What personal information do we collect and when/how do we use the information?
When you register for an account, you will be asked to enter information required to log back into the website. The only required information needed for a LootHoot account is a name and email address.
We use the information we collect from you in the following ways:
- You must create an account on LootHoot which includes a name and email address, then verify the provided email address before you can claim a coupon code for Amazon Deals and Products.
- We send generic emails only if you choose to opt-in to these email notifications. The emails sent are an initial welcome and verification email upon sign-up, and either "daily", "instant", "weekly" new deal notifications. All emails you receive can be unsubscribed from.
- We never request either a billing or shipping address. If you claim a deal posted on LootHoot you will be given a coupon code that you can redeem on Amazon. It is up to you to provide Amazon any required details to receive the discounted product.
- Only LootHoot members who want to offer Amazon coupon codes to our members will be required to enter payment details. This is completely optional and if a LootHoot member chooses our service requiring payment, we do not store or inspect any credit card or other payment details. LootHoot uses a third party payment processor, Stripe, their privacy details can be viewed here, (https://stripe.com/privacy-center/legal)
How do we protect visitor information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, any sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology e.g. member details and account information, coupon codes supplied to us for product campaigns.
All personal information is stored on a secure database. All sensitive information is hashed and not readable, this includes account holders passwords and coupon codes for Amazon deals.
All payments are processed through a gateway provider "Stripe" and therefore, your credit card or transaction details are not stored or processed on our servers. You can be assured that our provider uses the Payment Card Industry Data Security Standard (PCI DSS) information security required for organizations providing these services. You can view the details of this service here, (https://stripe.com/privacy-center/legal).
We implement a variety of security measures when a user creates a campaign, enters, submits, or accesses their information, in order to maintain the safety of your personal information. This includes only verifying the user's email address provided, all other user provided information including name is assumed to be correct by the LootHoot member. This information is never shared and is only stored within our database.
Do we use 'cookies'?
Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information. The only information we will store within the cookies are the Amazon marketplace location you are within and a certain hash identifier used to recognize your browser session so you are not continually required to log into your account. By signing out of LootHoot, this cookie session identifier will be invalidated.
Store session based information so our server can retrieve your account after you have logged in. Note, by signing out or after a certain period this session information is invalidated and LootHoot members will be required to sign into the website to store a new session token within their cookie.
Store the user's Amazon marketplace locale. What is this? We store within a cookie the two letter country code of the nearest Amazon marketplace so that when you view deals on LootHoot, these deals are filtered to only show the products you can likely purchase. We do get this country code by using your IP address roughly estimating what country you are likely within.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
However, understand we use the following analytics service(s).
Google Analytics is a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of our site, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network.
California Online Privacy Protection Act
**According to CalOPPA we agree to the following:
- Users can visit our site anonymously.
- Users are able to change their personal information:
- By logging in to their account
- By chatting with us or sending us a ticket via our Customer Service Desk.
How does our site handle do not track signals?
**We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. **
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
LootHoot's site and services are not directed to children under 13. If you learn that your minor child has provided us with personal information without your consent, please contact us through our Customer Service Desk by clicking on the Help button at the bottom right of your screen.
Minimum Age Requirement
Registration on our site is only open to those aged 18 and above.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices, should a data breach occur, we will notify users via email and in-site notification within 2 business days.
We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process campaigns/reviews and to send information and updates pertaining to campaigns/reviews.
- We may also send you additional information related to your product and/or service.
- We may continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM we agree to the following:
- NOT use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
- If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
European Commission's directive on data protection - Safe Harbor
LootHoot adheres to the Safe Harbor Principles that were established by the U.S. Department of Commerce in consultation with the European Commission to comply with the European Commission's Directive on Data Protection.
How do we make changes to this policy?
We may change this policy from time to time, and if we do we’ll post any changes on this page. If you continue to use LootHoot after those changes are in effect, you agree to the revised policy. If the changes are significant, we may provide more prominent notice or get your consent as required by law.
Effective: Dec 9, 2018