Effective Date: 3/11/2021
PLEASE BE AWARE THAT MCRAE AND ALL ASSOCIATED SERVICES AND SYSTEMS ARE HOUSED ON SERVERS IN THE UNITED STATES. IF YOU ARE LOCATED OUTSIDE OF THE UNITED STATES, INFORMATION WE COLLECT (INCLUDING COOKIES) ARE PROCESSED AND STORED IN THE UNITED STATES, WHICH MAY NOT OFFER THE SAME LEVEL OF PRIVACY PROTECTION AS THE COUNTRY WHERE YOU RESIDE OR ARE A CITIZEN. BY USING THE SERVICES AND PROVIDING INFORMATION TO US, YOU CONSENT TO THE TRANSFER TO AND PROCESSING OF THE INFORMATION IN THE UNITED STATES.
- Information We Collect
- External Links
- How We Process Personal Information
- How We Share Information
- Your Choices and Options Relating to Our Collection
- Children’s Privacy
- Security of Personal Information
- Accessing or Updating Your Personal Information
- How to Contact Us
2. Information We Collect
We collect data to provide the products and services you request, ease your navigation of the Services, communicate with you, and improve your experience using the Services. Some of this information is provided by you directly to us, such as when you create an account or place an order. Some of the information is collected through your interactions with the Services. We collect such data using technologies like cookies, action tags, and other tracking technologies, error reports, and usage data collected when you interact with our Services. Some of the information is collected from your use of, and interactions with, us and others on social media, including but not limited to Facebook®, Twitter®, and Instagram® (collectively “Social Media”).
The data we collect depends on the products, services, and features of the Services that you use, and includes the following:
- When you register for the Services: When you register for the Services, we collect your name, email address, and password.
- When you use the Services: We may ask for contact information such as your name, address, telephone number, email address, contact preferences, employer/company, and other information related to your interests.
- We collect this information so that we may keep you informed about McRae and provide you with information.
- When you order products through the Services: We may ask for your name, address, phone number, email address, contact preferences, company and country.
- When you make a payment through the Services: If you make a payment to McRae, we will ask for Payment Information and other information requested for processing your payment.
2.1 Personal Information
In particular, we have collected the following categories of Personal Information from users in the last twelve (12) months. We obtain these categories of Personal Information with the methods described in more detail below.
Have We Collected Any Information in This Category?
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some Personal Information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other Personal Information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal Information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
Additionally, the following types of Personal Information are excluded from the CCPA’s scope:
- Certain health or medical information otherwise covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We may also collect Personal Information from third parties, such as Social Media, Payment Processors, product vendors, and other partners. Our collection of this information allows us to provide you with our products and services, establish, maintain and support your user account on the Services, and communicate with you in accordance with our Terms & Conditions.
2.2 Automatically Collected Usage and Device Information
Similar to other websites, we use tracking technologies to automatically collect certain technical information from your web browser, mobile, or other device when you visit our Services. This data may include, without limitation, your IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time of your visits. Our collection of this data, described in more detail below, allows us to provide more personalized Services to you and to track usage of the Services.
Through Server Logs: A server log is a list of the activities that a server performs. McRae’s servers automatically collect and store in server logs your search queries, Internet Protocol (IP) address, hardware settings, browser type, browser language, the date and time of your request and referral URL and certain cookies that identify your browser or McRae account.
From Your Computer, Tablet or Mobile Telephone: We collect information about your computer, tablet or mobile telephone (“Device”), such as model, operating system version, mobile network information, telephone number, internet service provider and similar identifiers. McRae may associate your Device information with your McRae account. We may collect and store information (including Personal Information) on your Device through browser web and web application data caches.
“Cookies” are small text files that are sent to or accessed from your web browser or your computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer, such as user settings, browsing history and activities conducted while using the Services. Our collection of this information allows us to improve your user experience in various ways, such as to personalize our display of the Services to you, to “remember” whether or not you are signed in, and to provide better technical support to you.
The Services use the following Cookies:
- Strictly necessary Cookies, which are required for the operation of the Services. Without them, for example, you would not be able to register or log in for the Services that McRae offers.
- Analytical/performance Cookies, which allow McRae to recognize and count the number of visitors, learn how visitors navigate the Services and improve the Services.
- Functionality Cookies, which McRae uses to recognize you when you return to the Services.
To learn more about Cookies and Web Beacons, visit www.allaboutcookies.org.
Please note: If you restrict, disable, or block any or all Cookies from your web browser or Device, the Services may not operate properly, and you may not have access to certain services or parts of the Services. We will not be liable for any interruption in, or inability to use, the Services or degraded functioning thereof, where such are caused by your settings and choices regarding Cookies.
2.2.2 Web Beacons (aka pixels/web bugs/java script)
“Web Beacons” are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements and related information of users of the Services. Unlike Cookies, which are stored on a user’s computer hard drive, Web Beacons are embedded invisibly on web pages or in HTML-based emails. The data we receive through Web Beacons allows us to effectively promote the Services to various populations of users, and to optimize external advertisements about the Services that appear on third-party websites. We may use Web Beacons to automatically record certain technical information about your interactions when you visit the Services or otherwise engage with us, to help deliver Cookies on our Services, or to count users who have visited the Services. We may also include Web Beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. Web Beacons help McRae develop statistical information to provide better and more personalized content.
2.3 Information from Other Sources
We may obtain both personal and non-Personal Information about you from business partners, contractors, suppliers, and other third parties and add it to your account information or other information we have collected. We, and the third parties we engage, may combine information we collect from you over time, and across the Services, with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.
We use third-party payment processors to assist in securely processing your Payment Information (“Payment Processors”). The Payment Information that you provide through the Services is encrypted and transmitted directly to the Payment Processor. In some cases the Payment Processor will direct you to its website and you will provide your Payment Information directly on the Payment Processor website. If you provide Payment Information through the Services, we do not store your Payment Information before transmitting it to the Payment Processor. We do not control and are not responsible for the Payment Processor or its collection or use of your information. When you complete a sale through a Payment Processor website, we may collect information from the Payment Processor in order to fulfill your order.
2.4 Location Information
We collect precise geolocation data from you or your Device, as well as your address information, e.g., shipping and billing address, when you set up your account and order our products or services. We also collect and use information about your general location (e.g., your state of residence) and can infer your approximate location based on your IP address in order to track our general Services usage or to tailor any pertinent aspects of your user experience to the region where you are located.
2.5 Information about Others
2.6 Social Media
3. External Links
4. How We Process Personal Information
McRae processes Personal Information for one or more of the following business purposes (“Business Purpose”):
- To set up and maintain your registration with the Services;
- To fulfill purchases made through the Services;
- To process payments;
- To communicate with you;
- To deliver relevant content to you;
- To provide features through the Services;
- To prevent and investigate fraud and other misuses of the Services;
- To protect our rights and property;
- To operate, manage and improve the Services; and
- To ensure the technical functionality and security of the Services.
McRae processes Other Information for one or more of the following Business Purposes:
- To administer and improve the Services and your experience on the Services;
- To analyze trends and gather broad aggregate demographic information;
- To statistically monitor how many people are using the Services or opening our emails;
- To develop, improve and protect the Services;
- For audience research;
- To audit and analyze the Services; and
- To ensure the technical functionality and security of the Services.
4.2 Account-Related Emails
When you create an account with us and provide us with your email we may, subject to applicable law, use your email address to send you Services-related notices (including any notices required by law, in lieu of communication by postal mail), updates, news, and marketing messages. For example, when you register, you will receive a welcome email. If the Services are temporarily unavailable, we may also send you an email notice.
Email communications you receive from us will generally provide an unsubscribe link or instructions allowing you to opt out of receiving future emails or to change your contact preferences. If you have registered for an account with us, you can also change your contact preferences within your account settings. Please remember that even if you opt out of receiving marketing e-mails, we may still send you important service information related to your account and the Services. If you correspond with us by email, we may retain the content of your email messages, your email address, and our responses.
4.4 Non-Personally Identifiable Information
We may use non-personally identifiable information, such as anonymized and/or aggregated website usage data, in any manner that does not identify individual users for the purpose of improving the operation and management of the Services, including to develop new features, functionality, and services, to conduct internal research, to better understand website usage patterns, to resolve disputes, to troubleshoot problems, to fulfill user requests, or for security and compliance purposes. Any non-personally identifiable information that is combined with Personal Information will be treated by us as Personal Information.
4.5 Payment Processors
If you purchase or pay for products or services via the Services, the transaction may be handled by the Payment Processors responsible for processing your payment. These entities have their own privacy policies and those terms will apply to you. Please be sure to review them at the links provided during payment processing.
5. How We Share Information
When we disclose Personal Information for a Business Purpose, we enter into a contract that describes the purpose and requires the recipient to keep that Personal Information confidential and use only for performance of the contract, and not for any other purpose. We share or make your information available, including any Personal Information, in the circumstances described below.
5.1 Disclosures of Personal Information in the Last Twelve Months
We may share Personal Information collected via the Services with:
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a Business Purpose, as more fully described in Section 4:
- Category A: Identifiers.
- Category B: California Customer Records personal information categories.
- Category D: Commercial information.
- Category F: Internet or other similar network activity.
- Category G: Geolocation data.
We disclose your Personal Information for a Business Purpose to the following categories of third parties:
- Payment Processors.
- Social Media.
- Other third party marketing service providers.
- Affiliated persons or third-party service providers assisting us in the operation, management, improvement, research and analysis of the Services.
Please note: Affiliated persons or our third party service providers may augment, extend, and combine non-personally identifiable information with data from additional third party sources in order to assist us in our operation of the Services.
5.2 Sales of Personal Information in the Last Twelve Months
We do not sell Personal Information and have not sold Personal Information in the preceding twelve (12) months.
5.3 Organizational Transitions
5.4 Legal Requirements
Applicable law may require McRae to disclose your Personal Information if:
(i) reasonably necessary to comply with legal process (such as a court order, subpoena or search warrant) or other legal requirements;
(ii) disclosure would mitigate McRae’s liability in an actual or threatened lawsuit;
(iii) necessary to protect legal rights of McRae, users, customers, business partners or other interested parties; or
(iv) necessary for the prevention or detection of crime (subject in each case to applicable law).
5.5 California Shine the Light Law
California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to firstname.lastname@example.org or write us at:
PO Box 1239
Hwy 109 North
Mount Gilead, NC 27306
6. Your Choices and Options Relating to Our Collection
6.1 You Can Choose Not to Provide Personal Information
You may always decline to provide your Personal Information to us. Registering for an account or otherwise providing your Personal Information is not required to access some of our online content. If you choose not to provide certain Personal Information to us, some of your experiences may be affected (for example, we cannot accept an order without your name, certain contact information, and Payment Information).
6.2 You May Decline Other Requests
6.3 Right to Access Specific Information and Data Portability Right
You may have the right under the CCPA to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of Personal Information that we have collected about you.
- The categories of sources for the Personal Information that we have collected about you.
- Our business or commercial purpose for collecting or making available that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information that we have collected about you (also called a data portability request).
- If we disclosed your Personal Information for a Business Purpose, the Business Purpose for which such Personal Information was disclosed, and the Personal Information categories that each category of recipient obtained.
- If applicable, (1) the categories of your Personal Information that we have made available for valuable consideration; (2) the categories of third parties to whom such Personal Information was made available; and (3) the category or categories of Personal Information that we have made available to each category of third parties.
6.4 Right to Delete
You may have the right under the CCPA to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) or vendor(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation or legal order.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
6.5 Exercising Your Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Visiting [insert link to access/deletion form]
Sending us an e-mail at email@example.com
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make such a request for access or data portability twice within a twelve-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
6.7 Online Tracking Choices
Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject Cookies or to alert you when a Cookie is placed on your Device. Although you are not required to accept Cookies or mobile device identifiers, if you block or reject them, some features of the Services (particularly those that require sign-in) may not function properly.
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including McRae, do not respond to DNT signals.
7. Children’s Privacy
The Services are not directed to or intended for use by minors. Consistent with the requirements of applicable law, if we learn that we have received any information directly from a minor without his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the minor that he or she cannot use the Services and subsequently will delete that information.
California Minors: While the Service is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: firstname.lastname@example.org.
When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
8. Security of Personal Information
McRae takes precautions intended to help protect information that we process but no system or electronic data transmission is completely secure. Any transmission of your Personal Information is at your own risk and we expect that you will use appropriate security measures to protect your Personal Information. You are responsible for maintaining the security of your account credentials for the Services. McRae will treat access to the Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below. If we become aware of a breach that affects the security of your Personal Information, we will provide you with notice as required by applicable law. To the extent permitted by applicable law, McRae will provide any such notice that McRae must provide to you at your account’s email address. By using the Services, you agree to accept notice electronically.
We retain Personal Information in identifiable form only for as long as necessary to fulfill the purposes for which the Personal Information was provided to McRae or, if longer to comply with law legal obligations, to resolve disputes, to enforce agreements and similar essential purposes.
9. Accessing or Updating Your Personal Information
PO Box 1239
Hwy 109 North
Mount Gilead, NC 27306
We will make good faith efforts to resolve requests to correct inaccurate information except where the request is unreasonable, requires disproportionate technical effort or expense, jeopardizes the privacy of others, or would be impractical.
11. How to Contact Us
PO Box 1239
Hwy 109 North
Mount Gilead, NC 27306