PRIVACY POLICY.

GENERAL.

Last Updated: January, 2024

Jez Rose and the associated Myrtle & Broadway brands respect your privacy and values your trust. This Privacy Policy (“Policy”) describes how we collect and use your information and explains your rights and options. This Policy applies to these services (which we call the “Services” in this Policy):

  • websites, the Jez Rose Store, paid products

  • our podcasts, newsletters and other disseminated content

  • merchandise, mobile apps and related social media pages

  • anywhere else we gather information about you and refer to this Policy.

This Policy is grouped into these sections:

  • about us and this Policy;

  • information we collect

  • how we use information, including for advertising purposes;

  • when we disclose information to other parties, including for advertising purposes; and

  • your rights and how to exercise them.

We encourage you to read this Policy carefully.  If you have questions, please contact us at support@thatjezrose.com.


1. ABOUT THIS POLICY AND US

(a)Who we are

Myrtle & Broadway Ltd. (“Jez Rose,” “we”, “our” or “us”) operates the Services.  This Policy supplements and is governed by our Terms & Conditions (“Terms”).  Capitalized terms used but not defined in this Policy are defined in our Terms.  The Terms describe how the Services work in general and its conditions and requirements of use.

(b) When this Policy applies

This Policy applies when you use the Services, effective as of the Last Updated date above. By using or accessing the Services, you signify that you have read, understand and agree to be bound by this Policy and the Terms.

Because the Services change often, this Policy may change over time. Anytime we modify the Policy, we will post a revised version on the Services and update the Last Updated date above. If you have given us your contact information, we will notify you before any material changes take effect, so you have time to review them.

Certain parts of the Services work differently, and some information falls outside this Policy:

  • Certain parts of the Services may have additional terms and privacy disclosures that supplement this Policy, like Learning with Jez Rose.

  • The Services may contain links to and from third-party websites and services. This Policy doesn’t apply to outside of our Services. See Third Party Services to learn more.

  • If you are a current or former employee or contractor of ours, this Policy does not apply to you. You may contact us about your privacy practices and rights at support@thatjezrose.com.

  • If we receive your information in our role as a service provider to another business, our agreement with that business governs our use of your information. We will refer any questions or concerns of yours to that business.

(c) Location-specific sections

The Services operates from the United Kingdom and the United States, but this Policy applies worldwide. Our practices generally do not differ based on your location, but your rights and choices depend in part on the law where you live.  For example, you may have rights under: (1) “GDPR”: implementations of the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679; or (2) “CCPA”: the California Consumer Privacy Act, as amended.

As a result, certain sections of this Policy apply to you only if you reside in a particular location:

  • Residents of jurisdictions where GDPR applies – such as the U.K., EU and Swiss residents – should consult the Rights under GDPR and International Data Transfers sections.

  • Residents of Mexico should consult the Aviso de Privacidad addendum.

  • Canadian residents should consult the Canadian users section.

  • California residents should consult the Rights under California law section.  If you reside in a U.S. jurisdiction that has enacted a data privacy law similar to CCPA or GDPR, we extend the same rights CCPA grants to California residents to you, except where we specify otherwise.

If those sections apply to you, they override any contrary descriptions elsewhere in the Policy as they relate to you. Please contact us at support@thatjezrose.com if you have questions about your rights under other data privacy laws.

(a) Information you provide

You may use the Services without providing any information about yourself.  However, to use some aspects of the Services, we will need information about you, such as if you:

  • Purchase our Offerings or services

  • Contact or communicate with us

  • Subscribe or opt-in to our newsletters, alerts, or other communications

  • Participate in a contest or promotion or redeem a prize

  • Information you provide may include your name or email address (“personal identifiers”).

We generally don’t collect (or want!) your sensitive information, and we strive to limit the amount of sensitive personal information we collect.

  • For instance, make a purchase through our Services, your payment information, like your full credit card number and any payment-related security information, is only collected and processed by our payment processor.

In the event you provide sensitive personal information to us, we use it only for our operational business purposes, and we do not disclose it to others for any other purpose.


(b) Information collected when you use the Services

As you use the Services, cookies and other technology we use will generate technical data about which features you use, how you use them and the devices you use to access our services.  This information may include:

  • “Commercial Information” about your orders of Offerings or other products or services from us and interactions with Jez Rose Store products.  

  • “Device Information” related to the device you use to interact with the Services, such as your device’s IP address, advertising IDs (resettable, random numbers, such as the device’s Apple IDFA or Android Advertising ID), its browser and operating system, its internet service provider, and its configuration.

  • “Internet Activity” related to your use of the Services, such as the pages you visit, the sites you use before or after visiting ours, your actions within the Services, the content or advertisements you interact with, general geolocation information, time stamps and performance logs and reports.

(c) Information we generate

We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”).

(2) How We Use Your Information

We use each of the categories of personal information described above for the following business and commercial purposes.  The activities below can involve outside companies, agents or contractors (“service providers”) to whom we disclose your information for these purposes (discussed further below in Section 4).


(a)To provide our content, services and products to you

  • Deliver content you request

  • Provide you with customer support and respond to your requests

  • Complete your orders

  • Communicate with you about our services

(b)To manage your subscriptions or fulfill product orders

  • Manage your content subscriptions

  • Deliver and process payments for Offerings you order

(c) To improve our services and develop new ones

  • Administer focus groups, market studies and surveys

  • Review interactions with customer teams to improve our quality of service

  • Develop new content and services

(d)To allow personalized ads and create audiences for third-party advertisers

  • Administer sweepstakes, contests, discounts or other offers

  • Gather data and work with third parties to show you personalized ads on behalf of advertisers

  • Perform and measure the effectiveness of advertising campaigns on our services and marketing campaigns off the Services

  • Communicate with you about products or services that we believe may interest you

(e) To prevent, detect and fight fraud and other illegal or unauthorized activities

  • Find and address ongoing, suspected or alleged violations of our Terms

  • Retain data related to violations of our Terms to prevent against recurrences

  • Enforce or exercise our rights; for example, those in our Terms

(f)To create broader findings with aggregate and deidentified data

  • Aggregate or deidentify information so that it can no longer identify you, as defined under applicable laws.

  • Better understand and represent our users using deidentified data, such as to measure ad performance, create advertising interest-based segments or compile survey results.

(g) To ensure legal compliance

  • Verify copyright or IP claims

  • Comply with legal requirements

  • Assist law enforcement

(h) Purposes

We rely on the following purposes to collect and use your information as described in this Policy:

  • Commercial purposes: At times, the reason we process your information is to advance your economic interests or our economic interests.  These purposes include performing the contract that you have with us, as embodied by our Terms, which advance our economic interests and yours.  For instance, if you order products from us, we use your information to complete your payment and provide your product to you.

  • Business purposes: Most often, we process your information for operational reasons, in a reasonably necessary and proportionate manner (i.e., for business purposes under CCPA). For instance, we analyze users’ behavior on our services to continuously improve our offerings, we suggest content we think might interest you and promote our own services, we process information to help keep our members safe and we process data where necessary to enforce our rights, assist law enforcement and enable us to defend ourselves in the event of a legal action.

  • Comply with applicable laws and regulations: We also process your information where it is necessary for us to comply with applicable laws and regulations and evidence our compliance with applicable laws and regulations.  For example, we retain traffic data and data about transactions in line with our accounting, tax and other statutory data retention obligations and to be able to respond to valid access requests from law enforcement.

  • Consent: From time to time, we may ask for your consent to collect specific information, such as your precise geolocation, or use your information for certain specific reasons, like providing your email address or phone number for direct marketing purposes.  In general, you may withdraw your consent by changing your settings (such as browser or device settings) or following instructions provided with information we send you on a consent basis (such as clicking ‘unsubscribe’ in any email we send you).  You may always withdraw your consent at any time – just contact us at support@thatjezrose.com.

2. Our Disclosures Of Information To Others

Since our goal is to help you discover great products, content and services, the principal reason we disclose your information is to enhance your experience of the Services and present relevant content to you.

This section describes how and why we exchange personal information with service providers and third parties. It also describes exchanges made for certain purposes, like advertising, legal reasons and consensual direct marketing.  We also disclose deidentified and/or anonymized data for these purposes.

(a) With affiliates

Our corporate affiliates may access your information for the purposes listed here, always in accordance with the terms of this Policy.

(b) With service providers

In addition to the use of trackers described above, we contract with service providers to fulfill certain functionality and features of the Services, including payment processing, email and hosting services, software development, shipping and fulfillment, data management, and administration of contests and other promotions.

We may disclose information about you, such as Personal Identifiers, Commercial Information, Internet Activity and Device Information, to service providers as necessary for them to perform their services. They are not permitted to use information about you for any other purpose. In the past twelve (12) months, we have disclosed these types of information to the following types of service providers:

  • Analytics providers, namely Google Analytics, to tell us how the Services are doing, such as which parts interest visitors and how long they visit before leaving.  Among other data, they may receive your IP address.  You can find out how Google Analytics uses data and how to opt out of Google Analytics.

  • Various hosting services and data processors to provide the infrastructure of the Services, such as Squarespace, which ensures that traffic is from real people, not computers. Among other data, they may receive your IP address.

  • Payment processors, namely Stripe, to process payments between you and us, such as for Masterclasses. To learn how Stripe processes payment information, see https://stripe.com/privacy.  Payment providers receive information about your order in order to tie your payment process to your order.  We don’t receive all of the information you may provide to them (for instance, we don’t receive full payment-account numbers).

We sometimes allow service providers to use aggregated or deidentified information for other purposes, in accordance with applicable laws.

(c) For personalized ads

We share information with advertising partners to make the advertising presented to you on the Services more relevant to you.  We also market the Services to you through ads facilitated by marketing vendors.

  • For example, we use Google to serve ads on the Services and we may market the Services to you on third party services through Google. Google uses cookies or unique device identifiers, in combination with their own data, to show you ads based on your visit to morningbrew.com and other sites. You can opt out of the use of the Google cookie by visiting the related Google privacy policy.

  • We try to limit how our third-party advertising technology vendors use information they collect from you. Most providers require us to enter contracts that allow them to optimize their ad services and products.  Essentially, they combine any information they may gather about you through our Services with information they receive from their other clients.  This helps them target ads to you on behalf of their other clients, not just us.

In the past twelve months, we have shared these categories of personal information with third parties to personalize advertising:

  • Device Information

  • Commercial Information

  • Internet Activity

  • Geolocation

(d) For legal reasons

Finally, we may disclose personal information:

  • In response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law.  We reserve the right to raise or waive any legal objection or right available to us.

  • When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company, our users, or others; and in connection with the enforcement of our Terms and other agreements.

  • In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

(e) With your consent or at your request

We may periodically ask for your consent to disclose your information to third parties.

  • Whenever we ask your consent for this reason, we will summarize the purpose and scope of the disclosure.  For example, we may offer discounts to you if you consent to join our mailing list or participate in a promotion involving direct marketing communications.

  • In those cases, the Services will display a tickbox near an email-entry field explaining that by submitting your information, you agree to share your email with the content provider.

  • To be clear, we only exchange information about you with third parties for direct marketing purposes if you opt in, and will only do so until you opt out.

3. How Long We Retain Your Information

We retain your information only as long as we need it, except when longer retention is required by our compliance policies and efforts toward applicable legal, tax, accounting and regulatory requirements.

How long we need information for those purposes varies by category, and even within categories.  These retention determinations always consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from its unauthorized use or disclosure, whether we can achieve those purposes without using the personal information.

For example, we delete some Internet Activity at some soon as you exit the Services, whereas we may retain records of your orders for services and products for several years as required by law or contract, such as agreements with our payment processors or under our accounting standards.

4. Your Rights

(a) In General

We want you to be in control of your information, so we want to remind you of the following options and tools available to you:

  • Content opt-outs:  you may “opt-out” of any newsletters or promotional communications from us by following the unsubscribe instructions in the communication you receive. You may also opt-out of receiving newsletters and/or promotional communications by emailing support@thatjezrose.com. We may continue to send you communications regarding the Services, such as notices about administrative updates, transaction reports, and changes to the Services, this Policy or the Terms.

  • Exercising rights

  • Personalized ads:  For more about targeted advertising, and how to opt out with your specific browser and device, go to the DAA Webchoices Browser Check and NAI Opt Out of Interest-Based Advertising. You can download the AppChoices app to opt out in mobile apps.

(b) Rights under GDPR

This subsection applies to you only if you reside in a jurisdiction where GDPR applies.

  1. Lawful bases

If we are aware that you reside in a GDPR jurisdiction, we only collect, use or share information about you when we have a valid reason. This is called a “lawful basis.” Our lawful bases generally map to the Purposes above, but specifically include:

  • The consent you provide to us at the point of collection of your information

  • The performance of the contract we have with you

  • The compliance of a legal obligation to which we are subject, or

  • The legitimate interests of Jez Rose or a third party.

We have a legitimate interest in gathering and processing personal data, for example: (1) to ensure that our networks and information are secure; (2) to administer and generally conduct our business; (3) to prevent fraud; and (4) to conduct our marketing activities.

For GDPR purposes, the data controller is Myrtle & Broadway Ltd, Kemp House, 160 City Road, London, EC1V 2NX, United Kingdom.

ii. GDPR rights

Depending on your jurisdiction’s enactment of GDPR, you may have these rights:

  • Request access (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.

  • Request correction. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised objected to processing (see below), where we may have processed your personal data unlawfully, or where we are required to erase your personal data to comply with local law.  We may not always be able to comply with your request of erasure for specific legal reasons.  If so, we will notify you at the time of your request.

  • Object to processing where we are relying on a legitimate interest (or those of a third party) and you object to particular processing due to a perceived impact on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.

  • Request restriction of processing during the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your personal data to you or a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.  This right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we might not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. For clarity, withdrawal is not retroactive.

We do not charge for access to your personal data or to exercise any of the other rights.  However, we may refuse to comply with your request or charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

(c)Canadian users

This subsection applies to you only if you reside in Canada.  To exercise these rights, please contact us via email at support@thatjezrose.com.

Canadian residents have the right to request access to your Personal Information and request the correction of your Personal Information, subject to limited exceptions set out in applicable laws.

You may also withdraw your consent to the collection, use and disclosure of Personal Information at any time, subject to legal or contractual restrictions. Withdrawal of your consent may affect our ability to continue to provide you with the Services that you have or would like to receive because the continued use and disclosure of your Personal Information is a necessary part of making the product or service available to you.

(d) Mexican users

This subsection applies to you only if you reside in Mexico.

Mexican residents the Aviso de Privacidad addendum below applies to you.  It includes your ARCO rights and the mechanisms to limit the processing of your personal data as well as to revoke your consent, among other applicable matters with respect to your data privacy rights.

(e) International Data Transfers

If you reside outside the United States, we transfer information about you for processing in the United States.  By providing your information to us, you consent to the processing of the information in the United States.  The transfer of this information to the United States is necessary for the performance of our contract for use of the Services.

When we transfer personal data subject to GDPR outside of Morning Brew, we use standard contract clauses approved by the EU for this purpose, or another appropriate transfer mechanism.

Note that U.S. law is not equivalent to GDPR. As of the Last Updated date above, the U.S. has not been deemed an “adequate” jurisdiction under GDPR for the purposes of international data transfers. However, the EU and the U.S. are negotiating the terms of an adequacy determination that may go into effect in the years to come.

(f) Rights under California law

This subsection applies to you only if you reside in California or another U.S. state where applicable law provides for some or all of these rights, including any analogous rights.  Except as noted in this subsection, we extend these California rights to residents of those other U.S. states regardless of whether applicable law in those states includes all of these rights.

  1. Rights under CCPA

The California Consumer Privacy Act (“CCPA”) provides California consumers with additional rights regarding their personal information (as defined in CCPA).

The categories of personal information we collect depend on how you use the Services.  They’re generally described in Information We Collect.  See Purposes for a general description of the reasons we collect information. For clarity, we have collected personal information for these CCPA categories of business and commercial purposes in the last twelve months:

  • Advertising and Marketing

  • Error Management

  • Internal Research

  • Provide Products or Services

  • Quality Assurance

  • Security

  • Short-Term Transient Use

  • We also "share" and "sell" (as defined in the CCPA) personal information for commercial purposes, including to advertise and market our products.

The categories of third parties to whom we disclose and sell or share personal information are under for personalized ads and with your consent or at your request above.  The disclosures under Purposes describe with business purpose or commercial purpose for those disclosures of information.

Under CCPA, California consumers have the following rights:

A. Rights to Know, Access, Correct and Delete.

You have the right to request that we disclose, correct and delete personal information about you that we have collected. Your right to know includes the personal information we have sold or shared or disclosed for a business purpose or a commercial purpose.

Finally, we may deny deletion requests, in whole or in part, with respect to information we reasonably need to:

  • comply with legal obligations;

  • allow you, other consumers, or us to exercise free-speech rights or other legal rights;

  • complete an obligation that you have requested (for instance, if a product you purchased carries a warranty or could reasonably be subject to recall under applicable law); or

  • if we use the information only for internal purposes reasonably aligned with consumer expectations.

B. Rights to Limit and Opt-Out of Sharing/Sale

You also have the right to direct us (1) not to share or sell your personal information and (2) limit our disclosure and use of your sensitive personal information to purposes necessary to provide the Services to you.

To opt out of the sharing of your information, please email support@thatjezrose.com.

We do not currently offer a mechanism to exercise the right to limit our disclosure of sensitive personal information, as we limit our use of any sensitive information to the purposes you consented to.

As of the Last Updated date, we have no knowledge of any use of personal information we collect from individuals under the age of 16 for ‘sale’ or ‘sharing’ purposes.

C. Right of No Retaliation

CCPA prohibits us from discriminating against you if you exercise rights under CCPA, except when you opted into a financial incentive involving certain of your personal information, and subsequently restrict our use of that personal information through a CCPA rights request.

  • For example, if we offer you a discount code for consenting to receive marketing emails, and you then require us to delete your email address, we may not honor that discount code.

Your right of no retaliation doesn’t need to be exercised.  We never retaliate against anyone exercising their rights under this Policy or CCPA.

D. Preference signals

The Services are designed to automatically recognize and honor any global opt-out preference signal sent from a California IP address through browser or device settings, provided the signal complies with CCPA’s requirements.  Our goal is for the Services to automatically respond to compliant signals by opting California residents out of any sharing or sale of their data in a frictionless manner.

Please contact us at support@thatjezrose.com if you believe the Services collected or processed your information in a manner inconsistent with your opt-out preference signal.

E. Request process for CCPA rights

To submit a CCPA request relating to the foregoing rights, please contact support@thatjezrose.com with “California Privacy Rights Request” in the subject line. The process described under Requesting information generally applies to requests to exercise CCPA rights. However, in addition:

  • A California resident's authorized agent may submit CCPA rights request.

  • Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described below. We will also ask for proof that the person who is the subject of the request authorized an agent to submit a privacy request on their behalf.

  • An authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but consumer verification is not required.

We will acknowledge your request within 10 days, and our goal is to fulfill your request within 45 days. However, we may you that we will require up to 45 further days to fulfill your request, along with an explanation of why our response is delayed.

  • We provide responses in the manner we receive your request (i.e., with an email response to an email request).

ii. Other California law

Because we only give your information to third parties for direct marketing purposes with your consent, and always allow you to opt out of direct marketing communications after opting in, we believe we are not currently required to comply with California Civil Code Section 1798.83.

(g) Requesting information

  1. Submitting requests

To exercise any of these rights, contact us at support@thatjezrose.com. Your request must:

  • provide sufficient information to identify you and the law that applies to you, such as your name, e-mail address, home or work address, or other information we maintain.

  • not disclose any social security numbers, driver’s license numbers, third-party account numbers, credit or debit card numbers, or health information.

ii. Verifying requests

We verify requests by first confirming the source of the request and then by matching the information submitted to the information we maintain.  If your request is unclear or we are unable to authenticate your identity, we will respond with direction on how to remedy the deficiencies, in accordance with law that applies to you.

If we cannot verify the identity of the individual making the request, we may deny it, in full or in part.

iii. Responses to requests

We will respond to your request as quickly as we can, taking into account the nature of your request and the volume of pending requests.  We will always respond in accordance with any deadlines or requirements specified by the laws that apply to you.

At times, we may be unable to provide responsive personal information.  For example:

  • If disclosure would create a substantial, articulable and unreasonable risk to the security of the information, customers’ account with us, or the security of our systems or networks.

  • we do not disclose account passwords or any other non-personal information that enables access to an account.

We reserve the right to retain an archive of any deleted information, to the extent permitted by law.  We may also retain deidentified or aggregate data derived from information about you.

5. Security

Myrtle & Broadway Ltd has implemented technical, administrative and physical security measures to protect your information from unauthorized access, use or disclosure. Still, no data transmission over the Internet is 100% secure, so we cannot guarantee or warrant the security of any information you provide, and you do so at your own risk. We cannot promise that your information will remain absolutely secure in all circumstances. We are not responsible for the circumvention of any privacy settings or security measures we may provide.

6. Use by Minors

The Services are intended for adult users.  We do not knowingly collect information from anyone under the age of majority in their jurisdiction (such as 16 in the UK or 18 in Mexico), and we do not share or sell information about anyone under 16 without affirmative authorization.  If we learn that we have collected information from a child under age 16, we will delete that information as quickly as possible.

  • If you are under 16: sorry, but please leave the Services.  If you’ve already sent us information, please contact us first so we can delete it.

  • If you are a parent or guardian of a child under 16 years of age and you believe your child has provided us with information, please email support@thatjezrose.com

7. Third Party Services

Some areas of the Services contain links to third-party websites, resources and advertisers. These third parties are not part of the Services. We do not control (and are not responsible for) third party content or privacy practices.  Information you provide to them is not covered by this Policy.  These third parties have their own policies and practices about data, which may include what information they share with us, your rights and choices on their services and devices, and where they store information.  We encourage you to familiarize yourself with their privacy policies and terms of use.

8. Contact us

If you have any questions or feedback about this Policy, email us at support@thatjezrose.com