Privacy Policy

Website Privacy Policy. Copa Enterprises, LLC (“Copa”, “we”, or “us”) operates the website located at www.lova-copa.com (“Website”).

This document serves as Copa’s Privacy Policy (the “Policy”) for the Website as it applies to the Website’s users. Copa makes the Website available to individuals (“Users” or “you”). All activities engaged in through the Website are subject to this Policy. This Policy explains what information Copa collects about its Users, how Copa uses and/or shares this information, and how such information is maintained. By using the Website, you accept the terms of this Policy.

This Policy applies only with respect to the information collected by Copa through the Website, and not any information collected or obtained through other methods or sources. Copa may update this Policy from time to time as described below. Any material changes to how we use your personal information will be reflected in an updated version of this Policy. Copa collects Users’ personally-identifiable information (“PII”) that is volunteered by Users. Examples of PII that may be requested and/or collected include but are not limited to: first and last name, address, zip code, email address, telephone number, facsimile number, and company or business identity. From time to time, Copa may also present opportunities for Users to voluntarily provide additional information about themselves.

We also use information that is automatically collected, to understand more about our Website, to determine how users navigate our Website, to improve Website performance, to protect the security and integrity of our Website and business, to identify and protect our systems from fraudulent activity and access, to provide advertising that may be of interest to our visitors, and to monitor legal compliance.

Automatic Information Collection. When you access, and use our Website, it may use technology to automatically collect:

• Usage Details. When you access and use the Website, we may automatically collect certain details of your access to and use of the Website, including location data, logs, and other communication data and the resources that you access and use on or through the Website.

• Device Information. We may collect information about your mobile device and internet connection, including the device's unique device identifier, IP address, operating system, browser type, mobile network information, and the device's telephone number.

Use and Sharing of PII and other information we collect. Copa uses PII and other information we collect to provide Users with information about Copa’s services and to share such information with our third-party service providers solely for the purposes of fulfilling or improving our services. We do not sell personal information for monetary consideration. However, we may share personal information with third parties for purposes of targeted advertising or cross-context behavioral advertising, as those terms are defined under applicable law.

Users’ PII and other information we collect may also be used to: deliver and improve our services; manage our business; manage your access and provide you with customer support; perform research and analysis about your use of, or interest in, our or others products, services, or content; communicate with you by email, postal mail, telephone and/or mobile devices about products or services that may be of interest to you either from us or other third parties; develop, display, and track content and advertising tailored to your interests on our Service and other websites or products, including providing our advertisements to you when you visit other websites; analyze data about our Website (i.e., analytics); verify your eligibility to utilize our Service; enforce or exercise any rights in our Terms of Service; and perform functions or services as otherwise described to you at the time of collection.

PII and other information collected by us may be added to our databases and used for future marketing purposes, including but not limited to email and direct marketing. We may also share your PII with third-party vendors that perform certain services on our behalf. These services may include fulfilling orders, providing customer service and marketing assistance, performing business and sales analysis, ad tracking and analytics, member screenings, supporting our Website functionality, and supporting other features offered as part of our services. These vendors may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purposes.

In addition, we may also disclose Users’ PII and other information we collect in order to: (1) comply with applicable laws (including, without limitation, the CAN-SPAM Act); (2) respond to governmental inquiries; (3) comply with valid legal process; (4) protect the rights or property of Copa, including without limitation, including without limitation, protecting and enforcing our intellectual property rights, or (5) protect the health and personal safety of any individual. By submitting your PII through the Website, you agree that your PII may be used in any manner contemplated in this section.

How PII is Protected. We appreciate our Users and take your privacy seriously. We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Though we take precautions to protect your PII, please be informed that no data transmission over a cellular phone or the Internet, nor any storage of information on servers or other media, is ever 100% completely secure. While we aim to protect your PII to the greatest extent possible, this policy is not intended to be, and should not be construed as, a warranty or guarantee of absolute security of your PII. As always, you should use common sense whenever you disclose personal information over the Internet or a cellular network, regardless of the website you use. If you suspect that your PII is being used in connection with the Website in a manner contrary to this Privacy Policy, please let us know immediately. To contact us, please send an email to hello@love-copa.com.

Children’s Privacy. The Website is not intended for children under the age of thirteen (13), and Copa does not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will promptly delete such information from our systems. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us at hello@love-copa.com .

Non-Personally Identifiable Information. Copa may also collect certain non-personally identifiable information, including but not limited to the information more fully described below. Authentication Tokens. Copa may use authentication tokens on the Website. Authentication tokens are small pieces of information that enable the Website to more easily communicate and interact with the User. For example, Copa may place an authentication token on a User`s mobile device if a User uses that device to register for Copa’s Website. The next time that User uses the Website, Copa`s server will recognize the authentication token (and the User) and allow the User to perform certain actions immediately without having to log in.

Certain third-party analytics providers may use de-identified or aggregated data collected through the Website to improve their analytics models, algorithms, or machine-learning systems. Copa does not permit third-party providers to use your identifiable personal information for such purposes.

Mobile Device Identifiers. Copa may collect information about the mobile devices from which you access the Website. We may collect and store the unique identifier assigned to your mobile device(s) by the manufacturer, or other identifying information about your device.

Cookies. To provide better service and a more effective Website, we sometimes use first-party and third-party “cookies” as part of our interaction with your browser. A cookie is a small text file placed on your computer’s hard drive by our web page server. Cookies are commonly used on websites and do not harm your system. By configuring your preferences or options in your browser, you determine if and how a cookie will be accepted. We use cookies to determine if you have previously visited our Website and the pages you have visited, and for a number of administrative, marketing or remarketing purposes. We use both first-party and third-party cookies for different purposes:

Social Media Pixels and Tracking Technologies. We may use third-party tracking technologies on the Website, including the Meta Pixel, Google Analytics, and similar tools, to analyze behavior, measure advertising performance, and deliver tailored advertisements. These tools may collect information about your browsing behavior across different websites and platforms over time. You can manage your cookie and tracking preferences through your browser settings or through the opt-out links provided by these third-party providers.

First-party cookies and third-party cookies. Cookies can be first-party or third-party. A first-party cookie is one that you receive directly from Company when visiting our Website. A third-party cookie is one that you have received from another party, such as Google or Facebook. We do not control what third parties do on other websites. However, we may work with certain third-party providers such as Google or Facebook to permit their cookies to function through our Website so we can learn more about your web experience on our Website and better personalize our services for you.

Persistent and session cookies. A persistent cookie is a cookie that is stored by the web browser on your device until it expires or you delete it. The expiration of a persistent cookie is determined by the creator of the cookie and can be upon a certain date or after a length of session time has passed. This means that, for the cookie’s entire lifespan, its information will be transmitted to the creator’s server every time the user visits the Website that it belongs to or another website or Website configured to check for that cookie (such as an advertisement placed on that website or Website). For this reason, persistent cookies are also called “tracking cookies.” A session cookie is created temporarily on your device for use by the Website during your visit. This type of cookie may store information you enter and track your activity within the Website. A session cookie is deleted after you leave the Website or when the Website is closed. A good example of a session cookie is the shopping cart on an e-commerce Website. The session cookie stores the items that you add to your cart so they are not forgotten while you view products on other pages of the Website. Using a session cookie, the items will all be in the cart when you go to the checkout page.

Other Data. All photographs, opinions, ideas, suggestions, other feedback, and all other information submitted by You through the Website may be used by us without any restriction and free of charge. In certain areas of our Website, such as when you request more information, should you abandon a form on our Website, your information may still be collected and utilized for notices or communications pertaining to the Website, products or services. If you choose not to provide personal information, you can still browse most of our Website (the areas that do not require registration) anonymously. If you place a call to us, we may also capture your phone number and any other information you provide during the call. This information may also be used to communicate with you about the Website, products or services via phone, mail, email, social media or third-party websites.

When you visit our Website, we may directly and through third-party service providers automatically log certain information about your visit including: the pages you visit while on our Website; the IP address of a referring Website, if any; the type of browser, device or hardware you are using; your IP address and general geographic information; and the date and time you accessed our Website. Through the use of third-party tools, such as Google Analytics (Remarketing, Display Network Impression Reporting, Demographics and Interest Reporting, and other integrated services), we may also collect certain demographic information and information about interests from a portion of the visitors to our Website. This information may link to personal data that you voluntarily provide to us which will allow us to serve interest-based ads and content.

Although the information collected through the foregoing methods does not itself contain any PII, Copa may analyze and match such information with other information that you provide (including PII) as well as information that Copa may obtain elsewhere, and Copa may share all or some of such information with our service providers, partners, or marketing vendors. Copa may also disclose non-PII in order to comply with applicable laws; respond to governmental inquiries; comply with valid legal process; or protect the rights or property of Copa or Users of the Website.

Where required by applicable law, we will obtain your consent prior to placing non-essential cookies or similar tracking technologies on your device.

Access to Your Information. If you want to review, correct or change your User information, please submit your request in writing to hello@love-copa.com.

Third Party Services. Copa’s communications to you as well as the Website, may contain links to the websites of other providers of products and services that may be of interest to you. We may also use third-party service providers to serve interest-based advertisements on our behalf on our Website(s), social media networks and across the Internet. These advertising service providers may collect non-identifiable information about your visits to our Website, and your interactions with our products and services. Such non-identifiable information does not include your name, address, email address or other personal information. The information is collected through the use of cookies and pixel tags (also known as action tags), which is industry-standard technology used by most major websites. Interest-based ads are then displayed based on the information that is collected.

In addition to the information about your visits to our Website, our service providers may also use the information about your visits to other websites to target advertisements for programs and services available from us.

When you click the link to one of these other entities, you will leave the Website and be connected to the website or Website of such entity. In such an event, this Policy will not apply to your use of, and activities on, those third-party websites. Copa does not have any control over the information handling practices of these other entities, and you should familiarize yourself with the privacy policies of such other entities before you share any PII with them. We encourage you to read all other legal notices posted by these other entities as well. Copa shall have no responsibility or liability for your visitation to, and the data collection and use policies and practices of, these other entities.

Security. While Copa takes reasonable precautions to safeguard information transmitted between Copa and Users of the Website Copa may be unable to prevent unauthorized access to such information by third parties or inadvertent disclosure of such information. Users acknowledge this risk when communicating with Copa.

International Users & Data Transfers. The Website is operated from the United States. If you access the Website from outside the United States, you acknowledge and agree that your personal information may be transferred to, stored in, and processed in the United States or other jurisdictions where our service providers are located. These jurisdictions may have data protection laws that differ from those in your home country. By using the Website, you consent to the transfer of your personal information to the United States and any other jurisdiction in which Copa or its service providers operate.

Consent to Processing. By providing PII and other information to Copa, Users of the Website fully understand and unambiguously consent to the collection and processing of such information in, and the transfer of such information to, the United States and other countries or territories, in accordance with the terms of this Policy.

Data Retention. We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting obligations, to resolve disputes, and to enforce our agreements. The specific retention period varies depending on the nature of the information and the purposes for which it is processed. When personal information is no longer required, we will take reasonable steps to delete, anonymize, or otherwise prevent the information from being used for any further purpose.

Transfer in Certain Circumstances. In its sole discretion, Copa may transfer, sell or assign information collected on or about Users of the Website, including without limitation, PII and other User-provided information, to one or more third parties as a result of the sale, merger, consolidation, change in control, transfer of substantial assets, reorganization or liquidation of Copa.

Opt Out. We honor all requests to be removed from our marketing lists. If you do not want to receive e-mail, telephone messages or direct mail from us, contact us at hello@love-copa.com and we will remove your name from our in-house list and add you to our marketing suppression list. You will also have an opportunity to add your phone number to our internal “Do Not Call” list during each phone call you receive from us. You will further have the ability to opt-out or manage certain advertising preferences through links provided in marketing and promotional e-mails you may receive. We honor all requests to be removed from our e-mailing lists within ten days, and update our suppression list every ten days. If you prefer to learn about new offers from us through a specific medium — for example, through the mail — simply let us know your preference by sending us an email at hello@love-copa.com.

We are fully committed to complying with your wishes regarding receiving commercial e-mail messages from us and with the laws regarding unsolicited e-mail. If for any reason you receive a commercial message directly from us or on our behalf more than ten days after making a request to be taken off our mailing list, we would request that you forward a copy of the e-mail to hello@love-copa.com with a brief explanation of your efforts to unsubscribe and the approximate timeframe you made the request. We will immediately investigate the matter, confirm that you have been removed, and provide a written response to you detailing our efforts. Please note that requests to be removed from our direct mail list will be processed as soon as possible, but given the nature of direct mail, it may be impossible to prevent a mailing that is being processed or underway from reaching you. If you receive multiple mailings from us after your request, please contact us at hello@love-copa.com.

EU GDPR - Notice to EU Residents.

The General Data Protection Regulation (GDPR) provides a series of privacy to rights to EU data that affect how your data can be used and stored by third parties. The GDPR is an EU regulation that establishes a legal framework to protect the personal data of EU residents. It applies to all organizations doing business with individuals in the EU. Organizations that are established in the EU, as well as organizations that process the personal data of EU residents (even if not based in the EU), are required to comply with the GDPR. This Privacy Policy has been written with the GDPR and the CCPA (see below) in mind and attempts to meet the requirements established in both laws.

GDPR aims to bring privacy/data protection laws across Europe in accordance with the rapid pace of technological changes. GDPR introduce new obligations and liabilities on organizations that handle personal data by establishing a number of rights for Data Subjects. If you are a resident of the European Union, under the General Data Protection Regulation (GDPR), you now have the following rights:

1. The right to be informed;

2. The right of access;

3. The right to rectification;

4. The right to erasure;

5. The right to restrict processing;

6. The right to data portability;

7. The right to object/withdrawal prior consent; and

8. Rights in relation to automated decision making and profiling.

Legal Basis for Processing Your Information.

We rely on the following legal grounds to process your personal information:

• Consent. We may use your personal information as described in this Privacy Policy subject to your consent. You may also refrain from providing, or withdraw, your consent for cookies.

• Performance of a contract. We may need to collect and use your personal information in order to perform our contractual obligations to deliver the programs or services to you.

• Legitimate Interests. We may use your personal information for our legitimate interests to provide the programs and services and to improve our services. We may process your information on behalf of third party providers who have a legitimate interests in offering you services, goods or opportunities. We may use technical information as described in this Privacy Policy and use personal information for our marketing purposes consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable law.

Transferring personal data from the EU to the US.

Copa is headquartered in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Copa relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, Copa collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Copa in a manner that does not outweigh your rights and freedoms. Copa endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Copa and the practices described in this Privacy Policy. Copa also enters into data processing agreements with its vendors whenever feasible and appropriate.

If you wish to exercise any of these rights or have questions as to other components of the GDPR, please make send such request to hello@love-copa.com. This action will trigger our formal Data Subject Action Request (DSAR) process in accordance with the GDPR. We may request additional information as necessary to verify your identity before responding to a data rights request, consistent with GDPR Article 12(6). Once we verify your identity, we will work to respond to your request within 30 days. Additionally, we have retained the service of a Data Protection Officer (DPO) in accordance with the GDPR to assure the rights of Data Subjects are being met and that our processing remains consistent with the GDPR requirements. Our DPO can be contacted directly at hello@love-copa.com.

U.S. State Privacy Rights (California, Virginia, Colorado, Connecticut, Utah).

Depending on your state of residence, you may have certain rights under applicable U.S. state privacy laws, including the California Consumer Privacy Act (as amended by the CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act (collectively, the “State Privacy Laws”). These laws provide residents of certain states with rights regarding the collection, use, disclosure, and processing of their personal information.

Subject to applicable law, and upon verification of your identity, you may have the right to request that we disclose information to you regarding our processing of your personal information. This may include, where applicable, (i) the categories and specific pieces of personal information we have collected about you, (ii) the categories of sources from which such information is collected, (iii) the business or commercial purposes for collecting, selling, sharing, or processing such information, (iv) the categories of third parties to whom we disclose such information, and (v) the categories of personal information disclosed, sold, or shared for a business or commercial purpose.

You may also have the right to request that we delete personal information we have collected from or about you, subject to certain exceptions permitted by law, including where such information is necessary to complete transactions, detect security incidents, comply with legal obligations, or otherwise perform internal operations reasonably aligned with your expectations. You may further have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the information and the purposes of processing.

In certain circumstances, you may have the right to obtain a copy of your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity without hindrance.

Depending on your state of residence, you may also have the right to opt out of certain processing activities, including (i) the “sale” of personal information, (ii) the “sharing” of personal information for purposes of cross-context behavioral advertising, and (iii) the processing of personal information for targeted advertising, in each case as defined under applicable State Privacy Laws. To the extent applicable, you may also have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. You can also exercise your rights to opt-out of those uses here.

You may exercise your opt-out rights by using any “Do Not Sell or Share My Personal Information” link available on the Website, where applicable, or by contacting us using the information provided below.

We also recognize and honor the Global Privacy Control (“GPC”) signal as a valid opt-out mechanism to the extent required by applicable law. If you enable GPC in your browser or device, we will treat this as a valid request to opt out of the sale, sharing, and/or targeted advertising of personal information for that browser or device. Where we are able to reasonably associate the device transmitting the GPC signal with a specific user account, we will apply the opt-out request to that account as well. To learn more about GPC, please visit https://globalprivacycontrol.org/. Except for GPC, we do not currently respond to or honor other “Do Not Track” signals or similar mechanisms transmitted by browsers or devices.

To the extent we process “sensitive personal information” (or “sensitive data”) as defined under applicable State Privacy Laws, you may have the right to limit or withdraw consent for certain uses of such information, where required by law.

We will not discriminate against you for exercising any rights available to you under applicable State Privacy Laws, including by denying goods or services, charging different prices, or providing a different level or quality of services, except as permitted by law.

To exercise any of the rights described above, you may submit a verifiable consumer request by contacting us at hello@love-copa.com. Your request must include sufficient information to allow us to reasonably verify your identity and confirm that you are the individual about whom we collected personal information, or an authorized representative. We may request additional information as necessary to verify your identity prior to processing your request, consistent with applicable law.

Where permitted by applicable law, you may designate an authorized agent to submit a request on your behalf. We may require the authorized agent to provide proof of written authorization and may require you to verify your identity directly with us before we process such request.

We will respond to your request within the timeframes required by applicable law, typically within forty-five (45) days of receipt, unless an extension is permitted. Where permitted by law, we may extend the response period upon notice to you.

If we deny your request, in whole or in part, residents of certain states, including Virginia, Colorado, and Connecticut, may have the right to appeal our decision by contacting us at hello@love-copa.com. We will respond to any such appeal in accordance with applicable law and will provide information regarding any further rights you may have, including the ability to contact your state attorney general, where applicable.

Changes to This Policy. Copa may, from time to time, amend this Policy, in whole or part, at its sole discretion. Any changes to this Policy will be effective immediately upon the posting of the revised policy to the Website.

Questions About This Policy. Questions about this privacy policy or Copa’s privacy practices should be directed to hello@love-copa.com.