Online Store Privacy Policy
Last updated: July 7, 2023
THIS DOCUMENT IS AN INTEGRAL PART OF THE STORE’S TERMS OF SALE AND DOES NOT CONSTITUTE AN INDEPENDENT AGREEMENT. THE TERMS DEFINED IN THE TERMS OF SALE HAVE THE SAME MEANING IN THIS PRIVACY POLICY DOCUMENT.
Preamble
This Privacy policy applies to the website https://secretlair.wizards.com.
We are Scalefast Inc. (2100 Grand Ave. El Segundo CA 90245 - USA), the data controller for all data collected via this website, which we operate as authorized seller.
We respect the privacy of our customers, partners and suppliers of products or services and clients. The purpose of this privacy policy is to provide you with information concerning how we collect personal information when you use this website, and how we collect other information regarding your interaction with this website without identifying you as an individual; how we use, handle and disclose collected information; and choices you may have about the ways we collect and use that information. Our goal in handling personal information provided to us is also to comply with applicable data protection and privacy laws.
"Personal information" means information that identifies you personally, either alone or in combination with other information available to us.
Third Party Privacy Policies or Statements. If you access a website through which we offer products or services for sale, you will often see our web pages co-branded with the name and branding of the organization whose product you are purchasing. If the privacy policy or statement of one of our partners also appears on this website, this Privacy Policy will apply to our use of any information collected by us, and the privacy policy or statement of our partner will apply to any such information provided to that partner as contemplated by this Privacy Policy.
Which information do you collect?
We collect personal information you provide when you use this website. For instance, when you are providing information when you request information about a product or service available through this website, or when you purchase a product or service through this website; when you are entering a contest or a promotion, ordering a newsletter; and when you are downloading and/or registering products and/or signing up for additional services.
The information we collect may include, but is not limited to, your name, email address, IP address, billing and/or shipping address, phone number, payment account information, and other information about you submitted to verify who you are or to prevent fraud. If you call our customer service, we may collect personal information which you knowingly and voluntarily provide through your contact with our customer service representatives.
We furthermore collect information that is sent to us automatically by your web browser, which may include, without limitation, information that does not identify you personally (such as the date and time of your visit). The information we receive in this manner depends on the settings on your web browser. If you have created a user identity on one of your visits to this website, we may link the information provided by your browser to information that identifies you personally and use it for the purposes described below. Please review the settings of your web browser if you want to learn what information your browser sends or how to change your settings.
Most browsers are set by default and accept cookies, but you can choose to systematically accept or reject all cookies or only cookies from certain issuers. You may also configure your browser to accept or reject cookies on a case by case basis prior to their installation. You may also regularly delete cookies from your device terminal via your browser.
Remember to adjust the browser settings on each of your devices (tablets, smartphones, computers).
Each browser has its own way of managing cookies and cookies settings. Go to the “Help” menu of each browser to be informed of how to change cookie settings. For example:
- for Microsoft Edge™: https://support.microsoft.com/en-us/topic/adjust-privacy-settings-in-microsoft-edge-600ee799-081c-4ab7-b6c2-d8a9baeda3c4
- for Safari™: https://support.apple.com/safari
- for Chrome™: https://support.google.com/chrome/answer/95647
- for Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- for Opera™: https://help.opera.com/en/latest/web-preferences/#cookies
- for Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that setting your browser to disable cookies may restrict you from accessing certain features, pages, or areas of the website and we do not accept any liability for any consequences related to the settings you have chosen.
How do you collect this information?
We collect information that is typically not personally identifiable through the use of web technologies, including, without limitation, "session cookies", "persistent cookies", "localStorage", "sessionStorage", and "web beacons" (also referred to as "tracking pixels"). As the Internet evolves, we may implement and use different types of technologies for this purpose.
Cookies. When you visit this website, your computer may receive one or more "cookies" in order to help personalize and support your use of this website, our services, and/or the services of our partners. A "cookie" is a small text file that is transferred to your computer’s web browser by a web server, and can be read by a web server in the same domain at a later time. If you do not wish to receive cookies or wish to manage when you accept cookies in general, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. We provide more information on this in the "What are my choices?" section, below. Although you are not required to accept our cookies, if you set your browser to reject cookies, you may not be able to use all of the features and functionalities of this website.
Cookies allow a website to customize information that is presented to you through your use of this website (such as to display personalized content and targeted advertising to you on your future visits to this website), and to save time by storing information so you do not need to re-enter it during a later use of our website. We may place cookies on this site directly, or on behalf of the partner whose advertisement appears on this website or its service providers. In general, cookies do not identify you personally. However if you have created a user identity on one of your visits to this website, we may link the cookie to information that identifies you personally. We may use a combination of "session cookies" and "persistent cookies" on this website, further described below.
Session Cookies. A "session cookie" is a temporary cookie that expires when you close your browser. Assigning your computer a number facilitates the proper functioning of the features of our websites by permitting us to maintain a persistent "state" for your session. We use session cookies to collect anonymous information (i.e., information that does not identify you personally) about the ways visitors use this website – which pages they visit, which links they use, and how long they stay on each page. We analyze this information (known as "click-stream information") to better understand our visitors’ interests and needs and to improve the content and functionality of this website.
Persistent Cookies. Unlike a session cookie, a "persistent cookie" does not expire when you close your browser. It stays on your computer until the expiration date set in the cookie (for example, at the end of a calendar month) or until you delete it. Persistent cookies can be used to "tag" your computer so that the next time you visit (or someone using your computer visits), our server will recognize you, not by name, but by the "tag" on your computer. This will enable us to provide you with a personalized experience even if we do not know who you are. It will also allow us to collect more accurate information about the ways people use this website, for example, how people use this website on their first visit and how often they return. Using persistent cookies permits us to provide you with a more personalized shopping experience and, in some cases, may save you the trouble of re-entering information already in our database.
sessionStorage. sessionStorage and localStorage maintain a separate storage area for each available origin for the duration of the page session. The information stored in sessionStorage is removed when the browser is closed.
localStorage. The localStorage is a property that allows JavaScript sites and apps to save key-value pairs in a web browser with no expiration date. This means the data stored persists even after the user closes the browser or restarts the computer.
Web Beacons. When you visit this website, your computer may receive one or more "web beacons", to collect anonymous information about the use of this website by our visitors, and to deliver customized or targeted content to you on this website and through our partners. Web beacons are graphic images, usually no larger than a 1x1 pixel, placed at various locations on this website. They also help us identify browser types, search terms that bring visitors to our website, and the domain names of websites that refer traffic to us. We may place web beacons on this site directly, and may place web beacons on behalf of the partner whose branding appears on this website or its service providers. They also help us identify your IP address. The information collected by web beacons does not identify you personally. However, if you have created a user identity on one of your visits to this website, for example, by making a purchase, we may link the information we collect using web beacons to the information that identifies you personally and use it in the same ways as we use the information we collect using cookies. We also use web beacons to provide us with more information on any emails we send out. In particular, a web beacon in an email communication will send us information to let us know that you have received, opened, or acted upon an email you have chosen to receive from us.
Optimizely
- Company: The Optimizely group of companies, which comprises Episerver AB, Optimizely, Inc., Episerver Inc., Episerver GmbH, Zaius, Inc. (535 Mission St 14th floor, San Francisco, CA 94105, USA)
- Privacy policy: https://www.optimizely.com/legal/privacy-policy/
- Cookies policy: https://www.optimizely.com/legal/cookie-policy/
- Cookies used: https://support.optimizely.com/hc/en-us/articles/4410284260365-Cookies-and-localStorage-in-the-Optimizely-Web-Experimentation-and-Optimizely-Performance-Edge-snippets
Optimizely Web Experimentation. It is a platform that allows A/B testing experiments or multi-variant testing which is a marketing technique that involves comparing two or more versions of a web page or application to see which performs better.
- Company: Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Irlanda) (European Economic Area + Switzerland) / Google LLC (600 Amphitheatre Parkway Mountain View, CA 94043, USA)
- Privacy policy: https://policies.google.com/privacy
- Cookies policy: https://policies.google.com/technologies/cookies#how-google-uses-cookies
- Cookies used: https://business.safety.google/adscookies/
Google Analytics. Google Analytics helps measure the number of visitors and see how they use the website, which helps improve the website. The information collected with this tool is anonymous and aggregated which means it cannot identify you specifically.
Google Doubleclick Floodlight. Floodlight can be used for conversion and event tracking across Google Marketing Platform (including Campaign Manager 360, Display & Video 360, and Search Ads 360). Floodlight allows to monitor and report on conversions. For example, the actions users take interacting with ads. Also to create audiences (in some cases). For example, lists of users who've performed specific actions on the site.
YouTube. YouTube is a web platform where registered users can upload videos and share them with anyone who can access the site. These videos can also be embedded and shared on other websites.
Meta
Meta is an American multinational technology conglomerate. The company owns Facebook, Instagram, and WhatsApp, among other products and services.
- Company: Meta Platforms Ireland Limited (Europe) / Meta Platforms, Inc. (One Hacker Way Menlo Park, CA 94025, USA)
- Privacy policy: https://www.facebook.com/privacy/policy
- Cookies policy: https://www.facebook.com/privacy/policies/cookies
Meta pixel. The Meta Pixel (formerly known as Facebook pixel) is a piece of code on a website that can help better understand the effectiveness of advertising campaigns and the actions users take on the site, like visiting a page or adding an item to their cart. It also allows to see when customers took an action after seeing an ad on Facebook and Instagram, which helps with retargeting.
Twitter is a social media platform launched in 2006; users can communicate through short-form messages known as Tweets.
- Company: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
- Privacy policy: https://twitter.com/en/privacy
- Cookies policy: https://help.twitter.com/en/rules-and-policies/twitter-cookies
- Cookies used: https://help.twitter.com/en/rules-and-policies/twitter-cookies
Twitter Analytics. Twitter Analytics metrics help to understand the performance of the content promoted on Twitter. This includes information such as impressions, clicks, video views, and spend. In addition, it allows detailed metrics for various segments of the audience reached.
Twitter Advertising. Twitter Advertising is a function of Twitter social media platform; it allows advertisers to target content and promotions to Twitter users.
Twitter Conversion Tracking. Twitter Conversion Tracking allows to measure the return on ad spend by tracking the actions people take after viewing or engaging with the ads on Twitter. The conversion events allow to report on the performance of the campaigns and can also be used to help better optimize and target the ads.
Air360
- Company: Scalefast Inc.
- Privacy policy: https://www.air360.io/en/privacy-policy/
Air360. Air360 is an eCommerce experience analysis tool, owned by Scalefast Inc., that makes it easy to understand customer experience on a website. It reveals customer behaviors that are invisible to conventional analysis methods, enabling us to create a more user-friendly website.
Hotjar
- Company: Hotjar Limited (Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta)
- Privacy policy: https://www.hotjar.com/legal/policies/privacy/
- Cookies used: https://help.hotjar.com/hc/en-us/articles/6952777582999-Cookies-Set-by-the-Hotjar-Tracking-Code
Hotjar uses heatmaps, recordings, surveys and other tools to provide data and insights to know how the users are behaving on the website, find issues in the purchase funnel, get feedback, etc.
What use are you making of the personal information collected?
We may use personal information collected by us for the following purposes:
- to contact you if you have requested information or communication from us;
- to determine the country in which you are located for compliance purposes (including without limitation export compliance) and for security, anti-piracy, and fraud prevention purposes;
- to help verify that existing personal information about you, in our possession, is accurate and complete;
- to provide you with product updates and upgrades, special offers, pricing information, newsletters, and other information, either on our own behalf or in some cases on behalf of a partner or client acting as their agent, where you have consented to receive it;
- to undertake any other promotional activity in the case you have consented to receiving and participating to such promotional activity;
- in connection with keys, access codes or other information as may be required to permit you to access the websites or services of our partners to receive products, updates or services;
- to verify compliance with applicable laws, rules and regulations;
- if you visit this website for the purposes of conducting a purchase transaction:
- to take, verify, process or deliver your order, process or obtain payment, verify your tax or tax exempt status, contest chargebacks, determine your eligibility for a line of credit, or notify you of the status of your order;
- for fraud and piracy prevention purposes;
- to provide you, to the extent permitted by law, with a personalized shopping experience;
- to register your purchase with the manufacturer or service provider for warranty, technical support or similar purposes;
- to provide notice of your purchase to the provider of an online service for which you purchase a service use right from us, for example, in order for the service provider to enable your access to the service;
- for you to establish an account for future purchases, if you have consented to the creation of such an account;
- to facilitate the renewal of your subscriptions for products or services; and
- to provide you with effective customer service (which may to the extent and in a manner permitted by applicable law, include contacting visitors who commence but do not complete a checkout process to follow up on the incomplete session or to see if there was a problem with their use of this website), and/or technical support.
We justify our processing of personal data on the following legal bases: (i) performing of a contract to which you are a party, or (ii) performing a legal obligation to which we are subject, or (iii) pursuing our legitimate interests and those of third parties, i.e. improving and managing our products and services, administering our websites, obtaining professional advice to protect our business, sending communications to promote our products and services.
We keep your personal information only as long as we need it for the purposes for which it was originally collected (or to which you have subsequently consented), for other legitimate purposes (such as regulatory compliance), and as permitted or required by applicable law. We will observe applicable law and take reasonable steps to ensure any person or entity receiving personal information for the purposes described above, are obligated to protect and keep secure the personal information on your behalf.
To facilitate this online store Secret Lair, which is operated by Scalefast, we implemented a Single Sign On process, which confirms your identity by checking your email address and account ID within Scalefast and Wizards of the Coast.
What use are you making of the anonymous information you collect?
We may use anonymous information collected by us:
- to personalize and support your use of this website, our services, and/or the services of our partners;
- to improve this website, the customer experience, our advertising systems, and our products and services;
- to identify actions or transactions as originating through an affiliate marketing or referral program;
- to deliver targeted advertisements on this website and other websites;
- to provide reporting to our current and prospective partners and service providers; and
- for other historical, statistical or research and analyses purposes.
Our Partners. When we make products available for sale through a website, we are doing so as an independent e-commerce reseller of, or service provider for, the partner whose name and/or logo appears on the particular website. In connection with your purchase of a product or service through an online store we operate that is co-branded with our partner’s branding, we will provide certain personal information and/or anonymous information you provide in connection with your purchase to that partner for reporting purposes, to allow our partner or its service provider to register your purchase, to enable your access to products or services provided by our partner or its suppliers, to facilitate warranty, technical support or after-sales service, to allow our partner or its subcontractor to send communications to you if you have consented to receive them, to allow our partner or its service provider to provide services in connection with this website such as customer support or single sign-on functionality on this website and our partner’s website, or for similar purposes in order to fulfill obligations to you. We may also provide some of the personal information you provide in connection with your purchase to the publisher or manufacturer of a product you purchase, or operator of a service for which you purchase a service use right from us, if different than the partner whose name and/or logo appears on this website. The privacy policy of our partner, and of the publisher, manufacturer or operator of the product or service you purchase, will govern how that party uses and protects any of your personal information that we provide to them.
Our Service Providers. We use other companies to provide joint services or certain services to us or on our behalf and help us to operate our business. For example, to the extent permitted by applicable law we may use our corporate affiliates and/or other companies to host or maintain this website, to process credit card payments, to provide fraud screening and/or detection services, to perform data integrity checks, to offer you a line of credit, to provide website optimization services, to fulfill your order, for payment collection, to deliver advertisements on this website and third party websites, to send mail or email, and/or to provide customer service. We may share your information with our service providers in connection with their provision of services to us. These companies are required by contract to use any information we share with them only to perform services to us or on our behalf and to protect the confidentiality of your personal information. We will not share your personal information with our affiliates or unrelated third parties to use for their own marketing purposes without your consent.
To Comply With Legal Requirements, Cooperate With Law Enforcement, Prevent Fraud and Other Crimes, and Protect Legal Rights, Property, You and Others. To the extent permitted by applicable law, we may disclose the personal information we collect on this website without notifying you when we, in good faith, believe disclosure is appropriate to comply with the law or a regulatory requirement; to comply with governmental, administrative or judicial process, requirement or order, such as a subpoena or court order; to cooperate with law enforcement or other governmental investigations (without necessarily requiring the law enforcement or government agency requesting the information to formally serve us with a subpoena); to prevent or investigate a possible crime, such as fraud or identity theft; to enforce a contract; to protect our legal rights, property or safety, our corporate affiliates, and their respective employees, clients and partners and agents, other users or the public in general; or to protect your vital interests if determined necessary by us. In addition, we may review our server logs for security purposes, such as detecting intrusions into our network. If we suspect criminal activity, we may share our server logs – which contain visitors’ IP addresses – with the appropriate investigative authorities who may use that information to trace and identify individuals. We also reserve the right to report to appropriate law enforcement or government agencies any activities that we, in good faith, believe are or may be in violation of applicable laws, rules or regulations without providing notice to you.
In Connection With Corporate Events. If one of our corporate affiliates or a third party has acquired our business, specific assets or the business of one of our operating divisions through which you have provided information to us, for example, as the result of a sale, merger, reorganization, insolvency, dissolution or liquidation, your personal information will become owned by that company. In that event, the acquiring company’s use of your personal information will still be subject to this Privacy policy, any applicable Supplemental Privacy Notices, and the privacy preferences you have expressed to us.
What are my choices?
We respect your right to make choices about the ways we collect, use and disclose information about you. We generally ask you to indicate your choices at the time and on the page where you provide your personal information.
When you provide personal information, we may offer you a choice as to whether you would like to receive further communications from us and/or from our partners, such as communications related to updates, upgrades, special offers and pricing. You have the right to withdraw your consent at any time. If you decide you no longer want to receive promotional messages from us, you may let us know via the contact form on our website www.scalefast.com; please specify which consent you are revoking in your email to us. Please note, however, if you give us permission to add your contact information to the Merchant’s mailing list and later withdraw your permission, you will have to contact the Merchant (or use the "opt-out" provided in the emails the Merchant sends you) to have your name removed from the Merchant's mailing lists.
If you accept a session or persistent cookie, you can delete it at any time through your web browser (e.g., as soon as you leave our website). If you do not wish to receive cookies or wish to manage when you accept cookies in general, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. Although you are not required to accept our cookies, if you set your browser to reject cookies, you may not be able to use all of the features and functionalities of this website.
We and our partners use third party service providers, to serve ads on our behalf across the Internet, and sometimes on this website. These ads may collect anonymous information about your visits to the website on which such ad is placed, your interaction with these ads and the products and services offered by us, our partners and our suppliers through the use of a pixel tag or other web technologies. We and our partners may use this anonymous information to provide targeted advertisements to you for goods and services. If you opt out of having your information collected through cookies, web beacons and other tools, a new cookie will attempt to be placed that instructs service providers not to track your future activities when that cookie is detected (a "no-track" cookie). If your browsers are configured to reject cookies when you visit our opt-out page, a "no-track" cookie cannot be set on your computer. Also, if you subsequently erase "no-track" cookies, use a different computer or change web browsers, you will need to opt-out again.
In certain circumstances, where you do not provide personal data which is required, we will not be able to provide the products and services under our contract with you or may not be able to comply with a legal obligation on us. We will make it clear if and when this situation arises and what the consequences of not providing the personal data will be.
Privacy Notice to California Residents
If you are a resident of California, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by Scalefast, Inc. or its subsidiaries to a third party for the third party's direct marketing purposes. This right granted to California residents applies only to their activities within the State of California. To make such a request, please click privacy@scalefast.com; In your request, please specify the name of the partner whose name and/or logo appears on this website to which your request pertains. If no company is specified, we will treat your request as pertaining to Scalefast, Inc.
How do you secure my personal information?
We are committed to keeping personal information secure. We have implemented physical, technical and administrative safeguards reasonably designed to protect your personal information from unauthorized access and disclosure. When we collect or transmit sensitive information such as a financial account number, we use industry standard methods to protect that information. It is important that you understand, however, that no website, database or system is completely secure or "hacker proof." You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse, for example, by protecting your password.
Different countries have different privacy laws and requirements. Please know, however, that no matter where your personal information is collected, used, transferred or stored, if it was collected through this website, it will be protected by us in accordance with the terms of this Privacy Policy and applicable laws, rules and regulations.
What are my rights?
You have certain rights in relation to your personal data. Some of these rights will only apply in certain circumstances. If an individual would like to exercise, or discuss, any of these rights, he should submit his request in writing or email to privacy@scalefast.com and provide sufficient information to allow us to understand the scope of the request.
- Access: you are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it.
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected.
- Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
- Restriction: you are entitled to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
- Transfer: you are entitled to request the transfer of your personal data to another third party in limited circumstances.
- Objection: where we are processing personal data based on legitimate interests (or those of a third party) you may challenge this. However, we may be entitled to continue processing personal data based on our compelling legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing personal data for direct marketing purposes.
- Automated decisions: you are entitled to contest any automated decision made about you where this has a legal or similarly significant effect and ask for it to be reconsidered.
- Supervisory Authority: you also have a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where you work or where an alleged infringement of Data Protection Legislation has taken place.
- Determine guidelines as to the use of your personal data after your death: you have a right to determine guidelines as to the storage, erasure and communication of your personal data after your death. These guidelines may be general or specific.
What is your policy regarding children’s privacy?
This website is not directed at nor targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use this website unless supervised by an adult. Our goal is to comply with applicable laws and regulations relating to collection and use of information from children as such term is defined by applicable laws. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately by email to privacy@scalefast.com, and we will take reasonable steps to remove that information from our databases.
Transfers of personal information to outside of the European Union
Your personal information may be transferred to our affiliates and to third parties that provide us with products or services‒ such as the partner whose name and/or logo appears on this website‒ which are located outside the European Union and in particular in the United States.
When your personal information is transferred to a party located in a country that does not provide for a level of data protection that is sufficient according to European Union standards, such transfer will be made on a data transfer agreement based on the standard contractual clauses approved by the European Commission, copies of which are available on demand by sending an email to privacy@scalefast.com.
Additional information
If you have any questions, comments, or concerns regarding this Privacy policy or our privacy practices, or have privacy-related questions not answered online, you may contact us by any of the following means:
- Via our contact form on our website www.scalefast.com.
- By email, click here.
By using this website or submitting personal information to us through this website, you are consenting to the collection, use, transfer, and disclosure of information as described in this privacy policy.
We may occasionally update this Privacy policy. These updates may reflect, among other things, changes in applicable laws, rules or regulations, changes to our data collection practices, and/or changes to our business or services. Changes to our Privacy policy will become effective 30 days after posting and will only apply to your personal information we hold if you use the site after the revised statement becomes effective. If revisions to the Privacy policy materially affect how we may use Personal Information collected from you prior to the date of the revised statement, then we will request that you opt-in to the revised Privacy policy. We will post an updated version of this Privacy policy on the website with a revised effective date, to let you know that we have updated the Privacy policy.