EU Resident Rights under the GDPR

These disclosures apply only to our processing of Personal Data within the scope of the General Data Protection Regulation (“GDPR”) from one or more of the European Union Member States plus Iceland, Lichtenstein and Norway (together known as the “European Economic Area” or “EEA”).

The GDPR went into effect on May 25, 2018. As a resident of the EU or EEA, you have certain rights with respect to the processing of your personal data, including:

Access. You have the right to know if we are processing personal data about you and, if so, to access and obtain a copy of personal data about you, as well as information relating to the processing of that data.

Correction. You have the right to have us promptly correct or update any personal data about you that is inaccurate or incomplete.

Erasure. You have the right to request deletion or erasure of your personal data in a number of circumstances as required by law, including when no longer need the personal data for the purposes for which it was collected, you have withdrawn consent or, when we are relying on legitimate interests as a legal basis, and your rights override our legitimate interests.

Portability. You have the right to obtain a copy of the personal data we hold about you in a structured machine-readable format and to have it transmitted to another controller. This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.

Restriction of Processing. You have the right to restrict or limit the ways in which we process your personal data when you contest the accuracy of the personal data, when your data has been obtained by us unlawfully, when you have objected to our processing of the data and we are considering whether to cease processing, or when we no longer need to process the personal data.

Withdrawal of Consent. When we rely on consent as the basis for processing personal data, you have the right to withdraw your consent.

Objection. You have the right to object to our processing of your personal data when we are relying on legitimate interests as our legal basis and your rights override our legitimate interests in processing their personal data. You also have the right to object to our processing of their personal data for direct marketing purposes.

Complaint. You have the right to make a complaint about our personal data handling practices to your local Supervisory Authority.

Retention

We retain personal data pursuant to our records retention program, for as long as is necessary for the purposes set out in our Privacy Policy unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with Article 5(1) of the GDPR.

Cross Border Transfer

Personal data that you directly provide to us through our Website is stored on servers in the United States. We do not transfer any personal data from the EEA to the United States without your prior express consent. We do not transfer any personal data from the United States to other countries unless they have adequate protections in place to protect it.

Data Security

We seek to use reasonable organizational, technical and administrative measures to protect personal data within our firm. Unfortunately, no data system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately contact us.

Contact

If you have questions or concerns about your rights as they relate to this Privacy Policy or the Website, please direct your inquiries to:

Munchkin, Inc.
Attention: EU Privacy Rights
7835 Gloria Avenue
Van Nuys, CA 91406
Email: privatepolicy@munchkin.com
1-800-344-BABY (2229)