BETHEL SUPERSTORE’S BAHAMIAN PRIVACY POLICY
Effective Date: June 1, 2021
This Privacy Notice describes our handling of Personal Information in connection with your presence in our locations and your use of our websites, mobile apps and the services we provide. By using our websites, mobile apps, and services, you hereby consent to these terms.
“Personal Information” refers to information that identifies you as an individual. This Privacy Notice describes how we collect, use, share, and protect your Personal Information, and the choices you have regarding your Personal Information. We encourage you to read this Privacy Notice and to consult our Privacy Resource Center.
How this Document is Organized
1. Sources of Personal Information
2. How We Use the Information We Collect
3. How We Share Your Personal Information
4. Your Choices Regarding Your Personal Information
5. How We Protect Your Personal Information
6. Customer Specific Disclosures
6-1. Contract Customers
6-2. Nevada Residents
6-3. California Residents
6-3-1. California Shine the Light Law
6-3-2. California Consumer Privacy Act
6-4. Canadian Residents
6-5. European Union (EU) Residents
7. How to Contact Us
8. Privacy Notice Updates
1. Sources of Personal Information
We receive Personal Information from the following:
• Information You Provide Us Directly. We collect personal and transactional information (purchase-related history) which you provide us directly, for example, in connection with a purchase, a service/event, a promotion, or application for a membership program.
• Information Collected Through Automated Technologies. We use cookies, tags, web beacons and other technologies to track and collect browsing, purchase activity, and personal information. Our mobile applications also collect unique identifiers and geolocation information, if you have enabled locations services on your device.
• Information We Receive from Other Parties. We may obtain information about you from other sources for purposes such as prospecting and/or enhancing the information you have provided.
To learn more about automated tracking technologies, visit our Privacy Resource Center.
Minors
Our websites and mobile applications are intended for a general audience and are not directed toward minors under 16 years of age, and we do not knowingly collect their Personal Information.
2. How We Use the Information We Collect
Personal Information may be used for the following purposes:
• Our Products & Services. We use Personal Information to process and fulfill your orders, refunds or exchanges, requests for products, services or information, to provide customer service, to administer our credit card programs, to personalize your shopping experience, to identify your preferences, and to provide you services across multiple devices.
• Marketing and Advertising. We use Personal Information to administer promotions, contests, sweepstakes, and rewards programs and to market products and services, including serving you interest-based advertising. For more information on interest-based advertising, see our Privacy Resource Center.
• Other Uses. We use Personal Information for other reasons, including conducting sales research and analysis; preventing or mitigating fraud and credit risk; and complying with legal matters, investigations, and applicable laws and regulations.
3. How We Share Your Personal Information
We may share your Personal Information with other parties in the following instances:
• With Our Third Parties: To process transactions or provide products or services on our behalf, including but not limited to providers of product delivery services (for example, DHL, UPS and FedEx) and website analytics (for example, Google Analytics).
• For Marketing Purposes: To notify you of offers for products or services that may be of interest to you. We do not share credit card or other financial information for marketing purposes.
• For Corporate Transactions: In connection with a merger, acquisition or sale involving all or a portion of our company.
• Other Reasons: To: (a) satisfy applicable law, regulations, legal process or valid governmental request; (b) enforce the terms of use applicable to our services, (c) detect, prevent or mitigate fraud or security or technical issues; or (d) protect against imminent harm to the rights, property or safety of our company, our customers or the public as required or permitted by law.
4. Your Choices Regarding Your Personal Information
a. To Stop Certain Collection and Use of Your Personal Information: Marketing Emails, Texts and Mail.
• You can stop promotional emails from us by using the “unsubscribe” link on our promotional emails.
• You can stop marketing text messages, by replying “STOP” our promotional text messages.
• You can stop promotional postal mail by contacting us with your request as noted in the How to Contact Us section below.
Interest Based Advertising
Some of our websites support Interest Based Advertising efforts by Third Parties. Industry groups such as the Digital Advertising Alliance have developed services to help you manage your Interest Based Advertising preferences.
Website Analytics
You can opt-out of tracking used to understand website utilization provided by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
Do Not Track
Some browsers have a “Do Not Track” feature that lets you send a request to websites to not track your online activities. We, like many other retailers, do not honor those requests.
b. To Change or Correct Your Personal Information
At any time, you can request access to your personal information, request that any inaccuracies be corrected, or request that comments or explanations be added to records about you.
You may contact us with changes as described in the How to Contact Us section. To prevent unauthorized changes, we may ask for certain information to verify your identity before we process such requests.
Although we will do our best to make your requested changes, in some cases for example, if it requires a disproportionate technical or practical cost or effort or if it conflicts with our legal obligations or business requirements, we may be unable to do so completely. Should this occur, we will communicate that to you.
5. How We Protect Your Personal Information
We employ technical, physical and administrative safeguards to protect your Personal Information and require Third Parties with whom we work to do the same. However, we cannot guarantee your information will be completely safe against unauthorized access. Please use caution when sharing your information with others and take appropriate measures to protect the confidentiality of your username and password. Some practical tips are available in the Privacy Resource Center.
If you think the Personal Information you provided to us has been improperly accessed or used, or if you suspect that unauthorized purchases have been made on our websites using your Personal Information, please Contact Us immediately.
Our websites may contain links to, or plugins or widgets from, social media or other websites operated and maintained by Third Parties. These properties, which we do not control, operate independently and have their own privacy practices and statements, which we encourage you to review.
6. Customer Specific Disclosures
a. Contract Customers
If you are a contract customer and would like to opt-out of receiving promotional postal mail and/or email from us, please notify your Account Manager. You may still receive promotional postal mail or email from other affiliated companies and Third Parties if they have received your email or postal address from other sources or as a result of their own transactions or experiences with you. You will also continue to receive promotional postal mail or email if you request to hear from us again.
b. American Residents
Under Nevada SB 220, Nevada residents may submit an opt-out request regarding the sale of their Personally Identifiable Information (PII) collected through a website or online service. Where applicable, you may submit your request to Opt-Out of the sale of Personal Information to Third Parties by submitting an online request at: Do Not Sell My Personal Information.
c. California Residents
1. California Shine the Light Law
Under California Civil Code sections 1798.83–1798.84 California residents may request the names and addresses of affiliated companies and categories of Personal Information we share for their direct marketing purposes. If you are a California resident and would like to make such a request, please Contact Us.
2. California Consumer Privacy Act of 2018
California residents have the following rights:
1. The Right to Disclosure
1-1. About information collected
1-2. About information sold
1-2-1. Categories of personal information sold
1-2-2. Categories of Third Parties with whom the personal information was sold
2. The Right to Deletion of Personal Information
3. The Right to Opt-Out of the sale of Personal Information to Third Parties
4. The Right to Sue for Security Breaches
5. The Right to not be Discriminated Against Based on Exercising any of the Above Rights
California residents may submit a Data Disclosure request by:
1. Submitting an online request here: Data Disclosure Request
2. Submitting a phone request by calling 1-242-352-2665
California residents may submit a Data Deletion request by:
1. Submitting an online request here: Data Deletion Request
2. Submitting a phone request by calling 1-242-352-2665
Where applicable, you may submit your request to Opt-Out of the sale of your Personal Information to Third Parties by:
1. Submitting an online request here: Do Not Sell My Personal Information
2. Submitting a phone request by calling 1-242-352-2665
3. Clicking the “Do Not Sell My Personal Information” button on our applicable website
Unless indicated with a “Do Not Sell My Personal Information” button on our websites, we do not sell Personal Information as defined by the California Consumer Privacy Act (CCPA).
We will take reasonable steps to verify your identity prior to fulfilling the above requests.
Authorized Agents may submit requests on behalf of a California resident using the above processes and providing the appropriate documentation.
The following section describes:
1. Categories of personal information we collect
2. The purpose for which the personal information is collected
3. Specific personal information collected
4. Categories of sources from which that information is collected
5. Categories of Third Parties (who are not classified service providers) with whom the information may be shared
6. The purpose for selling or sharing of personal information
Minors:
We do not knowingly collect or sell the Personal Information of minors under the age of 16 without affirmative authorization.
As an additional resource, you may also contact us at ConsumerRightsRequest@bethelsuperstore.com for any additional questions related to the rights granted under the laws of the Commonwealth of the Bahamas.
d. Canadian Residents
We consider "personal information" to be information about an identifiable individual. We do not consider public information found in directories and listings, or business names, addresses and/or contact numbers to be personal information.
We have adopted, as Company policy, the 10 personal information privacy principles stated in the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information. The 10 principles are:
1. Accountability
2. Reason for Collection
3. Consent
4. Limiting Collection
5. Limiting User, Disclosure and Retention
6. Accuracy
7. Safeguards
8. Openness
9. Individual Access
10. Challenging Compliance
Interest Based Advertising
Some of our websites support Interest Based Advertising efforts by Third Parties. In Canada industry groups such as Digital Advertising Alliance of Canada have developed services to help you manage your Interest Based Advertising preferences.
e. European Union (EU) Residents
Bethel Superstore and its affiliated companies are based in the Commonwealth of the Bahamas and the information Bethel Superstore and its service providers collect is governed by Bahamian law. If you are accessing the Services from outside of the Bahamas, please be aware that information collected through the services may be transferred to, processed, stored, and used in Bahamian Data protection laws in the Bahamas may be different from those of your country of residence. Your use of the services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information, including Personal Information, in the Commonwealth of the Bahamas as set forth in this Privacy Notice.
As residents of the EU, you will have certain additional rights with respect to your Personal Data under the General Data Protection Regulation including:
1. The right to be informed.
2. The right of access.
3. The right to rectification.
4. The right to erasure.
5. The right to restrict processing.
6. The right to data portability.
7. The right to object.
Interest Based Advertising
Some of our websites support Interest Based Advertising efforts by Third Parties.
For more information, see the Privacy Resource Center.
We will retain your EU Personal Information for as long as your account is active, as needed to provide you services and to fulfill the purposes for which the data was collected, and as necessary to comply with our legal obligations and fulfill our business needs.
How to Contact Us
This Privacy Notice applies to Bethel Superstore, Inc. and its affiliated companies.
Please direct any questions, complaints or concerns regarding this Privacy Notice and our treatment of your Personal Information to any of the following:
Primary contact by email: privacy@bethelsuperstore.com.com
Alternate contact by phone: ( +1) 242-352-2665 (Bahamas only)
or by writing to:
Bethel Privacy and Compliance
P.O. F-44044
Freeport, Bahamas
Upon receiving a written request, we will contact you directly, investigate your request, and work to address your concerns. We will respond to your request without undue delay. We reserve the right to take reasonable steps to verify your identity prior to granting access or processing changes or corrections.
8. Privacy Notice Updates
This Privacy Statement may change from time to time, and we will post on our websites any updated Privacy Notice. Recent changes to the Privacy Notice are documented below. Each version of this Privacy Notice will be identified by its effective date displayed at the top of this Privacy Notice.
PRIVACY RESOURCE CENTER
The following information is available for your education and reference purposes. We hope you find it both helpful and informative as privacy and data security are important to all of us. Here’s what you can learn about in this Resource Center:
• General Security Practices
• Cookies
• Interest-Based and Online Behavioral Marketing
• Bluetooth beacons
• Mobile Devices and Location Services
• Scams
• Identity Theft
• Canadian specific resources
• European specific resources
General Security Practices. It is a good general practice when using any website to take the following pre-cautions:
1. Protect your username and password. Never share them with others and use different and complex passwords for each account. Consider using a commercially available Password Locker or Vault to generate and store your passwords.
2. Keep your virus protection software up to date.
3. Apply security patches by going to the vendor’s website.
4. Lock your computer screen when you leave it.
5. Be prepared and be aware, particularly of phishing attacks. Learn more about data security and phishing attacks in Section 6 below and at the FTC’s Identity Theft and Data Security website.
6. If applicable, enable encryption on your computer’s hard disk. Apple® computers come with encryption turned on. You need to enable Microsoft Window’s encryption called Bitlocker.
7. Use multi-factor authentication services where available. These are services that add another layer of security. In addition to your password, “something you know”, these services require “something you have”, often a unique id that is presented to you on your phone or another device.
8. When shopping or providing sensitive information, make sure the website is using secure connections indicated by “HTTPS” versus “HTTP” in the URL.
9. Understand how websites will use your data and the choices that are available to you by reading the website’s privacy statement.
Other public online safety resources:
• Stay Safe Online Shopping (National Cyber Security Alliance)
• You Are Here (FTC)
• How to Shop Online More Safely (AARP)
• Safeshopping.org (American Bar Association)
• Tips for Shopping Safely Online (Better Business Bureau)
2. Cookies
Cookies are pieces of information that are transferred from websites to your computer’s hard drive and they may serve a variety of purposes. Web beacons, flash cookies and other similar technologies may also be used for these purposes. For example, cookies “remember” you when you return to a website and make your experience more user-friendly. Cookies identify which web pages are visited and how often. Cookies are also used to allow companies to better understand how their websites are used to improve their services.
Types of Cookies, How They Are Used and
The Potential Impact If Disabled
| Cookie Type | Purpose | Potential impact if disabled |
|---|---|---|
| Session Cookies | Used to support website functionality | Access to website content and features may be limited |
| Preference Cookies | Used to remember user preferences from one visit to the next | Preference will need to be reset on each visit to the website. This may also disable the ability have websites “remember” you at time of login |
| Advertising Cookies | Used to serve you advertisements that may be relevant to you and your interests | Advertisements will still be displayed but will be more random and may be less relevant to you and your interests |
| Security Cookies | Used as a component of a website’s general security and user authentication processes | Access to website and features may be limited |
How to disable or delete cookies:
If you want to prevent your browser from accepting cookies, if you want to be informed whenever a cookie is stored on your computer or if you want to delete cookies from your computer, please make the necessary changes in your Internet browser settings, typically under the sections “Help” or “Internet Options”. See links below:
• Internet Explorer: //windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-9
• FireFox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
• Chrome: https://support.google.com/chrome/answer/95647
• Safari: https://www.apple.com/legal/privacy/en-ww/cookies/
If you disable or delete cookies in your Internet browser settings, you might not be able to access important functions or features, you will be required to re-enter your log-in details and your use of the website may be limited.
Please note that if you clear all cookies on your browser, or use a different browser or computer, you will need to complete the opt-out procedure again.
To opt out from flash cookies, please click here: //www.adobe.com/privacy/opt-out.html.
3. Interest-Based and Online Behavioral Marketing
Advertising Brokers
Cookies also enable companies to market products and services and deliver targeted advertising to you. You can opt-out of receiving personalized ads from third party advertisers and ad networks using the opt-out features at Digital Advertising Alliance or the Network Advertising Initiative. AdChoices, indicated by the icon is an example of a service some websites offer to assist in managing Interest-Based advertising choices.
If your browsers are configured to reject cookies when you visit these pages, or if you subsequently erase your cookies, use a different device or change web browsers, your opt-out may become ineffective and may need to be repeated.
Website Analytics
Websites use tools to track and manage website traffic. Google Analytics is a commonly used tool for this purpose. Individuals may opt out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout.
Note: If your browsers are configured to reject cookies, or if you subsequently erase your cookies, use a different device or change web browsers, opt-out elections may become ineffective and may need to be repeated.
4. Bluetooth beacons
Bluetooth beacons transmit a low-power signal that can be received within short distances by nearby Bluetooth-enabled mobile devices and recognized by apps a smartphone user has downloaded. Beacons only broadcast signals, and don’t collect any data. With the user’s permission, an app on a device can use the beacon’s signals to know when the mobile device is close to the beacon.
5. Mobile Devices and Location Services
Mobile devices offer access to many features including applications developed specifically for mobile devices and direct access to the internet via browsers. These devices also provide additional services including location services which broadcast your location and notifications services that allow you to receive messages. You can disable the GPS locator or push notifications on your mobile device via your device settings.
Learn more about mobile devices and location services.
6. Scams (If it sounds too good to be true, it probably is a scam)
Phishing: This occurs when scammers send legitimate-looking emails to illegitimately gather personal and financial information. The emails look just like a legitimate email and often use company logos. If the customer falls for the bait, the thief could get credit card numbers, PINs, account passwords, expiration dates, credit card/bank account numbers and even Social Security numbers. Don’t click on links in emails unless you’ve requested the email or somehow otherwise know it is real. Learn more about phishing.
Vishing: Vishing is like "phishing" but uses a phone (baiting people by voice instead of email. Scammers pose as a known retailer or bank. They often call saying they need to verify information on file asking the individual to provide their personal information.
Don’t provide sensitive information over the phone when asked, instead contact the company directly at a number you find on a statement of on their website. Don’t call a number you are provided over the phone. Learn more about vishing.
Smishing: In these scammers use text messages, called "SMS" messages, instead of emails or phone calls. They have been seen with messages of winning a contest. Learn more about smishing.
7. Identity Theft
Steps to consider in protecting yourself against fraud and identity theft:
1. Learn more about Identify Theft and visit the FTC Identity Theft Resources.
2. Review your account statements regularly. Carefully review your bank, credit card, and other account statements every month to ensure that all of your account activity is valid. Report any questionable charges promptly and in writing to the card or account issuer.
3. Review your credit report from time to time. Obtain and review your credit report periodically to ensure that all your information is correct. You can obtain a free credit report once per year by visiting http://www.annualcreditreport.com or by calling 877-322-8228. Carefully reviewing your credit report can help you spot problems and address them quickly. If you have any questions about your credit report or notice any inaccuracies, contact the relevant consumer reporting agency promptly at the telephone number listed on the report.
4. Create a fraud alert. Consider placing a fraud alert on your credit file. The fraud alert prompts creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. You can place a fraud alert on your credit file by contacting one of three consumer reporting agencies listed below. You need to contact only one of the three agencies in order to create the alert; the agency you contact is required by law to contact the other two. You will receive confirmation letters in the mail and then will be able to order a credit report from each of the three agencies, free of charge. The fraud alert will remain in your credit file for at least 90 days.
|
Equifax P.O. Box 740241 Atlanta, GA 30374 800-525-6285 |
Experian P.O. Box 9532 Allen, TX 75013 888-397-3742 |
TransUnion P.O. Box 6790 Fullerton, CA 92834 800-680-7289 |
|---|
8. Canadian specific resources:
• Digital Advertising Association (Canada)
• Canadian Standard Association (CSA) Model Code for the Protection of Personal Information
9. European Union specific resources:
Effective as of May 25, 2018 the EU General Data Protection Regulation (GDPR) will replace the currently applicable EU Data Protection Directive and it will override existing EU national privacy laws. The GDPR will require new or additional obligations on all companies that handle EU citizens’ personal data, regardless of where the companies themselves are located. These regulations will only apply to the following affiliated companies: Makr, and Marke Creative and to a certain extent.
GDPR affords EU and EA citizens additional protections.
For example, you can request from us the following information:
• whether and why we have your personal information;
• how we got your personal information;
• what we have done with your personal information;
• to whom we have communicated your personal information;
• where your personal information has been stored, processed or transferred;
• how long we will retain your personal information, or how that retention period will be determined; and
• the safeguards in place to protect your information when it is transferred to third parties or third countries.
For more information on GDPR, see: Official text of the EU General Data Protection Regulation (GDPR)
Legal Disclaimer - This website is provided for informational purposes only and should not be considered as a contractual commitment or legal advice.
What has changed:
| May 25, 2018 | Initial version of the Information Security and Privacy Resource Center |
|---|
VULNERABILITY DISCLOSURE CENTER
Effective Date: February 1, 2021
1. Introduction
Bethel Superstore is committed to ensuring the security of our customers and the information they share with us via our online platforms and services. We also recognize the valuable efforts that security researchers play in highlighting cybersecurity vulnerabilities and concerns. The purpose of this policy is to provide clear guidelines for conducting vulnerability discovery activities and to convey how to submit discovered vulnerabilities.
2. Compliance
If you comply with this policy during your security research, and you discover and report security vulnerabilities in accordance with this policy, we will not take legal action against you. We reserve all legal rights in the event of any non-compliance with this policy.
3. Requirements
This policy requires that you:
• Notify us as soon as possible after you discover a real or potential security issue;
• Make every effort to avoid privacy violations, degradation of user experience, disruption to systems and destruction or manipulation of data;
• Only use exploits to the extent necessary to confirm a vulnerability’s presence — do not use an exploit to collect, modify or delete data, establish persistent access or access and/or test other systems, networks or applications; and
• Do not disclose the details of any alleged vulnerability to third parties without express written consent from Bethel Superstore — unauthorized disclosure will deem the submission as noncompliant with this policy.
Once you’ve established that a vulnerability exists or encounter any confidential or sensitive data (including personal information, financial information, or proprietary information), you must stop your test, notify us immediately and not disclose this data to anyone else.
4. Test Methods
The following test methods are not authorized:
• Denial of service (DoS or DDoS) tests or other tests that stress-test or have the potential to impair access to or damage systems, networks, applications or data, even if temporarily
• Accessing, downloading or modifying data residing in an account that does not belong to you
• Testing in a manner that would result in sending unsolicited or unauthorized junk mail, spam, e-mail notices, phone calls, text messages or other forms of unsolicited messages to other parties — including Bethel Superstore associates, customers or partners
• Social engineering, including but not limited to misrepresenting Bethel Superstore or its personnel • Trespassing or other tests with a physical security aspect
• Posting, transmitting, uploading, linking to, sending or storing any malicious software
• Testing third-party systems, networks, applications, and services, even if operated on behalf of Bethel Superstore
5. Scope
This policy applies to the following Bethel Superstore family websites and services:
• Bethel Superstore .com
• Bethel Superstore Connect.com
• Bethel Superstore Advantage.com
• Bethel Superstore PromotionalProducts.com
• Quill.com
• HiTouchBusinessServices.com
Though we develop and maintain other Internet-accessible systems and services, research and testing under this policy is restricted to the systems and services listed in this section. If there is a particular system or service not in scope that you think merits testing, please contact us to discuss. We may change the scope of this policy over time.
6. Reporting a Vulnerability
We accept vulnerability reports via email to vulnerabilityreport@BethelSuperstore.com. Reports may be submitted anonymously.
What we would like to see from you
In order to help us triage and prioritize submissions, we recommend that your report:
• Describes full details of the vulnerability and its location;
• Provides step-by-step instructions for us to be able to validate and reproduce the finding; and
• Includes any proof of concept scripts or resulting artifacts, such as screen captures.
What you can expect from us
If you submit a valid security vulnerability in compliance with this policy, we will:
• Acknowledge the receipt of the report within 5 business days;
• Communicate with you to understand and validate the issue as necessary; and
• Address the submitted vulnerability as appropriate, as deemed by Bethel Superstore.
Note that Bethel Superstore does not operate a bug bounty program and we make no offer of compensation in exchange for submitting potential issues.
Bethel Superstore may modify the terms of this policy or terminate this policy at any time.
7. Questions
If you are in doubt about the scope, acceptable test methods or any other provisions of this policy, you are encouraged to contact us first at vulnerabilityreport@bethelsuperstore.com. We also invite you to contact us with suggestions for improving this policy.
