Effective Date: 2021-04-22
This privacy notice discloses the privacy practices for Garcia Roofing. This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:
- What information we collect;
- With whom it is shared;
- How it can be corrected;
- How it is secured;
- How policy changes will be communicated; and
- How to address concerns over misuse of personal data.
Information Collection, Use, and Sharing
We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.
We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g., to ship an order.
Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number provided on our website:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data.
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g, billing or customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.
Notification of Changes
Whenever material changes are made to the privacy notice specify how you will notify consumers.
Other Provisions as Required by Law
Numerous other provisions and/or practices may be required as a result of laws, international treaties, or industry practices. It is up to you to determine what additional practices must be followed and/or what additional disclosures are required. Please take special notice of the California Online Privacy Protection Act (CalOPPA), which is frequently amended and now includes a disclosure requirement for “Do Not Track” signals.
In order to use this website, a user must first complete the registration form. During registration a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site in which you have expressed interest. At your option, you may also provide demographic information (such as gender or age) about yourself, but it is not required.
We request information from you on our order form. To buy from us, you must provide contact information (like name and shipping address) and financial information (like credit card number, expiration date). This information is used for billing purposes and to fill your orders. If we have trouble processing an order, we’ll use this information to contact you.
Some of the logging systems used by our Services log certain Analytics Data when you visit our Services. Although we do not normally use Analytics Data to identify you as an individual, you can sometimes be recognized from it, either alone or when combined or linked with the User Data. In such situations, Analytics Data can also be considered personal data under applicable laws and we will treat such data as personal data.
We may collect the following Analytics Data when you visit or interact with the Services.
We collect the following information relating to the technical device you use when using the Services:
- device and device identification number, device IMEI
- IP address;
- browser type and version;
- operating system;
- name of your Internet service providers, and
- advertising identifier of your device.
We collect information on your use of the Services, such as:
- time spent on the Services;
- interaction with the Services, and
- the time and date of your visits to the Services.
The Services use Google Analytics and other web analytics services to compile Analytics Data and reports on visitor usage and to help us improve the Services. For an overview of Google Analytics, please visit Google Analytics. It is possible to opt-out of Google Analytics with the following browser add-on tool: Google Analytics opt-out add-on.
If you consent us to do so, we use the following cookies provided by Google:
- _ga, expiry 2 years, third-party cookie (Google), purpose: analytics. This cookie is set by Google Analytics. It allows This website to analyze and improve user experience.
- _ga_Q7G99FVYSV, expiry: 2 years, third-party cookie (Google), purpose: analytics. This cookie is set by Google Analytics. It helps us to analyze and improve user experience.
We use Hotjar in order to better understand our users’ needs and to optimize this service, if you allow us to do so. Hotjar Ltd is a company incorporated and registered in Malta with a company number C 65490 and havring its registed office at Dragorna Business Centre, 5th Floor, Dragonarna Road, Pacewille St Julian’s STJ 3141, Malta. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
If you consent us to do so, we use the following cookies provided by Hotjar:
- _hjid, expiry 365 days, first-party persistent cookie, purpose: Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
- _hjRecordingLastActivity, first-party session cookie, purpose: this should be found in Session storage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records).
- _hjTLDTest, first-party session cookie, purpose: when the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
- _hjUserAttributesHash, first-party session cookie, purpose: user Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.
- _hjCachedUserAttributes, first-party session cookie, purpose: this cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool.
- _hjLocalStorageTest, first-party temporary cookie, expiry under 100 minutes, purpose: this cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created.
- _hjIncludedInPageviewSample, first-party temporary cookie, expiry 30 minutes, purpose: this cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site’s pageview limit.
- _hjIncludedInSessionSample, first-party temporary cookie, expiry 30 minutes, purpose: this cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site’s daily session limit.
- _hjAbsoluteSessionInProgress, first-party temporary cookie, expiry 30 minutes, purpose: this cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
- _hjFirstSeen, first-party session cookie, puprose: this is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
- hjViewportId, first-party session cookie, purpose: this stores information about the user viewport such as size and dimensions.
- _hjRecordingEnabled, first-party session cookie, purpose: this is added when a Recording starts and is read when the recording module is initialized to see if the user is already in a recording in a particular session.
Processing of personal data by Facebook
Facebook is responsible for enabling your rights under Articles 15-20 of the GDPR with regard to the Personal Data stored by Facebook after the joint processing. Facebook is also responsible for granting you a right to object to the processing insofar as the joint processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (GDPR article 6(1) (f).
It is also responsible for the security of the Facebook Pixel (Art 32 GDPR) and for ensuring a notification of a personal data breach to the supervisory authority and for communicating the personal data breach to you (Arts 33 and 34 of GDPR), insofar as a personal data breaches concerns its obligations under the Controller Addendum.
You can amend your privacy settings on Facebook.
In relation to the joint controllership with data deriving from the use of the Facebook Pixel, we only process one type of data: analytics data. Although we do not normally use analytics data to identify you as an individual, you can sometimes be recognized from it, either alone or when combined or linked with other data. In such situations, analytics data can also be considered personal data under applicable laws and we will treat such data as personal data. In addition, analytics data is collected and transmitted to Facebook.
We may collect the following analytics data when you visit or interact with the website:
The Facebook Pixel collects:
- The HTTP header information which include information about the web browser or app used (eg. user agent, locale country-level, language)
- Information regarding standard/optional events such as “Page view” or “App install”, further object properties, as well as buttons clicked by Visitors
- Online identifiers, such as IP addresses and, insofar as provided, Facebook-related identifiers or device identifiers (such as mobile OS advertising IDs) as well as information on opt-out/limited ad tracking status.
The purpose for collecting analytics data
We use the personal data we collect for i) customer communication, ii) marketing, iii) quality improvement and iv) trend analysis
In general, Facebook pixel can be used to track Visitor behaviour after they have been redirected to our website by clicking on a Facebook and / or Instagram ad. We also target FB/Instagram ads to people who have visited our product listing and create look-a-like audiences based on the information of who has been visiting our product listing. This allows us to record the effectiveness of online advertising on, for instance, Facebook and Instagram advertisements for statistical and market research purposes and, if necessary, create a look-a-like audience from users on our website where Facebook finds people who have attributes similar to our users.
Legal grounds for the processing
On the website, you will be requested to grant your consent for the processing of personal data. In this event, you may withdraw your consent at any time.
Sometimes this website processes personal data to pursue our legitimate interest to run, maintain and develop our operations and to create and maintain customer and other business relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.
We may also process your personal data in order to comply with our legal obligations.
How we may share your personal data
We only share your personal data within our organization if and as far as reasonably necessary for the purposes of this Privacy Statement.
We do not share your personal data with third parties outside of our organization unless one of the following circumstances applies:
For the purposes set out in this Privacy Statement and to authorized service providers. We may regularly send your personal data to Facebook.
Data transfers to Facebook
We may use the Facebook Pixel to send Facebook the following types of personal information.
”Event Data” is other information This website shares about you and other people when they interact with the Websites, such as visits to the Website, installations of our apps, and purchases of our other products. There are several reasons we may provide Facebook with the Event Data.
Event Data for Measurement and Analytics Services
We may instruct Facebook to process Event Data (a) to prepare reports on our behalf on the impact of our advertising campaigns and other online content (“Campaign Reports”) and (b) to generate analytics and insights about people and their use of our apps, websites, products and services (“Analytics”).
We may provide Facebook with Event Data to target our ad campaigns to people who interact with our business. We may direct Facebook to create custom audiences, which are groups of Facebook users based on Event Data, to target ad campaigns (including Website Custom Audiences, Mobile App Custom Audiences, and Offline Custom Audiences). Facebook will process Event Data to create such audiences for This website. Facebook will not provide such audiences to other advertisers unless This website shares audiences with other advertisers through tools we make available for that purpose, subject to the restrictions and requirements of those tools and our terms.
Event Data To Deliver Commercial and Transactional Messages
Facebook may use the Matched User IDs and associated Event Data to help This website reach people with transactional and other commercial messages on Messenger and other Facebook Company Products.
Event Data to Improve Ad Delivery, Personalize Features and Content and to Improve and Secure the Facebook Products
This website may provide Event Data to Facebook to improve ad targeting and delivery optimization of our ad campaigns. Facebook may correlate that Event Data to people who use Facebook Company Products to support the objectives of your ad campaign, improve the effectiveness of ad delivery models, and determine the relevance of ads to people. Facebook may use Event Data to personalize the features and content (including ads and recommendations) that we show people on and off the Facebook Company Products. In connection with ad targeting and delivery optimization, Facebook will: (i) use your Event Data for delivery optimization only after aggregating such Event Data with other data collected from other advertisers or otherwise collected on Facebook Products; and (ii) not allow other advertisers or third parties to target advertising solely on the basis of the Event Data.
Furthermore, we may provide your personal data to our affiliates or to authorized service providers who perform services for us (including, for instance, data storage, accounting, payment, sales, and marketing service providers).
When your personal data is processed by third parties as data processors on behalf of This website, This website has taken the appropriate contractual and organizational measures to ensure that your data is processed exclusively for the purposes specified in this Privacy Statement and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.
Please bear in mind that if you provide personal data directly to a third party, such as through a link somewhere on our website, the processing is typically based on their policies and standards.
For legal reasons and legal processes
We may share your personal data with third parties outside our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, crime, security or technical issues; and/or (iii) protect the interests, properties or safety of This website, the Users or the public as far as in accordance with the law. When possible, we will inform you about such processing.
For other legitimate reasons
If This website is involved in a merger, acquisition or asset sale, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all the Users concerned when the personal data are transferred or become subject to a different privacy statement. In addition, This website and Foundation may transfer all the personal data defined in this Privacy Statement to each other, if there is a legitimate reason to do so.
With your explicit consent
We may share your personal data with third parties outside This website when we have your explicit consent to do so. You have the right to withdraw this consent at all times.
Transfers to countries outside the European Economic Area (EEA)
We use service providers in several geographical locations. As such, we and our service providers may transfer your personal data to, or access it in, jurisdictions outside the EEA or your domicile.
We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which they are processed. We provide adequate protection for the transfers of personal data to countries outside of the EEA through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards.
More information regarding the transfers of personal data may be obtained by contacting us on any of the addresses indicated above.
How long we will store your data
The tracking of users who have landed on our website after clicking on one of our Facebook and Instagram ads can remain active up to 180 days.
In relation to the data This website processes, here are your rights:
Right to access
You have the right to access and be informed about your personal data processed by us. We give registered Users the possibility to view certain User Data through their user account on the Services. We give all of you the possibility to request a copy of their personal data.
Right to withdraw consent
In case the processing is based on the consent granted by you, you may withdraw the consent at any time. Withdrawing consent may lead to fewer possibilities to use the Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to rectify
You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed by contacting us. Registered Users can correct or update some of their User Data through their user account on the Services.
Right to erasure
You may also ask us to delete your personal data from our systems. We will comply with such a request unless we have a legitimate ground to not delete the data.
Right to object
You may have the right to object to certain use of your data if such data are processed for other purposes than necessary for the provision of the Services or compliance with a legal obligation. If you object to the further processing of your personal data, this may lead to fewer possibilities to use the Services.
Right to restriction of processing
You may request us to restrict the processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may, however, lead to fewer possibilities to use the Services.
Right to data portability
You have the right to receive the personal data you have provided to us yourself in a structured and commonly used format and to independently transmit those data to a third party.
How to use your rights
The aforementioned rights may be used by sending a letter or an e-mail to us on the addresses set out above, including the following information: full name, address, and e-mail address We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
You have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the unsubscribe possibility offered in connection with any direct marketing messages.
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities, and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. We regularly test our systems, and other assets for security vulnerabilities.
Should despite the security measures, a security breach occurs that is likely to have negative effects on your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.
How we use your data
We use the personal data we collect for several purposes:
To provide you the Services and to carry out our contractual obligations
This website processes your personal data to be able to provide the Services to you under the contract between you and This website. If you contact our customer service, we will use the information provided by you to answer your questions or solve your complaint.
For customer communication and marketing
This website processes your personal data to contact you regarding the Services and to inform you of changes relating to them. Your personal data are also used for the purposes of marketing the Services and our other relevant products and services to you.
For quality improvement and trend analysis
We may also process information about your use of the Services to improve their quality e.g. by analyzing any trends in their use. In order to ensure that the Services are in line with your needs, personal data can be used for things like customer satisfaction surveys. When possible, we will do this using only aggregated, non-personally identifiable data.
For our legal obligations
This website processes data to enable us to administer and fulfill our obligations under the law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities such as tax authorities.
For claims handling and legal processes
This website may process personal data in relation to claims handling, debt collection, and legal processes. We may also process data for the prevention of fraud, misuse of our services and data, system and network security.
Personal Data Provided Us by Third Party Service Providers
We process data that different third-party service providers give us about you. If you connect or login to your user account with Facebook, Twitter, Instagram, Google, or Apple, they share with us personal information about you such as your Facebook/Google/Apple ID, email, and name.
We share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any individual person.
We use an outside shipping company to ship orders, and a credit card processing company to bill users for goods and services. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order.
We partner with another party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.
This web site contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
Surveys & Contests
From time-to-time our site requests information via surveys or contests. Participation in these surveys or contests is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site.