Privacy Policy
Dynacraft BSC, Inc., a Massachusetts corporation (together, “DYNACRAFT,” “We,” or “Us”) has created this privacy policy (“Privacy Policy”) to convey its commitment to privacy issues on the Internet. This Privacy Policy is a part of the Terms of Use for this website (“Site”). Capitalized terms used in this Privacy Policy and not otherwise defined shall have the meaning ascribed to them in the Terms of Use located on the Site.
THE PURPOSE OF THE PRIVACY POLICY IS TO DISCLOSE TO YOU WHAT TYPES OF INFORMATION DYNACRAFT COLLECTS, THE METHOD OF COLLECTING IT, WITH WHOM DYNACRAFT SHARES IT, AND CERTAIN OTHER MATTERS RELATING TO SUCH INFORMATION, INCLUDING THE CHOICES YOU HAVE REGARDING DYNACRAFT’S COLLECTION OF INFORMATION AND DYNACRAFT’S USE AND DISCLOSURE TO THIRD PARTIES OF INFORMATION DYNACRAFT MAY HAVE COLLECTED FROM YOU. PLEASE READ THE PRIVACY POLICY BELOW TO LEARN MORE ABOUT DYNACRAFT’S DATA COLLECTION POLICIES AND PRACTICES.
Types of Information Collected; Method of Collection. DYNACRAFT collects two types of information from visitors to the Site: 1.) personal data, including names and email addresses; and 2.) aggregated data, such as user traffic patterns for the Site.
INFORMATION COLLECTED
By Browsing. As you browse the Site, it collects log file, Internet protocol (IP) addresses of your computer, “cookies”1 (described below), web beacons, and other standard tracking data DYNACRAFT uses to evaluate Site traffic and usage patterns. Such information is aggregated with tracking data from all Site visitors.
By Site Requirement. Some portions of the Site may require you to give DYNACRAFT personally identifiable information such as your name, address, email address, transaction information, and/or other information by which DYNACRAFT may contact you.
By User’s Voluntary Submission. If you communicate with DYNACRAFT by email, or otherwise complete online forms, registrations, or surveys, any information provided in such communications may be collected as personal information.
Collection By Third Parties. DYNACRAFT relies upon NetSuite Inc. (“NetSuite”) to host the Site, and as a result, NetSuite may have access to personally identifiable information. NetSuite must operate and use personally identifiable information in a manner consistent with the current Privacy Policy, and is subject to contractual obligations to maintain this information as confidential, subject to certain exceptions. However, DYNACRAFT is not responsible for the privacy practices of NetSuite. Any questions regarding NetSuite and/or its privacy practices may be directed to: info@netsuite.com 1A “cookie” is a bit of data sent by the Site through your browser to your computer and enables the Site to return the results and preferences that you expect. DYNACRAFT uses temporary, session-specific cookies to ensure visits to the Site are smooth and tailored to your visit. DYNACRAFT does not use permanent or persistent cookies that remain on your computer after you leave the Site.
INFORMATION ON CHILDREN
DYNACRAFT is committed to protecting the privacy of children. When DYNACRAFT intends to process information from children, DYNACRAFT undertakes the following precautions pursuant to the Children’s Online Privacy Protection Act (“COPPA”):
A. About the Collection of Parent Email Addresses:
Consistent with the requirements of COPPA, in any instance where DYNACRAFT asks for age and determines the user is age 13 or under, DYNACRAFT will ask for a parent or guardian’s email address before collecting any personal information from the child. If you believe your child is participating in an activity that collects personal information and you or another parent/guardian have NOT received an email providing notice or seeking your consent, please feel free to contact DYNACRAFT at privacy@dynacraftwheels.com. DYNACRAFT will not use parent emails provided for parental consent purposes for marketing directed towards the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.
B. The Information Collected From Children, How It is Used, and How and When DYNACRAFT Communicates with Parents:
Any time DYNACRAFT collects personal information, DYNACRAFT will retain such information only as long as reasonably necessary to fulfill a request, ensure the security of users and the Site, or as required by law. Should DYNACRAFT discover that it has collected personal information from a child inconsistent with the requirements of COPPA, DYNACRAFT will either delete such information or immediately seek parental consent for the collection of that information.
C. Persistent identifiers:
During interactions with children, certain information may be automatically collected for various business purposes. Examples include the child’s IP address, web browser, the frequency with which the child visits various parts of the Site, and the type of computer operating system. This information is collected using cookies, flash cookies, web beacons, and other unique identifiers. This information may also be collected by DYNACRAFT or a third party on behalf of DYNACRAFT. This data is principally used for internal purposes only, in order to:
customize content and improve the Site
conduct research and analysis to address the performance of the Site
generate anonymous reporting for use by DYNACRAFT
In the event DYNACRAFT collects (or allows others to collect) such information from children on the Site for other purposes, DYNACRAFT will notify parents and obtain consent prior to such collection.
D. Disclosure of Information to Third Parties:
DYNACRAFT may share or disclose personal information collected from children in a limited number of instances, including the following:
With service providers like software solutions, online security, and customer service. These companies are prohibited from using personal information for purposes other than those clearly defined by DYNACRAFT or required by law and DYNACRAFT has entered into written contracts to ensure this.
DYNACRAFT may disclose personal information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, DYNACRAFT may also disclose personal information collected from children (i) in response to a law enforcement or a public agency’s (including schools or children services) request; (ii) if DYNACRAFT believes disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using the Site; (iii) to protect the security or integrity of the Site and other technology, as well as the technology of DYNACRAFT’s service providers; or (iv) enable DYNACRAFT to take precautions against liability.
Parents have the right to consent to the collection, use, and processing of their child’s personal information without also having to consent to the disclosure of that information to third parties as we do not share information with third parties other than as disclosed above.
HOW INFORMATION COLLECTED IS USED FOR CONSUMERS 13 OR OLDER
You do not have to share any personal information (like full name, e-mail address, home address, telephone number, etc.) to view the Site. The information collected by and through the Site is owned solely by DYNACRAFT. The information collected by and through the Site will be used solely by DYNACRAFT, its affiliated companies, or other entities that are involved in the operation of this Site for DYNACRAFT’s internal purposes and is not sold or transferred to third parties. DYNACRAFT may use the information collected and provided, individually or in an aggregate form, as follows:
to personalize the Site according to your preferences based on the aggregated information;
to evaluate products and services DYNACRAFT may offer to you;
to deliver a product or service you requested, or to confirm or fulfill an order or request you have made;
to contact you about the Site;
to monitor or improve the use of the Site;
to customize the advertising and content you see;
to monitor compliance with the Terms of Use for the Site;
to provide special offers to you from DYNACRAFT and/or its affiliates and other third parties; and to send you promotional material on behalf of DYNACRAFT and/or its affiliates and other third parties.
We may also collect information from you offline, such as when you order a catalogue, participate in a sweepstakes or contest, or make a purchase at a store. We may obtain customer lists, demographic and other information about you from commercial sources.
DYNACRAFT also uses technology to collect certain information automatically, like your Internet Protocol (“IP”) address (which is the automatic number assigned to your computer by your Internet service provider when you surf the Web, or unique device identifier (“UDID”), international mobile equipment identity (“IMEI”), mobile equipment identifier (“MEID”) or media access control “MAC”) address; computer operating system (e.g., Microsoft Windows, Mac OS); your browser (e.g., Internet Explorer, Firefox); websites visited before or after you visit the Site; pages viewed and activities at the Site; and advertisements shown or clicked on.
A. What Personal Information Does DYNACRAFT Collect from Consumers 13 and Older?
DYNACRAFT does not collect any personal contact information from you when you visit the Sits unless it is voluntarily provided, for instance when signing a guest book, registering for contests, sweepstakes, community areas, downloads, or free demos, completing our online customer surveys or purchasing products. The personal information DYNACRAFT asks for is usually first and last name, mailing address, phone number and an e-mail address. DYNACRAFT may also ask you to help us understand your interests by providing demographic information, like age, gender, or ZIP code, or information on hobbies and interests.
WITH WHOM INFORMATION IS SHARED
At times, DYNACRAFT may share your personally identifiable information with others for various purposes. The following outlines the ways in which your information may be shared with others: Agents: DYNACRAFT may employ other businesses, certain services, and individuals to perform functions on DYNACRAFT’s behalf. A non-exhaustive list of examples includes fulfilling orders, sending e-mail, removing repetitive information from customer lists, Site analysis, analyzing data, providing marketing assistance, processing payments, and providing customer service. These agents may have access to personally identifiable information needed to perform their functions, but may not use it for other purposes. In an effort to protect you, these agents who have access to personally identifiable information either (a) must operate and use your personally identifiable information in a manner consistent with the current Privacy Policy, or (b) are subject to contractual obligations to maintain such information as confidential subject to certain exceptions. However, DYNACRAFT is not responsible for the privacy practices of these other companies.
Aggregate Information:
DYNACRAFT may share aggregate information such as demographics and Site usage statistics to other organizations. When this type of information is shared, the other parties do not have access to your personally identifiable information.
Opt-in and Opt-out Programs:
Throughout the Site you may be presented with opportunities to receive mailings from third parties or DYNACRAFT. An opt-in/opt-out message may ask you if you would like your information to be shared. If you do choose to have your information shared, please be aware that DYNACRAFT is not responsible for the privacy practices of these other companies, and you should review the privacy practices of such companies prior to providing your personally identifiable information. If you would not like your information to be shared with third parties, or if you would like to stop receiving mailings from third parties or DYNACRAFT, you may follow the instructions in the opt-out section below.
Third-Party Traffic Measurement Services:
The Site may use a third party to conduct traffic measurement services to analyze the traffic on the Site. Audience and traffic measurement services allow DYNACRAFT to collect anonymous traffic and behavior information from the Site by monitoring anonymous visitor activity. The traffic measurement services may themselves set and access their own cookies on your computer if you choose to have your cookies enabled in your browser. Other companies’ use of their cookies is subject to their own privacy policies, not this one.
DYNACRAFT Affiliates:
DYNACRAFT may share your information (including, without limitation, personally identifiable information) with affiliates of DYNACRAFT.
Business Transfers:
The Site, DYNACRAFT and/or an affiliate or division of DYNACRAFT may be sold along with its assets, or other transactions may occur in which your personally identifiable information is one of the business assets transferred. In such a case, your personally identifiable information, which DYNACRAFT has gathered, may be one of the business assets DYNACRAFT transfers.
Legal Process:
In the event DYNACRAFT is required to respond to subpoenas, court orders, or other legal process your personally identifiable information may be disclosed pursuant to such subpoena, court order, or legal process, which may be without notice to you.
Security and Encryption:
Technical and administrative measures are implemented to help protect personally identifiable information and other data on DYNACRAFT’s servers from unauthorized access, loss, or alteration. However, no server or transmission over the Internet can be guaranteed to be one hundred percent secure and whatever you transmit or disclose online can be collected and used by others or unlawfully intercepted by third parties. Therefore, any activity or communication is conducted at your own risk.
Third Party Links, Web Sites, and Cookies:
The Site contains external links to other websites. DYNACRAFT has no control over, and is not responsible for, the content of, or information gathered by, these other websites. Any personally identifiable information collected by such third parties is subject to such third parties’ privacy policy. DYNACRAFT does not endorse any of these websites or the products or services associated with such websites merely because they are linked to the Site.
Additionally, DYNACRAFT may use advertising companies to develop banner ads for the Site. These ads may contain cookies. These companies collect cookies sent to your browser through the banner ads and DYNACRAFT does not have control or access to this data.
Notification of Changes:
DYNACRAFT reserves the right, at any time and without notice, to add to, change, update, or modify the Privacy Policy, simply by posting such change, update, or modification on the Site. Any such change, update, or modification will be effective immediately upon posting on the Site. If at any point DYNACRAFT decides to use personally identifiable information in a manner different from that stated at the time it was collected, DYNACRAFT may notify you by way of an email or some other means. Your continued use of the Site shall constitute your acceptance of such revised Privacy Policy. Since this Privacy Policy may change from time to time, you should review it periodically and specifically before you provide any additional personally identifiable information.
Your Acceptance of these Terms:
By using the Site you signify your acceptance of the terms of the Privacy Policy. If you do not agree to the terms of the Privacy Policy, please do not use the Site, products, and/or services and exit the site immediately.
Data Handling Policy for Amazon Information:
"Amazon Information" means any information that is exposed by Amazon through the Marketplace APIs, Seller Central, or Amazon's public-facing websites. This data can be public or non-public, including Personally Identifiable Information about Amazon customers.
"Customer" means any person or entity who has purchased items or services from Amazon's public-facing websites.
"Seller" means any person or entity selling on Amazon's public-facing websites.
Dynacraft (referred to as “we” throughout this policy) are committed to protecting and respecting seller and customer privacy and keeping personal information secure.
This policy set out:
- details of the personal information that we may collect from you/Amazon (on your behalf);
- information about how we process, store, use, share, dispose your information (i.e. Data Protection and Privacy);
Please read this policy carefully to understand our views and practices regarding your personal data and how we treat it.
Who is this policy addressed to?
When we refer in this policy to ‘User’ we are referring to a user of our services through our portal/ website.
Information we may collect from you
We may collect and process the following data about you:
- On your behalf from E-commerce Channels:We collect information from E-commerce channels through API authorized by user on our portal/website. We only collect information required to process the data/information through our portal/website i.e. Order details, Invoice details, returns details, payment details, tax related details. We don’t collect personal information of customers i.e. Name, Mobile no., Address 1 & Address 2 etc. We strongly believe in data privacy of your customers.
- User company details/user details using our system and billing details of your organization
How we store/share/dispose your information (Data Protection and Privacy):
- Data Governance.Our privacy and data handling policy governs the appropriate conduct and technical controls applied in managing and protecting information assets. We keep inventory of software and physical assets (e.g. computers, mobile devices) with access to PII, and update regularly. A record of data processing activities such as specific data fields and how they are collected, processed, stored, used, shared, and disposed for all PII Information should be maintained to establish accountability and compliance with regulations. We, according to the privacy policy, can rectify, erase, or stop sharing/processing the customers’ information where applicable.
- Encryption and Storage.All PII is encrypted at rest using industry best practice standards AES-256. The cryptographic materials (e.g., encryption/decryption keys) and cryptographic capabilities used for encryption of PII at rest is only accessible to the processes and services. PII is not stored in removable media (e.g., USB) or unsecured public cloud applications (e.g., public links made available through Google Drive). Any printed documents containing PII should be securely disposed.
- Least Privilege Principle.We have implemented fine-grained access control mechanisms to allow granting rights to any party using the Application (e.g., access to a specific set of data at its custody) and the Application's operators (e.g., access to specific configuration and maintenance APIs such as kill switches) following the principle of least privilege. Application sections or features that vend PII must be protected under a unique access role, and access should be granted on a "need-to-know" basis.
- Logging and Monitoring.We gather logs to detect security-related events (e.g., access and authorization, intrusion attempts, configuration changes) to the Application and systems. We implement this logging mechanism on all channels (e.g., service APIs, storage-layer APIs, administrative dashboards) providing access to Amazon Information. All logs must have access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs themselves should not contain PII and must be retained for at least 90 days for reference in the case of a Security Incident. We have mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions (e.g., multiple unauthorized calls, unexpected request rate and data retrieval volume, and access to canary data records). We should perform investigation when monitoring alarms are triggered, and this should be documented in the Incident Response Plan.
- Network Protection.We have implemented network protection controls to deny access to unauthorized IP addresses and public access must be restricted only to approved users.
- Access Management.We assign a unique ID to each person with computer access to Amazon Information. Persons with access to data don’t create or use generic, shared, or default login credentials or user accounts. We review the list of people and services with access to Amazon Information on a regular basis (at least quarterly) and remove accounts that no longer require access. We restrict employees from storing Amazon data on personal devices. We maintain and enforce "account lockout" by detecting anomalous usage patterns and log-in attempts and disabling accounts with access to Amazon Information as needed.
- Encryption in Transit.We encrypt all Amazon Information in transit (e.g., when the data traverses a network, or is otherwise sent between hosts). This is accomplished using HTTP over TLS 1.2 (HTTPS). We enforce this security control on all applicable external endpoints used by customers as well as internal communication channels (e.g., data propagation channels among storage layer nodes, connections to external dependencies) and operational tooling. We disable communication channels which do not provide encryption in transit even if unused (e.g., removing the related dead code, configuring dependencies only with encrypted channels, and restricting access credentials to use of encrypted channels). We use data message-level encryption where channel encryption (e.g., using TLS) terminates in untrusted multi-tenant hardware (e.g., untrusted proxies).
- Incident Response Plan.We have and maintain a plan to detect and handle Security Incidents. Such plan identifies the incident response roles and responsibilities, defines incident types that may impact Amazon, defines incident response procedures for defined incident types, and defines an escalation path and procedures to escalate Security Incidents to Amazon. We review and verify the plan every six (6) months and after any major infrastructure or system change. We investigate each Security Incident, and document the incident description, remediation actions, and associated corrective process/system controls implemented to prevent future recurrence.
We will inform Amazon via email 3p.security@amazon.com within 24 hours of detecting any Security Incidents.
- Request for Deletion or Return. We, within no more than 72 hours after Amazon's request, permanently and securely delete (in accordance with industry-standard sanitization processes, e.g., NIST 800-88) or return Amazon Information upon and in accordance with Amazon's notice requiring deletion and/or return. We also permanently and securely delete all live (online or network accessible) instances of Amazon Information within 30 days after Amazon's notice.
Local laws may also grant you additional rights. For example, California law may permit you to request that we:
Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
Provide access to and/or a copy of certain information we hold about you.
Delete certain information we have about you.
You may also have the right to receive information about financial incentives that we may offer, if any. You have the right to not be discriminated against (per applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law and we may need certain types of information to provide service or goods to you.
If would like to exercise any of these rights, please submit a request to service@dynacraftwheels.com. You will be required to verify your identity before we fulfill your request.
California residents may opt out of the “sale” of their personal information. Dynacraft does not “sell” your personal information as we understand that term to be defined by the California Consumer Privacy Act and its implementing regulations, and we have not sold your personal information in the past twelve months.
Corrections, Updates, and Opting-Out:
You have the option of reviewing, correcting, updating, modifying, and deleting your personally identifiable information at any time and as often as desired. This can be done by sending an opt-out message in an email to DYNACRAFT at cusomercare@dynacraftwheels.com.
Unfortunately, to the extent that such information is also stored in other databases, we cannot always ensure that such corrections or deletions will reach the other databases. We will use all reasonable efforts to ensure that your information is removed from or corrected in DYNACRAFT’s records.
If you have any questions about this Privacy Policy or the privacy practices of this Site, contact customercare@dynacraftwheels.com.