There has been an error processing your request
Exception printing is disabled by default for security reasons.
Error log record number: 2d9f9dfae3ec9a2eb2eb9502306cce136bd1bb8b663f9de98dae82070994e3c0
BDA understands that you, our Client, may have various privacy obligations with respect to websites where personal information is collected. We strive to provide services in a manner that will help support your efforts towards compliance. For that reason, we have prepared the following supplemental privacy policy for the website(s) that we operate for you to help ensure that storefronts operated by BDA on our clients’ behalf include complete and accurate disclosures about how personal information may be collected, used, and shared in connection with those stores.
The following supplemental privacy policy is intended to be posted on the store(s) we operate for you in addition to your own privacy policy. The intent of this supplemental policy is to help ensure that website visitors receive store-specific information about the data processing activities that take place in connection with the store website. The supplemental privacy policy provides general descriptions about the types of information collected to process store transactions, as well as an overview of the cookies and similar technologies that operate on the website.
Please note, the supplemental privacy policy includes general information only and does not contain jurisdiction-specific disclosures which may be required by privacy laws and regulations, the necessity of which may vary for you. It should not be treated as legal advice. Please review all privacy policies and disclosures with independent legal counsel to ensure that they are sufficient under applicable law.
Last Updated on 10/24/2023
This Supplemental Privacy Policy provides additional information about the collection, use, and disclosure of personal information in connection with the website at BP Uniforms Webshop (the “Store Site”), including any related email communications and other services. Bensussen Deutsch & Associates, LLC, together with its subsidiaries and affiliates (collectively, “BDA,” “we,” “our,” or “us”), operates the Store Site on behalf of BP Uniforms Webshop (“Company”).
us”), operates the Store Site on behalf of Bensussen Deutsch & Associates, L.L.C. (“Company”). This Supplemental Privacy Policy is intended to supplement the information contained in Company’s privacy policy posted on the Store Site. Please carefully review all privacy policies posted on the Store Site or otherwise provided by Company to understand how your personal information may be processed in connection with the Store Site and your related rights in respect of your personal information.
The following categories of personal information may be collected in connection with the Store Site:
Personal information may be obtained from a variety of sources, including the following sources:
The primary purpose for collecting personal information is to provide the Store Site, to provide related services on behalf of Company, and to operate our business. Personal information may also be used for the purposes set forth below and as otherwise described in this Supplemental Privacy Policy, in Company’s privacy policy, or at the time of collection.
Your personal information may be disclosed as directed by Company in accordance with Company’s privacy policy. In addition to the specific situations discussed elsewhere in this Supplemental Privacy Policy or at the point of collection, your personal information may also be shared with the following entities or persons in connection with the Store Site:
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.
The Store Site may contain links to other websites and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites and online services you use.
BDA and Company reserve the right, at any time, to modify this Supplemental Privacy Policy. In some cases, such as where required by applicable law, we may notify you about an update by sending you an email, posting a notice about the update on the Store Site, or by other means. In all cases, your continued use of the Store Site following posting or other notification of changes constitutes your acknowledgement of such changes. Please review this Supplemental Privacy Policy periodically to keep up to date on our most current policies and practices.
If you have any questions about this Supplemental Privacy Policy, please contact us by email at [email protected], or in writing at:
BDA L.L.C.
15525 Woodinville-Redmond Rd. NE
Woodinville, WA 98072 USA
[email protected]
425-492-6111
This US Data Processing Addendum (“DPA”) forms part of the Global Agreement and any Release Orders entered into thereto and reflects the Parties' agreement with regard to the Processing of Personal Data in accordance with the requirements of the Applicable Privacy Laws.
In the event of any conflict between the terms of this DPA and the terms of the Global Agreement, the terms of this DPA prevail.
This DPA shall be effective on the Effective Date of the Global Agreement.
DEFINITIONS
1.1. “Applicable Privacy Laws” means the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) and any regulations made under the CCPA or CPRA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, and any similar law that may come into effect during the Term of the Global Agreement, as amended or replaced from time to time, along with any implementing regulations.
1.2. “Consumer” means any natural persons, households, or devices located in or residing in the U.S.
1.3. “Personal Data” means any information relating to an identified or identifiable natural person that is processed by the Supplier as a result of, or in connection with, the provision of the Services or as otherwise as defined under the Applicable Privacy Laws, of any Consumer, which is Processed by the Supplier on behalf of Company under the Global Agreement.
1.4. “Process”, “Processed” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, retaining, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.5. “Purpose” means the provision of the Services specified in [insert specific provisions] of the Global Agreement.
1.6. “Regulator” means any entity which has jurisdiction to enforce Company’s and the Supplier’s compliance with the Applicable Privacy Laws.
1.7. A “Security Incident” has occurred when the Supplier has knowledge of or reasonably believes there has been: a loss of; actual or attempted unauthorized or unlawful access to, or acquisition, use, or disclosure of; or any other compromise of Personal Data within the possession or control (e.g., physical or it environment) of the Supplier.
1.8. Terms such as “Sell”, “Share”, “Deidentify”, and “Aggregate” shall have the meaning ascribed to them in the Applicable Privacy Laws.
All capitalized terms not defined herein shall have the same meaning set forth in the Global Agreement.
PURPOSE OF PROCESSING
2.1. The Parties acknowledge and agree that Company is transferring Personal Data to the Supplier, and the Supplier is entitled to Process the Personal Data , solely for and limited to the Purpose and for no other purposes whatsoever.
COMPANY’S OBLIGATIONS
3.1. Consumer Requests. Subject to the Supplier complying with its obligations under section 4.3, Company will be responsible for all communications with Consumers that relate to Personal Data. Otherwise, the Supplier will advise and confer with Company about any proposed response to a Consumer inquiry regarding Personal Data.
3.2. Communications with Regulators. Subject to the Supplier complying with its obligations under section 4.4 and to the extent required under the Applicable Privacy Laws, Company will be responsible for all communications with Regulators that relate to Personal Data. Otherwise, the Supplier will advise and confer with Company about any proposed response to a Regulator inquiry regarding Personal Data.
THE SUPPLIER’S OBLIGATIONS
4.1. Restrictions on Personal Data. The Supplier will Process Personal Data only as necessary for the Purpose. The Supplier will not under any circumstances Sell or Share Personal Data; nor will it Process Personal Data for any purpose other than the Purpose including not combining Personal Data with information it collects from its own interaction with a Consumer or on behalf of another person or entity. Subject to Company’s written prior authorization and the rest of this section 4.1, the Supplier may convert Personal Data into Aggregated or Deidentified Information, which it may use for statistical analysis, business reporting, and marketing purposes.
4.2. Exception for Authorized Parties. Notwithstanding the restrictions in section 4.1, the Supplier may share or transfer Personal Data with its own service providers (“Authorized Parties”) to the extent that is necessary for the Purpose, as permitted by the Applicable Privacy Laws. The Supplier shall ensure that all Authorized Parties are bound by contract terms that include terms that are consistent with section 4.1 and that are no less restrictive with respect to Personal Data than this DPA. The Supplier shall ensure that such contract terms require Authorized Parties to comply with Applicable Privacy Laws at all times. Upon Company’s request, the Supplier shall promptly provide a list of Authorized Parties that have access to Personal Data. If Company reasonably objects to any of the Supplier’s current Authorized Parties, and the Parties are not able to agree on a suitable alternative, Company shall have the option to terminate the Agreement without incurring further liability.
4.3. Assistance with Customer Requests. If the Supplier, directly or indirectly, receives a Consumer request relating to that Consumer’s Personal Data (“Request”), the Supplier will provide a copy of the Request to Company within two business days. The Supplier shall notify Company in writing and liaise with Company before complying with such a Request. The Supplier shall not further communicate with the Consumer without the written permission of Company. If Company receives a Request, the Supplier will, at Company’s request, provide all necessary assistance to enable Company to respond to a Request, including but not limited to providing Company with a copy of or access to all of the Consumer’s Personal Data held by the Supplier, or deleting all Personal Data related to a Consumer and confirming the same to Company in writing. The Supplier must provide necessary assistance within five business days of Company’s request. If the Supplier is unable to provide the necessary assistance within five business days, the Supplier shall promptly provide a brief explanation of the reasons for the delay or the legal basis for its refusal to do so, and, if applicable, a date certain by which it will be able to do so in writing to Company.
4.4. Cooperation. Supplier shall cooperate with and assist Company in: (a) fulfilling its legal obligations under the Applicable Privacy Laws; and (b) responding to any Regulator request or legal action.
4.5. Disclosure to Law Enforcement or Government Authorities. If the Supplier is required by law to disclose any Personal Data to law enforcement or government authorities, the Supplier shall notify Company in writing and liaise with Company before complying with such disclosure request. If the Supplier, either directly or indirectly, receives any communication from Regulators relating to Personal Data, the Supplier shall provide a copy to Company within two business days. The Supplier shall not respond to any communication from a Regulator relating to Personal Data without the express permission of Company. The Supplier shall work in full cooperation with Company any permitted response(s) to Regulators without unreasonable delay.
4.6. Retention of Personal Data . The Supplier will retain Personal Data as directed by Company. At the termination of this DPA, or upon Company’s written request, the Supplier will either securely destroy or return the Personal Data to Company within thirty (30) days unless the applicable law permits or requires retention of the Personal Data. If such retention is permitted or required, the Supplier will advise Company for the basis of its retention within twenty (20) days after termination of this DPA. The Supplier shall send Company a certification that all Personal Data has been removed from its systems within thirty (30) business days.
4.7. Confidentiality. The Service provider will treat all Personal Data as strictly confidential and will inform all employees, contractors and third parties engaged in Processing the Personal Data of the confidential nature of such information. The Supplier shall ensure that all such persons or parties have signed an adequate confidentiality contract or are under appropriate statutory obligation of confidentiality. The Supplier shall ensure that all employees, contractors and other third parties with access to the Personal Data complete adequate and appropriate privacy and data security training prior to having access to the Personal Data.
4.8. Reasonable Security Measures and Practices. The Supplier warrants that it has reasonable security measures and practices in place appropriate to the nature of such Personal Data to protect against a Security Incident, including at minimum the 18 controls listed in the Center for Internet Security’s Critical Security Controls v8 or as otherwise stated in the Agreement, whichever is stricter. Failure to have these minimum reasonable security measures and practices in place at all times during term of the Agreement will be considered a breach of this DPA.
4.9. Security Incident. Upon the Supplier’s discovery of a Security Incident, the Supplier shall immediately provide Company with written notice, but no later than 48 hours after discovery of such Security Incident. The Supplier shall promptly take all necessary and appropriate corrective action at its own expense, including, without limitation, at the reasonable request of Company, to provide or cover the costs of: (i) notices to individuals whose Personal Data may have been affected as determined by Company; and (ii) for identity/credit restoration services. The Supplier acknowledges that Company may, at any time, take all appropriate and reasonable steps to stop and/or remediate a Security Incident, and Supplier will take appropriate and reasonable steps to facilitate such action by Company.
4.10. Compliance with Applicable Privacy Laws. In providing the services, the Supplier agrees that it shall, at all times, comply with all Applicable Privacy Laws, and shall provide no less than the same level of protection of Personal Data as is required by Applicable Privacy Laws. In the event that the Supplier determines that it can no longer satisfy its obligations under any Applicable Privacy Laws, the Supplier shall provide Company with written notice within 48 hours of making such a determination.
AUDIT RIGHTS
Upon Company’s written request, to confirm the Supplier’s compliance with this DPA, as well as any Applicable Privacy Laws, the Supplier grants Company, or upon Company’s election, a third party on Company’s behalf, permission to perform an assessment, audit, examination or review of all controls in relation to all Personal Data being Processed by the Supplier. Within fourteen (14) days of Company’s written request, the Supplier shall fully cooperate with such assessment by providing access to knowledgeable personnel, physical premises, documentation, infrastructure, and application software that processes, stores, uploads, accesses, transports, or otherwise Processes Personal Data.
INDEMNIFICATION
The Supplier will indemnify and hold harmless Company and its affiliates, directors, officers and employees from and against all third party claims, actions, suits, demands, judgments, losses, fines, damages, liabilities, costs, or expenses (including, without limitation, court filing fees, court costs, arbitration fees, witness fees, and attorneys’ and other professionals’ fees and disbursements), to the extent they arise out of the Supplier’s or Authorized Parties’ breach of this DPA. The prevailing Party in any action or proceeding brought to enforce the indemnification rights, duties, and obligations under this section 6 will be entitled to recover its reasonable attorneys’ fees and costs.
TERMINATION
This DPA shall end automatically when the Agreement expires or is terminated. In the case of any non-compliance by the Supplier with any of the obligations under this DPA, or the Applicable Privacy Laws, Company may, by giving written notice, immediately terminate the Agreement, suspend any data transmission under the Agreement, or require the Supplier to cease or suspend any or all processing of Personal Data. Termination or expiration of this DPA shall not discharge the Supplier from its obligations meant to survive the termination or expiration of this DPA, including but not limited to sections 4.4, 4.5, 4.7, 4.8, 5 and 6.
GENERAL
8.1. Any provision of this DPA that is prohibited or unenforceable shall be ineffective to the extent of such prohibition or unenforceability without invaliding the remaining provisions hereof, and any such prohibition or unenforceability in any jurisdiction shall not invalidate or render unenforceable such provision in any other jurisdiction. The Parties will attempt to agree upon a valid and enforceable provision that is a reasonable substitute and shall incorporate such substitute provision into this DPA.
CERTIFICATION
9.1. By executing this DPA, the Supplier certifies that it understands the obligations and restrictions set out in this DPA and agrees to comply with them.
9.2. The Supplier further attests that it will treat Personal Data in, no less than, the same manner that Company is obligated to treat it under Applicable Privacy Laws.
The Store Site uses cookies and similar technologies to provide, improve, promote, and protect the Store Site and as otherwise described below.
We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.
What is a cookie? A cookie is a small piece of text sent to your browser when you visit the Store Site. It serves a variety of functions, like enabling us to remember certain information you provide to us as you navigate between pages on the Store Site. Each cookie expires after a certain period of time depending on what we use it for. Cookies are useful because they help us make your experience on the Store Site more enjoyable. For example, they allow us to recognize your device (e.g., your laptop or mobile device) so that we can tailor your experience.
Why do we use cookies? We use first-party and third-party cookies for several reasons, such as letting you navigate between pages efficiently, remembering your preferences, keeping you logged into your account, remembering the items you have placed in your shopping cart, letting us analyze how well the Store Site is performing, improving your experience, and helping us advertise products. Some cookies are required for technical reasons in order for the Store Site to operate. Other cookies enable us and the advertising partners we work with to track and target the interests of visitors to the Store Site and across other sites and services. For example, we use cookies to tailor content and information that we may send or display to you and otherwise personalize your experience while interacting with our Store Site and to otherwise improve the functionality of the services we provide. Third parties also serve cookies through our Store Site for advertising, analytics, and other purposes. This is described in more detail below.
How do you manage cookies? Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Store Site and it may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here. To opt-out of Google Analytics, you can download and install the Google Analytics Opt-out Browser Add-on, available here. If you instead choose to utilize an alternative opt-out option as described in the Supplemental Privacy Policy, please note that such preference must be set on each device and/or browser for which you want them to apply.
You can learn more about how Google uses cookies for advertising purposes by clicking here and opt-out of ad personalization by clicking here.
The cookies used on this Store Site, and their purpose, are shown in the following table. You have the right on the Store Site to manage your preferences.