Products are not intended for use by children under 18 years of age. We do not knowingly collect or use any personal information from any children under 13 years of age. If we become aware that we have unknowingly collected personal information from a child under the age of 13, we will make commercially reasonable efforts to delete such personal information from our database.

Privacy by Design

At Grocelio, we embed privacy by design into our systems and processes, to ensure that our customers’ privacy is protected by integrating these measures into our environment. Therefore, we ensure that our systems align the principles of Privacy by Design, and strive to align our procedures with SOC 2 Type 2 Privacy Principle and ISO 27701.

We strive to ensure that our systems and procedures align with the seven principles of Privacy by Design:

Proactive, not reactive

We endeavor to proactively implement privacy elements into our processes and product design, rather than fitting those elements retroactively. We also have a privacy program that governs how we implement privacy.

Privacy default settings

All settings are set to the highest level of privacy protection, and access to any personal information within Grocelio will be on a pure “need-to-know” basis.

Privacy embedded into design

Our systems are designed so that personal information is hidden, and only disclosed to internal staff via permissions access that are tied into their duties.

Full functionality

We ensure that privacy enhances our business processes, and does not hinder your ability to access our services.

End-to-end security

Personal data is fully encrypted during its life cycle with Grocelio, and we continuously monitor our environment to ensure that we detect and eradicate any attempts at compromising your personal data.

Respect for user privacy

We ensure that the respect of your personal information is embedded into our services. Additionally, wherever possible, we de-identify and aggregate personal data if it is not required to be used in an identifiable format.

Visibility and transparency

You may contact us at any time if you have any questions or concerns about how your personal data is processed.

Quebec’s Law 25 – Individual Rights

Access to Information & Data Portability

Under Law 25, you have the right to request a copy of your personal data processed by Grocelio. If you would like a copy of the personal information collected by Grocelio, please submit a request through Your Preferences, or by submitting a support ticket. Once we have received your request, we will endeavor to respond to you within 30 business days. Please be aware that if your access request is inaccurate or vague, that the time to respond will not begin until we confirm the scope of your request. Any information we disclose to you in response to your access request will be in a structured, commonly used technological format so you can easily view the information.

Right of De-Indexation

As a Quebecois resident, you have the right under s. 28.1 of Law 25 to “de-index”, or to direct Grocelio to stop the processing of any of your personal data. You can exercise your right of de-indexation by submitting a request through Your Preferences, or by submitting a support ticket outlining the personal information you wish to be deleted.

Please note that we reserve the right under s. 28.1 to retain your personal information if it is absolutely necessary to provide our services to you. Additionally, if you exercise your right to de-index but the personal data is absolutely required, you may not be able to fully access all of the features and services that Grocelio offers. Once received, we will review your request and respond to you in writing.

Data Retention & Destruction

Grocelio will only collect and retain your personal data for as long as required by law. Generally, we are permitted to retain your personal information for up to one (1) year after we have exhausted the use of your personal data before deleting it entirely. The retention period is to comply with privacy legislation that permits you to access a copy of the personal data we have collected from and processed about you. After the one-year term has expired, we will delete your personal data permanently as well as any outstanding credits. This one-year period does not apply to any other reasons permitted by law to retain personal information. All personal data collected by Grocelio is hosted and stored in Canada and the United States.

This Privacy Policy does not apply to workforce-related personal information collected from Quebec-based employees, job applicants, contractors, or similar individuals.

California Privacy Notice

This privacy policy is intended to align with the California Consumer Protection Act (CCPA) and the California Privacy Right Act (CPRA). The California Privacy Notice is a supplement to the Grocelio Privacy Policy.

This Privacy Policy does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.

Your Rights Under California Privacy

As a California resident, you have the following rights under the CCPA and the CPRA:

  1. Right to access your personal information or data;
  2. Right to delete your personal data;
  3. Right to know the disclosure of your personal data to third parties with whom we do business;
  4. Right to non-discrimination if you exercise your rights; and
  5. Right to request that your information not be disclosed to third parties (“Do Not Sell”).

For the full and official guidance of your rights, please consult the Attorney General of California https://oag.ca.gov/privacy/ccpa.

When you submit a request to us, we must verify your identity to prevent fraud. Please note that if any of the personal information we collected from you has been anonymized or de-identified so it is no longer identifiable, we will advise you of the same and it may no longer be part of the personal data we provide to you in your request. You may request a copy of your data by submitting a request through Your Preferences, or by submitting a support ticket.

Categories of Information Collected

We may collect or receive (and may have collected or received during the 12-month period) the categories of personal information listed below. Not all categories will be collected or received for every individual.

Identifiers: Personal identifiers, such as name, email address, phone number, image and loyalty card numbers

Business Purpose:

  • For the purposes related to the billing, activation, provision, maintenance, support, troubleshooting, resolving of disputes, deactivation, upgrade, or update of Products
  • To send you Products or goods you order
  • To detect, monitor, investigate, mitigate or attempt to prevent fraud
  • To meet legal and regulatory requirements and to respond to emergency situations
  • To facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards
  • To personalize your online experience and the advertisements you see on other platforms
  • To fulfill or enforce any agreements or notices we provide and are associated with a particular Product (“Notices”); to manage or respond to your inquiries
  • To communicate with you about products and services, request feedback, share news, gifts or other information we think will be of interest to you
  • To connect your purchases with the loyalty or rewards program with your third party grocery retailer in order for the retailer to provide you with rewards or associated benefits to which you are entitled

Device Information and Online Activity: Device and online identifiers, mobile and web network activity and related information, such as IP address, cookie IDs, browser version, version of operating system, carrier and/or manufacturer, browser activity, and other information associated with your browsing history), and social media information

Business Purpose:

  • To ensure Products are technically functioning as intended and to help identify and troubleshoot issues
  • To detect, monitor, investigate, mitigate or attempt to prevent fraud
  • To personalize your online experience and the advertisements you see on other platforms

Purchase Information: Purchase and transaction history information, such as products you have purchased, health-related information and product testimonials

Business Purpose:

  • To personalize your online experience and the advertisements you see on other platforms
  • To detect, monitor, investigate, mitigate or attempt to prevent fraud
  • To meet legal and regulatory requirements and to respond to emergency situations
  • To provide you loyalty benefits and rewards to which you are entitled with third party grocery retailers

Communications: Communication details such as the content of emails, text messages or other communications

Business Purpose:

  • To ensure Products are technically functioning as intended and to help identify and troubleshoot issues
  • To develop new and enhance existing Products
  • To communicate with you about products and services, request feedback, share news, gifts or other information we think will be of interest to you

Demographic Information: Demographic information, such as age, gender and, date of birth

Business Purpose:

  • To personalize your online experience and the advertisements you see on other platforms
  • For statistical purposes

Payment Information: Financial information, such as credit or EBT card numbers

Business Purpose:

  • To process and fulfill your order and allow you to pay for Products

Geolocation: Location information, such as address, country, state city and geolocation information

Business Purpose:

  • To locate you and provide you with the best Products which are available in your immediate vicinity, according to the geographic parameters you set
  • To personalize your online experience and the advertisements you see on other platforms
  • For statistical purposes

Inferences: Individual preferences and characteristics, such as inferences related to shopping patterns and behaviors

Business Purpose:

  • To develop new and enhance existing Products
  • To personalize your online experience and the advertisements you see on other platforms
  • For statistical purposes

Sensitive Personal Information: account log-in and financial information (such as payment card details), precise geolocation and health-related information

Business Purpose:

  • To locate you and provide you with the best Products which are available in your immediate vicinity, according to the geographic parameters you set
  • To personalize your online experience and the advertisements you see on other platforms
  • To provide you with additional Products based on any dietary restrictions you may wish to disclose to us. Disclosure of health-related information is entirely voluntary.

Categories of Sources from Which We Collect Your Personal Information

We may obtain and combine personal information from different sources provided below:

  • Provided directly by you, such as account registration, responding to surveys and records of correspondence
  • Collected from a device associated with you
  • Collected from an external third-party source
  • Collected from other sources, when it is appropriate, to help us improve the quality or personalization of our services and to prevent or detect fraud

Purposes for Collecting Personal Information

We may use your personal information for the purposes described in the How we use your information section of the Privacy Policy and as provided in the Categories of Information Collected.

Notwithstanding anything to the contrary contained in this Policy, we may remove personal identifiers from your information and maintain and use it in a de-identified form that may be combined with other information to generate aggregated information. Such de-identified and/or aggregated information will be deemed to be owned by us and we shall have unrestricted title, rights, and interest to the de-identified and/or aggregated information which may include, without limitation, the right to use, distribute, transmit, transfer, license, trade, rent, share, assign, and sell the de-identified and/or aggregated information.

Right of Access

This permits you to request access to any personal information we have collected about you. If you make an access request, we will endeavour to provide you with the following:

  • Categories of personal information we have collected from and about you;
  • Categories of sources from where we have collected your personal information;
  • The business purpose(s) for which we have collected your personal information;
  • Categories of third parties to whom we have disclosed your personal information;
  • Confirmation of any third parties to whom we have disclosed or sold your personal information; and
  • Listing of categories of third parties to whom we have disclosed or sold your personal information, along with the business purpose for doing so.

If you make an access request, please note the following:

  • You may make an access request up to two (2) times within a rolling twelve (12) month period; and
  • The personal information we disclose to you may be limited to only the previous twelve (12) month period within which we collected your personal information.

Right of Deletion

You have the right to ask Grocelio to delete your personal information. This may include all of the personal data we have collected directly from you and from other sources. However, Grocelio may retain some or all of the personal information in order to comply with applicable laws or if it is absolutely required. Instances where we may be unable to delete your personal data include cooperating with criminal matters, conducting privacy breach or IT security incident response, or complying with legal obligations.

Please note that we periodically delete some information by de-identifying your personal data so that personal information is not attributed directly to you or makes you identifiable. Additionally, deleting your personal information may hamper your ability to interact with our online features and our website, such as limiting your personal information or closing your account.

Right to Disclosure of Personal Data to Third Parties

Grocelio discloses some personal information with certain third-party service providers. We are permitted to disclose some personal data in order to provide Products and services. We do not knowingly disclose the personal data of minors under 16 years of age.

We disclose (and may have disclosed during the 12-month period) the following types of personal data to the following categories of third parties as follows:

Personal Information Category

Identifiers

Third-party Categories: Social networks, adtech partners or vendors, 3rd party matching agents, service providers that receive data in order to provide services to us (e.g. technology providers, cloud storage providers, etc.), our business partners

Device Information and Online Activity

Third-party Categories: Service providers that receive data in order to provide services to us (e.g. technology providers, cloud storage providers, etc.), adtech partners or vendors, 3rd party matching agents

Purchase Information

Third-party Categories: Service providers that receive data in order to provide services to us (e.g. technology providers, cloud storage providers, etc.), adtech partners or vendors, 3rd party matching agents, our business partners

Communications

Third-party Categories: Service providers that receive data in order to provide services to us (e.g. technology providers, cloud storage providers, etc.)

Demographic Information

Third-party Categories: Service providers that receive data in order to provide services to us (e.g. technology providers, cloud storage providers, etc.)

Payment Information

Third-party Categories: Third-party payment processors

Geolocation

Third-party Categories: Service providers that receive data in order to provide services to us (e.g. technology providers, cloud storage providers, etc.)

Inferences

Third-party Categories: Service providers that receive data in order to provide services to us (e.g. technology providers, cloud storage providers, etc.), our business partners

Sensitive Personal Information Category

Precise Geolocation

Third-party Categories: Service providers that receive data in order to provide services to us (e.g. technology providers, cloud storage providers, etc.)

We will disclose any of the above information about you to those we are legally required to share with.

Right to Non-Discrimination

If you choose to exercise your privacy rights, Grocelio shall not discriminate against you, as per the CCPA and CPRA. Examples of discrimination may include providing you with a different level or quality of services, suggesting you receive a different level or quality of services, refusing to provide services to you, or maliciously misusing your personal information.

Do Not Sell

You have the right to direct us not to “sell” or disclose your personal information to third parties if it is not required by us to provide you with our services. The CCPA and CPRA define “sale” to include any disclosure of personal information. Please note that if the personal data you do not want disclosed is absolutely necessary to provide you with services, then withholding the data from disclosure may impede your ability to take full advantage of the app and the user experience.

If you would like to opt out of our use of your personal information for these purposes, you may do so by submitting a request through Your Preferences, or by submitting a support ticket.

Right of Data Portability

You may request a copy of the personal information we collect from you; we will provide you with a copy of the data in a common, machine-readable format.

How Long Do We Retain Your Information?

Grocelio will only collect and retain your personal data for as long as required by law. Generally, we are permitted to retain your personal information for up to one (1) year after we have exhausted the use of your personal data before deleting it entirely. The retention period is to comply with privacy legislation that permits you to access a copy of the personal data we have collected from and processed about you. After the one-year term has expired, we will delete your personal data permanently as well as any outstanding credits. This one-year period does not apply to any other reasons permitted by law to retain personal information.

Virginia/Colorado/Connecticut and Similar U.S. State Privacy Notice

This privacy policy is intended to align with the Virginia Consumer Data Protection Act (VCPDA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CDPA) and similar law in other U.S. states (“U.S. State Privacy Laws”). It is a supplement to the Grocelio Privacy Policy.

We use your personal data in such a way that is likely considered a “sale” (disclosure to a third party) under certain U.S. State Privacy Laws. Further, we process personal data for targeted advertising purposes. You have the right to opt out of both practices. Information on how to exercise your opt-out rights as well as other rights you have is below, subject to any restrictions as permitted by law.

If you are a resident within the jurisdictions of the U.S. State Privacy Laws, subject to certain conditions and restrictions and other applicable laws, you have the following rights with regard to your personal data:

  1. Right to access. You have the right to request access to and obtain a copy of any personal data that we may hold about you.
  2. Right to correct. You have the right to request that we correct any factual inaccuracies in your personal data.
  3. Right to delete. You have the right to request that we delete personal data that we have collected from or obtained about you.
  4. Right to opt out of the sale of personal data. You may request that we stop sharing data in a way that is considered a “sale”.
  5. Right to opt out of targeted advertising. You may request that we stop disclosures of your personal data for targeted advertising.
  6. Right to opt out of profiling. You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not profile in a manner that would result in legal or similarly significant effects and as such do not offer this right.
  7. Right to appeal. If you are unsatisfied with our actions related to exercising one of your privacy rights above, you may appeal our decision.
  8. Right to non-discrimination. If you choose to exercise any of the privacy rights described above, we will not deny our products or services to you, charge you different prices or provide a different level or quality of products or services to you unless those differences are related to the value of your personal data.
  9. Right of data portability. You may request a copy of the personal information we collect from you, which we will provide you with a copy of the data in a common, machine-readable format

You may exercise your privacy rights, by:

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the State Privacy Laws allow us up to 90 days to respond. We will contact you within 45 days from when you contacted us to inform you of the need for additional time and the reason for such extension (if applicable).

We will only use personal data provided in a request to verify the request. We will not further disclose the personal data and will retain it only as necessary for the purpose of verification and to meet our legal obligations. We cannot fulfill your request if we cannot verify your identity or authority to make the request and confirm the personal data that is subject of the request relates to you. We may contact you for additional information as reasonably necessary to authenticate your request, but if we are ultimately unable to authenticate your request using reasonable commercial efforts, then we may not be able to comply with it.

You will have the right to appeal within a reasonable period of time after you have received our decision. Within 60 days (45 days for residents of Colorado) of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general’s office to submit a complaint.

Questions or Comments

If you have any questions or comments or wish to make a complaint about this Policy, please feel free to contact us by submitting a support ticket and our privacy officer shall contact you further.

If you contact us about your personal information, we will respond to your request within a reasonable time and at minimal cost or no cost to you in accordance with applicable laws. Depending on the circumstances and applicable laws, we may refuse to process certain access requests (for example, access requests that are unreasonably repetitive or systematic, would be extremely impractical or require disproportionate technical effort).