Types of Information Collected; Method of Collection. DYNACRAFT collects two types of information from visitors to the Site: 1.) personal data, including names and email addresses; and 2.) aggregated data, such as user traffic patterns for the Site.
By Browsing. As you browse the Site, it collects log file, Internet protocol (IP) addresses of your computer, “cookies”1 (described below), web beacons, and other standard tracking data DYNACRAFT uses to evaluate Site traffic and usage patterns. Such information is aggregated with tracking data from all Site visitors.
By Site Requirement. Some portions of the Site may require you to give DYNACRAFT personally identifiable information such as your name, address, email address, transaction information, and/or other information by which DYNACRAFT may contact you.
By User’s Voluntary Submission. If you communicate with DYNACRAFT by email, or otherwise complete online forms, registrations, or surveys, any information provided in such communications may be collected as personal information.
INFORMATION ON CHILDREN
DYNACRAFT is committed to protecting the privacy of children. When DYNACRAFT intends to process information from children, DYNACRAFT undertakes the following precautions pursuant to the Children’s Online Privacy Protection Act (“COPPA”):
A. About the Collection of Parent Email Addresses:
Consistent with the requirements of COPPA, in any instance where DYNACRAFT asks for age and determines the user is age 13 or under, DYNACRAFT will ask for a parent or guardian’s email address before collecting any personal information from the child. If you believe your child is participating in an activity that collects personal information and you or another parent/guardian have NOT received an email providing notice or seeking your consent, please feel free to contact DYNACRAFT at email@example.com. DYNACRAFT will not use parent emails provided for parental consent purposes for marketing directed towards the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.
B. The Information Collected From Children, How It is Used, and How and When DYNACRAFT Communicates with Parents:
Any time DYNACRAFT collects personal information, DYNACRAFT will retain such information only as long as reasonably necessary to fulfill a request, ensure the security of users and the Site, or as required by law. Should DYNACRAFT discover that it has collected personal information from a child inconsistent with the requirements of COPPA, DYNACRAFT will either delete such information or immediately seek parental consent for the collection of that information.
C. Persistent identifiers:
During interactions with children, certain information may be automatically collected for various business purposes. Examples include the child’s IP address, web browser, the frequency with which the child visits various parts of the Site, and the type of computer operating system. This information is collected using cookies, flash cookies, web beacons, and other unique identifiers. This information may also be collected by DYNACRAFT or a third party on behalf of DYNACRAFT. This data is principally used for internal purposes only, in order to:
customize content and improve the Site
conduct research and analysis to address the performance of the Site
generate anonymous reporting for use by DYNACRAFT
In the event DYNACRAFT collects (or allows others to collect) such information from children on the Site for other purposes, DYNACRAFT will notify parents and obtain consent prior to such collection.
D. Disclosure of Information to Third Parties:
DYNACRAFT may share or disclose personal information collected from children in a limited number of instances, including the following:
With service providers like software solutions, online security, and customer service. These companies are prohibited from using personal information for purposes other than those clearly defined by DYNACRAFT or required by law and DYNACRAFT has entered into written contracts to ensure this.
DYNACRAFT may disclose personal information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, DYNACRAFT may also disclose personal information collected from children (i) in response to a law enforcement or a public agency’s (including schools or children services) request; (ii) if DYNACRAFT believes disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using the Site; (iii) to protect the security or integrity of the Site and other technology, as well as the technology of DYNACRAFT’s service providers; or (iv) enable DYNACRAFT to take precautions against liability.
Parents have the right to consent to the collection, use, and processing of their child’s personal information without also having to consent to the disclosure of that information to third parties as we do not share information with third parties other than as disclosed above.
HOW INFORMATION COLLECTED IS USED FOR CONSUMERS 13 OR OLDER
You do not have to share any personal information (like full name, e-mail address, home address, telephone number, etc.) to view the Site. The information collected by and through the Site is owned solely by DYNACRAFT. The information collected by and through the Site will be used solely by DYNACRAFT, its affiliated corporations, or other entities that are involved in the operation of this Site for DYNACRAFT’s internal purposes and is not sold or transferred to third parties. DYNACRAFT may use the information collected and provided, individually or in an aggregate form, as follows:
to personalize the Site according to your preferences based on the aggregated information;
to evaluate products and services DYNACRAFT may offer to you;
to deliver a product or service you requested, or to confirm or fulfill an order or request you have made;
to contact you about the Site;
to monitor or improve the use of the Site;
to customize the advertising and content you see;
to provide special offers to you from DYNACRAFT and/or its affiliates and other third parties; and to send you promotional material on behalf of DYNACRAFT and/or its affiliates and other third parties.
We may also collect information from you offline, such as when you order a catalogue, participate in a sweepstakes or contest, or make a purchase at a store. We may obtain customer lists, demographic and other information about you from commercial sources.
DYNACRAFT also uses technology to collect certain information automatically, like your Internet Protocol (“IP”) address (which is the automatic number assigned to your computer by your Internet service provider when you surf the Web, or unique device identifier (“UDID”), international mobile equipment identity (“IMEI”), mobile equipment identifier (“MEID”) or media access control “MAC”) address; computer operating system (e.g., Microsoft Windows, Mac OS); your browser (e.g., Internet Explorer, Firefox); websites visited before or after you visit the Site; pages viewed and activities at the Site; and advertisements shown or clicked on.
A. What Personal Information Does DYNACRAFT Collect from Consumers 13 and Older?
DYNACRAFT does not collect any personal contact information from you when you visit the Sits unless it is voluntarily provided, for instance when signing a guest book, registering for contests, sweepstakes, community areas, downloads, or free demos, completing our online customer surveys or purchasing products. The personal information DYNACRAFT asks for is usually first and last name, mailing address, phone number and an e-mail address. DYNACRAFT may also ask you to help us understand your interests by providing demographic information, like age, gender, or ZIP code, or information on hobbies and interests.
WITH WHOM INFORMATION IS SHARED
DYNACRAFT may share aggregate information such as demographics and Site usage statistics to other organizations. When this type of information is shared, the other parties do not have access to your personally identifiable information.
Opt-in and Opt-out Programs:
Throughout the Site you may be presented with opportunities to receive mailings from third parties or DYNACRAFT. An opt-in/opt-out message may ask you if you would like your information to be shared. If you do choose to have your information shared, please be aware that DYNACRAFT is not responsible for the privacy practices of these other companies, and you should review the privacy practices of such companies prior to providing your personally identifiable information. If you would not like your information to be shared with third parties, or if you would like to stop receiving mailings from third parties or DYNACRAFT, you may follow the instructions in the opt-out section below.
Third-Party Traffic Measurement Services:
The Site may use a third party to conduct traffic measurement services to analyze the traffic on the Site. Audience and traffic measurement services allow DYNACRAFT to collect anonymous traffic and behavior information from the Site by monitoring anonymous visitor activity. The traffic measurement services may themselves set and access their own cookies on your computer if you choose to have your cookies enabled in your browser. Other companies’ use of their cookies is subject to their own privacy policies, not this one.
DYNACRAFT may share your information (including, without limitation, personally identifiable information) with affiliates of DYNACRAFT.
The Site, DYNACRAFT and/or an affiliate or division of DYNACRAFT may be sold along with its assets, or other transactions may occur in which your personally identifiable information is one of the business assets transferred. In such a case, your personally identifiable information, which DYNACRAFT has gathered, may be one of the business assets DYNACRAFT transfers.
In the event DYNACRAFT is required to respond to subpoenas, court orders, or other legal process your personally identifiable information may be disclosed pursuant to such subpoena, court order, or legal process, which may be without notice to you.
Security and Encryption:
Technical and administrative measures are implemented to help protect personally identifiable information and other data on DYNACRAFT’s servers from unauthorized access, loss, or alteration. However, no server or transmission over the Internet can be guaranteed to be one hundred percent secure and whatever you transmit or disclose online can be collected and used by others or unlawfully intercepted by third parties. Therefore, any activity or communication is conducted at your own risk.
Third Party Links, Web Sites, and Cookies:
Additionally, DYNACRAFT may use advertising companies to develop banner ads for the Site. These ads may contain cookies. These companies collect cookies sent to your browser through the banner ads and DYNACRAFT does not have control or access to this data.
Notification of Changes:
Data Handling Policy for Amazon Information
"Amazon Information" means any information that is exposed by Amazon through the Marketplace APIs, Seller Central, or Amazon's public-facing websites. This data can be public or non-public, including Personally Identifiable Information about Amazon customers.
"Customer" means any person or entity who has purchased items or services from Amazon's public-facing websites.
"Seller" means any person or entity selling on Amazon's public-facing websites.
Dynacraft (referred to as “we” throughout this policy) are committed to protecting and respecting seller and customer privacy and keeping personal information secure.
This policy set out:
- details of the personal information that we may collect from you/Amazon (on your behalf);
- information about how we process, store, use, share, dispose your information (i.e. Data Protection and Privacy;
Please read this policy carefully to understand our views and practices regarding your personal data and how we treat it.
Who is this policy addressed to?
When we refer in this policy to ‘User’ we are referring to a user of our services through our portal/ website.
Information we may collect from you
We may collect and process the following data about you:
- On your behalf from E-commerce Channels: We collect information from E-commerce channels through API authorized by user on our portal/website. We only collects information which are required to process the data/information through our portal/website i.e. Order details, Invoice details, returns details, payment details, tax related details. We don’t collect personal information of customers i.e. Name, Mobile no., Address 1 & Address 2 etc. We strongly believe in data privacy of your customers.
- User company details/user details using our system and billing details of your organization
How we store/share/dispose your information (Data Protection and Privacy);
- Encryption and Storage. All PII is encrypted at rest using industry best practice standards AES-256. The cryptographic materials (e.g., encryption/decryption keys) and cryptographic capabilities used for encryption of PII at rest is only accessible to the processes and services. PII is not stored in removable media (e.g., USB) or unsecured public cloud applications (e.g., public links made available through Google Drive). Any printed documents containing PII should be securely disposed.
- Least Privilege Principle. We have implemented fine-grained access control mechanisms to allow granting rights to any party using the Application (e.g., access to a specific set of data at its custody) and the Application's operators (e.g., access to specific configuration and maintenance APIs such as kill switches) following the principle of least privilege. Application sections or features that vend PII must be protected under a unique access role, and access should be granted on a "need-to-know" basis.
- Logging and Monitoring. We gather logs to detect security-related events (e.g., access and authorization, intrusion attempts, configuration changes) to the Application and systems. We implements this logging mechanism on all channels (e.g., service APIs, storage-layer APIs, administrative dashboards) providing access to Amazon Information. All logs must have access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs themselves should not contain PII and must be retained for at least 90 days for reference in the case of a Security Incident. We has mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions (e.g., multiple unauthorized calls, unexpected request rate and data retrieval volume, and access to canary data records). We should perform investigation when monitoring alarms are triggered, and this should be documented in the Incident Response Plan.
- Network Protection. We have implemented network protection controls to deny access to unauthorized IP addresses and public access must be restricted only to approved users.
- Access Management. We assign a unique ID to each person with computer access to Amazon Information. Persons with access to data don’t create or use generic, shared, or default login credentials or user accounts. We review the list of people and services with access to Amazon Information on a regular basis (at least quarterly) and remove accounts that no longer require access. We restrict employees from storing Amazon data on personal devices. We maintain and enforce "account lockout" by detecting anomalous usage patterns and log-in attempts and disabling accounts with access to Amazon Information as needed.
- Encryption in Transit. We encrypt all Amazon Information in transit (e.g., when the data traverses a network, or is otherwise sent between hosts). This is accomplished using HTTP over TLS 1.2 (HTTPS). We enforce this security control on all applicable external endpoints used by customers as well as internal communication channels (e.g., data propagation channels among storage layer nodes, connections to external dependencies) and operational tooling. We disable communication channels which do not provide encryption in transit even if unused (e.g., removing the related dead code, configuring dependencies only with encrypted channels, and restricting access credentials to use of encrypted channels). We use data message-level encryption where channel encryption (e.g., using TLS) terminates in untrusted multi-tenant hardware (e.g., untrusted proxies).
- Incident Response Plan. We have and maintains a plan to detect and handle Security Incidents. Such plan identifies the incident response roles and responsibilities, defines incident types that may impact Amazon, defines incident response procedures for defined incident types, and defines an escalation path and procedures to escalate Security Incidents to Amazon. We review and verifies the plan every six (6) months and after any major infrastructure or system change. We investigate each Security Incident, and document the incident description, remediation actions, and associated corrective process/system controls implemented to prevent future recurrence.
We will inform Amazon via email firstname.lastname@example.org within 24 hours of detecting any Security Incidents.
- Request for Deletion or Return. We within no more than 72 hours after Amazon's request permanently, and securely delete (in accordance with industry-standard sanitization processes, e.g., NIST 800-88) or return Amazon Information upon and in accordance with Amazon's notice requiring deletion and/or return. We also permanently and securely deletes all live (online or network accessible) instances of Amazon Information within 30 days after Amazon's notice.
You have the option of reviewing, correcting, updating, modifying, and deleting your personally identifiable information at any time and as often as desired. This can be done by sending an opt-out message in an email to DYNACRAFT at email@example.com.
Unfortunately, to the extent that such information is also stored in other databases, we cannot always ensure that such corrections or deletions will reach the other databases. We will use all reasonable efforts to ensure that your information is removed from or corrected in DYNACRAFT’s records.