Privacy Policy
Last updated on September 19, 2024
Obsidian Works LLC (“we”, “our”, “us”, or “Obsidian,”) respects the privacy of its users and is fully committed to protect their personal data and use it in accordance with data privacy laws. This Privacy Policy describes how we collect, use, and process any personal data that we collect from you—or you provide to us—in connection with your use of our website (www.obsidian.works) and our custom design services (collectively, “Services”). By accessing or using our Services, you signify your understanding of the terms set out in this Privacy Policy.
If you are a California resident, please see Additional Disclosures for California Residents below.
If you are a resident of Colorado, Connecticut, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, or any other state that enacts a materially similar privacy law to the states referenced, please see Additional Disclosures for Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents below.
We do not knowingly collect, maintain, disclose, or sell personal information about users under the age of eighteen (18). If you are under the age of 18, please do not use our Services. If you are under the age of 18 and have used our Services, please contact us at the email address below so that we may delete your personal information.
1. Background
Obsidian, provides Services both to its business customers, as well as directly to end users.
If you use our Services only for your personal use, you are to be considered as the “User” and for the purpose of Data Protection Laws, and we are the data “controller” or covered “business” as such terms are defined in the applicable Data Protection Law.
If you use our Services to execute orders and deliver products to third parties, you are considered a “Merchant”. When processing contact details, payment information and other information listed in Section 1 below directly related to the Merchant, we are the data controller or covered business. Where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer, we are a “data processor” or “service provider” as such terms are defined in the applicable Data Protection Law. Where we act as a data processor we process information in accordance with Data Protection Laws on behalf of our customers.
The term “Data Protection Law(s)” shall include any applicable data privacy or security law, including but not limited to the California Consumer Protection Act, the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, and all applicable amendments and regulations related to the foregoing.
2. Information Collected About Users and Merchants and How We Use It
The types of personal information we obtain and process about you depends on how you interact with us and our Services. This section provides the categories of information we may collect about you, and such categories are used in accordance with the disclosures in How We Use Your Data below.
Identifiers. Such information includes your name, postal address, shipping address, email address, and telephone number.
Payment Information. Such information includes information relating to billing and payment details (including first and last digits of your payment card).
Commercial Information. Such information includes information about Services you have purchased or considered, and your preferences.
Device and Unique Identifiers. Such information includes internet or other electronic network activity information, such as IP addresses, the device and browser you use, referring pages, time stamps, and cookies.
Geolocation Data. Such information includes non-precise location information that permits us to determine your location based on information provided in your IP address.
Government Issued Identification. Such information includes images and data, which may appear on government-issued identity documents or identification cards.
Content. Information such as your communications with us and any other content you provide, such as social media profiles, images, videos, survey responses, comments, reviews, and testimonials.
3. How We Collect Your Data
We may collect data in a variety of manners as disclosed in this section.
Directly from You. We collect personal information you provide, such as when you make a purchase; register for an account or create a profile; contact us; sign up to receive emails or newsletters, or otherwise engage in direct communication with us.
Using Online Tracking Technologies and Other Automatic Data Collection Technologies. When you visit our websites, use our Services, open or click on emails we send you, or interact with our advertisements, we or third parties we work with automatically collect certain information using online tracking technologies such as cookies. For more information, please see our Cookies Policy.
From Merchants. We obtain information directly from Merchants that we may be providing services on behalf of.
From Social Media Platforms and Networks. If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (including Instagram, Facebook, Twitter, Google, and LinkedIn) in connection with our websites, we collect information that you disclose to us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.
From Other Sources. We may obtain information about you from other sources, such as website data analytics , marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.
4. How We Use Your Data
This section explains how we use your data and identifies the categories of information we collect and process in connection therewith.
Providing our Services. Where you are a User of our Services, we will use data collected as is necessary to fulfill our contract with you for the purposes of providing, maintaining, or improving our products and Services (including, to the extent permitted by applicable law, any matters in our legitimate interests with respect to the Services), we will confirm your identity, contact you, provide customer support (including other platforms, where you may reach us), operate your account with us and invoice you.
For the aforementioned purposes, we collect and process Identifiers, Payment information, and Commercial information.
Legal Obligations. We may request some of the personal data indicated above to comply with applicable laws and in furtherance of our legal obligations and legitimate interest in ensuring that users and end customers are not the target of trade, financial, and economic sanctions, and do not appear on a sanctions-related list, including lists maintained by the U.S. Department of Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of State, the U.S. Department of Commerce, the European Union, or Her Majesty’s Treasury of the United Kingdom. In addition, we may use such information to establish and exercise our rights, and to defend against legal claims.
Consent. There are instances where we collect specific information for a specific purpose based on your consent. This includes when you have given your consent when registering your account, when sharing your email address or other personal data with us to receive any other information.
In such instances, we will process identifiers such as your email address as necessary to send you the informative and/or promotional materials, to which you have subscribed to, for example, newsletters, advertisements of our Services and other information about our Services that you have requested.
For information about how to unsubscribe to any emails, newsletters or other communications, please see Your Choices in Connection With Our Services below.
Conduct Analytics and Personalization. We use your information to conduct research and analytics, including to improve our Services. We also use your information to understand your interaction with our advertisements, Services, and our communications with you. We also use your information to personalize your experience, to save you time when you visit our websites and use our Services, to better understand your needs, and to provide personalized recommendations for our Services.
We obtain the location information you provide in your profile or your IP address. We use and store information about your location to provide features and to improve and customize the Services, for example, for Obsidian’s internal analytics and performance monitoring; localization, regional requirements, and policies for the Services; for local content, search results, and recommendations; for delivery and mapping services; and (using non-precise location information) marketing.
By using cookies and similar technology on our website, we may collect data such as information on your device, your preferences and information filled in while visiting our website, your interaction with the website, and other information used for analytical, marketing, and targeting activities (including unique visits, returning visits, length of the session, actions carried out in the webpage). For more information, please see our Cookies Policy.
For the aforementioned purposes, we collect and process Device and Unique Identifiers.
Communications with you. We use your information to engage in communications with you, such as to respond to your requests, inquiries, issues, and feedback, to engage in meetings with Merchants, and to provide customer service.
If you have a Obsidian account, we will retain the recording for as long as you have an account. If you do not have an account, we will delete the recording within 12 months or retain it, if it will be needed to resolve disputes between you and us.
When you interact with our customer support through email we may monitor or save the conversation to ensure the quality of our customer support.
For the aforementioned purposes, we collect and process Identifiers, Device and Unique Identifiers, and Content.
Security and Fraud Prevention. As it is in our legitimate interests to ensure our network security, we use your information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions. We also use your information to enforce our terms and procedures, prevent against security incidents, and prevent the harm to other users of our Services.
Improving the Services, Websites or Developing Other Products. We process certain information about the use of our Services and website to better understand how it is accessed, to improve our Services, and to develop new products and services. Such processing requires the collection of technical information, including information about how and when you access your account, the device and browser you use and the IP address and device data.
For the aforementioned purposes, we collect and process Device and Unique Identifiers.
Marketing and Advertising. We use your information for marketing and advertising purposes, including sending marketing, advertising, and promotional communications to you by email. We also use your information to show you advertisements for Services.
For the aforementioned purposes, we collect and process Identifiers, Device and Unique Identifiers, Commercial Information, and Geolocation Data.
5. Information Collected About Our Merchant’s Customers
In the course of providing products and services on our Merchant’s behalf, we collect and process certain information about individuals at the direction of such Merchants (“Customer Data”). Customer Data has historically included information such as personal data relating to the end user of our Services, personal data revealed during the use of any Obsidian services, including name, email address, phone number, shipping address, and other information about the Merchant’s customers.
If you are a customer of the Merchant (an end user of our Services in connection to a manufacturer or installer), the Merchant is the data controller with regard to your personal data contained in Customer Data and should provide you the information on how your personal data is collected and processed when using our Services. The Merchant is your contact for any questions you have about how it handles your personal data.
6. Sharing Personal Data With Third Parties
The following details the types of third parties whom we share information with in connection with your use of the Services:
Service Providers. In order for Obsidian to provide you with our Services, we work with third parties who perform services on our behalf and with whom we share personal data to support our Services (“Service Providers”). Service Providers include:
Hosting and Online Services. Information you have provided to us during the use of our Services, including technical usage data, is shared for business purposes in our legitimate interests with third parties who provide hosting and server co-location services as well as data and cyber security services.
Manufacturing Services. Information you have provided to us during the use of our Services may be shared with third-party manufacturing services whom we engage to provide our Services to you.
Email Service Providers. Your email address and other contact details you have provided to us and your messages to our customer service is shared for business purposes in our legitimate interests with communication, email distribution, and content delivery services.
Payment Processors. Information regarding your purchases and payments is shared with billing and payment processing services, fraud detection and prevention services, accounting and financial advisors, advisors, so that we can provide our Services to you.
Analytic and Digital Marketing Providers. Information regarding your use of our Services and other information received from cookies and similar technology is shared with web analytics and online marketing services.
If we provide marketing to you, information on your account, purchases and preferences can be shared with marketing services.
Legal Advisors, Legal Process, and Protection. Insofar as reasonably necessary, we may be required to share information with third parties to (1) comply with legal requirements or requests, including any subpoenas, claims, disputes or litigation, (2) protect our, or a third party’s, lawful interests, (3) enforce or apply our agreements; and (4) protect property or safety of us or others.
We will only share personal data to Service Providers that have undertaken to comply with obligations set out in applicable data protection laws.
Affiliates. We may share your personal data with our affiliates (companies within our corporate family), in our legitimate interests for business purposes.
Business Customers (i.e., Merchants). Where we provide Services on behalf of Merchants, we will provide certain information related to your orders and purchases.
In a Business Transfer. We may disclose or share your information as part of a corporate business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of company assets, or in the unlikely event of insolvency, bankruptcy, or receivership, in which such information could be transferred to third parties as a business asset in the transaction.
Facilitating Requests. We share information at your request or direction, such as when you choose to share information with a social network about your activities using the Services.
Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see Your Choices In Connection With Our Services below.
If you are a resident of a jurisdiction that grants additional legal rights, please see the applicable disclosure, including the following:
Additional Disclosures for California Residents
Additional Disclosures for Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents
7. Retention Periods
We may retain your personal data for as long as you have a Obsidian account or any of the abovementioned legal bases for personal data processing still exists. For example, if you unsubscribe from our marketing, newsletter, or blog emails, we will stop the processing of the personal data for such purposes.
If you have used our Services without creating a Obsidian account, we will keep your personal data as long as necessary to comply with our legal obligation to retain information relating to provision of services, for example, for tax purposes.
After terminating your relationship with us by deleting your Obsidian account or otherwise ceasing to use our Services, we may continue to store copies of your (and in regard to Merchants, your customers’ personal data) as necessary to comply with our contractual obligations with Merchants and legal obligations, as well as to resolve disputes between you and us (or Merchants and applicable customers), to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests (to the extent that we are permitted by the applicable law to continue to store copies to protect our legitimate interests).
We reserve the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws.
8. Information Security
We seek to use reasonable organizational, technical, and administrative measures to protect the confidentiality, integrity, and availability of personal data. We encourage you to take care of the personal data in your possession that you process online and set strong passwords for your Obsidian account, limit access to your computer and browser by signing out after you have finished your session, and avoid providing us with any sensitive information.
9. Your Choices In Connection With Our Services
A. Account.
You may access, update, or remove certain information that you have provided to us through your account or by sending an email to the email address to support@OBSIDIAN.works. We may require additional information from you to allow us to confirm your identity.
Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
B. Communications.
Emails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link or emailing us (support@OBSIDIAN.works) with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or Obsidian’s ongoing business relations.
C. Cookies and Tracking Technologies.
Cookies. See our Cookie Policy for information about how to control cookies.
Do Not Track. Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. We currently do not respond to browser “do not track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
D. Analytics.
We use Squarespace Analytics to conduct analytics of our Service. Your use of the website confirms your consent to our use of such analytic data.
E. Legal Privacy Rights.
You may have additional legal privacy rights under certain applicable laws, including but not limited to the California Consumer Privacy Act and other similar laws that may come into effect. For more information about your rights under these respective laws, please see the following sections where applicable:
Additional Disclosures for California Residents
Additional Disclosures for Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents
For more information about how to exercise applicable legal rights, please see the section titled How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.
10. Additional Disclosures for California Residents
All terms and phrases used under this section have the same meaning as those phrases are defined under the California Consumer Privacy Act and its implementing regulations, as amended (collectively, the “CCPA”).
Under the CCPA, California residents are afforded certain rights about the Personal Information (as such capitalized term is defined under the CCPA) we have collected about them, which we have described in more detail below.
We are both a “business” and a “service provider” under the CCPA, depending on how you interact with us. This section applies only to personal information we collect in our role as a business. Where we act on a Merchant’s behalf to fulfil an order with regard to the Merchant’s customer, we are a Service Provider under the CCPA. Please read the Merchant’s privacy policy for further information on how to exercise your rights under the CCPA. The Merchant is your contact for any questions you have about how it handles your Personal Information.
A. Notice at Collection
To learn more about the categories of personal information we collect about California residents, please see Information Collected About Users and Merchants above.
For more information about how we use those categories of personal information, please see How We Use Your Data above.
For more information about how we collect categories of personal information, please see How We Collect Your Data above and our Cookies Policy.
To learn more about how we disclose categories of personal information, and the categories of third parties with whom we disclose such information, please see Categories of Personal Information Disclosed and Categories of Recipients below.
To learn more about how long we keep your information, please see Retention Periods above.
B. Categories of Personal Information Disclosed and Categories of Recipients
The following disclosure describes the categories of information that we disclose to the categories of recipients of such disclosure. For more information about the third parties we disclose information to, please see Sharing Personal Data With Third Parties above.
Service Providers. The type of data we share depends on the type of service provider. The below summary details the types of service providers and related information shared:
Hosting and Online Services. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.
Manufacturing Services. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.
Email Service Providers. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.
Payment Processors. We may disclose Identifiers, Device And Unique Identifiers, and Payment Information.
Analytic and Digital Marketing Providers. We may disclose Device And Unique Identifiers and Geolocation Data.
Legal Advisors, Legal Process, and Protection. Any collected information identified in Information Collected About Users and Merchants that is reasonably required to be disclosed and does not violate any legal or contractual obligation may be disclosed in accordance with such request and/or requirement.
Affiliates. We may disclose any of the information identified in Information Collected About Users and Merchants with our Affiliates so where it necessary for the legitimate interest including appropriate business purposes of Obsidian and its Affiliates in accordance with Data Protection Laws.
Business Customers (i.e., Merchants). We may disclose Identifiers and Commercial Information.
In a Business Transfer. We may disclose any of the information identified in Information Collected About Users and Merchants in connection with a business transfer where it necessary for the legitimate interest including appropriate business purposes of Obsidian and its Affiliates.
Facilitating Requests. We may disclose or make appropriate information identified in Information Collected About Users and Merchants to facilitate your requests reasonably in accordance with the CCPA. With respect to social networking requests, categories of information shared are Identifiers, Device And Unique Identifiers, Geolocation Data, and any applicable Content associated with the request.
C. Your Legal Rights Under the CCPA
If you are a California resident, the processing of certain personal information about you may be subject to the CCPA. Where the CCPA applies, this section provides additional privacy disclosures and informs you of key additional rights as a California resident. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.
Right to Know Request. Under the CCPA, California residents have a right to request information about our collection, use, and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you free of charge with the following information:
1. the categories of personal information about you that we collected;
2. the categories of sources from which the personal information was collected;
3. the purpose for collecting personal information about you;
4. the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
5. the specific pieces of personal information we collected about you.
You may make a verifiable consumer request to know your personal information twice per twelve (12) month period.
Right to Access. You have a right to access the personal information that we collected from you in accordance with the applicable law.
Right to Delete Request. Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions.
Right To Correct. Under the CCPA, you have the right to ask us to correct, or make available a means to correct, the personal information we have collected about you, subject to certain exceptions.
Right to Opt-Out of the Sale or Sharing of Personal Information.
Right to Opt-Out of the Sale or Sharing of Personal Information. You may request that we not sell your Personal Information. Please note, however, that CCPA defines “sale” very broadly, and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California consumer’s Personal Information by the business to another business or third party for monetary or other valuable consideration.” We use services that help deliver interest-based ads to you and may transfer Personal Information to business partners for their use. We may also make available Personal Information to Merchants relating to your commercial information. These practices are considered a “sale” under the CCPA.
You may also opt-out of the sales relating to browser based sales by using an opt-out preference signal, such as the Global Privacy Control (GPC) on your browser.
These rights may be limited in some circumstances. For more information about how to exercise your legal rights and limitations that may apply, please see How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.
D. Notice of Disclosure for a Business Purpose
To learn more about the categories of personal information we have disclosed for a business purpose, and the categories of third parties with whom we’ve disclosed such information, please see How Do We Disclose Your Information? above.
E. Notice of Sale
We sell your personal information through the use of certain third party advertising partners, as well as when we provide your personal information to Merchants. We do not share your personal information. We also don’t knowingly sell or share the personal information of any California resident who is 18 years or younger.
F. Notice of Use of Sensitive Personal Information
We do not use California resident sensitive personal information for any purpose other than is permissible under the CCPA. Specifically, we do not use sensitive personal information of California residents to derive characteristics about California residents.
G. Notice of Financial Incentives
We offer our User and Merchants certain discount opportunities that may be considered a “financial incentive” or “bona fide loyalty program” under applicable Data Protection Laws (the “Program”). Such a Program may include discounts or coupons provided when you sign up to receive such discounts or coupons, which typically requires you to provide your name and contact information (such as email address), or participation in a survey. We consider the value of your personal information to be related to the value of the discounted products or services, or other benefits that you obtain or that are provided in connection with the Program, less the expense we incur offering such opportunity.
You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Please review any applicable terms and conditions provided in connection with such Program.
11. Additional Disclosures for Colorado, Connecticut, Delaware, Nevada, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents
Under the state laws including the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, Virginia Consumer Data Protection Act, and other similar laws that may be enacted in the future (each a “Heightened U.S. Privacy Law”) applicable residents are afforded certain rights regarding the data we have collected about them. This notice describes how we collect, use, and share your Personal Data in our capacity as a “Controller” under such respective Heightened U.S. Privacy Law, and the rights that you have with respect to your Personal Data, including sensitive personal data. For purposes of this section, “Personal Data” and “sensitive data” have the meanings given in the respective Heightened U.S. Privacy Law and do not include information excluded from such respective Heightened U.S. Privacy Law’s s respective Heightened U.S. Privacy Law general, personal data is information reasonably linkable to an identifiable person.
A. Notice of Collection
To learn more about the categories of personal information we collect about you and how we use it, please see Information Collected About Users and Merchants and How We Use Your Data above. To learn more about the categories of third parties with whom we may share your personal information, please see How We Sharing Personal Data With Third Parties above.
In addition, we may collect and/or use additional types of information after providing notice to you and obtaining your consent to the extent such notice and consent is required by Heightened U.S. Privacy Laws.
B. Your Rights Under Heightened U.S. Privacy Laws
If you are a resident of a state with a Heightened U.S. Data Privacy Law, the processing of certain personal information about you may be subject to the respective Heightened U.S. Data Privacy Law. Where the Heightened U.S. Data Privacy Law applies, this section provides additional privacy disclosures and informs you of key additional rights as a resident of such state. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the Heightened U.S. Data Privacy Law.
Right to Access Information/Correct Inaccurate Personal Data. You have the right to request access to Personal Data collected about you and information regarding the purposes for which we collect it, and the third parties and service providers with whom we share it. Additionally, you have the right to correct inaccurate or incomplete Personal Data. You may submit such a request as described below. If you live in Oregon, you also have a right to request a list of the specific third parties to which we’ve disclosed your personal data.
Right to Deletion of Personal Data. You have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. You may submit such a request as described below. We may have a reason under the law why we do not have to comply with your request, or why we may comply in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Right To Correct. You have the right to ask us to correct, or make available a means to correct, the personal information we have collected about you, subject to certain exceptions.
Right to Opt-Out of Sale of Personal Data to Third Parties. You have the right to opt out of any sale of your Personal Data by Obsidian to third parties.
Right to Portability. You have the right to request a copy of the Personal Data that you previously provided to us as a Controller in a portable format. Our collection, use, disclosure, and sale of Personal Data are described in our Privacy Policy.
Right to Opt-In to Processing of Sensitive Data. Before we collect and process sensitive personal information, we will obtain your opt-in consent as required under applicable law.
Right to Opt-Out of Targeted Advertising. You have the right to opt-out of Targeted Advertising based on your Personal Data obtained from your activities over time and across websites or applications.
Right to Opt-Out of Profiling. You have the right to opt-out of having your Personal Data processed for the purpose of profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you.
Right to Appeal. If we decline to take action on any request that you submit in connection with the rights described in the above sections, you may ask that we reconsider our response by sending an email to support@OBSIDIAN.works that you receive the decision. You must ask us to reconsider our decision within 45 days after we send you our decision.
These rights may be limited in some circumstances. For more information about how to exercise your legal rights and limitations that may apply, please see How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.
C. Nevada Opt-Out Rights
If you are a Nevada resident, you have the right to submit a request directing us not to make any sale of your personal information. We do not sell your personal information as defined under Nevada law. However, to request email confirmation that we do not sell your personal information, please send an email to us with “Nevada Opt-Out of Sale” in the subject line and in the body of your message.
12. How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws
If you are an applicable resident to whom the Data Protection Laws apply to, you may contact us to exercise your rights in accordance with the below procedures:
A. Verification Requirements
For certain requests, we may require specific information from you to help us verify your identity and process your request. Depending on your request, we will ask for information such as your name, address, phone number and account number (to the extent available) used in connection with your account or applicable purchases, and may ask for government-issued ID, or date of birth. If we are unable to verify your identity, we may deny your requests to know or delete.
B. Requests to Know, Access and Delete Information
If the Data Protection Laws apply to you, you may exercise your right to know, access or delete information through any of the following means:
Account Settings: As provided in the Your Choices in Connection with Our Services above, you can access the majority of your personal information through your account within the Services by logging in to your Obsidian account.
Email Us: You may make a request by emailing us at support@OBSIDIAN.works.
C. Correction Requests
You can correct information related to your account through the following means:
Account Settings: As provided in Your Choices in Connection with Our Services above, you can access the majority of your personal information through your account within the Services by logging in to your Obsidian account.
Email Us: You may make a request by emailing us at support@OBSIDIAN.works.
D. Right to Opt-Out of Sale, Profiling, and Context-Based Behavioral Advertising
You may opt-out of the sale of personal information by sending an e-mail to support@OBSIDIAN.works.
The use of certain third-party providers and their cookies or other tracking technologies for such third parties’ commercial use or profiling or cross-context behavioral advertising must be capable of opt-out. However, as stated in this Privacy Policy, we do not sell or share your information to third parties for these purposes, and therefore, we do not offer any opt-out right.
If you believe that we are forwarding personal information to a third party and it is using it in a manner that exceeds such third party’s processing on our behalf as a service provider or processor (as those terms are understood under applicable law), please contact us at support@OBSIDIAN.works so that we may look into the matter further.
E. Right to Portability
If you wish to receive your personal data in a machine-readable format, please contact us at support@OBSIDIAN.works. We may provide you instructions on how to access your own information and download it yourself, or otherwise will work with you to provide you your personal data in accordance with applicable Data Protection Law.
If applicable Data Protection Law does not provide you with the right of portability, we may deny your request.
F. Authorized Agents
Residents of California, Colorado, and Connecticut may designate an authorized agent to submit a request on your behalf to access or delete your personal information. Use of an authorized agent must comply with the CCPA and Heightened U.S. Privacy Law as applicable, including that you must provide the authorized agent written and signed permission to submit such request. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will still have to verify your identity directly with us in accordance with the applicable law.
G. Responding to Requests as a Controller or Covered Business
Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly within the timer period allowed under the applicable law. We aim to fulfill all verified requests within 45 days pursuant to the to the CCPA and most Heightened U.S. Privacy Laws. If necessary, extensions as allowed under applicable law (generally for an additional 45 days) may be required and will be accompanied by an explanation for the delay.
Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by applicable law.
H. Responding to Requests as a Processor or Service Provider
If your personal data has been processed by us on behalf of a Merchant and you wish to exercise any rights you have with such personal data, please inquire with such Merchant directly. If you wish to make your request directly to us, please provide the name of Merchant on whose behalf we processed your personal data. We will refer your request to that Merchant, and will support them to the extent required by applicable Data Protection Law in responding to your request.
13. Links to Third-Party Sites
Our Services may contain links to other websites or services. Please note that these links are provided for your own convenience and information, and the websites and services may operate independently from us and have their own privacy policy notices, which we strongly suggest you review.
14. Privacy Policy Changes
Any changes we make to this Privacy Policy in the future will be posted on this page. Therefore, we encourage you to check this page frequently from time to time.
15. Complaints
If you are a User that has directly purchased our Services from us and believe that we have unlawfully processed your personal data, you have the right to submit a complaint to the contact information provided below, or to your respective data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.
If you are a customer of a Merchant (an end user of our Services), please direct your concern to the relevant Merchant in the first instance.
16. Contact Information
If you have any questions about your personal data or this Privacy Policy, please contact us by email at support@OBSIDIAN.works (please include Data Privacy in the Subject line), or by using the contact details below:
United States:
Obsidian Works LLC
Attn: Data Protection Officer
Address: 10926 David Taylor Dr Ste 120
Charlotte, NC 28262