Sandhills Global Privacy Policy

If you are a California Resident, then this Privacy Policy does not apply to you. If you are a California resident see our Privacy Policy for California Residents by Clicking Here.

Any reference to “Sandhills” or the “Company” or the “business” or “we” or “our” or “us” in this Privacy Policy shall mean Sandhills Global, Inc, a corporation registered in the State of Nebraska (USA) with its registered address at 120 W. Harvest Drive, Lincoln, Nebraska, 68521, USA and the Sandhills Group Companies (Sandhills Pacific Pty Ltd, Sandhills East Limited, Sandhills Italy SRL, Sandhills South Africa Pty Ltd).Any reference to consumer or you or your shall mean the individual that is accepting the Privacy Policy or the entity for which you are acting on behalf of and are representing and warranting that you are an authorized representative of that person or entity with the authority to bind such person or entity to the terms of this Privacy Policy on its behalf.

Throughout this policy, we use the term Personal Data to mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; Personal Data includes any similar terminology such as “personal information” or “personally identifiable information” that may be used in relevant federal, state, or international laws related to privacy or the protection of Personal Data.

This Privacy Policy tells you about your privacy rights and sets out how we, as a controller, collect, use, process and disclose your Personal Data relating to your interactions with the Brands and Services and these corresponding websites (the Websites), which are owned and operated by the Sandhills Group Companies. This Privacy Policy should be read in conjunction with our Cookies Policy.

Our Privacy Policy is regularly reviewed to ensure that we continue to respect your privacy. We reserve the right to update this Privacy Policy from time to time by publishing the updated version on the Websites. We therefore encourage you to review our Privacy Policy periodically for the most up to date information.

We take great care of any information that you give us, and in the following paragraphs we set out how any Personal Data you give us is treated.

1. WHY DO WE HAVE THIS POLICY?

Your privacy is important to us, and we are committed to protecting your Personal Data from unauthorized use or disclosure. We will therefore use your Personal Data, and transfer it to others, in accordance with this Privacy Policy.

Our Privacy Policy applies whenever you visit the Websites, during the period you receive services from us, and during the process of you ordering products or services from us and afterwards.

2. WHAT PERSONAL DATA WE COLLECT?

We collect the following categories of Personal Data to provide you with our services:

• Identifiers: This includes information that identifies, relates to, describes or is capable of being associated with, a particular individual such as name, address, identifiers, email, telephone numbers, fax number, etc.
• Payment Information: This includes form of payment, account numbers, credit or debit card numbers, and transaction details.
• Commercial Information: This includes details regarding the purchase, inquiry or consideration of our services.It also includes data regarding bid history, information about personal property you own or wish to sell or buy, etc.
• Sensory Information: This includes photographs, videos, and voice recordings.
• Geolocation Information:This includes physical location or movements including precise geolocation, such as that provided by GPS devices or using WiFi triangulation; it does not include a postal address, which is considered to be Category (a) above.
• Demographic Information: This includes income and professional information. For purposes of this Privacy Policy, Demographic Information does not include age, race, ethnicity, etc.
• Profile Information: Any form of automated process performed on Personal Data to evaluate, analyze, or predict personal aspects related to an identified or identifiable individual's economic situation, personal preferences, interests, reliability, behavior, location or movements.
• Internet or Similar Network Activity: This includes mobile device and online identifiers, Mac address, IP address, cookie IDs, browser activity, search history, social media information, and information regarding your interaction with our website or mobile application.
• Messaging and Phone Call Information: This includes content of messages that you send using our products and services that include messaging capabilities and recordings of phone calls placed to one of our provided phone numbers.

3. HOW IS EACH CATEGORY OF PERSONAL DATA USED?

We will use the categories of Personal Data collected for the processing purposes listed below. For data subjects located in the EEA or the UK (or anywhere else where such information is required), we provide our legal basis for processing under Article 6, GDPR.

4. CATEGORIES OF THIRD PARTIES WHO MAY RECEIVE YOUR PERSONAL DATA FROM US

We may disclose your Personal Data to various third parties. Some third parties act as our service providers with whom we have shared your Personal Data for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Data confidential, and prohibit using the disclosed information for any purpose except performing the contract. Additionally, some of these disclosures of your Personal Data are made to provide you with a product or service at your request or they are made at your direction in order to interact with the third party, and are therefore not considered a “sale” under applicable state laws. The table below describes the categories of third parties with whom we may disclose your Personal Data and our business purpose for that disclosure.

We do not sell Personal Data for monetary consideration, but we may share Personal Data to certain third parties for purposes of targeted advertising. We include a column in the table below that describes what categories of Personal Data are shared for purposes of targeted advertising with which categories of third party recipients.

5. SOCIAL MEDIA, BLOGS, REVIEWS, SIMILAR SERVICES, AND OTHER TECHNOLOGIES

Any posts or comments you make to us on social media will be shared under the terms of the relevant social media platform (for example, Facebook or Twitter) on which they are made and could be made public by that platform. These platforms are controlled by third parties and not by us, so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.

Any blog, review or other posts or comments you make about us, our products and services on any of our blog, review or user community services will be shared with all other members of that service and the public at large.

You should ensure that any comments you make on these services, and on social media in general, are fit to be read by the public, and in particular are not offensive or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

We may use or one of our business partners may use web cookies, pixels, web beacons, and other standard internet technologies to track your use of the Websites. We also may also include these technologies in e-mail messages or newsletters to determine whether messages have been opened and acted upon. Some of these may pass information about your interactions to our business partners.

6. SECURITY OF YOUR INFORMATION

We have generally taken reasonable measures to protect the confidentiality and integrity of your Personal Data by implementing administrative, technical, and physical controls appropriate to the type, amount, and character of Personal Data we process. For example, Personal Data provided through the Websites is stored on our secure servers, or those of third parties providing us with IT-related services or resources, and is protected and controlled through modern access control methods.

Where we have given you, or you have chosen, a password which enables you to access your account or certain parts of the Websites, you are responsible for keeping the password confidential and must not share it with anyone. You are responsible for any actions carried out using your password except where there has been fraud.

7. THIRD PARTY LINKS

The Websites may contain links to the websites of third parties. If you follow a link to any third-party website, please note that these websites will have their own privacy policies and we do not accept any responsibility or liability in respect of the same.

8. CHILDREN

The Websites are not intended for children (under 18 years of age) and we do not knowingly collect data relating to children. We will not knowingly process sensitive data or Personal Data collected from a child without obtaining parental consent. If you believe that we may have collected Personal Data relating to a child, please contact us immediately by emailing us at [email protected].

9. YOUR RIGHTS AND CHOICES

You have several rights in relation to your Personal Data under applicable privacy and data protection law, which may be subject to certain limitations and restrictions. Depending on your country or state of residence or domicile, you may have other legal rights over the information we collect from you and your devices. We will honor all such rights as required by applicable law. Please see the descriptions of the data rights below and the methods for submitting such a request.

Rights Specific to Persons in the European Economic Area and United Kingdom (GDPR)

You have a right to object to the processing of your Personal Data in those cases where we are processing your Personal Data in reliance on our legitimate interests. In such a case we will stop processing your Personal Data unless we can demonstrate compelling legitimate interests which override your interests and you have a right to request information on the balancing test we have carried out.

You also have the right to object where we are processing your Personal Data for direct marketing purposes. We provide the means for you to stop all email and text (SMS or MMS) communications you receive from us – please see the "unsubscribe" link and "STOP" details we include in each email and text respectively. You can also contact us at any time using the details below and let us know what you would like us to change.

If we are processing your Personal Data on the legal basis of consent, you are entitled to withdraw your consent at any time. However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent.

Rights Available to Residents of Certain US States and Persons in the European Economic Area and United Kingdom

As stated above, California residents should see our Privacy Policy for California Residents by Clicking Here.

Right to Know and Right to Data Portability (CO, VA, CT, UT, TX, OR, MT, DE, IA, NE, NH, NJ + EEA/UK)

You have the right to know if we process your Personal Data and to access the specific pieces and/or categories of Personal Data that we collect and maintain about you. Additionally, some jurisdictions allow you to obtain a list of the categories of third parties that we have disclosed your personal data to as well. Once we receive your request and confirm your identity, we will disclose to you the information that we are required to produce. However, certain exceptions may exist as to what Personal Data we are required to produce. If we are not required to produce certain Personal Data or an exception exist under applicable law then we may inform you of the categories of data that we have not produced, when required by applicable law.

When exercising your right to know, you also have the right to obtain the Personal Data in a portable readily usable format that allows you to transmit the data to another entity. However, certain exceptions may exist under applicable law to our duty to provide you with your Personal Data.

Right to Delete (CO, VA, CT, UT, TX, OR, MT, DE, IA, NE, NH, NJ + EEA/UK)

You have the right to delete Personal Data that we have about you, subject to certain exceptions under applicable law. Once we receive your request and confirm your identity, we will review your request to see if any exceptions exist to your request. We will delete or anonymize Personal Data not subject to one of these exceptions from our records and we will direct our service providers to take similar action, when required by law.

Right to Correct (CO, VA, CT, TX, OR, MT, DE, NE, NH, NJ + EEA/UK)

You have the right to request that we correct any of your Personal Data that we collected from and/or about you, which is inaccurate. Once we receive your request and confirm your identity, we will review your request and respond accordingly.

Right to Opt-Out of Sale (CO, VA, CT, UT, TX, OR, MT, NV, DE, IA, NE, NH, NJ) and Targeted Advertising (CO, VA, CT, UT, TX, OR, MT, DE, NE, NH, NJ)

You have the right to opt-out of the processing of Personal Data for the purpose of targeted adverting or the sale of Personal Data.

Right to Non-Discrimination (CO, VA, CT, UT, TX, OR, MT, DE, IA, NE, NH, NJ + EEA/UK)

We will not discriminate against you for exercising any of your rights. This means that we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, except that we may offer certain financial incentives (such as loyalty, rewards, premium features, discounts, or club card programs) in exchange for permission to use your Personal Data.
• Provide you a different level or quality of goods or services.

10. ADDITIONAL STATE SPECIFIC RIGHTS

Depending on your state of residence or domicile, you may have additional legal rights over the information we collect from you and your devices. We will honor all such legal rights. Please see the descriptions of these additional rights that your state may provide.

Right to Appeal (CO, CT, VA, TX, OR, MT, DE, IA, NE, NH, NJ)

You have the right to appeal a decision to deny a request to exercise any of the rights that you are provided under applicable law. The request for appeal must be submitted within a reasonable time after receipt of a decision made by us on your request.

Right to Designate an Agent to Exercise Your Rights on Your Behalf (CO, CT, UT, TX, OR, MT, DE, IA, NE, NH, NJ)

Generally, only you can make a request on your behalf. However, you may allow an authorized agent to make a request on your behalf. The authorized agent will confirm their status as such on the web form for the relevant rights request landing page when submitting the request. The authorized agent must be provided with written permission signed by you authorizing the authorized agent to make a request on your behalf or have some other legal authority to act on your behalf. Additionally, we may require the authorized agent to produce evidence of their authority to act on your behalf before we process a request.

A known child’s parent or legal guardian may invoke such consumer rights on behalf of their child, as allowed by applicable law.

Right to Opt-out of Profiling That Produces Legal or Significant Effects on You (CO, CT, VA, TX, OR, MT, DE, NE, NH, NJ)

Certain states have the right to opt-out of the processing of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers. However, we do not collect information that produces a legal or similarly significant effect in regards to a decision that results in the provision or denial of financial or lending services, housing, insurance, education enrollment or opportunity, criminal justice, employment opportunities, health-care services, or access to essential goods or services.

11. EXERCISING YOUR RIGHTS

If you need general account assistance from a customer support representative, then use one of the methods at our contact us page.

To exercise your rights described above, please submit a request by either:

• Calling the following telephone number and submit your request. +1-844-203-0366
• Sending an email to, [email protected], with your relevant information and a description of your request.
  • Right to Appeal: If your request has been denied, you may have the right to appeal such decision. You can exercise your right to appeal by replying directly to the email you are appealing.
• Online Request Form: The links below will take you to specific landings pages for each right where you can then select your state or country of residence, who is submitting the request, and attest to your residency. Once, you have filled out this information then you will be sent to a fillable web form to complete.
  • Request to Know/Right to Data Portability: https://www.sandhills.com/privacy-rights/request-form?type=know
  • Request to Delete: https://www.sandhills.com/privacy-rights/request-form?type=delete
  • Request to Correct: https://www.sandhills.com/privacy-rights/request-form?type=correct
  • Request to Opt-out of Sale of your Personal Information and Opt-out of Targeted Advertising: https://www.sandhills.com/privacy-rights/request-form?type=Do-Not-Sell
  • Right to Designate an Agent to Exercise Your Rights on Your Behalf: This can be selected on the relevant landing page for the right your authorized agent is exercising on your behalf.

As a part of the request process, we may require you to:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative, which may include:
  • If we maintain a password-protected account with you, Sandhills may verify your identity through Sandhills’ existing authentication practices for your account.
  • Matching at least two data points provided by you with data points maintained by Sandhills, which Sandhills has determined to be reliable for the purpose of verifying you.
  • May include matching at least three pieces of Personal Data provided by you with Personal Data maintained by us that we have determined to be reliable for the purpose of verifying you together with a signed declaration under penalty of perjury that you are the person whose Personal Data is the subject of the request.
  • Us verifying your identity to a reasonable or reasonably high degree of certainty depending on the sensitivity of the Personal Data and the risk of harm to the consumer posed by an unauthorized request.
  • Us verifying the consumer’s identity based on Personal Data that is not the subject of the request.
  • Requesting additional information from you if we cannot verity your identity from the information already maintained by us. Such additional information will only be used for purposes of verifying your identity regarding exercising your rights under the applicable data privacy laws, security or fraud-prevention.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Once we receive your request and confirm your identity, when required to do so by law, we will review your request to see if an exception applies under applicable law. We endeavor to substantively respond to your request within the prescribed time under applicable law. If we are allowed to and need to extend our time to respond then we will inform you of the reason and extension, as well as any additional information required by law.

Generally, we do not charge a fee to process or respond to your request. However, if you submit multiple requests, some laws allow us to charge you a fee in certain situations or deny processing any further requests. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. You do not need to create an account with us to submit a request.

We will only use Personal Data provided in the request to verify the requestor's identity or authority to make it, respond to the request, or effectuate the request. We may also retain some Personal Data for recording keeping purposes to show that we have complied with your request.

12. ADDITIONAL INTERNATIONAL PRIVACY STATEMENTS

For information regarding our lawful basis for processing your Personal Data see Section 3.

In accordance with our legal data protection and privacy obligations, we will only retain your information for as long as we need it to achieve the purpose(s) for which we obtained it in the first place, as required by law, and for the exercise or defense of legal claims.

Although we are based in the US, our subsidiaries may independently collect your Personal Data and pass it on to our U.S. parent company and other service providers where it may be stored and processed in the U.S. To the extent that it is necessary to transfer your Personal Data outside of the EEA or any other country with data privacy laws that require additional protections, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such Personal Data, including appropriate safeguards under Article 46 or adequacy decision under Article 45, or any equivalent or additional required protections under your country’s laws.

If we use automated decision-making, including profiling, then we will provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; however, we do not currently use any automated decision-making or profiling tools, services, or mechanisms of any kind. If this changes, we will provide adequate notice to affected persons.

You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your Personal Data infringes the GDPR or other equivalent laws.

13. CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Website and update the notice's effective date. If there is a material change we will inform you of it by either sending an email notification and/or obtain your consent, when required by applicable law. Your continued use of our Websites following the posting of changes or your receipt of notice of material changes constitutes your acceptance of such changes.

14. CONTACT INFORMATION

If you have any questions or comments about this notice, the ways in which we collect and use your information described here in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under applicable law, please do not hesitate to contact us at:

Last Update: January 2, 2025

V1-1-2025