Privacy Policy

Effective as of June 25,2024.

Consumable, Inc. (“Consumable,” “we,” “our” or “us”) has adopted this “Privacy Policy” to describe how we collect, use and share your personal information in connection with our websites (the “Sites”) and any other online content, tools or services that we control and that link to this Privacy Policy (together with the Sites, the “Service”).

Table of Contents

Personal Information We Collect

Information you provide to us. Personal information you provide to us through the Service or otherwise.

Some of our suppliers and partners require that we not store certain types of information including, but not limited to, DeviceID and Personally Identifiable Information. In those cases, we will only store what is permitted by the supplier or partner and never store more than what is listed in this privacy policy.

The information collected includes:

  • Contact information, such as your first and last name, email and mailing addresses, phone number, professional title and company name. This information is only collected in the “Contact Us” section of our website.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
  • Usage information, such as information about how you use the Service and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the Service, except when prohibited by a vendor.
  • Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications
  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection, except when prohibited by a vendor.

Information from third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as affiliates within our corporate group of companies; business partners, such as joint marketing partners; and publicly accessible sources, such as social media platforms.

Data collected automatically. We, our service providers and our third party partners may automatically log information about you, your computer or mobile device, and your activity over time on the Service and other online services, including:

  • Online activity data, such as the date and time of your access, visit or use of the Service, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, searches you conduct on our site and information about your activity on a page or screen.
  • Device data, such as unique device identifier, media access control address, network information, hardware model, browser type, screen resolution, IP address as well as usage and traffic data and information about how the device interacts with the Service.

Some of our automatic collection is facilitated by:

  • Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of tracking user activity and patterns, helping you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.
  • Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns. We may use web beacons to track your use of Sites or to collect information about your interactions with our email messages, such as the links you click on and whether you open or forward a message, the date and time of these interactions and the device you use to read emails. Web beacons may be placed on the Sites or Service by third parties such as a social media platform, or an analytics provider in order to support functionality described in this Privacy Policy. We also use web beacons to allow ad networks to provide anonymized and aggregated auditing, research and reporting for us and for advertisers.

Sensitive personal information. We ask that you not share with us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise. If you do anyway, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection.

Service delivery. We use your personal information to:

  • provide, deliver, and customize your use of the Service;
  • communicate with you about the Service and to respond to your inquiries, including for customer support;
  • understand your needs and interests, and personalize your experience with the Service and our communications; and
  • provide support and maintenance for the Service.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Marketing and advertising

We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:

  • Direct marketing. We may send you Consumable-related or other direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the “Marketing communications” subsection below.
  • Interest-based advertising. We may contract with third-party advertising companies and social media companies to display ads on the Service and other sites. These companies may use cookies and similar technologies to try to tailor the ads you see online to your interests based on your activity over time across the Service and other sites, or your interaction with our emails. These ads are known as “interest-based advertisements.” You can learn more about your choices for limiting interest-based advertising, in the “Advertising choices” subsection below.
  • Our marketing and advertising formats include banner ads, video ads, and audio ads across web and mobile devices as well as other connected devices.
  • Under no circumstances during our advertising activities do we have or store your personally identifiable information including name, address, email address or phone number. We do utilize your IP address and DeviceID for content selection unless prohibited by our supplier.

Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • enforce the terms and conditions that govern the Service; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Other purposes with your consent. We may also use your personal information for other purposes described in this Privacy Policy or at the time we collect the information.

How We Share Your Personal Information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

Business partners. Third party companies that we partner with to provide content or services to you or to such business partners.

Advertising partners. Third party advertising companies that collect information about your activity on the Service and other online services to help us advertise our services, and/or use hashed customer lists that we share with them to deliver ads to you and similar users on their platforms.

Business transferees. Relevant participants in business transactions (or potential transactions), such as corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Consumable or our affiliates (including, in connection with a bankruptcy or similar proceedings). In any of these cases user information, including personal information, could be one of the assets transferred to or acquired or accessed by a third party.

Service providers. Other companies and individuals that provide services or perform tasks on our behalf to help us operate the Service or our business, such as, for example, customer support, hosting, analytics, email delivery, marketing services and database management services.

Professional advisors. Professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities and privacy parties, when we believe in good faith it is necessary or appropriate for the compliance and operations purposes described above.

For other purposes. We may also share your personal information for other purposes described in this Privacy Policy or with your consent.

Your Choices

Marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions located at the bottom of the email or by emailing us at info@consumable.com. You may continue to receive service-related and other non-marketing emails.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Advertising choices. You can limit use of your information for interest-based advertising by:

  • Browser settings. Blocking third party cookies in your browser settings using or ad-blocking browser plug-ins/extensions.
  • Mobile device settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
  • Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:

The opt-out preferences described above must be set on each device for which you want them to apply. Not all companies that serve interest-based ads participate in the ad industry opt-out programs described above, so even after opting-out, you may still receive some cookies and interest-based ads from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide personal information. If you do not provide information that we need to provide the Service, we may not be able to provide you with the Service or certain features. We will tell you what information you must provide to receive the Service when we request it.

Children

The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

Third Party Sites and Services

The Service may contain links to websites and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or other online services that are not associated with us. We do not control websites or other online services operated by third parties, and we are not responsible for their actions. Other websites and online services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and online services you use.

Security

The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.

International Data Transfers

We are headquartered in the United States and may use service providers in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Changes to this Privacy Policy

We may update this Privacy Policy at any time. When we make material changes to this Privacy Policy, we will notify you by updating the effective date of this Privacy Policy and posting the modified Privacy Policy. We may also provide notification of any material changes via email if we have your email address, through the Service or in another manner that we believe is reasonably likely to reach you. Any modifications to this Privacy Policy will be effective when posted (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy or our information handling practices, please contact us by email at info@consumable.com or postal mail at the below address:

Consumable, Inc.
680 S Cache Street, Suite 100
Jackson, Wyoming 83001

Information for California Residents

This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.

Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

  • Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
    • The categories of Personal Information that we have collected.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting and/or selling Personal Information.
    • The categories of third parties with whom we share Personal Information.
    • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
    • Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
  • Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
  • Deletion. You can ask us to delete the Personal Information that we have collected from you.
  • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.

How to exercise your information, access and deletion rights. You may submit a request to exercise your information, access or deletion rights by visiting consumable.com, emailing info@consumable.com or calling us toll-free at (866) CNS-MBLE (267-6253). We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.

We do not sell your personal information. Based on our current understanding of the CCPA, we do not “sell” your personal information as defined in the CCPA. However, like many companies online, Consumable uses services provided by Google, Facebook and other advertising companies that track website visitor activity to help deliver interest-based ads to those visitors. We describe this in more detail in the subsection above entitled “Interest-based advertising.” Use of these services may constitute a “sale” of Personal Information under the CCPA where the user has not opted into the tracking.

Personal information we collect, use and disclose. The chart below describes the categories of Personal Information we collect by reference to the categories specified by the CCPA (California Civil Code § 1798.140(o)).

Statutory category of personal information (“PI”) PI we collect Source of PI Business/ commercial purpose for PI collection Categories of third parties to holm we may “disclose” PI for a business purpose
Identifiers
  • Contact information
  • You
  • Public sources
  • Business partners
  • Service delivery
  • Research & development
  • Marketing & advertising
  • Compliance & protection
  • Business partners 
  • Advertising partners
  • Service providers
Commercial Information
  • Online activity data
  • You
  • Public sources
  • Business partners
  • Automatic collection
  • Service delivery
  • Research & development
  • Marketing & advertising
  • Compliance & protection
  • Service providers
Online Identifiers
  • Device data
  • Online activity data
  • You
  • Business partners
  • Automatic collection
  • Service delivery
  • Research & development
  • Marketing & advertising
  • Compliance & protection
  • Business partners 
  • Advertising partners
  • Service providers
Internet or Network Information
  • Device data
  • Online activity data
  • Business partners
  • Automatic collection
  • Service delivery
  • Research & development
  • Marketing & advertising
  • Compliance & protection
  • Business partners 
  • Advertising partners
  • Service providers
Inferences

May be derived from your: 

  • Device data
  • Online activity data
  • Us
  • Service delivery
  • Research & development
  • Marketing & advertising
  • Compliance & protection
  • Service providers

Information for European Users

The information provided in this “Information for European Users” section applies only to individuals in Europe.

Personal information. References to “personal information” in this section of the Privacy Policy are equivalent to “personal information” governed by European data protection legislation.

Controller. Consumable, Inc. is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation.

Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing purpose  Legal basis
Service delivery Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Service you access and request.
Marketing & advertising  Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
Research & development Processing is based on our legitimate interests in performing research and development to improve our services and develop new services.
Compliance & protection Processing is necessary to comply with our legal obligations.
Other purposes with your consent Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Rights

European data protection laws give you certain rights regarding your personal information. If you are located within the European Union, you may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing communications.
  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to info@consumable.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-Border Data Transfer

If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed:

  • Pursuant to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield (or Swiss-US Privacy Shield, as applicable), or Binding Corporate Rules;
  • Pursuant to the consent of the individual to whom the personal information pertains; or
  • As otherwise permitted by applicable European requirements.

You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.

Data Breach Policy

  1. Purpose

    This Data Breach Policy aims to ensure that Consumable manages data breaches effectively and efficiently, protecting the privacy of our users and complying with applicable legal requirements. This policy outlines the steps to take in the event of a data breach, including reporting timelines and responsibilities.

  2. Scope

    This policy applies to all employees, contractors, and third-party service providers of Consumable who handle personal data.

  3. Definition of a Data Breach

    A data breach is any incident that results in unauthorized access to, acquisition of, disclosure of, or loss of personal data. This includes, but is not limited to, hacking incidents, accidental data loss, and unauthorized access by employees or third parties.

  4. Responsibilities
    • Data Protection Officer (DPO): The DPO is responsible for overseeing the implementation of this policy, managing the breach response process, and ensuring compliance with legal and regulatory requirements.
    • IT Department: Responsible for maintaining the security of our information systems and for initial breach detection and containment.
    • All Employees: Required to report any suspected data breach to the IT Department or DPO immediately.
  5. Breach Detection and Containment
    • Initial Detection: Upon detecting a potential data breach, the individual must report it immediately to the IT Department or DPO.
    • Containment: The IT Department will work to contain the breach, preventing further unauthorized access to or loss of data.
  6. Assessment and Classification
    • Assessment: The DPO, in conjunction with relevant departments, will assess the nature and scope of the breach.
    • Classification: Breaches will be classified based on their severity, potential impact, and the types of data involved.
  7. Notification Requirements
    • Internal Notification: All relevant internal stakeholders must be informed of the breach as soon as it is detected.
    • External Notification:
      • Users: Consumable will notify affected users within 30 days of becoming aware of the breach. Notifications will include the nature of the breach, the types of data involved, steps taken to mitigate the breach, and recommended actions for users to protect themselves.
      • Authorities: Consumable will notify the relevant regulatory authorities within 30 days of becoming aware of the breach, in compliance with legal and regulatory requirements.
  8. Investigation and Documentation
    • Investigation: The DPO will lead an investigation to determine the cause of the breach, assess its impact, and identify measures to prevent future breaches.
    • Documentation: All breaches must be documented, including details of the breach, actions taken, notifications made, and lessons learned. This documentation will be retained in accordance with legal and regulatory requirements.
  9. Preventive Measures
    • Security Training: Regular security training will be provided to all employees to ensure awareness of data protection principles and breach response procedures.
    • System Security: The IT Department will regularly review and update security measures to protect against potential data breaches.
  10. Review and Updates

    This policy will be reviewed annually and updated as necessary to ensure compliance with legal requirements and best practices.

  11. Contact Information

    For questions regarding this policy or to report a data breach, please contact the Data Protection Officer at:

    Email: info@consumable.com

  12. Enforcement

    Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract.

    By implementing this Data Breach Policy, Consumable aims to protect the personal data of our users and maintain their trust in our services.