Privacy Policy

Effective Date: January 7, 2020

This Privacy Policy covers the collection, use, and disclosure of Personal Data/Personally Identifiable Information (as defined by applicable law and hereinafter collectively referred to as “Personal Data”) when visitors and Customers (collectively “Users”) interact in-person, by phone, or otherwise access (the “Site”) and/or the related mobile applications (collectively the “Platform”) and the software and services made available through the Platform.

The Platform is owned and operated by Catchbright, LLC doing business as Drill Me Now with offices in the United States. This Policy governs the data collection practices when you interact with Drill Me Now (hereinafter referred to as “DMN”). DMN collects Personal Data from its Users around the world and processes, transfers and stores data within the United States. By checking the “I agree to the Terms of Service & consent to the Privacy Policy” box and subject to your opt-in/opt-out preferences, you consent to the collection, use and disclosure practices identified in this Privacy Policy.

All capitalized terms and phrases used herein but not otherwise defined shall have the same meanings given to them in DMN’s Terms of Service.

1. What Information is Collected by DMN And How Is It Used?

Customer Orders: When you initiate an Order, whether the Order is completed or not, DMN may request and store:

Order-related information collected by DMN will be utilized to (i) fulfill an Order and/or (ii) assist in any dispute resolution. Emails will also be utilized to provide technical, service-related and marketing communications regarding our Services; and/or communicate material changes to our Terms of Service and Privacy Policy. Customers may unsubscribe from marketing communications at any time through the opt-out link contained within those communications or by contacting DMN at [email protected].

Subscribe to Mailing List or Request Additional Information: Users may optionally provide their email address to subscribe to our mailing list or to request additional information regarding our products and services. All Users may unsubscribe at any time through the opt-out link contained within those communications or by contacting DMN at [email protected].

Other interactions with DMN: Additionally, data may be collected and stored when you:

DMN related interactions with Last Minute Gear: Drill Me Now operates as a pop-up within Last Minute Gear, as such, data may be collected and stored when you:

IP Addresses, Web Beacons, & Cookies: When a User accesses the Site, our web servers recognize your IP address and certain other information about your computer. This is necessary to facilitate transactions, administer the web server, and track down problems. DMN utilizes web beacon & cookie technology to gather information on Internet use in order to serve Users more effectively. As described in Section 2, DMN also utilizes third party analytics services which may also use tracking cookies to provide information about the use of our Platform. Users can set their browser to remove or reject cookies and/or accept or refuse cookies on the cookie consent banner on the Site itself. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based page or the European Union (“EU”) based Your Online Choices. Please be advised, however, that some Platform features/services may not function properly without cookies.

2. Is Information Collected By Or Disclosed To Third Parties?

DMN does not sell, trade, rent, or lease Personal Data to any third parties. DMN utilizes and shares Personal Data with the following data processors:

Hosting Services: DMN stores all data generated on or through the Platform on Heroku to facilitate its cloud hosting services. Users should click on the hyperlink for more information on its data collection and privacy practices.

Credit or Debit Card Payment: DMN will collect Customer credit card information (including credit/debit card number, expiration date, verification code and billing address information) to process Platform-related payments. DMN does not itself store debit or credit card information on its servers. DMN offers Stripe as a third party payment processor to process purchases made through the Platform. Collected information is sent to Stripe which then sends us back a multi-use token that DMN stores on our servers. This token is unique to a specific card with a specific merchant, and ensures only DMN can ever use the token to process subsequent transactions. DMN utilizes this feature for a customer's convenience so you do not have to re-enter credit card information. For more information on its data collection and use practices of these payment processors, please review Stripe’s Privacy Policy.

Marketing Services: We use MailChimp as our marketing platform for all marketing communications, such as our email newsletter. By subscribing, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp's privacy practices here.

Courier Services: DMN may use third party courier services to handle delivery or pickup of Customer Item(s). In order to utilize these services, DMN may release Customer contact information (e.g., email, phone, name) and addresses. We enter into contracts with such third parties regarding the services to ensure Personal Data is handled consistent with DMN’s Privacy Policy and applicable law.

Anonymous Data – MixPanel Analytics: DMN utilizes MixPanel for tracking user-driven events such as how much time Users spend within our Platform, trends over time, and aggregate results across accounts. This information will be utilized by DMN to improve our Services. MixPanel collects information in accordance with its Privacy Policy. Users can opt-out of MixPanel’s automatic retention of data collected by clicking here: MixPanel Opt-Out. If you get a new computer, install a new browser, erase or otherwise alter your browser's cookie file (including upgrading certain browsers) you may also clear the MixPanel opt-out cookie.

Sharing Services: Users may follow DMN and/or share information on social media sites such as Google, Facebook, Twitter, LinkedIn, Instagram, and Pinterest. Users who follow/share on such third party sites are subject to the data collection and privacy practices of such third party sites. Users should click on the applicable hyperlink for each share-service to review for more detail about information collected from these services. Users may choose to share information using social plug-ins provided by AddThis, their privacy policy is available here.

Third Party Services – Internal Use: We may share Personal Data with third parties who provide services on our behalf for purposes such as accounting, facilitating the exchange of data between DMN’s employees, internal reporting purposes, etc. We enter into contracts with such third parties regarding the services to ensure Personal Data is handled consistent with DMN’s Privacy Policy and applicable law.

Mandatory Disclosure of Sweepstakes Winner Information Upon Request: DMN is required, under applicable law, to provide to a list of winners’ names for of any DMN sponsored sweepstakes to any third party who requests identification of such winners.

Other Potential Third Party Disclosures: Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if DMN is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.

3. How Does DMN Comply With The Children’s Online Privacy Protection Act and GDPR Regulations Relating to Children?

Only persons age 18 or older are authorized to establish an account or initiate an order. We do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that his or her child (a) under the age of 16 in applicable EU Member Countries, or (b) under the age of 13 in the U.S. and applicable EU Member Countries, has provided us with Personal Data without parental consent, he or she should contact DMN at [email protected]. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s country of residence.

4. How Long Does DMN Retain Personal Data Collected?

We will retain account and order data as long as it is necessary to facilitate Customer’s use of the Platform and related services. Personal Data obtained from Site Visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a Visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as DMN determines such data is commercially necessary for it legitimate business interests.

5. EU General Data Protection Regulation (“GDPR”) Notices

Data Controller. The information that we collect, process and/or use through the Platform is controlled by Catchbright, LLC., 563 Sutter Street, San Francisco, CA 94102. Users may also contact us at any time by emailing us at [email protected].

We will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract for services with you), and “legitimate interests.” Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at [email protected].

Users within the EU may email DMN at [email protected] in order to exercise their GDPR rights to:

Where we rely on your consent to collect Personal Data, you may withdraw your consent either through the opt-out links provided in this Privacy Policy or through the contact information contained within this Section.

For all GDPR-based requests made pursuant to this section, DMN will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.

6. Transfer of Data to Servers in the United States

If you are located outside the United States and are visiting the Platform, you should be aware that Personal Data will be transferred to the United States, the laws of which may be deemed by your country of residence to have inadequate data protection. If you are located in a country outside the United States and voluntarily submit Personal Data to place an Order for any Item, such Personal Data shall be transferred to the United States for the legitimate interest of performing our contractual obligations to you. If you submit Personal Data to request information or subscribe to our newsletters, you explicitly consent to the general use of such information for marketing and informational purposes and to the transfer of that information to, and/or storage of that information in, the United States. All Personal Data transferred shall be collected and utilized in accordance with the terms of this Privacy Policy.

You may ask to review and correct the personal information that we maintain about you, or submit a complaint about our collection or use of your personal information, by sending a request to [email protected].

7. Your California Privacy Rights

California law permits California-resident to request and obtain from DMN once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.

8. What is DMN’s Security Policy?

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. DMN utilizes activity logs to identify any unusual activity, from authorized or unauthorized individuals accessing our systems or making changes to stored information. We regularly perform preventative system maintenance and monitoring to ensure the security of our data systems. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.

In addition, DMN utilizes a PCI-DSS compliant third party payment processor to ensure the security of Customer’s Personal Data. Customers should review Stripe’s Privacy Policy for more information on their security practices.

9. How Does The Platform Respond To “Do Not Track” Signals?

“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-Platform user tracking. At present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.

10. How Will I Be Notified Of Changes To Your Privacy Policy?

If we make material changes to our Privacy Policy, we will notify you by (1) changing the Effective Date at the top of the Privacy Policy, (ii) sending an email to all active account holders, and (iii) add a banner/notification to the Platform itself. Express consent will be obtained when required for any material changes in DMN’s collection and use practices.

11. Contact Us

If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: DMN, Attention: Privacy Department, 563 Sutter Street, San Francisco, CA 94102 or at [email protected]