Who Are We?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means Kick The Ceiling, LLC. Kick The Ceiling, LLC is based in Florida, USA.
Privacy Notice Overview
This Privacy Notice describes how and why we, as Data Controller, obtain, store and process personal data. ‘Personal data’ means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. We commit to processing your personal data fairly, lawfully, and transparently. In the spirit of data privacy principles, we will only collect and use your personal data for the following purposes, to:
- Provide our services
- Improve our services
- Make our marketing more relevant
- Meet our legal responsibilities
Please do not hesitate to contact us if you have questions in addition to the information provided in this Privacy Notice at firstname.lastname@example.org.
The Personal Data We Collect
Depending on the type and level of engagement you have with us, we may collect the following categories of personal data:
- Identifying and Demographic Information: such as your full name, date of birth, email address and phone number (if provided)
- Billing Information: such as payment preferences, address, bank account details (if provided)
- Communications: such as a records of our interactions with you using one or multiple of the following; direct messages, emails, posts, phone conversations
- User Feedback: while using our services, occasionally you may be asked to provide feedback. Providing this feedback is entirely optional.
When you visit our website, we collect technical data such as:
- Usage data: (if permitted) we collect certain information related to your device, such as your device’s IP address, what pages your device visited, and the time that your device visited our website (for more information please see ‘Our Use of Analytics’ section)
- Cookies: (if permitted) your IP Address and other information provided to us by cookies (for more information please see our Cookies Policy)
While our services are designed for a general audience, we will not knowingly collect any data from children under the age of 16 or sell products to children. If you are under the age of 16, you are not permitted to use or submit your data to the website.
Children’s Online Privacy Protection Act (COPPA)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
How We Collect Your Data
We may collect your personal data in one of the following ways:
- When you create an account with us
- When you provide additional information directly into our products and services
- When you visit our website
- When you express an interest to use our services
- When you contact us for service related queries
- When you engage with us on social media
- When you review our services
- When you interact with our website (see our Cookies Policy for more details)
- When you apply for an employment vacancy with us
- When you subscribe to our newsletter or blog
- When you contact us with queries using our website chatbot
- When you buy products/services using our online checkout
We may also receive data about you from various third parties, including:
- Technical data from analytics providers. Please see further information in the section entitled ‘Our Use of Analytics’
- Contact and/or transactional data from our trusted third party providers. Please see further information in the section entitled ‘How We Share Your Data’
- Text messaging originator opt-in data and consent will not be shared with any third parties.
How We Use Your Personal Data
We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it. We will only collect personal data from you when:
- We have your consent to do so, or
- We need your personal data to perform a contract with you, or
- We are pursuing our legitimate interests in a way that you might reasonably expect to be a part of running our business and that does not significantly impact your interests, rights, and freedoms. For example, communicating with you if we have a sufficient legal ground based on the e-marketing laws in your country
- We have a legal obligation to collect or disclose personal data from you (for example, in suspected instances of fraud we may need to give personal data to relevant government bodies).
Why We Process Your Personal Data
We process your personal data in order to fulfil any of the activities below:
- Setting up an account with us (Legal basis: Performance of a contract)
- Providing, operating, and maintaining our services (Legal basis: Performance of a contract)
- Providing communications to existing customers or subscribed users (Legal basis: Consent or Legitimate Interest)
- Processing and completing transactions, and sending related information, including transaction confirmations and invoices (Legal basis: Performance of a contract)
- Managing our customers’ use of our services, responding to enquiries and comments, and providing customer service and support (Legal basis: Performance of a contract)
- Sending customers technical alerts, updates, security notifications, and administrative communications (Legal basis: Performance of a contract)
- Analytics to improve our website, products, services, and features for a better user experience. (Legal basis: Legitimate Interest or Consent – see the “Our Use of Analytics” sections for more information)
- Investigating and preventing fraudulent activities, unauthorised access to our services, and other illegal activities (Legal basis: Legal Obligation)
- Processing your job application (Legal basis: Consent)
- Email marketing (if applicable): Where we have a legal basis, we may send emails about our store, new products, and other updates (Legal basis: Legitimate Interest or Consent – see our “Marketing Preferences” section for more information).
- Text marketing (if applicable): We may send text messages about our store, new products, and other updates. Updates include Checkout Reminders. The website uses webhooks and cookies (with your consent) to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS (Legal basis: Legitimate Interest or Consent – see our “Marketing Preferences” section for more information).
How We Share Your Data
We sometimes share your personal data with our trusted categories of third parties we use to conduct our business. Our trusted categories of third parties include:
- Website provider
- Cloud service (SaaS) providers
- Social media providers
- Professional services providers (e.g., our lawyers, accountants, and insurance providers)
- E-marketing providers
- Advertising providers
- Recruitment partners
- Payment providers
A full list of our data sub-processors can be found in our Privacy Center on our website.
As part of fraud monitoring and prevention, we may be legally required to share your personal data with government bodies and law enforcement. Please note that these bodies may retain a record of the information that we provide to them for this purpose.
We may send you direct marketing communications, product information and promotional offers:
- If you have consented to receiving such communications from us
- If we have an existing business relationship with you and can rely on your implied consent
- If you are from a country where the laws permit us to send you such communications based on our legitimate interests, if you have bought a product or service from us, and have not opted out of receiving communications from us (for example the EEA or UK)
- If you are from a country where the laws permit us to send you such communications
The marketing communications we send will be in relation to our own products or services, your personal data will not be used for third-party direct marketing unless separate explicit consent has been collected for that or you are from a country where the laws permit such processing.
You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us at any time:
- You can unsubscribe by using the unsubscribe directions or link included in marketing communication from us; or
- You may withdraw your consent by contacting us by e-mail at email@example.com.
Customers located in certain regions, such as the EEA and UK, also have the right to object to their personal data being processed for direct marketing purposes at any time. If you would like to object you can contact us by e-mail at firstname.lastname@example.org.
We will process all requests as soon as possible, but please note that due to the nature of our IT systems and servers it may take a few days for any opt-out request to be implemented.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, it won’t affect the user’s experience.
Our Use Of Analytics
We use analytics tools on our website and services. For example, we use tools such as Google Analytics to analyse and improve our suite of product features, website content, knowledge center content and marketing campaigns.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We have implemented the following:
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the ActiveCampaign cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
If you would like any further information about the data collected by these third parties or the way in which the data is used, please contact us at email@example.com.
Our Use Of Targeted Advertising
We use targeted advertising tools to advertise our services, including (but not limited to):
- Google Analytics
- FaceBook (including Instagram)
- Google Ads
We use these tools to deliver relevant content to you in marketing communications (where applicable), and to measure the effectiveness of the advertising provided.
If you would like any further information about the data collected by these third parties or would like to opt-out of targeted advertising, please contact us on firstname.lastname@example.org.
Our Use Of Targeted Advertising
When you visit our website, log in, register, or open an email, cookies, ad beacons, and similar technologies may be used by our online data partners or vendors to associate these activities with information they or others have about you, including your email address. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
Links To Other Websites
Our website may include links to social media platforms and other websites. If you follow a link to any of these platforms or websites, please note that they their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their platforms or websites.
Securing Your Data
The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved.
We have put in place physical, electronic, and managerial security procedures in the storage and disclosure of your personal data to protect it against accidental loss, destruction, or damage. Nevertheless, any data transmission over the internet or by any other means can never be fully secure, such is the character of the internet, and provision of personal data by you to us is at your own risk. We take all reasonable measures to protect your personal data by putting appropriate technical and operational security measures in place.
When we disclose your personal data to trusted third parties (for the purposes set out in this Privacy Notice and our list of Data Sub-Processors), we require all third parties to have appropriate technical and operational security measures in place to protect your personal data, and we work with them to ensure that your data privacy rights are respected. Where your personal data is shared with a third party, it must only be used for the purposes for which it was supplied.
In the unfortunate event of a personal data breach, we will notify you and any applicable data protection authority when we are legally required to do so.
Retaining Your Data
We will not keep your personal data for longer than is necessary and when we no longer need to keep it, we will securely destroy, delete or anonymise it in line with our Data Retention policy.
Having obtained your consent (or other legal basis) to contact you, we will retain your personal data for marketing and analysis purposes until you withdraw your consent or unsubscribe. If you choose to withdraw your consent or unsubscribe from marketing, we will delete your personal data from our systems, unless we have another legal basis to retain it, which may include performance of our contract with you or to maintain your contact details on an ‘unsubscribed list’ to ensure we do not send you further communications.
We may need to retain your personal data to satisfy our legal obligations, to deal with complaints and queries, in order to resolve, litigate or defend a dispute and to prevent fraud and abuse.
Our servers are hosted outside the EEA. If you are using our services from another country, the laws governing our collection and use of information may be different from the laws of your country. By default, if you decide to use our services, or share your information with us, you are agreeing to be governed by the laws of United States, and agree to the transfer of your information to the United States.
However, at 1st Phorm International, LLC, we endeavour to take all steps necessary to ensure that there is an appropriate transfer mechanism in place to protect your personal data and comply with our data protection obligations. For EU and UK citizens, please contact us at email@example.com if you want further information on the countries to which we may transfer personal data and the specific mechanism used by us when processing your personal data outside the EEA and UK.
The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Merchants with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right.
When oﬀering services to its Merchants, Kick The Ceiling, LLC acts as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our Merchants in order for us to provide the Service. Please direct any requests for access or deletion of your Personal Information under the CCPA to the Member with whom you have a direct relationship.
Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you diﬀerent prices or provide you a diﬀerent quality of services. If we ever oﬀer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Your Rights And Our Commitment To You
You have rights under data privacy laws and Kick The Ceiling, LLC is committed to you being able to freely exercise your Rights. Where possible, we have incorporated automated tools on our website that enable you to facilitate your rights. Use the Contact Page or firstname.lastname@example.org to send us your personal data updates that we can process and manage your preferences. You are not required to pay any charge for exercising your rights. Your rights include, under certain circumstances, the right to:
Be informed: you have the right to be informed if and how your personal data is being processed.
Access, rectification, or erasure: you have the right of access to personal data we hold about you in our records. You are also entitled to have your personal data corrected if it is inaccurate, or to have it erased if we do not have a legitimate reason for retaining your data.
To request data portability: for personal data which you have provided to a controller, where processing was based on your consent, or where processing is done by automated means, you have the right to obtain a digital copy of your personal data, request the transfer of your personal data to another company or request to move your data from one IT system to another in a safe and secure way.
To request restriction of processing: you have the right to restrict the processing of your personal data where you are contesting the accuracy of that information, you have objected to processing (as described below), or where the processing is unlawful. Where processing is restricted, we are may need to retain sufficient information about you to ensure that the restriction is respected in future.
To object to automated decision-making including profiling: you have the right not to be the subject of any automated decision-making or profiling by us.
To withdraw consent: in cases where we are relying on your consent for the processing of your personal data, you have the right to withdraw your consent at any time. In respect of the e-marketing we conduct, an unsubscribe option is included with every e-marketing communication we send.
To object to processing: where your personal data is being processed based on the legitimate interests of a data controller or third party, you have the right to object to that processing.
To complain to the relevant supervisory authority: should you have any concerns or complaints regarding the way in which we process your data, you also have the right to make a complaint to the relevant European Supervisory Authority. We would, however, appreciate the chance to deal with your concerns before you approach a Supervisory Authority, so please do contact us in the first instance email@example.com. The contact details of European Supervisory Authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
• We will notify you via email within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
• Send information, process orders, respond to inquiries, and/or other requests or questions.
To be in accordance with CANSPAM, we agree to the following:
• Not use false or misleading subjects or email addresses
• Identify the message as an advertisement in some reasonable way
• Include the physical address of our business or site headquarters
• Monitor third-party email marketing services for compliance, if one is used
• Honor opt-out/unsubscribe requests quickly
• Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org
and we will promptly remove you from ALL correspondences.
Changes To This Privacy Notice
From time to time we may change this privacy notice. If there are any significant changes we will post updates on our website, applications or let you know by email at email@example.com.
List of Data Sub Processors
Kick The Ceiling, LLC uses a number of data sub-processors to perform our Services to customers. All sub-processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws, and any other appropriate confidentiality and security measures. A list of these sub-processors is outlined below:
- Amazon Pay
- Microsoft Office Suite
Amazon Pay is an online payments processing service owned by Amazon. We use Amazon Pay to provide the option to purchase goods and services from websites and mobile apps using the addresses and payment methods stored in the Amazon account, such as credit cards or a direct debit bank account.
Facebook is an online social media and social networking service owned by American company Meta Platforms. We use Facebook to measure the performance and reach of our ad campaigns and provide insights about the people who use our services. We may also use Facebook to create a Custom Audience for our advertising campaigns.
Microsoft Office Suite
Microsoft Corporation is an American multinational technology corporation which produces computer software, consumer electronics, personal computers, and related services. From their wide range of products and services, we use Office, OneDrive and Sharepoint in particular.
PayPal is an American multinational financial technology company operating an online payments system. We use PayPal to support online money transfers, and serve as an electronic alternative to traditional paper methods such as checks and money orders.
Stripe is an Irish-American financial services and software as a service company dual-headquartered in San Francisco, United States and Dublin, Ireland. The company primarily offers payment processing software and application programming interfaces for e-commerce websites and mobile applications.
TikTok, known in China as Douyin, is a short-form video hosting service owned by Chinese company ByteDance. It hosts a variety of short-form user videos, from genres like pranks, stunts, tricks, jokes, dance, and entertainment with durations from 15 seconds to ten minutes. We use TikTok to reach more users and advertise our new products.
YouTube is an American online video sharing and social media platform headquartered in San Bruno, California. It is currently owned by Google, and is the second most visited website, after Google Search. We use YouTube to introduce our services, provide instructions, and reach more users.
The list of Sub Processors was last updated: September 13, 2023.
How To Contact Us
We welcome feedback and are happy to answer any questions about your data.
You can contact us at:
This page was last changed on September 13, 2023