PRIVACY POLICY 

LAST UPDATE: May 1, 2020 

Sunlit Mountain, LLC provides handmade and other goods sold via the Company website(s) offered from time to time at the URL http://sunlitmountain.com (collectively, the “Site,” or “Sites”). The Company Service is owned and operated by Backwoods Forward, dba Sunlit Mountain (“Company”, “we” or “us”). 

Your use of the Company Service is subject to the terms and conditions set forth in this Privacy Policy (the “Privacy Policy”). 

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING THE COMPANY SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY ALL THE TERMS OF THIS PRIVACY POLICY AND OUR TERMS OF SERVICE. IF YOU DO NOT AGREE TO SUCH TERMS, EXIT THIS PAGE AND DO NOT ACCESS OR USE THE COMPANY SERVICE. 

We are committed to respect and protect the privacy of the personal information we obtain from you through the Company Service and we have created this Privacy Policy to inform you about how we collect, use and share your personal information, and about our privacy practices in general. 

We are always ready to address your questions and concerns regarding this policy and our privacy practices. If you would like to contact customer service, please contact us at the email address at the end of this Privacy Policy. 

We continually strive to find new ways to enhance your experience with the Company Service and we may modify this Privacy Policy from time to time to reflect changes in our privacy practices. You are encouraged to review this Privacy Policy periodically and to check the “Last Updated” date at the top of the Privacy Policy for the most recent version. If we make changes to this Privacy Policy, we will notify you here, by email, or by means of notice through the Website, the Application, or any other part of the Company Service. 

This policy applies where we are acting as a data controller with respect to the personal data of our Site visitors and users (hereinafter both “Users”). in other words, where we determine the purposes and means of the processing of that personal data. 

1. Terms of Service. Use of the Company Service is subject to the terms of our Terms of Service through our online form, which is hereby incorporated and made part of this Privacy Policy. By using the Company Service, you agree to be bound by our Terms of Service. 
2. Types and Uses of Collected Information. Company collects two types of information about you: 

2.1 Personally Identifiable Information. Personally Identifiable Information is information that identifies a specific person. When you engage in certain activities via the Company Service, including but not limited to creating an account, sending feedback, or otherwise participating in the Company Service (collectively, “Identification Activities”), we may ask you to provide certain information about yourself. If you elect to engage in an Identification Activity we may ask you to provide us with certain personal information about yourself, such as your name, address (including zip code), email address, credit card information, telephone number and/or any other information you provide to us, to process your transaction, send communications about them to you, and populate forms for future transactions. When you enroll in the Company Service, we may also ask you to provide us with additional information, such 

as credit card information. Depending on the Identification Activity, some of the information we ask you to provide may be identified as mandatory and some identified as voluntary. If you do not provide mandatory information for an Identification Activity, you will not be permitted to engage in that Identification Activity with the Company Service. Depending on the Identification Activity, Company might not re-ask you for Personally Identifiable Information if such are already stored with us. If you enroll in the Company Service through a third party (such as Facebook or Google) then Company may receive Personally Identifiable Information from such third party and by using the Company Service, you consent to such receipt of Personally Identifiable Information and its use pursuant to this Privacy Policy by Company. 

1. We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data may be our analytics tracking software. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is based on your consent by using the Service. 
2. We may process your account data (“account data”). The account data may include your name and email address. The source of the account data will be you. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is based on your consent by using the Service. 
3. We may process your information included in your personal profile on our Site (“profile data”). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is based on your consent by using the Service.
4. We may process information contained in any inquiry you submit to us regarding goods and/or services (“inquiry data”). The inquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is based on your consent by using the Service. 
5. We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our Site (“transaction data”). The transaction data may include your contact details, your credit card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is based on your consent by using the Service.
6. We may use or share Personally Identifiable Information to provide products and/or services to you, to enable Third-Party advertisers to provide products and/or services to you, administer sweepstakes and contests, enhance the operation of the Company Service, improve our marketing and promotional efforts, analyze use of the Company Service, improve the Company Service, and tailor your experience with third parties as provided below in this Privacy Policy. We may also use Personally Identifiable Information to troubleshoot, resolve disputes, accomplish administrative tasks, contact you, enforce our agreements with you, including our Terms of Service and this Privacy Policy, comply with applicable law, and cooperate with law enforcement activities. 

2.2 Non-Personally Identifiable Information. Non-Personally Identifiable Information is information that does not identify a specific person. This type of information may include things like the Uniform Resource Locator (“URL”) of the website you visited before coming to the Company Service or otherwise participating in the Company Service, the URL of the website you visit after leaving the Company Service, the type of browser you are using, your Internet Protocol (“IP”) address, mobile carrier information, mobile device information, or general and/or aggregated location data that does constitute Personally Identifiable Information. We, and/or our authorized Third-Party Service Providers, may automatically collect this information when you visit or use the Company Service using electronic tools like Cookies and Web beacons or Pixel tags, as described below in this Privacy Policy. Most of the other information we collect for mobile, such as your mobile device identification and mobile device type, the request type, your mobile carrier, your mobile carrier user identification, and the content of your request, does not by itself identify you to Company, though it may be unique or consist of or contain information that you consider personal. We use Non-Personally Identifiable Information to troubleshoot, administer the Company Service, analyze trends, gather demographic information, comply with applicable law, and cooperate with law enforcement activities. We may also share this information with our authorized Third- Party Service Providers to measure the overall effectiveness of our products and services. 

3. Public Content. The information that you contribute through the Company Service is intended for public consumption, including your reviews, tips, photos, videos, check-ins, comments, likes, bookmarks, friends, lists, compliments, and account profile. We may display this information through the Company Service, share it with businesses, and further distribute it to a wider audience through third party sites and services. 
4. Communications. When you sign up for an account or use certain features, you are opting to receive messages and/or phone calls from other users of the Company Service, businesses, and Company itself. You cannot opt-out of Administrative Emails. “Administrative Emails” relate to your activity on the Company Service and include but are not limited to emails regarding your account, requests or inquiries, and purchases of products and services, if applicable. If you do not want to receive promotional emails from us, you may elect to opt-out of receiving promotional emails at any time after registering by e-mailing us at the email listed at the end of this Privacy Policy or by hitting the “unsubscribe” button at the bottom of any of our e-mails. We may track your actions in response to the messages you receive from Company or through the Company Service, such as whether you deleted, opened, or forwarded such messages. If you exchange messages with others through the Company Service, we may store them to process and deliver them, allow you to manage them, and we may review and disclose them in connection with investigations related to the operation and use of the Company Service. We may not deliver messages that we believe are objectionable, such as spam messages or requests to exchange reviews for compensation. If you send or receive messages through the Company Service via SMS text message, we may log phone numbers, phone carriers, and the date and time that the messages were processed. Carriers may charge recipients for texts that they receive. We may also store information that you provide through communications to us, including from phone calls, letters, emails and other electronic messages, or in person. If you are a representative of a business listed on the Company Service, we may contact you, including by phone or email, using the contact information you provide us, make publicly available, or that we have on record for your business. 
5. Release of Personally Identifiable Information. We will not sell or share your Personally Identifiable Information with other parties except as noted herein. 

5.1 Financial transactions relating to the Services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the 

purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at https://siteground.com. 

5.2 In addition, we reserve the right to disclose your Personally Identifiable Information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on us, enforce or apply this Privacy Policy, Terms of Service or other agreements or protect the rights, property or safety of the Company Service, users of the Company Service or others. 

6. Release of Non-Personally Identifiable Information. 

6.1 We may disclose or share Non-Personally Identifiable Information with Third Party Service Providers and the public. For example, we may share aggregated demographic information (which does not include any Personally Identifiable Information) or use Third Party Service Providers to track and analyze Non-Personally Identifiable usage and volume statistical information from our users to administer the Company Service. We may also publish this aggregated information for promotional purposes. Such data is collected on our behalf and is owned and used by us. 

6.2 We may use Third Party Service Providers to serve ads when you participate in the Company Service. These companies may use Non-Personally Identifiable Information about your visits and use of the Company Service, and visits to other websites or locations to provide, through the use of network tags, advertisements about goods and services that may be of interest to you. 

7. Updating Information. If you are enrolled in the Company Service, you may change any of your Personally Identifiable Information by logging into your account and accessing the “Member Profile Page” section of the Company Service. We encourage you to promptly update your Personally Identifiable Information if it changes, as out-of-date Personally Identifiable Information may negatively affect the quality of your Company Service experience. 
8. Choices on Collection/Use of Information. You can always choose not to provide certain information, although a certain level of information is required to engage and participate in the Company Service. Other users may be able to identify you, or associate you with your account, if you include personal information in the content you post publicly. You can reduce the risk of being personally identified by using the Company Service pseudonymously, though doing so could detract from the credibility of your contributions to the Company Service. 

Please also note that the messages you send or receive using the Company Service are only private to the extent that both you and the person you are communicating with keep them private. For example, if you send a message to another user, that user may choose to publicly post it. Also, Company may access and disclose such messages during investigations relating to use of the Company Service. 

9. Security of Information. You can access your Personally Identifiable Information via the Company Service with your password and username. This password is encrypted. We advise against 

sharing your password with anyone. If you access your account via a third-party site or service, you may have additional or different sign-in protections via that third-party site or service. You need to prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or other sign-in mechanism appropriately and limiting access to your computer, browser, or mobile device by signing off after you have finished accessing your account. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. If we believe that the security of your information may have been compromised, we may seek to notify you of that development. In addition, your Personally Identifiable Information resides on a secure server that only selected personnel and contractors have access to. We may encrypt certain sensitive information using Secure Socket Layer (SSL) technology to ensure that your Personally Identifiable Information is safe as it is transmitted to us. However, no data transmission can be guaranteed to be 100% secure. As a result, while we employ commercially reasonable security measures to protect data and seek to partner with companies that do the same, we cannot guarantee the security of any information transmitted to or from or via the Company Service, and we are not responsible for the actions of any third parties that may receive any such information. 

10. Your Rights. 

10.1 Your principal rights under data protection law are: 

1. the right to access; 
2. the right to erasure; 
3. the right to restrict processing; 
4. the right to object to processing; 
5. the right to data portability; 
6. the right to complain to a supervisory authority; and 
7. the right to withdraw consent. 

10.2 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data by visiting www.sunlitmountain.com/my-account when logged into our website. 

10.3 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. 

10.4 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. 

10.5 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose. 

10.6 To the extent that the legal basis for our processing of your personal data is: 

1. consent; or 
2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, 
3. and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others. 

10.7 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. 

11. Privacy Policies of Third Party Websites. This Privacy Policy only addresses the use and disclosure of information we collect from you via the Company Service. Other websites or services that may be accessible through the Company Service may have their own privacy policies and data collection, use and disclosure practices. If you use, link or visit any such website, we urge you review the website’s privacy policy. We are not responsible for the policies or practices of third parties. 
12. Privacy Settings. As a user, you may have limited access to privacy settings. These settings help hide information you wish to share with other users and/or the public. It is up to you to select the appropriate privacy settings. If you don’t agree with the available privacy settings, please stop using the Company Service. 
13. Data Retention and Account Termination. We will remove your public posts from view and/or dissociate them from your account profile, but we may retain information about you for the purposes authorized under this Privacy Policy unless prohibited by law. For example, we may retain information to prevent, investigate, or identify possible wrongdoing in connection with the Company Service or to comply with legal obligations. Please note that businesses cannot remove their business listings, ratings, or reviews by closing their accounts. 
14. Public Areas. We may provide areas on the Company Service where you can publicly post information about yourself or can communicate with others such as on forums. This information may be accessible by other users and companies and may appear on other websites or web searches, and therefore this information could be read, collected, and used by others. We have no control over who reads your postings or what other users may do with the information you voluntarily post, so please use caution when posting any content or providing anything that could be deemed personal information. 
15. Notice of Privacy Rights to California Residents. California law requires that we provide you with a summary of your privacy rights under the California Online Privacy Protection Act (“COPPA”) and the California Business and Professions Code. As required by COPPA, we will provide you with the categories of Personally Identifiable Information that we collect through the Company Service and the categories of third party persons or entities with whom such Personally Identifiable Information may be shared for direct marketing purposes at your request. California law requires us to inform you, at your 

request, (1) the categories of Personally Identifiable Information we collect and what third parties we share that information with; (2) the names and addresses of those third parties; and (3) examples of the products marketed by those companies. COPPA further requires us to allow you to control who you do not want us to share that information with. To obtain this information, please send a request by email or physical mail to the address found below. When contacting us, please indicate your name, address, email address, and what Personally Identifiable Information you do not want us to share with our marketing partners. The request should be sent to the attention of our legal department and labeled “California Customer Choice Notice.” Please allow 30 days for a response. Also, please note that there is no charge for controlling the sharing of your Personally Identifiable Information or requesting this notice. 

16. Children. The Company Services are not directed to people under the age of eighteen (18). If you become aware that your child has provided us with personal information without your consent, please contact us at the email address listed below. If we become aware that a child under eighteen (18) has provided us with personal information, we take steps to remove such information and terminate the child’s account. 
17. Customer Service. For assistance or questions regarding this Privacy Policy or the Company Service, you may contact us at the address below.

Marisa Moore

2519 S Shields Street

Suite 1K #542

Fort Collins, CO 80526

admin@sunlitmountain.com