Effective as of March 19, 2021
- What is Sunlighten?
- Collecting and Using Information
- Cookies and Other Tracking Technologies
- Third Party Processors
- International Data Transfers
- “Do Not Track” Signals
- Advertising and Marketing Choices
- Third Party Links
- Children’s Privacy
- Your Choices and Rights
- Your Personal Data and Your Rights –Europe and the United Kingdom Only
- Your Personal Data and Your Rights –United States Only (Including California)
- How to Contact Us
1.What is Sunlighten?
Sunlighten was founded as a result of a personal healing experience with infrared therapy. For more than a decade, founder Jason Lincoln Jeffers suffered from chronic illness and relied on traditional medicine to manage his condition. It was only when he discovered infrared saunas that he truly began to heal. Jason founded Sunlight Saunas (now Sunlighten) in 1999 to make more people aware of the remarkable healing power of infrared that he personally experienced. Today the company continues to innovate even greater technologies with the goal of bringing products that empower wellness into homes and businesses around the world.
Sunlighten’s offices are located at 7373 W. 107th Street Overland Park, Kansas 66212. Sunlighten is the data controller of all personal data collected from residents of the European Economic Area or the United Kingdom.
2.Collecting and Using Information
Personal Data We Collect
Information You Provide
When you use the Site or Services, you may voluntarily provide us with the following types of Personal Data:
- Get Pricing. When you request pricing on a Sunlighten product, you will provide us with your first and last name, phone number, email address, country of residence, and intended use of the product.
- Get the Infrared Sauna Buyer’s Guide. When you request an Infrared Sauna Buyer’s Guide, you will provide us with your first and last name, and email address.
- Get a Custom Sauna Quote. When you request a quote for a custom sauna through our webform or by telephone, you will provide us with your first and last name, phone number, email address, intended use of the product, and interior room dimensions, including room depth, height, and width, ceiling height, and door width. You may also provide us with the location of the project, including the state/province/region, city, and zip/postal code.
- Contact Commercial Team. When you contact a member of the commercial team, you will provide us with your first and last name, phone number, email address, facility type, purchase timeline, whether you are a United States resident, and how you heard about us.
- Purchase a Product Online. When you purchase a product on the Site with us, you will provide us with your first and last name, country/region, street address, town/city, state, zip code, phone number, email address, and credit card information.
- Live Chat. To start a live chat with a customer representative, you will provide us with your first and last name, and email address.
- Request Product Support. When you contact us for product support by webform, you will provide us with your first and last name, sauna model, description of the issue, phone number, email address, and you may provide a photograph of the sauna issue. When you contact us by telephone, you may need to provide us with your first and last name, email address, phone number, and sauna model.
- Contact Us. When you contact us by telephone or email, you may need to provide us with your first and last name, email address, and/or phone number.
- Schedule a Call. When you schedule a call with us, you will provide us with your first and last name, and email address.
- Join Our Partner Program. To join our partner program, you must provide us with your first and last name, company name, email address, phone number, email list size, social media follower size, promotional methods, how you would like to work with us, and whether you own a Sunlighten sauna.
- Interact with our Site or Services. When you send us any feedback, questions, comments, suggestions, ideas, or interact with us in any way, you may need to provide us with your first and last name, and email address.
Information as You Navigate Our Site and Services
We automatically collect certain Personal Data through your use of the Site and Services. We will automatically collect certain Personal Data, such as the following:
- Usage Information. We collect information such as which of the pages on the Site you access, the frequency of access, and what you click on while on the Site.
- Device Information. We collect information about the device you are using, such as hardware model, operating system, application version number, and browser.
- Mobile Device Information. In addition to the Device Information listed above, when you access our Site via a browser on your mobile device, we collect and aggregate information about whether you are accessing the Site via a mobile device or tablet, device type, and carrier.
- Location Information. We collect location information from Site visitors on a city-regional basis.
Third Party Information
How We Use Your Personal Data
We use the Personal Data we collect to provide the Services to you, to improve our Services and Site, and to protect our legal rights. In addition, we may use the Personal Data we collect to:
- Provide information to you about product pricing and instant sale pricing
- Administer drawings to win a sauna;
- Email you our Infrared Sauna Buyer’s Guide;
- Provide you with a custom sauna quote;
- Provide you with a Sunlighten product;
- Provide information to you about joining our partner program;
- Contact you regarding our products and services that we feel may be of interest to you;
- Communicate with you about our Site or Services or to inform you of any changes to our Site or Services;
- Provide support;
- Maintain and improve our Site and Services;
- Defend our legal rights and the rights of others;
- Efficiently maintain our business; and
- Comply with applicable law.
How We Share Your Personal Data
We may share the information that we collect about you in the following ways:
- With service providers who perform data services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.). Any such service providers will be under an obligation to us to maintain the confidentiality of your Personal Data;
- To service providers to prepare, deploy and analyze advertising content;
- To the extent that we are required to do so by law;
- In connection with any legal proceedings or prospective legal proceedings;
- To establish, exercise, or defend our legal rights, including providing information to others for the purposes of fraud prevention;
- To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personal Data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Data;
- To any other person or entity as part of any business or asset sale; and
- To any other person or entity where you consent to the disclosure.
3. Cookies and Other Tracking Technologies
To ensure that your Personal Data receives an adequate level of protection, we have put in place appropriate procedures with the service providers we share your Personal Data with to ensure that your Personal Data is treated by those service providers in a way that is consistent with and which respects the applicable laws on data security and privacy. For example, we use Google Analytics, and Hotjar for web analytics services, WooCommerce for eCommerce, PayFlowPro for payment processing, and Office 365 for data backup and recovery.
5. International Data Tranfers
We operate internationally and transfer information to the United States for the purposes described in this policy. The United States may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. Your Personal Data can be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States.
By using our Services, you explicitly consent to this risk and to the transfer, processing and storage of your information in the United States, irrespective of which country you live in. This includes when you request pricing, request the Infrared Sauna Buyer’s Guide, request a custom sauna quote, purchase a product, request instant sale pricing, request product support, join our partner program, and contact us through webform, live chat, telephone, or email. We also may transfer your Personal Data to the United States if necessary to perform a contract between you and us.
6. “Do Not Track” Signals
Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.
7. Advertising and Marketing Choices
Depending on your location (and reflecting applicable law), you may have been asked to indicate your preferences, provide us with your consent regarding the receipt of such information from us, and indicate how you would like to receive it.
Wherever you are located, we will send you marketing communications based on any preferences you may have expressed.
We only want to send you information in which you are interested. If you do not want to receive these communications or would like to understand more about other unsubscribe options, please contact us as set out in the “How to Contact Us” section below.
For email communications, you can opt out and/or manage your preferences by clicking on the unsubscribe link provided at the bottom of any email you receive from us. You also may submit a request to us at firstname.lastname@example.org. If we call you with information you do not want to receive, you can advise us of this during the telephone call.
We maintain commercially reasonable security measures to protect the Personal Data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee absolute security.
The Site and Services are not intended for children under 16 years of age. We do not knowingly collect, use, or disclose personal information from children under 16.
Depending on the jurisdiction in which you are located, you may have additional rights with respect to your Personal Data. We discuss some of those jurisdictions and rights below. For example, you may have the rights to access, delete, update, or correct your information. You also may have the right to object to or opt out of direct marketing from us. If you would like to exercise your legal rights, please contact us at email@example.com. We will process your request in accordance with any applicable legal requirements.
If you are in a country in the European Economic Area (EEA) or in the United Kingdom, you are entitled to the following explanation of the legal bases we rely on to process your Personal Data and a description of your privacy rights.
Legal Bases for Processing Your Personal Data
The legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
We may process your Personal Data based on your consent such as when you create an account or when you ask us to send certain kinds of marketing communications. You have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
Our Legitimate Interests
We may process your Personal Data if doing so is necessary for our legitimate interests and your rights as an individual do not override those legitimate interests. For example, when we process your Personal Data to carry out fraud prevention activities and activities to increase network and information security, to market directly to you, to expand our business activities, and to improve our services and the content and functionality of our Site.
To Perform a Contract
We may process your Personal Data to administer and fulfill contractual obligations to you.
To Enable Us to Comply with a Legal Obligation
We may process your Personal Data to comply with legal obligations to which we are subject. This may include any requirement to produce audited accounts and to comply with legal process.
Necessary for the Exercise or Defense of Legal Claims
If you bring a claim against us or we bring a claim against you, we may process your Personal Data in relation to that claim.
If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Data for any specific processing activity, please contact us using the “How to Contact Us” section below.
Access Your Personal Data
Rectify Your Personal Data
You have the right to ask us to rectify any inaccurate Personal Data about you and to have incomplete Personal Data completed.
Restrict Our Use of Your Personal Data
You have the right to ask us to place a restriction on our use of your Personal Data if one of the following applies to you:
- You contest the accuracy of the information that we hold about you, while we verify its accuracy;
- We have used your information unlawfully, but you request us to restrict its use instead of erasing it;
- We no longer need the information for the purpose for which we collected it, but you need it to deal with a legal claim; or
- You have objected to us using your information, while we check whether our legitimate grounds override your right to object.
Object to Our Use of Your Personal Data
You have the right to object to our use of your Personal Data where our reason for using it is based on our legitimate interests or your consent (rather than when the reason for using it is to perform an obligation due to you under a contract with us).
Delete Your Personal Data
You can ask us to delete your Personal Data if:
- We no longer need it for the purposes for which we collected it;
- We have been using it with no valid legal basis;
- We are obligated to erase it to comply with a legal obligation to which we are subject;
- We need your consent to use the information and you withdraw consent;
- You object to us processing your Personal Data where our legal basis for doing so is our legitimate interests and there are no overriding legitimate grounds for the processing.
However, this right is not absolute. Even if you make a request for deletion, we may need to retain certain information for legal or administrative purposes, such as record keeping, maintenance of opt-out requirements, defending or making legal claims, or detecting fraudulent activities. We will retain information in accordance with the “How Long Is Your Personal Data Kept” section below.
If you do exercise a valid right to have your Personal Data deleted, please keep in mind that deletion by third parties to whom the information has been provided might not be immediate and that the deleted information may persist in backup copies for a reasonable period (but will not be available to others).
Transfer Your Personal Data to Another Service Provider
You may request that we transfer some of the Personal Data you have provided to you or another service provider in electronic copy. This applies to Personal Data we are processing to service a contract with you and to Personal Data we are processing based on your consent.
To exercise any of these rights, please contact us as described in the “How to Contact Us” section below.
Make a Complaint
If you have any concerns or complaints regarding our processing of your Personal Data, please contact us as described in the “How to Contact Us” section below and we will do our best to answer any question and resolve any complaint to your satisfaction.
If, for whatever reason, you feel we do not meet the standards you expect of us, you are also entitled to make a complaint to your local supervisory authority:
How Long Is Your Personal Data Kept?
Notice to Nevada Residents
Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to a number of exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to a person for the person to license or sell the information to additional persons. We do not currently sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales and we will record your instructions and incorporate them in the future if our policy changes. Opt-out requests may be sent to firstname.lastname@example.org.
Notice to California Residents
The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”
The CCPA contains an exception that is relevant to us. Some of the CCPA’s privacy rights explained below do not apply to personal information collected in a business-to-business context. That is information reflecting a written or verbal communication or a transaction between us and a consumer, where the consumer is acting as an employee, owner, director, officer, or contractor of another entity and when the communication or transaction occur solely within the context of us conducting due diligence regarding, or providing or receiving a product or service to or from such entity.
Right to Know About Personal Information Collected, Disclosed, or Sold
If you are a California resident, you have the right to request that we disclose what Personal Information we have collected about you in the 12-month period preceding your request. This right includes the right to request any or all of the following:
- Specific pieces of Personal Information that we have collected about you;
- Categories of Personal Information that we have collected about you;
- Categories of sources from which the Personal Information was collected;
- Categories of Personal Information that we sold (if applicable) or disclosed for a business purpose about you;
- Categories of third parties to whom the Personal Information was sold (if applicable) or disclosed for a business purpose; and
- The business or commercial purpose for collecting or, if applicable, selling Personal Information.
The CCPA defines “sell” to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s Personal Information to another business or a third party for monetary or other valuable consideration.
Collection of Personal Information
- Identifiers (name, postal address, internet protocol address, email address, account name, Social Security number)
- Unique personal identifiers (device identifier; cookies, pixel tags, mobile ad identifiers, or other similar technology; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device)
- Telephone number
- Credit and debit card number
- Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with the Site)
- Geolocation data
- Commercial information (records of products or services purchased, obtained or considered; other purchasing or consuming histories or tendencies)
In addition to the purposes stated above in the section “Collecting and Using Information” we currently collect and have collected the above categories of Personal Information for the following business or commercial purposes:
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
- Debugging to identify and repair errors that impair existing intended functionality
- Short-term, transient use, provided that the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction
- Performing services on behalf of the business, providing customer service, processing or fulfilling orders and transactions, verifying customer information, or providing similar services on behalf of the business
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business
- Advancing our commercial or economic interests
Disclosure or Sale of Personal Information
|Category of Personal Information||Category of Service Providers||Category of Third Parties|
|Name, email address, postal address, Social Security number, telephone number, credit/debit card number||Financial institutions (Wells Fargo, Duologi, Klarna)|
|Name, credit/debit card number||Payment processors|
|Name, postal address, email address||Cloud storage||Dealers|
|Name and postal address||Shipping providers|
|Unique personal identifiers (device identifier; cookies, pixel tags, mobile ad identifiers, or other similar technology; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device)||Data analytics providers||Advertising partners|
We do not knowingly collect or sell the Personal Information of minors under 16 years of age.
Right to Request Deletion of Personal Information
If you are a California resident, you have the right to request that we delete the Personal Information about you that we have collected. However, per the CCPA, we are not required to comply with a request to delete if it is necessary for us to maintain the Personal Information in order to, for example, complete a transaction, detect security incidents, comply with a legal obligation, or otherwise use the Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.
How to Submit a Request to Know or Delete
Our Process for Verifying a Request to Know or Delete
If we determine that your request is subject to an exemption or exception, we will notify you of our determination. If we determine that your request is not subject to an exemption or exception, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request.
We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure or deletion as applicable.
For requests to access categories of Personal Information and for requests to delete Personal Information that is not sensitive and does not pose a risk of harm by unauthorized deletion, we will verify your identity to a “reasonable degree of certainty” by verifying at least two data points that you previously provided to us and which we have determined to be reliable for the purpose of verifying identities.
For requests to access specific pieces of Personal Information or for requests to delete Personal Information that is sensitive and poses a risk of harm by unauthorized deletion, we will verify your identity to a “reasonably high degree of certainty” by verifying at least three pieces of Personal Information previously provided to us and which we have determined to be reliable for the purpose of verifying identities. In addition, you will be required to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.
Right to Opt-Out of Sale of Personal Information
If you are a California resident, you have the right to direct businesses to stop selling your Personal Information. We do not currently sell Personal Information as it is defined in the CCPA.
Right to Non-Discrimination for the Exercise of a California Resident’s Privacy Rights
We will not discriminate against California residents if they exercise any of the rights provided in the CCPA as described in this section “Notice to California Residents.” As such, we will not deny goods or services to that California resident; charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; provide a different level or quality of goods or services to the California resident; or suggest that the California resident will receive a different price or rate for goods or services or a different level or quality of goods or services. However, we are permitted to charge a California resident a different price or rate, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by the individual’s data.
If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, and if the request is not subject to an exemption or exception, we will require additional information to verify your authority to act on behalf of the California resident.
Shine the Light Law
We do not disclose personal information obtained through our Site or Services to third-parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.
For questions or concerns about our privacy policies or practices, please contact us by email at email@example.com or by mail at:
Sunlighten, Inc. Global Headquarters
7373 W. 107th Street
Overland Park, KS 66212
877-292-0020 / 913-754-0831