Skip to content

Privacy Policy

Effective Date: January 1, 2020

Last Modified: August 8, 2023

 

TABLE OF CONTENTS

Introduction

Information We Collect

Where We Collect Your Information From

How We Use Personal Information

Data Security

Selling and Sharing of Personal Information

Your Choices

Children Under the Age Of 13

Our Website May Have Third Party Links

Changes To Our Privacy Policy

Contact Information

State Privacy Rights

The Rights of California Consumers

The Rights of Virginia, Colorado, Connecticut, and Utah Residents

Introduction

Red Ribbon Bakeshop, Inc. and its affiliates (collectively, “Red Ribbon,” “we,” or “our”) recognizes and respects your privacy and is committed to protecting it.  We have developed certain privacy practices to maintain these standards and to comply with applicable laws, rules, and regulations.

This Privacy Policy describes our privacy practices with respect to the personal information we collect, including the categories of information we may collect from you when you visit the Red Ribbon Website at https://redribbonbakeshop.com/  (the “Website”), use the Red Ribbon mobile application (“Mobile App”), or use or visit any other online services or programs where the Red Ribbon Terms & Conditions or this Privacy Policy is posted or linked (collectively, the “Online Services”).  This Privacy Policy also describes the purposes for which we collect personal information, how we use or process the personal information we collect, with whom we sell or share it, and the rights you have regarding your personal information and how you can exercise them.

Please read this Privacy Policy carefully.  By using the Online Services, you agree to the terms of this Privacy Policy.  If you do not agree with the terms of this Privacy Policy, please do not use the Online Services. 

If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, please review your state-specific sections below, which apply to visitors, users, and others who reside in such States.          

Information We Collect

This Privacy Policy applies to information we collect:

  • On our Website.
  • In email, text, and other electronic communications between you and us, including between you and our Website, you and our mobile application, and you and our social media pages.
  • Through our mobile application you download from the App Store or Google Play.
  • When you register for online promotions or participate in rewards programs, online programs, surveys, or other transactions or activities.
  • When you use or visit any other online services or programs where the Red Ribbon Terms and Conditions or Privacy Policy is posted or linked.
  • Through or as a result of your entry upon any of our facilities or in connection with our operations, or attendance at an event organized or hosted by us.
  • As a result of any sales, purchases, or other transactions made through us or through a third-party delivery service.

It does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on our Website.

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”).  In particular, Red Ribbon collects and has collected from its consumers within the last twelve (12) months the following categories of Personal Information:

  • Personal identifiers you provide when you provide information for orders or registration via our Website or mobile application, including your first and last name, alias, address, email address, telephone number, date of birth, fingerprint(s), gender, account name, online identifier, or any personal identifiers you provide to us when communicating with us.
  • Transaction information you provide when you make a purchase from us, such as your first and last name, alias, address, telephone number, email address, and payment or financial information.
  • Financial information you provide for payment information when you make a purchase from the Company, including through our Website or mobile application, such as your bank account number, debit card number, and/or credit card number.
  • Records of commercial information such as your current and historical point-of-sale transactions and product purchases from us.
  • Internet connectivity, usage, and activity information about your use, and the use by any person(s) you authorize, of our Website or mobile application, including the content you view, browser device and type, unique device identifier and/or Internet Protocol (IP) address, and information about your interactions with our Website or mobile application.
  • Internet or other electronic network activity information, including, but not limited to, IP addresses, browsing history, search history, cookies, information about your interaction with our Websites or mobile application, and geolocation data. 

In addition, we may collect the following categories of Sensitive Personal Information:

  • Location information, including geolocation information provided through our Website’s server logs, our mobile application, and through Google Analytics for our Website by your device interacting with our Website, or associated with your Internet Protocol (IP) address, where we are permitted by law to process this information.
  • Sensory data observed on general business security video surveillance at our facilities and operations and within our properties for the security and safety of our employees, customers, operations, assets, resources, and communities.

Red Ribbon obtains the categories of Personal Information listed above:

  • Directly from you.  We collect information you provide to us when you inquire about our goods or services; register with us; place orders; participate in rewards programs, online programs, surveys, or other transactions or activities; through the billing and contact information you provide to us; communicate or otherwise interact with us through telephone, email or other electronic communication; through the use of our Website, our mobile application, our social media pages, or in person.
  • Indirectly from you.  We collect information from you, your household, or devices associated with you or your household through your use and actions on our Website, persistent cookies on our Website, and third-party analytics for our Website, as well as publicly available sources of information.

Personal information does not include:

  • Publicly available information.
  • Lawfully obtained, truthful information that is a matter of public concern.
  • Deidentified or aggregated consumer information.
  • Information excluded from the scope of “personal information” or “personal data” under applicable privacy laws.

Employment-Related Information We Collect:

 

We may also collect Personal Information relating to employment, hiring, or recruiting from job applicants or current employees, and may retain Personal Information of past employees as reasonably necessary for our legal and compliance purposes.  Such information includes information we collect from background checks, employment eligibility verifications, and other information we may collect at time of hire as part of our regular onboarding process.  We may also collect employee Personal Information for purposes of interviews, employee payroll, timekeeping, benefits administration, employee taxes, office administration, or expense reporting and processing.  Personal Information we may collect relating to employees includes:

  • Personal identifiers, such as last name, alias, address, email address, telephone number, date of birth, or any personal identifiers you provide to us in relation to your employment or potential employment with us.
  • Employment history.
  • Driver’s license information.
  • Bank account information.
  • Health insurance information.
  • Demographic information such as gender, familial status, and citizenship status, for governmental reporting and/or insurance benefits purposes.
  • Biometric information such as fingerprints, for purposes of employee clocking in/out.
  • Social Security Number for tax purposes.
  • Wage garnishments and information contained in related court orders.

 

How We Use Personal Information

We may use or disclose the Personal Information (including Sensitive Personal Information) we collect for one or more of the following purposes:

  • To fulfill or meet the reason you provided the information.  For example, if you share your name and contact information to ask a question about our products or services, or communicate with us through email, our Website, our mobile application, our social media pages, or by telephone, we will use that Personal Information to respond to your inquiry and communicate with you.  If you provide your Personal Information to make a purchase, we will use that information to process your payment and facilitate delivery or otherwise complete the purchase.  We may also save your information to facilitate new purchases by you or process your requests.
  • To have a means of communicating with you about transactions with us and send you information or request feedback about your purchases, our services, and features on our Website and mobile applications, or changes to our policies.
  • Register you for an account on the Online Services, including a Rewards or other loyalty program account, and manage and maintain your account;
  • Administer surveys, contests, sweepstakes, or other promotions through our Online Services or through social media;
  • To send you offers and promotions for our products and services.
  • To provide, support, personalize, and develop our Website, mobile application, social media pages, products, and services.
  • Send you emails or other information or materials you request;
  • To create, manage, maintain, customize, and secure your account with us.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your Website and mobile application experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and advertisements through our Website, our mobile application, third-party sites, and via email or text message (with your consent, where required by law).
  • To help maintain the safety, security, and integrity of our Website, our mobile application, products and services, databases and other technology assets, our facilities and stores, and our business.
  • For testing, research, analysis, and product development, including to develop and improve our Website, mobile application, products, services, and business.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To comply with applicable legal requirements and industry standards.
  • As described to you when collecting your Personal Information or as otherwise set forth under applicable privacy laws.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, sale, or transfer of some or all of Red Ribbon’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Red Ribbon about our Website users, mobile application users, and other consumers is among the assets transferred.

Red Ribbon will not collect additional categories of Personal Information or use the Personal Information we collected for any purposes that are incompatible with the purposes listed above without first providing you notice.

Selling and Sharing of Personal Information

RED Ribbon does not sell your Personal Information To any third parties, and has not sold your Personal Information in the past twelve (12) months.  Red Ribbon may share Personal Information with selected third parties, including social media, advertising, and analytics partners, for marketing-related services.  We may disclose your Personal Information, including your email address, to third parties for our digital marking efforts, including for the purposes of targeted advertisements and to provide communications, offers, promotions and/or services that are tailored to your preferences.  Within the past twelve (12) months, we may have disclosed certain categories of Personal Information to third parties who provide marketing and advertising-related services to Red Ribbon. 

We may also disclose Personal Information with our trusted service providers and contractors who process or receive the information for their operational purposes.  We disclose Personal Information to such service providers for the limited and specified purpose of enabling them to fulfill their service function to us (including, but not limited to, processing or fulfilling your orders and transactions, verifying your information, processing payments, or providing similar services on our behalf). 

In addition, we may disclose deidentified or aggregated information (which does not identify you or any other individual) without restriction.  We may also disclose Personal Information to our affiliates, agents, representatives, and franchisees, to be used for any of the purposes indicated at the time we collect such information.  We may also disclose your Personal Information to (1) comply with any court order, law, or legal process, including to respond to any government or regulatory request, and/or (2) if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Red Ribbon, users and visitors of our Website and mobile application, or others.

 Data Security

The security, integrity, and confidentiality of your personal information are extremely important to us.  Red Ribbon has implemented technical and administrative security measures that are designed to protect personal information from unauthorized or illegal access, destruction, disclosure, use, or modification.  Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.

Data Retention

We retain Personal Information only for the length of time as is reasonably necessary and proportionate to achieve the purposes described in this Privacy Policy.  We may also retain Personal Information for other necessary legal purposes such as complying with our legal obligations, resolving disputes, enforcing our agreements, preventing fraud, and other purposes permitted by law.

Your Choices

We offer you the following choices about what information we collect from you and how we communicate with you:

Cookies. If you would like to opt out of collection via cookies, you may broadcast an opt-out preference signal through your browser.  Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies.  To do so, please follow the instructions in your browser settings.  Please note, however, that without cookies you may not be able to take full advantage of all of the Red Ribbon Website’s features. 

Promotional Emails. If we have sent you a marketing email, you may choose not to receive additional marketing emails from us by following the unsubscribe instructions contained in each email. Upon receipt and processing of an opt-out request, Red Ribbon will, within a commercially reasonable amount of time, remove your information from any email lists used to provide you with special offers from Red Ribbon or its affiliates in the future.

Web Analytics. You may opt-out of the aggregation and analysis of data collected about you on the Red Ribbon Website by our web analytics vendor by visiting https://tools.google.com/dlpage/gaoptout and downloading and installing the Google Analytics Opt-out Browser Add-on.

                Children Under the Age of 13

The Online Services is not directed to, and Red Ribbon does not knowingly collect or solicit Personal Information from, children under the age of 13.  If we learn we have collected or received personal information from a child under the age of 13, we will delete that information. If you believe we might have any information from or about a child under the age of 13, please contact us at [email protected]

Our Website May Have Third Party Links

Our Website and mobile application may have links to third-party content. We do not control that content or the third party’s privacy practices. We encourage you to read their privacy policies to understand how they use your information.

Changes to Our Privacy Policy

Red Ribbon reserves the right to amend this Privacy Policy at our discretion and at any time.  We may change this policy from time to time.  When we make changes to this Privacy Policy, we will post the updated notice on our Website and update the notice’s effective date.  Your continued use of our Website, our mobile application, Online Services, and/or submitting information to us following the posting of changes is deemed to be acceptance of those changes, so please check the notice periodically for updates.

Contact Information

If you have any questions or comments about this notice, the ways in which Red Ribbon collects and uses your information, or wish to exercise your rights under California law, please do not hesitate to contact us at: [email protected].

STATE PRIVACY RIGHTS

The Rights of California Consumers

The California Consumer Privacy Act of 2018 (as amended and expanded by the California Privacy Rights Act of 2020) (the "CCPA”) provides California residents who are “consumers,” as defined in the CCPA, with specific rights regarding their Personal Information.  This section of this Privacy Notice describes the rights of “consumers,” as provided under the CCPA, and explains how California consumers can exercise those rights (“CCPA Privacy Notice”).  Any terms defined in the CCPA have the same meaning when used in this CCPA Privacy Notice.  Consumers with disabilities may access this CCPA Privacy Notice in an alternative format by contacting Red Ribbon through any one of the methods set forth below.

Right to Request Disclosure About the Personal Information Collected, Sold, or Shared About You

Consumers, as defined in the CCPA, have the right to request that Red Ribbon disclose certain information to them about our collection and use of your Personal Information over the past twelve (12) months. Once we have received and verified a request from you for such, we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources from which the Personal Information is collected;
  • Our business or commercial purpose for collecting, selling, or sharing that Personal Information.
  • The categories of third parties to whom we disclose that Personal Information, if any.
  • The specific pieces of Personal Information we collected about you (also called a data portability request).

 

In addition, you have the right to request that Red Ribbon disclose any Personal Information we collect about you that is sold or shared to a third party and to whom over the past twelve (12) months.   Once we have received and verified your request for such information, we will disclose to you:

  • The categories of personal information that we collect about you.
  • The categories of personal information that we sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared.
  • The categories of personal information that we disclosed about the consumer for a business purpose and the categories of persons to whom it was disclosed for a business purpose.

You may request that we disclose the required information beyond the 12-month period, in which case we will provide that information unless doing so proves impossible or would involve a disproportionate effort.  Your request for required information beyond the 12-month period, and our obligation to provide that information, shall only apply to personal information collected on or after January 1, 2022.

However, Red Ribbon will not at any time in response to a request disclose a consumer’s financial account number or an account password, or security questions and answers.

Red Ribbon is not required to retain any Personal Information collected for a single, one-time transaction, if the information is not regularly retained by Red Ribbon, or re-identify any anonymous or de-identified information, in order to disclose that information to you.

Right to Request Deletion of Personal Information

Consumers have the right to request that Red Ribbon delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we have received and verified your identity and request for deletion, we will delete your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is reasonably necessary for us, our service provider(s), or contractor(s) to:

  1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested or that you reasonably anticipate within the context of our ongoing business relationship with you, or otherwise perform any contract we have with you.
  2. Help to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the ability to complete such research, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information.
  8. Comply with a legal obligation.

We may also maintain a confidential record of your deletion requests for the sole purpose of preventing your personal information from being sold, for compliance with laws, or for other purposes, to the extent permissible under the CCPA.

Right to Request Correction of Inaccurate Personal Information

California consumers also have the right to request that we correct any inaccurate Personal Information about them, taking into account the nature of the personal information and the purposes of the processing of the personal information.  If we have received and verified a request for correction from you, we will use commercially reasonable efforts to correct the inaccurate personal information as directed by you, and in accordance with the guidelines of the CCPA.

Exercising Access, Deletion, and Correction Rights

If you are a California resident and you wish to exercise your (i) right to know what Personal Information is being collected and to access Personal Information, (ii) right to know what Personal Information is sold or shared and to whom, (iii) right to delete Personal Information, or (iv) right to correct inaccurate Personal Information, you will need to submit a verifiable consumer request (as defined under the CCPA) so that Red Ribbon is able to corroborate your identity and provide your information to you.

To exercise your rights described above, please submit a verifiable consumer request by:

  • Calling us toll free at 888.308.1829
  • Emailing us at [email protected].
  • Submitting a request via this link.

You may only make a verifiable consumer request to know what Personal Information is being collected and to access Personal Information, or to know what Personal Information is sold or shared and to whom, twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If reasonably necessary, we may extend our time to respond for an additional forty-five (45) days, and we will inform you of the extension within the initial forty-five (45) day period.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Our response may also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format that is easily understandable to the average consumer, and to the extent technically feasible, in a structured, commonly used, machine-readable format that may also be transmitted to another entity at the consumer’s request without hindrance.

Right to Opt-Out of Sale or Sharing of Personal Information

As provided above, we may disclose your Personal Information to selected third parties for marketing and targeted advertising purposes.  Under the CCPA (as amended by the CPRA), this may constitute the “sale” or “sharing” of your personal information.  You have the right to direct us to not sell or share your Personal Information at any time (the “right to opt-out”).  To exercise your right to opt-out of the sale or sharing of your personal information, you (or your authorized representative) may submit a request to us by visiting this link.  You may opt back in to Personal Information sales at any time.  Further, we use Google Analytics to understand how you use our Website.  This includes looking at where a visitor comes from and where they go when they leave our Website.  Google provides an opt-out for this tool here.

We do not sell or share the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer younger than 13 years of age.  Consumers who opt-in to personal information sales may opt-out of future sales or sharing at any time.

Right to Limit Use and Disclosure of Sensitive Personal Information

Consumers have the right, at any time, to direct a business that collects sensitive personal information about the consumer to limit the business’s use of the consumer’s sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, to perform certain business purposes as authorized under the CCPA, and as authorized by regulations adopted by the California Attorney General.

If you direct us not to use or disclose your sensitive personal information (except for the authorized purposes identified above), we will not use your sensitive personal information for any other purpose after our receipt of your direction, unless you subsequently provide consent for the use or disclosure of your sensitive personal information for additional purposes.

To exercise your right to limit the use or disclosure of your sensitive personal information, you (or your authorized representative) may submit a request to us by visiting this link.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.  Unless permitted by the CCPA, in response to you exercising your rights, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA and CPRA that can result in different prices, rates, or quality levels. Any CCPA and CPRA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

The Rights of Virginia, Colorado, Connecticut, and Utah Residents

This Privacy Notice for Virginia, Colorado, Connecticut, and Utah Residents supplements the information contained above.  This supplement for Virginia, Colorado, Connecticut, and Utah applies solely to all visitors, users, and others who reside in these states (“consumers” or “you”).  

If you reside in any of these states, you may take advantage of the following rights in accordance with each state’s applicable laws:

  • Right to Know/Access. You may request to confirm whether we process your personal data and to access such personal data.
  • Right to Deletion. You may request that we delete personal data you provide by or obtained about you.
  • Right to Correction of Inaccurate Data. You may request that we correct inaccurate personal data about you, taking into account the nature of the personal data and the purposes of the processing of the consumer's personal data.
  • Right to Data Portability.  You may request to obtain a copy of your personal data that you previously provided to us and to receive it in a portable and, to the extent technically feasible, readily usable format that would allow you to transmit the data to another controller without hindrance, where the processing is carried out by automated means;
  • Right to Opt Out of Sale, Profiling, and Processing for Targeted Advertising. You have the right to opt out of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.  

To exercise any of your rights described above, please submit a consumer request by:

  • Calling us toll free at 888.308.1829
  • Emailing us at [email protected].
  • Submitting a request via this link.

A known child's parent or legal guardian may invoke such consumer rights on behalf of the child regarding processing personal data belonging to the known child. 

We respond to authenticated consumer requests without undue delay, and within 45 days of receipt of the request, pursuant to the methods described in the Virginia CDPA.  We may extend the response period once by 45 additional days when reasonably necessary, considering the complexity and number of your requests, and if we do so, we will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

The information we provide in response to an authenticated consumer request will provided free of charge, up to twice annually per consumer.  If a consumer’s request is manifestly unfounded, excessive, or repetitive, we may charge the consumer a reasonable fee to cover the administrative costs of complying with the request or decline to act on the request.  We will take reasonable steps to authenticate your identity prior to responding to your requests. The authentication process will vary depending on the sensitivity of the personal information and whether you have an account with us.  We will use commercially reasonable efforts to authenticate the identity of authorized agents and their authority to submit requests on your behalf.  

We are not required to fulfill a request, may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations.  In the event we deny your request, you have the right to submit an appeal if you are not satisfied with the outcome.  You must submit your appeal within a reasonable time after receiving our decision to deny your request.  You may submit an appeal by contacting us via either of the two contact methods listed above.