Privacy Policy

Last updated: May 14, 2026

1661, Inc. dba GOAT (“GOAT”) and its affiliates (collectively, “GOAT Group,” “we,” “us,” “our”) provides this Privacy Policy to inform you about how we collect, use, disclose, and otherwise process personal information when individuals (“you”) access our websites (the “Sites”), our mobile applications (“Apps”), or in-person events or locations, and all related content, products, services, platforms, other functionalities offered on or through our services, and any other properties or locations that link to this Privacy Policy (collectively, the “Services”). This Privacy Policy does not address our privacy practices relating to job candidates, employees and other personnel.

 

TABLE OF CONTENTS

I. OUR COLLECTION AND USE OF PERSONAL INFORMATION

II. DISCLOSURE OF PERSONAL INFORMATION

III. CONTROL OVER YOUR INFORMATION

IV. DATA RETENTION

V. CHILDREN’S PERSONAL INFORMATION

VI. LINKS TO THIRD-PARTY WEBSITES OR SERVICES

VII. UPDATES TO THIS PRIVACY POLICY

VIII. CONTACT US

IX. REGION-SPECIFIC DISCLOSURES

COOKIE POLICY

 

I. OUR COLLECTION AND USE OF PERSONAL INFORMATION

We collect personal information in a variety of ways. For example, you may provide us with your personal information when you make a purchase, list an item for sale, send us messages, subscribe to our mailing lists, newsletters or other forms of marketing communications, or use some other feature of our Services.

We may link or combine information collected from you on our Sites and Apps with information we have collected from you offline (e.g., in-person), information we receive from third parties, as well as information we collect automatically through tracking technologies (defined below). This allows us to, for example, provide you with a personalized experience regardless of how you interact with us.

The personal information we collect, the way we collect it, and how we use it will depend on how you are interacting with us and the type of services you use.

Personal Information Collected from You

Personal Information from Third Parties

We may also combine the information we receive from you with personal information we obtain from third parties. We may receive the same categories of personal information as described above from the following third parties:

Personal Information Collected at Our In-Person Locations

When you visit one of our in-person locations, we may collect the following information from or about you:

Personal Information Automatically Collected

As is true of many digital properties, we and our third-party partners may automatically collect certain information from or in connection with your device when visiting or interacting with our Services, as described in the list below:

For more information about these practices and your choices regarding cookies, please see the Cookie Policy located at the end of this Privacy Policy.

Additional Uses of Personal Information

In addition to the uses described above, we may use the personal information collected as described above for the following purposes:

Where you choose to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide you with additional privacy-related information where the scope of the inquiry or request and/or personal information we require fall outside the scope of this Privacy Policy. In that case, the additional privacy-related information will govern how we may process the information provided at that time.

Through the provision of our Services, we may process deidentified information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer or household. We will maintain and use such information in deidentified form and will not attempt to reidentify the information, except in instances where necessary for determining whether the deidentification process used satisfies the requirements under applicable law.

We may also aggregate data for reporting, analytics, and other business reasons, including to promote or describe the use of our Services.

 

II. DISCLOSURE OF PERSONAL INFORMATION

As part of our Services, we may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as follows:

 

III. CONTROL OVER YOUR INFORMATION

You may control your information in the following ways:

 

IV. DATA RETENTION

We will usually store the personal information we collect about you for no longer than necessary to fulfill the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal information for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.

To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.

For example, if you reside in the European Economic Area, the United Kingdom or the State of California, your personal information may be subject to certain laws and regulations that define the criteria used to determine the period for which personal information about you will be retained, which varies depending on the legal basis under which we process the personal information:

When an individual discontinues the use of our Services, we will retain their personal information for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices they have made, such as to receive marketing communications. We will retain personal information supplied when joining our Services, including complaints, claims and any other personal information supplied during the duration of an individual’s contract with us for the Services until the statutory limitation periods have expired, when this is necessary for the establishment, exercise or defense of legal claims.

Once retention of the personal information is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal information or, if this is not possible (e.g., because personal information has been stored in backup archives), then we will securely store the personal information and isolate it from further processing until deletion or deidentification is possible.

 

V. CHILDREN’S PERSONAL INFORMATION

Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 16 (or 18 for individuals located in China) (the “Minimum Age”). If an individual is under the Minimum Age, they should not use our Services or otherwise provide us with any personal information either directly or by other means. If a child under the Minimum Age has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the Minimum Age, we will promptly delete that personal information.

 

VI. LINKS TO THIRD-PARTY WEBSITES OR SERVICES

Our Services may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Policy, this Privacy Policy does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective privacy policies.

 

VII. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we make changes to this Privacy Policy, we will change the date at the beginning of this Privacy Policy. If we make material changes to this Privacy Policy, we will notify individuals by email to their registered email address, by prominent posting on our Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

 

VIII. CONTACT US

If you have any questions or requests in connection with this Privacy Policy or other privacy-related matters, please send an email to [email protected].

Alternatively, inquiries may be addressed to:

GOAT Group

Attn: Privacy Department

P.O. Box 91258

Los Angeles, CA 90009-1258

 

IX. REGION-SPECIFIC DISCLOSURES

We may choose or be required by law to provide different or additional information relating to the processing of personal information about residents of certain countries, regions or states. Please refer below for additional information that may be applicable to you:

 

ADDITIONAL U.S. STATE PRIVACY DISCLOSURES

Last updated: February 6, 2026

For residents of U.S. states that have enacted applicable and enforceable data privacy legislation: These Additional U.S. State Privacy Disclosures (“U.S. Disclosures”) supplement the information contained in our Privacy Policy by providing additional information about our personal information processing practices relating to individual residents of states that have enacted applicable and enforceable data privacy legislation (as of February 2026, California, Colorado, Connecticut, Florida, Montana, Nevada, Oregon, Texas, Utah, Virginia, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Indiana, Kentucky, Maryland, Minnesota, Rhode Island, and Tennessee, together the "Applicable States"). For a detailed description of how we collect, use, disclose, and otherwise process personal information in connection with our Services, please see our Privacy Policy. Unless otherwise expressly stated, all terms defined in our Privacy Policy retain the same meaning in these U.S. Disclosures. To the extent any provision in these U.S. Disclosures conflicts with a provision of the Privacy Policy, these U.S. Disclosures shall govern with respect to visitors, users, and others who reside in the Applicable States.

For the purposes of these U.S. Disclosures, personal information does not include publicly available information or deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.

Your Privacy Choices

Depending on your state of residency, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):

The Right to Know. The right to confirm whether we are processing personal information about you and, under California law only, to obtain certain personalized details about the personal information we have collected about you in the last 12 months, including:

Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

How to Exercise Your Privacy Rights

To submit a request to exercise one of the privacy rights identified above, please submit a request:

By Email: Please contact us by email at [email protected] with an explanation of the rights you wish to exercise and submit the required verifying information, as further described below.

By Mail: You may also exercise your right to request that we delete the personal information we have collected from you or maintain about you by sending a letter to us by mail that explains you would like to exercise this right and that includes your name and email address associated with your account. You can send this letter to us at the following address: GOAT Group, Attn: GOAT Group CCPA, P.O. Box 91258, Los Angeles, CA 90009-1258.

We may need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log in to your account, if you have one. Note that we may need to request additional information from you to verify your identity or process your request, although you will not be required to create an account with us to submit a request or have it fulfilled. At a minimum, we may ask you for your name, email address, and telephone number. We will use the personal information you provide us in connection with your exercise of the above rights only to review and comply with your request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

Exercise Your Right to Opt-Out of Personal Information Sales or Sharing for Targeted Advertising

We do not “sell” personal information as most people would typically understand that term (i.e., we do not share your information in exchange for money), but certain uses may be deemed the “sale” of personal information under applicable privacy laws. Unless you have exercised your Right to Opt-Out, we may disclose or “sell” your personal information to third parties for non-monetary consideration, or “share” your personal information to third parties for cross-context behavioral advertising purposes. The third parties to whom we sell or share personal information may use such information for their own purposes in accordance with their own privacy policies.

You do not need to create an account with us to exercise your Right to Opt-Out. However, we may ask you to provide additional personal information so that we can properly identify you to track compliance with your opt-out request. We will only use personal information provided in an opt-out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

To exercise the Right to Opt-Out, you may submit a request by:

Cookies-based Opt-Out (Do Not Sell or Share My Personal Information). To exercise your Right to Opt-Out as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, please click “Your Privacy Choices” at the footer of the website. Please note this opt-out is browser specific. You must reset your preferences if you clear cookies or use a different browser or device. For GOAT mobile app users, please go to your Profile > Settings > Privacy & Security > Your Privacy Choices. For alias mobile app users, please go to Account > Settings > Privacy & Security > Privacy Choices.

Opt Out of “Selling” of Personal Information. In limited circumstances, we may share your personal information (such as your name and email address) with third parties who may use such information for their own commercial or business purposes. To opt out of such sharing, please email [email protected].

Authorized Agents

In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the applicable privacy law) to submit requests on your behalf through the designated methods set forth in these U.S. Disclosures where we can verify the authorized agent’s authority to act on your behalf.

For requests to know, delete, or correct personal information, we require the following for verification purposes: (a) a power of attorney valid under the laws of the state where you reside from you or your authorized agent; or (b) sufficient evidence to show that you have: (i) provided the authorized agent signed permission to act on your behalf; and (ii) verified your own identity directly with us pursuant to the instructions set forth in these U.S. Disclosures; or directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.

For requests to opt-out of personal information “sales” or “sharing”, we require a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing [email protected] or mailing a letter to us at the following address: GOAT Group, Attn: GOAT Group CCPA, P.O. Box 91258, Los Angeles, CA 90009-1258.

California-Specific Disclosures

The following disclosures only apply to residents of the State of California.

Personal Information Collection. In the last 12 months, we may have collected the following categories of personal information:

identifiers (such as first and last name, email address, or unique online identifiers),

categories of information described in Section 1798.80(e) of the California Civil Code (such as phone number, bank account number, credit card number, or debit card number),

commercial or transactions information (such as records of personal property or products or services purchased, obtained or considered),

internet/network information (such as browsing history, search history, interactions with a website, mouse movements, scrolling, clicks and keystroke activity, search or purchasing behavior, email, application, or advertisement),

geolocation information,

biometric Information, such as facial geometry used to create a unique biometric identifier in order to verify your identity,

inferences drawn from the above information about your predicted characteristics and preferences,

other personal information (such as information you submit via a request form and any communications between you and a customer support agent, as well as information we receive from social media platforms), and

sensory information (such as call recordings).

In the last 12 months, we may have collected the following categories of sensitive personal information: account log-in in combination with a password allowing access to an account, as well as social security number, government ID, and biometric information (i.e., facial geometry). We do not use or disclose sensitive personal information for any purpose other than for performing services you have requested, for detecting security incidents, fraud and other illegal actions, complying with applicable laws, regulations or other legal obligations, or for short term transient use. We collect and process sensitive information without the purpose of inferring characteristics about a consumer, and we do not sell sensitive information or process or otherwise share sensitive personal information for the purpose of targeted advertising.

For more information about our collection of personal information, the sources of personal information, and how we use this information, please see the Our Collection and Use of Personal Information section of our Privacy Policy.

Disclosure of Personal Information. In the last 12 months, we may have disclosed all of the categories of information described above to third parties for a business purpose, as described in the Disclosure of Personal Information section of our Privacy Policy. The categories of third parties to whom we sell or disclose your personal information for a business purpose include:

Service providers;

Affiliates;

Government entities.

Sales of Personal Information and Sharing for Targeted Advertising. In the previous 12 months, we have sold the following categories of personal information to third parties:

Identifiers;

Commercial information

Internet/network information. 

In addition, please see our Cookie Policy located at the end of this Privacy Policy to learn more about how third-party advertising networks, social media companies and other third-party businesses collect and disclose your personal information directly from your browser or device through cookies or tracking technologies when you visit or interact with our Sites, use our Apps or otherwise engage with us.

Minors. We do not sell the personal information and do not have actual knowledge that we sell the personal information of minors under the age of 16. Please contact us at [email protected] to inform us if you, or your minor child, are under the age of 16.

If you are under the age of 18 and you want to delete your account, please contact us directly at [email protected]. We may not be able to modify or delete your information in all circumstances.

If you wish to submit a privacy request on behalf of your minor child in accordance with applicable jurisdictional laws, you must provide sufficient information to allow us to reasonably verify your child is the person about whom we collected personal information and you are authorized to submit the request on your child’s behalf (i.e., you are the child’s legal guardian or authorized representative).

“Shine the Light”. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the way we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. To opt out of this type of sharing, please email us at [email protected].

Financial Incentives. We may provide financial incentives to consumers who allow us to collect and retain personal information, such as identifiers (e.g., name and email address) and commercial information (e.g., purchase history). These incentives may result in differences in our prices or services offered to consumers and may include a lower price for goods and services (e.g., discounts and other promotions). For example, the financial incentives we may provide include discounts or promo codes for certain existing customers. The material aspects of any financial incentive will be explained and described in its program terms or in the details of the incentive offer.

Please note that participating in any financial incentive program is entirely optional and participants may withdraw from the program at any time. To opt out of the program and forgo any ongoing incentives, please follow the instructions in the program’s terms and conditions or contact us using the contact information referenced in the Contact Us section of the Privacy Policy.

Each financial incentive or price or service difference related to the collection and use of personal information is based upon our reasonable, good faith determination of the estimated value of such information to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized by rewarding brand loyalty and/or repeat purchases.

 

ADDITIONAL CANADA-SPECIFIC PRIVACY DISCLOSURES

Last updated: October 10, 2023

This section contains disclosures required by the Personal Information Protection and Electronic Documents Act and substantially similar provincial privacy laws in Canada, including Quebec’s Act respecting the protection of personal information in the private sector, as may be amended from time to time (“Canada Disclosures”). These Canada Disclosures supplement the information contained in our Privacy Policy and apply solely to individual residents of Canada (“you”). Unless otherwise expressly stated, all terms in this section have the same meaning as defined in our Privacy Policy or as otherwise defined in the applicable Canadian privacy law. Please note our Privacy Officer can be contacted at [email protected].

Cross-jurisdictional Transfers. By providing us with personal information, you acknowledge and agree that your personal information may be transferred to other jurisdictions for processing and storage, including in servers located across Canada and in the United States, where laws regarding the protection of personal information may be less stringent than the laws in your jurisdiction. Further, your personal information may be accessible to law enforcement, national security authorities, and the courts of such jurisdictions. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to the personal information.

Your Legal Rights. Subject to certain exemptions, as permitted by law, you have the following rights in relation to the personal information we hold about you:

Right of Access. You have the right to access the personal information we hold about you and to receive a general account of our uses of that personal information. Upon receipt of a written request from you, we will provide you with a copy of your personal information, although in certain limited circumstances, we may not be able to make all relevant personal information available to you, for example, where that personal information also relates to another individual. In such circumstances, we will, upon request, provide you with the reasons for such refusal. We will endeavour to deal with all requests for access of personal information in a timely manner.

Right to Rectification. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. Where appropriate, such amended personal information will be provided to the parties to whom we are authorized to disclose your personal information. We will endeavour to deal with all requests for rectification of personal information in a timely manner.

Right to Erasure. You can ask us to delete or remove your personal information in some circumstances such as where we no longer need your information to fulfill the purposes for which it was collected, or if you withdraw your consent (where applicable because your consent was the legal basis on which we were processing your personal information). If you are entitled to erasure and if we have shared your personal information with others, we will take reasonable steps to inform those others where possible and where this would not involve disproportionate effort.

Right to Personal Information Portability. You may have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

Right to Withdraw Consent. If we rely on your implicit or explicit consent as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. We may use your information to send important notices or communications regarding your orders, even if you have opted out from our marketing communications.

ADDITIONAL PRIVACY DISCLOSURES FOR EEA, UK AND SWISS USERS

Last updated: May 14, 2026

This section contains disclosures on how we collect, store, process, transfer, share, or use data that identifies or is associated with residents of the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”) ("personal data") and information regarding our use of cookies and similar technologies (collectively, “EU Disclosures”) in connection with the Services. These EU Disclosures supplement the information contained in our Privacy Policy and apply solely to residents of the EEA, Switzerland, and the UK (“you”). Please ensure that you have read and understood these EU Disclosures before accessing or using the Services. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in our Privacy Policy or as otherwise defined in the EU General Data Protection Regulation and the UK General Data Protection Regulation (collectively, “GDPR”).

The controller, which is the company belonging to GOAT Group that is responsible for the processing of your personal data, depends on how you interact with the GOAT Group brands. As such, the relevant controller will typically consist of one or two entities: (1) The main entity who manages the GOAT Group brands based on region, and, if applicable, (2) the local company you interact with in connection with localized activities (e.g., marketing campaigns, events, promotions). In connection with the local controller, the controller and contact information will be disclosed in the specific method of interaction.

Personal Data We Collect from You When You Use the Services and How We Use It. We collect personal data as set out in the Our Collection and Use of Personal Information section of our Privacy Policy. We will indicate to you where the provision of certain personal data is mandatory. If you choose not to provide such personal data, we may not be able to provide those parts of the Services to you or respond to your other requests.

Annex 1, below, sets out in detail the categories of personal data we collect about you and how we use that information when you use the Services, as well as the legal basis which we rely on to process the personal data and recipients of that personal data.

Information We Collect About You Automatically. We also automatically collect personal data indirectly about how you access and use the Services, and information about the device you use to access the Services, or otherwise engage with us. Please see our Cookie Policy located at the end of this Privacy Policy for more information about what data we collect and how we use it.

Annex 2, below, sets out in detail the categories of personal data we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal data and recipients of that personal data. For more information on cookies and other tracking technologies we use, please see our Cookie Policy.

We may link or combine the personal data you provide and the information we collect automatically. This allows us to provide you with a personalized experience regardless of how you interact with us.

We may anonymize and aggregate any of the personal data we collect (so that it does not directly identify you) and may use the anonymized and aggregated information or disclose it as set out in our Privacy Policy.

Marketing and Advertising. From time to time, we may contact you with information about our products and services, including sending you marketing messages and asking for your feedback on our products and services.

For some marketing messages, we may use personal data we collect about you to help us determine the most relevant marketing information to share with you.

We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent later by clicking on the unsubscribe link at the bottom of our marketing emails.

Storing and Transferring Your Personal Data.

Security. We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national ID numbers.

International Transfers of Your Personal Data. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party providers have operations, including in the United States. If you are accessing the Services from the EEA, UK or Switzerland, your personal data will be processed outside of the EEA, UK or Switzerland. In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. Annex 3, below, sets out in detail the provisions for international transfers of your personal data to the United States if you are accessing the Services from the EEA, UK or Switzerland.

Your Rights in Respect of Your Personal Data. In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:

Right of access. You have the right to obtain:

confirmation of whether, and where, we are processing your personal data;

information about the categories of personal data we are processing, the purposes for which we process your personal data and information as to how we determine applicable retention periods;

information about the categories of recipients with whom we may share your personal data; and

a copy of the personal data we hold about you.

Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.

Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.

Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified.

Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.

Right to withdraw consent. If you have provided consent for the processing of your personal data, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.

You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason. 

You also have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available here.

If you wish to exercise one of these rights, please contact us using the details referenced in the Contact Us section of the Privacy Policy.

Due to the confidential nature of data processing, we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.

 

ANNEX 1: PERSONAL DATA YOU PROVIDE TO US

Contact information and identifiers, such as your first name, last name, email address, phone number, and birthdate.

How we may use your contact information and the legal bases for processing:

We may use this information to set up and authenticate your account on the Services. The processing is necessary for the performance of a contract with you and to take steps prior to entering a contract with you, namely our Terms of Use.

We may use this information to communicate with you, including sending service-related communications. The processing is necessary for the performance of a contract with you, namely our Terms of Use.

We may use your phone number to send you SMS text messages relating to the pick-up of your order, such as pick-up scheduling, readiness notifications, and pick-up confirmations. These messages may be sent by us directly or by our logistics partners and carriers on our behalf. The processing is necessary for the performance of a contract with you, namely our Terms of Use and the fulfilment of your purchase order.

We may use this information to deal with enquiries and complaints made by or about you relating to the Services. The processing is necessary for our legitimate interests, namely administering the Services, and for communicating with you effectively to respond to your queries or complaints.

We may use this information to send you unsolicited marketing communications in accordance with your preferences. We will only use your personal data in this way to the extent you have given us consent to do so.

Recipients of this information: We may share your name, phone number, and order information with our logistics partners and carriers so that they can send you pick-up-related text messages on our behalf. We may share this information with payment processors to identify you so that you can make and receive payments through the Services. We may also share your personal data with our email marketing providers.

Profile and log-in information. This is information you choose to put in your profile such as username, phone number, photo, mailing address and shoe size.

How we may use your profile and log-in information and the legal bases for processing:

We use this information to allow you to populate your profile with relevant information. The processing is necessary for the performance of a contract and to take steps prior to entering a contract, namely our Terms of Use.

We use this information to provide to you the features and functionality of the Services. The processing is necessary for the performance of a contract and to take steps prior to entering a contract, namely our Terms of Use.

Recipients of this information: We may share this information with third parties that help us prevent fraud on our platform and shipping carriers or logistics providers that facilitate the delivery of an item purchased on our platform.

Payment and transaction information, such as your credit/debit card numbers, payment authentication code, billing address, and other information such as date and time of your transaction.

How we may use your payment and transaction information and the legal bases for processing:

We may use this information to process the payments you make or receive through the Services. The processing is necessary for the performance of a contract, namely our Terms of Use.

We may use this information to verify your identity in connection with the detection and prevention of fraud or financial crime. The processing is necessary for our and third parties’ legitimate interests, namely the detection and prevention of fraud and financial crime.

Recipients of this information: We may share this information with payment processors to identify you so that you can make and receive payments through the Services.

Identity and compliance information, such as your name, birthdate, address, phone number, email address, bank account information, government ID number, VAT ID number or other tax ID number, and copies of national ID or tax documents, along with a selfie image. This information may also be used by our third-party provider, Persona, to create a unique biometric identifier based on facial geometry.

How we may use your identity and compliance information and the legal bases for processing:

We use data collection and verification services provided by a third-party provider, Persona, to collect and verify your information in order to comply with legal obligations and protect against fraud and abuse. Persona may use a combination of machine-learning tools and optical scans to verify your identity document and may use facial recognition technology to produce a unique biometric identifier based on facial geometry that can be used to compare your selfie to the image on the identity document you provided to determine the likelihood that the images are a "match." The processing is necessary for our and third parties’ legitimate interests, namely the detection and prevention of fraud and financial crime and compliance with applicable laws and regulations.

Recipients of this information: We use identity verification services provided by a third-party provider, Persona. We do not receive the biometric identifier generated from the images. It is generated and held by Persona until we inform them that the biometric identifier is no longer needed for the purposes described in our Privacy Policy and must be destroyed. For identity verification and compliance purposes, we will have access to the selfie image and will receive the information extracted from the scan of the government ID document as well as the results of the verification process. We may also share relevant information with local authorities to fulfil our legal obligations.

Information about your activity on the Services, such as any offers for products you have made, any products on your 'want list', and information about any products you have purchased, listed for sale or sold.

How we may use information about your activity on the Services and the legal basis for processing:

We use this information to provide to you the features and functionality of the Services. The processing is necessary for the performance of a contract and to take steps prior to entering a contract, namely our Terms of Use as well as to comply with our legal obligations.

Recipients of this information: We may share this information with our cloud storage provider and other third-party providers. We may also share certain information with local tax authorities to fulfil our legal obligations.

Chat, comments, opinions. When you contact us directly (e.g., by email or phone), we may record your comments and opinions.

How we may use information about any direct contact from you and the legal bases for processing:

We may use this information to address your questions, issues and concerns. The processing is necessary for our legitimate interests, namely communicating with you and responding to queries, complaints and concerns.

We may use this information to improve the Services. The processing is necessary for our legitimate interests (i.e., to develop and improve our Services).

Recipients of this information: We may share any information you provide to us when you contact us with our customer support platforms to process any customer support queries you might submit to us.

Your preferences such as preferences set for notifications, marketing communications, how the Services are displayed and the active functionalities on the Services.

How we may use information about your preferences and the legal bases for processing:

We use this information to provide notifications, send news, alerts and marketing communications and provide the Services in accordance with your choices. The processing is necessary for our legitimate interest, namely ensuring the user receives the correct marketing and other communications, and that features are displayed in accordance with the user's preferences.

We use this information to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented. The processing is necessary for compliance with a legal obligation to which we are subject.

Recipients of this information: We may share this information with our email marketing providers to send out relevant communications as well as third-party providers that support our compliance efforts.

All personal data set out above.

How we may use all personal data set out above and the legal basis for processing:

We may use all the personal data we collect to operate, maintain and provide to you the features and functionality of the Services, to communicate with you, to monitor and improve the Services and business, and to help us develop new products and services. The processing is necessary for our legitimate interests, namely, to administer and improve the Services.

 

ANNEX 2: PERSONAL DATA COLLECTED AUTOMATICALLY

Approximate location information. Other than information you choose to provide to us (when you enable location services and/or grant permission for location tracking), we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location.

How we may use your approximate location information and the legal bases for processing: 

We may use information you provide to us about your location to monitor and detect fraud or suspicious activity in relation to your account. The processing is necessary for our legitimate interests, namely, to protect our business and your account from fraud and other illegal activities.

We may use this information to tailor how the Services are displayed to you (such as the language in which it is provided to you). The processing is necessary for our legitimate interest, namely tailoring our service so that it is more relevant to our users. 

Information about how you access and use the Services. For example, how frequently you access the Services, the time you access the Services and how long you use it for, the approximate location that you access the Services from, the site from which you came and the site to which you are going when you leave our Site, the website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the Services from multiple devices, and other actions you take on the Services.

How we may use information about how you access and use the Services and the legal bases for processing:

We may use information about how you use and connect to the Services to present the Services to you on your device. The processing is necessary for our legitimate interests, namely, to tailor the Services to the user.

We may use this information to determine products and services that may be of interest to you for marketing purposes. The processing is necessary for our legitimate interests, namely, to inform our direct marketing.

We may use this information to monitor and improve the Services and business, resolve issues and to inform the development of new products and services. The processing is necessary for our legitimate interests, namely, to monitor and resolve issues with the Services and to improve the Services generally.

Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the Services. This information can include details about the type of device, unique device identifiers, operating systems, browsers and applications connected to the Services through the device, your mobile network, your IP address and your device’s telephone number (if it has one).

How we may use log files and information about your device and the legal bases for processing:

We may use information about how you use and connect to the Services to present the Services to you on your device. The processing is necessary for our legitimate interests, namely, to tailor the Services to the user.

We may use this information to monitor and improve the Services and business, resolve issues, prevent fraud, and to inform the development of new products and services. The processing is necessary for our legitimate interests, namely, to monitor and resolve issues with the Services and to improve the Services generally.

Recipients of personal data set forth above. We may share this information with the following: affiliates and third-party providers, including payment processors, customer support platforms, email marketing providers, fraud prevention vendors, cloud storage providers and analytics providers; and third-party social media platforms.

 

ANNEX 3: PROVISIONS FOR INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA TO THE UNITED STATES

GOAT and its U.S. subsidiaries (Flight Club New York, LLC and Grailed, LLC) (hereinafter “we”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the DPF Principles), the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please click here.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Complaints per the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF

In compliance with the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact us using the details referenced in the Contact Us section of the Privacy Policy. EU, UK and Swiss individuals may, under certain circumstances, invoke binding arbitration with respect to complaints about our collection and use of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. See DPF Annex 1 here.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Judicial Arbitration and Mediation Services, Inc. (JAMS), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit here for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Onward transfers to third parties

In the event that we disclose your personal data to third parties to perform certain business-related services on our behalf as “agents” (as such term is utilized under the DPF), we will do so only for limited and specified purposes consistent with any notice provided to you or your choices regarding processing and disclosure. These companies perform services at our instruction and pursuant to contracts which require they provide at least the same level of privacy protection as is required under the DPF and notify us if they are no longer able to provide such protections, at which point we will take reasonable remedial steps. We may also disclose personal data to our affiliates in order to support marketing, sale, and delivery of any services, or other business operations as disclosed in the Disclosure of Personal Information section of the Privacy Policy and Annex 1 to the Additional Privacy Disclosures for EEA, UK and Swiss Users.

Our accountability for personal data that we receive under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, we remain responsible and liable under the DPF Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Option to limit certain onward transfers to third parties

You have the opportunity to opt out of sharing of your personal data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal data under the DPF, please submit a written request using the details referenced in the Contact Us section of the Privacy Policy, indicating as such.

We will not disclose your sensitive personal data to any third party without first obtaining your opt-in consent.

In each instance, please allow us a reasonable amount of time to process your response.

Your DPF rights

Upon request to us, we will confirm whether we are processing your personal data pursuant to the DPF and provide you with the data in a reasonable amount of time. You also have the right to correct, amend, or delete the personal data processed pursuant to the DPF where it is inaccurate or has been processed in violation of our privacy disclosures to you, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable amount of time to respond to your inquiries and requests.

Personal data retention

We will retain the personal data processed pursuant to the DPF in a form that identifies you pursuant to the retention policy described above. We may continue processing such personal data for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of our privacy disclosures. After such time periods have expired, we may either delete your personal data or retain it in a form such that it does not identify you personally.

How we protect your data

We will implement reasonable and appropriate security measures to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data.

If you wish to enquire further about these safeguards used, please contact us using the details referenced in the Contact Us section of the Privacy Policy.

 

COOKIE POLICY

Last updated: November 6, 2023

Unless otherwise expressly stated, terms in this policy have the same meaning as defined in the Privacy Policy.

I. SCOPE OF POLICY

This Cookie Policy supplements the information contained in the Privacy Policy and explains how we and our third-party partners and service providers use cookies and related technologies while managing and providing our online services and our electronic communications to you. It explains what these technologies are and why we use them, as well as your rights to control our use of them.

In some cases, we may use cookies and related technologies described in this Cookie Policy to collect personal information, or to collect information that becomes personal information if we combine it with other information. For more details about how we process your personal information, please review the Privacy Policy.

2. WHAT ARE COOKIES AND RELATED TECHNOLOGIES

As is common practice among websites, our Services use cookies, which are tiny files downloaded to your device that allow us and our third-party partners and service providers to collect certain information about your interactions with our email communications, Sites and other online services, and that improve your experience. We and our third-party partners and service providers may also use other, related technologies to collect this information, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”).

We use the following types of cookies:

Strictly necessary cookies. These cookies enable core functionality such as security, network management and accessibility. You may disable these by changing your browser settings, but this may affect how the Services function. The legal basis for our use of strictly necessary cookies is our legitimate interests, namely being able to provide and maintain our Services.

Functional cookies. These cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. The legal basis for our use of functional cookies is our legitimate interests, namely being able to provide and maintain our Services.

Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors to our Services, and to see how visitors move around our Services when they are using them. This helps us to improve the way our Services work, for example, by ensuring that users are finding what they are looking for easily. If you are accessing our Services with a European IP address, you have been asked to consent to the use of these cookies. You are free to deny your consent.

Targeting Cookies. These cookies record your visit to our Services, the pages you have visited and the links you have followed. They are used to track visitors across our Services. If you are accessing our Services with a European IP address, you have been asked to consent to the use of these cookies. You are free to deny your consent.

If you are visiting the Site from the EEA, please see the Cookie Library by clicking on “Cookie Settings” at the footer of this page for more information about the cookies we use on the Site. For App users, please see the SDK Library by going to your Profile > Settings > Privacy & Security > Privacy Settings in the Apps for more information about the technologies we use on the Apps. Please see our Privacy Policy for more information about cookies and other similar technologies.

3. WHAT WE COLLECT WHEN USING COOKIES

We and our third-party partners and service providers may use cookies to automatically collect certain types of usage information when you visit or interact with our emails and Services. For example, we may collect log data about your device and its software, such as your IP address, unique device identifier, date and time of your visit, and other similar information. Our emails may also contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. We may also collect analytics data or use third-party analytics tools to help us measure usage and activity trends for our online services and better understand the individuals using our services. We also may collect location data, including general geographic location based on IP address.

We may include or engage in the following as part of our Services:

Social Media Widgets. Our Services may include social media features, such as the ability to share content on Instagram or Twitter or other widgets. These social media companies may recognize you and collect information about your visit to our Services, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.

Social Media Platforms. We may display targeted advertising to you through social media platforms, such as Facebook, Twitter, Instagram, and LinkedIn. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. We may share a unique identifier, such as a user ID, with these platform providers or they may collect information from our Site visitors through a first-party pixel, to direct targeted advertising to you or to a custom audience on the social media platform. These advertisements are governed by the privacy policies of those social media companies that provide them. If you do not want to receive targeted ads on your social networks, you may be able to adjust your advertising preferences through your settings on those networks.

Third-Party Partners. We work with a variety of third-party partners to provide analytics and advertising services. Our third-party partners include:

Google Analytics: We use Google Analytics to recognize you and link the devices you use when you visit our Services on your browser or mobile device, log in to your account on our Services, or otherwise engage with us. We share a unique identifier, like a user ID, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our Services and to tailor our advertisements and content accordingly. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's website, “How Google uses data when you use our partners’ sites or apps” located here. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here.  We may also utilize certain forms of display advertising and other advanced features through Google Analytics. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Services. You may control your advertising preferences or opt out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available here, or by visiting NAI’s online resources here.

FullStory: If you are located in the located in United States, HK or China only, we may also collect information about how you use our Services, including the pages you visit, the links you click, and other similar actions. We may use third-party tools, including FullStory, to collect, store, monitor, and use information you provide to us or information about how you use the Services and may record your mouse movements, scrolling, clicks and keystroke activity on the Services and other browsing, search or purchasing behavior. These tools may also record information you enter when you interact with our Services or engage in chat features through our Services. Our third-party provider, FullStory, collects, stores, monitors, and processes this information on our behalf strictly in accordance with our contractual agreements. You can opt out of the use of FullStory at any time by visiting “Cookie Settings” at the footer of this page if you are in Hong Kong or China, or “Your Privacy Choices” if you are located in the United States. For more information on FullStory’s data processing practices, please see FullStory's Privacy Policy.

 

4. HOW WE USE INFORMATION COLLECTED VIA COOKIES

We use cookies for a variety of reasons outlined below:

If you create an account with us, we will use cookies for the management of the sign-up process and general administration. These cookies will usually be deleted when you log out; however, in some cases, they may remain to remember your site preferences when logged out.

The Services may offer payment capabilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.

When you submit data through a form, such as those found on the contact pages, cookies may be set to remember your user details for future correspondence.

To provide you with a great experience on the Services, we provide the functionality to set your preferences for how the Services run when you use it. To remember your preferences, we need to set cookies so that this information can be called whenever you interact with a website page.

We use cookies to provide and monitor the effectiveness of our Services, monitor online usage and activities of our Services, and facilitate the purposes identified in the Our Collection and Use of Personal Information section of our Privacy Policy.

We may also use the information we collect through cookies to understand your browsing activities, including across unaffiliated third-party websites, so that we can deliver information about products and services that may be of interest to you.

Tracking technology used in emails helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and help us understand if you have opened and how you interacted with our emails.

Please note that we link some of the personal information we collect through cookies with the other personal information that we collect about you and for the purposes described in our Privacy Policy.

5. YOUR CHOICES ABOUT COOKIES

If you are in the EEA, UK, or Switzerland, other than strictly necessary cookies, which are required for the operation of our Service, we will only place cookies on your device if you give us your consent to do so. We will ask you to tell us which cookies you agree to receive when you first access our Service.

If you would prefer not to accept cookies, you can use our cookie consent management tool located at the bottom of the Site. Moreover, most browsers will allow you to change the setting of cookies by adjusting the settings on your browser to: (i) notify you when you receive a cookie, which lets you choose whether to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Be aware that disabling cookies may negatively affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionalities and features of the Services.

Depending on your device and operating system, you may not be able to delete or block all cookies. In addition, if you want to reject cookies across all your browsers and devices, you will need to do so on each browser on each device you actively use. These settings will typically be found in the "options" or "preferences" menu of your browser. To understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.

Cookie settings in Internet Explorer

Cookie settings in Firefox

Cookie settings in Chrome

Cookies settings in Safari web and iOS

You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our emails and performed certain functions with them.

If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org or the Network Advertising Initiative's online sources here.

Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.