Privacy Notice

Cheddar Privacy Notice


(US State Privacy Law Compliant)

Effective Date: May 9, 2024

Last Updated on: June 7, 2024


  1. General Information

    1. Cheddar's Privacy Commitment to You

      Cheddar is a family-owned business operating a mobile buying service (the “Service”) in Minnesota. We believe it is our responsibility to provide transparency to you about what we do with the information you give us when you do business with Cheddar. In this Privacy Notice (this “Notice” or this “Privacy Notice”), we work to be clear so you have the notice and information you need to trust us with the collection and use of your personal information (your “Personal Data” or “Data”).

    2. Who We Are

      Cheddar is based out of Burnsville, Minnesota and consists of Cheddar, LLC, a Minnesota limited liability company, d/b/a Cheddar, as well as its affiliates (“Cheddar”). Launched in 2024, our goal is to help you sell your items with convenient, helpful, and transparent service.

      We strive to make our customers comfortable working and shopping with us so that everyone wins in a transaction. To do this, we believe we must communicate clearly with our customers, which includes providing this Notice so you know what Data we have, where it goes, and what is done with the Data we use. Note: Any reference to “Cheddar,” “we,” “our,” or “us” or even the “Company” in this Notice is a reference to Cheddar, LLC, a Minnesota limited liability company, d/b/a Cheddar, headquartered in Burnsville, Minnesota.

    3. Scope of this Privacy Notice

      This Privacy Notice describes the types of information we may collect from you or that you may provide when you visit the website www.getsomecheddar.com (our “Sites”) and describes why and how we use the Personal Data we collect for sales of products, customer service, marketing, or other legitimate business purposes, and how in that capacity we act as the “Controller” of the data we collect. To be clear, this Privacy Notice does not apply to information collected by any other website or physical locations operated Cheddar or any third party (including our affiliates and subsidiaries). Additionally, this Privacy Notice does not cover any personal information our customers choose to collect and share with Cheddar where we are not the Controller, but rather a “Processor” or “Service Provider.” Additionally, our Sites and Services may contain links to other sites (such as social media websites), applications, and services from third parties which we have no control or authority over. The privacy and data security practices of those third-party sites are governed by the privacy notices of those third parties, and not Cheddar.

  2. Collection of Personal Data and Purposes of Use

    1. Collection of Personal Data and Our Use

      Cheddar collects information relating to or that identifies individuals (again, “Personal Data” or “Data”) from several sources. The Personal Data we collect is generally determined by you and your interaction with us, our partners, publications, and other resources. We utilize PayPal to accept credit cards and electronic check payments to secure payment for purchases from our online stores, and Fiserv, Inc. and Verifone Systems, Inc. to secure payment for purchases (credit cards and e-check payments) from our brick-andmortar stores. We also utilize third-party service providers for our marketing efforts across the internet, including social media platforms. You can “opt-out” of third-party marketing and other non-essential uses of your Data in our Cookie Preferences Center, as well as learn more about such uses in our Cookie Notice.

      Cheddar does not sell Personal Data in the traditional sense of the word “sell.” We do, however, share or disclose Personal Data to third parties for behavioral advertising or “targeting” purposes. You can “opt-out” of this type of sharing and disclosure for behavioral advertising based on your Data in our Cookie Preferences Center. You can learn more about this type of Data use in our Cookie Notice.

      1. How and where Cheddar collect Data?

        Cheddar collects Personal Data from job candidates, potential customers, customers, participants at our events (in-person or virtual), business partners and vendors and their employees, advisors, contractors, and individuals who use our Services on others behalf (collectively, “Individuals”) who:

        1. Visit, transact with, or submit information to, us on our online Sites;
        2. Visit and shop at third-party vendor locations, including online storefronts;
        3. Receive or send communications from or to us, including email, phone calls, texts, and mail;
        4. Create an account on any of our Sites, including establishing a username and password;
        5. Use our Services as a customer or authorized user;
        6. Register for, attend, and/or otherwise take part in our events, promotions, contests, etc.;
        7. Download or otherwise engage our content or publications;
        8. Submit an inquiry about a transaction or an order, for support or information;
        9. Participate in online or recorded meetings or events;
        10. Engage with our customer service or employees;
        11. Apply to work with us, view or share job postings on LinkedIn; or
        12. Work at a partner or supplier of ours and interact with our Company in the course of doing business or contemplating doing business with us.

      2. We Collect Data From a Variety of Sources, Including but Not Limited To:
        1. The person who is the subject of the Personal Data;
        2. Publicly available sources (such as a voting record, your business information, social media);
        3. Third-Party Advertisers we have engaged to do advertising for us;
        4. Social media posts and interactions on our accounts;
        5. Service Providers; and
        6. Business partners and/or vendors.

      3. What Types of Data Do We Collect?
        1. Identifying Information: We collect this type of Data when you create an account, transact or initiate the transaction process with us, take advantage of other offers, or contact us. For example, name, address, zip code, email, telephone and cell number(s), birthdate, credit card information, and security question answers.
        2. Payment Information: This information may be collected when you initiate or complete a transaction. For example, the information provided to us in order for us to remit payment for a completed transaction.
        3. Event Information: This information is gathered when you sign up for events, such as contact information and mailing address.
        4. Demographic Information: We will collect this information when you take part in a contest, promotion, or survey. We might collect for instance, gender and zip code.
        5. Sensitive Data Not for Inferring Characteristics: We collect driver’s license information as well as user names and passwords to protect our Services and your security and to the extent permitted or required by applicable law. We require user names and passwords to protect your account, and we may collect driver's licenses when you sell us product or in connection with another regulated transaction.
        6. Device Information: We collect device information when you visit our Sites, such as the type of device you use to access our platforms, as well as your device ID, IP address, or mobile operating system.
        7. Location Information: We collect Data about your location when or if your device is set to allow location information. Please see our Cookie Notice for more information.
        8. Commercial Information: We collect this information when you make a sale. For example, details about the products sold, solicited, or entered into our Sites, as well as other selling or consuming histories or tendencies.
        9. Internet or other Network Activity Information: This type of data is collected when you visit our Sites or interact with our other technologies. This data is either automatically collected or is customer-initiated. For example, your browsing history, search history, and other information regarding interactions with our Sites or ads. Please see our Cookie Notice for more information.
        10. Other Information: If you use our Sites, we may gather data about the browser you use, what site you came from, or what site you visit when you leave our Sites. When you call our customer service team, we record calls for quality assurance and operational purposes.

        Like most websites and other places on the Internet, our Sites and Services may use cookies, web beacons, pixels and/or other technologies (collectively, “cookies”) to gather information. To read more about if or how we use cookies, please visit our Cookie Notice. You can manage your consent to the Personal Data we collect on our Sites by visiting our Cookie Preferences Center.

      4. How We Use the Data

        Cheddar collects Personal Data for a number of purposes, including but not only the following:

        1. Product and Services fulfillment.
          1. Complete, fulfill, manage, and communicate about sales, Services, etc.;
          2. Set up and service your online profile on our Sites;
          3. Provide customer service and alert you about product, transaction, or inquiry status; and
          4. Manage any subscriptions, including transaction tracking, billing, and any messages with you about those subscriptions.
        2. Internal operations.
          1. Improve the effectiveness of our Sites, inventory, third-party vendors, and customer service;
          2. Conduct research and analytics related to our operations and Services; and
          3. Perform other logistics and operation activities as needed.
        3. Security, compliance, legal obligations and fraud prevention.
          1. Protect our assets (on and offline) and prevent fraudulent activities;
          2. Validate credentials and authenticate customers when logging into your profile, applications, or transacting online;
          3. Protect the security and integrity of our Services and our data; and
          4. Assist any law enforcement, comply with legal and regulatory requirements, and respond to legal and regulatory inquiries.
        4. Marketing, promotions and advertising.
          1. Send you information about our products, Services, and promotions like personalized offers in email or mobile alerts;
          2. Provide interactive features on our Sites and social media accounts, such as Services ratings and reviews, and flash sales;
          3. Spot your item and shopping preferences;
          4. Track activity on our Sites, what products you are interested in, what products you market to us or consider marketing to us, how often you visit our Sites, etc.; and
          5. Oversee any contests, promotions, or surveys.

      5. Disclosure of Personal Data

        We may disclose Personal Data to vetted third parties for certain purposes, including the following:

        1. General Business Purposes: We may share data with consultants and service providers for customer or technical support, marketing, sales, operations, account management, and legitimate general business purposes;
        2. Compliance with the Law: We may disclose information to a third party where we are legally required to comply with applicable laws, regulations, legal processes, or government requests (e.g., reporting transactions to LeadsOnline for crime-prevention purposes).
        3. Protection of our Rights: We may also disclose information where it is needed to protect or exercise, establish, or defend our legal rights;
        4. Business Transfers: We may share or transfer data to support negotiations of or for a merger, sale of company assets, financing, or acquisition of all or a portion of our business;
        5. Managing Events: If you use our Sites to register for an event organized by a partner, we may share your Personal Data with that partner to process your registration and participation in the event; when this happens, our partner will process the Data as a separate controller and their use and control over your Personal Data will be governed by their privacy notice and policies;
        6. Receiving Professional Advice: In certain instances, we may share Personal Data with professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors, and insurers where we operate, who provide their professional services, but only to the extent we are legally obliged to do so or have a legitimate purpose;li>
        7. Publicly Shared Information: Any Personal Data or other data you choose to submit in communities, forums, blogs, or chat rooms on our Sites may be read, collected, and used by others who visit these forums, depending on account settings.

    2. Sometimes Information is Vital

      Where we need to collect and use Personal Data by law, or to complete a transaction or fulfill a contract with you, and you fail to provide the Data required, such a deficiency is likely to prevent us from meeting our obligations.

    3. Other People’s Privacy.

      If you provide us with Personal Data relating to another person, you must first confirm you have informed them of our identity and why their Personal Data is required, as well as how it will be used. The other person must have given consent to you in order for you to share their information with us. THEY have to consent. Please know you may not and cannot consent for them.

  3. International Transfers, Security, and Data Retention

    1. Use of Personal Data in the US, and Elsewhere

      Our Sites' servers are located in the United States, and our third-party service providers and partners have disclosed to us that they process our data in the United States. This means when we collect your Personal Data, it is managed and used in the US. NOTE: CHEDDAR IS A U.S. BASED AND U.S. CENTRIC COMPANY. WE DO NOT HAVE A PRESENCE IN, BUSINESS IN, OR SOLICIT BUSINESS FROM OUTSIDE THE U.S.
    2. Security

      We use technical, organizational, and administrative security measures designed to protect the security, confidentiality, and integrity of our systems and information. Note, however, that no Site, system, or network is absolutely secure and use of any online website or network inherently involves risks of unauthorized disclosure or exposure.
    3. Data Retention

      Cheddar will retain the Personal Data we collect for the length of time necessary to complete our relationship with you, or as long as there is an ongoing legitimate business need to do so and we have a valid reason to use the Data. We determine the length of our retention periods for Personal Data on the basis of the purposes for the information; the amount, nature, and sensitivity of the information used; any potential risk from unauthorized use or disclosure of that Personal Data; and whether we can achieve our purposes through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because it has been stored in backup archives), we will securely store and isolate it from further processing until deletion is possible.

  4. Your Privacy Rights

    You may have the following privacy rights:

    1. If you wish to access, correct, update, or request deletion of your Personal Data, you can do so at any time by sending an email to [email protected] or by using the contact details provided under the “How to Contact Us” heading below. We will of course need to verify you are who you say you are before we provide any access to anyone’s Personal Data. If you do have an inquiry, please provide us with the following:
      1. your name;
      2. type of request:
      3. approximate data of collection of the information; and
      4. a valid email address to contact you.
    2. We provide additional information below for California residents and residents of US states with applicable state privacy laws who wish to submit access, correction, or deletion requests. NOTE: We do not have a presence in the UK, EU, Switzerland, or other country in the European Economic Area. We do not market or solicit inquiry from those regions, or anywhere other than North America. If, as a resident of the UK, EU, Switzerland, or other country in the European Economic Area, you believe we have collected Personal Data from you, you may submit a request to [email protected] to (a) object to processing of your Personal Data; (b) ask us to restrict processing or erase your Personal Data; or (c) request access to or portability of your Personal Data. Again, you can exercise these rights under applicable EU, UK, or Swiss data privacy law by contacting us through to [email protected] or by using the contact details provided under the “How to Contact Us” heading below. In any such inquiry, please provide us with the following:
      1. your name;
      2. type of request:
      3. approximate data of collection of the information; and
      4. a valid email address to contact you.
      Cheddar does not use or process any Personal Data or Personal Information that would subject a person to a decision based solely on automated processing, including profiling, that produces legal effects (“Automated Decision-Making”). Automated Decision-Making currently does not take place on our Sites or in or as part of our Services.
    3. You have the right to opt-out of marketing communications we send you at any time by visiting our Cookie Preferences Center. You can further exercise this right by clicking on the “unsubscribe” link in the marketing communications we send or by using the contact details provided under the “How to Contact Us“ heading below. Please note opting-out of the receipt of marketing communications from us does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions, transactions, service announcements, or security information.
    4. You can manage your cookie preferences at any time by visiting our Cookie Preferences Center.
    5. If we have collected and used your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the use conducted in reliance on lawful processing grounds other than consent.
    6. We recognize the Global Privacy Control (“GPC”) signal. The GPC is a browser setting that allows consumers to opt-out of targeted advertisements and/or the sale of Personal Data through a pre-determined signal. The GPC allows you to make a single opt-out request that applies to all websites that are able to recognize the signal. Cheddar’s Sites recognize such a signal.

    We respond to all requests we receive from individuals wishing to exercise their privacy rights under applicable data privacy or protection laws. If you seek to enforce any of your rights with respect to our Services, please contact the Cheddar representative with whom you have direct contact or email us at [email protected].

  5. Important Information for Residents in States with Applicable Privacy Laws

    This section of our Privacy Notice supplements the information contained above and applies solely to those visitors, users, and others who reside in a state in the United States with an active and enforceable data privacy law (“consumers” or “you”).

    We have adopted this Notice in our best effort to comply with each enforceable privacy law at the time of publication of this Privacy Notice (collectively, the “State Privacy Laws”), as well as others in the future. The terms in this Privacy Notice will have substantially the same meanings as those in each of the State Privacy Laws, to the extent they are able to be reasonably interpreted in comity and uniformity with each other.

    Sensitive Personal Data collected by us is collected or processed to provide Services requested by the consumer, not for the purpose of inferring characteristics about the consumer and is thus not subject to requests to limit.

    NOTE: This Notice does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. At this time, we do not employ anyone in the state of California.

    1. Data We Collect

      As noted above in Section A, we collect information that identifies, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular consumer or household (“Personal Information” or “Personal Data” or “Data”). Personal Data, however, does not include:
      1. Publicly available information.
      2. De-identified or aggregated consumer information.
      3. Information excluded from most of the State Privacy Laws scope, such as:
        1. health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
        2. personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

      Cheddar has collected the following categories of Personal Data from consumers within the last twelve (12) months:

      Category Examples Collected
      A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. YES
      B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license, education, employment, or employment history. YES
      C. Protected classification characteristics under California or federal law. ONLY FOR PURPOSES OF JOB APPLICANTS: Age, citizenship, marital status, sex, or veteran or military status. YES
      D. Commercial information. Records of personal property, products, or services sold, purchased, obtained, marketed, or considered, or other purchasing, selling, or consuming histories or tendencies. YES
      E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face-prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
      F. Internet or other similar network activity. Browsing history, search history, or information on a consumer’s interaction with a website, application, or advertisement. YES
      G. Geolocation data. Physical location or movements. NO
      H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
      I. Professional or employment-related information. Current or past job history or performance evaluations. YES, limited to employment context.
      J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
      K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES
      We collect the categories of Personal Data listed above from the following categories of sources:
      1. Directly from you. For example, from forms you complete or products and services you market, sell, purchase.
      2. From publicly available sources (such as a voting record, your business information, social media);
      3. Indirectly from you. For example, from observing your actions on our Sites or social media accounts and third-party advertisers engaged to do ads for us.
      4. From business partners or vendors, such as at events, conferences, and through business contacts.

    2. Use of Personal Data

      We may use or disclose the Personal Data we collect for one or more of the following purposes:
      1. To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to inquire about a price or ask about our products or services, we will use that Data to respond. If you provide your Personal Data to market, purchase, or sell a product or service, we will use that information to process payment and otherwise facilitate such transaction. We may also save your Data to facilitate new product transactions or process returns.
      2. To provide, support, personalize, and develop our Sites, products, and Services.
      3. To create, maintain, customize, and secure your account with us.
      4. To process your requests, purchases, sales, transactions, inquiries, and payments and prevent fraud.
      5. To provide support and respond to inquiries, including to investigate and address concerns and monitor and improve our responses.
      6. To personalize your experience on our Sites and to deliver content, product, and service offerings relevant to your interests, including offers and ads through our Sites, third-party sites, and via email or text message (with consent, where required).
      7. To help maintain the safety, security, and integrity of our Sites, products and Services, databases and other technology assets, and business.
      8. For testing, research, analysis, and product development, including to develop and improve our Sites, products, and Services.
      9. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
      10. As described to you when collecting your Data.
      11. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us is among the assets transferred.

      We will not collect additional categories of Personal Data or use the Data we collected for materially different, unrelated, or incompatible purposes without providing notice and obtaining consent where necessary.

    3. Disclosure of Personal Data

      We may disclose Personal Data by providing it to a service provider for a valid business purposes under a written contract that describes the purposes of the Data use, requires the recipient to keep the Personal Data confidential, and prohibits any use of the disclosed Data for any purpose except performance of the contract. In the preceding twelve (12) months, Cheddar has disclosed Personal Data for certain business purposes to the categories of service providers identified in the chart below.

      While Cheddar does share Personal Data for the purposes of targeted advertising, we do not knowingly sell Personal Data or allow our third-party recipients to do so. Cheddar does not knowingly sell or share the Personal Data of consumers under sixteen (16) years of age.

      In the preceding twelve (12) months, Cheddar has disclosed Personal Data for sharing of the categories of Personal Data, and the purpose for that sharing, identified in the chart below.

      The following chart describes the categories of data shared with service providers.

      Personal Data Category Category of Third-Party Recipients
      Business Purpose Disclosures Sharing or Sale
      Business Purpose
      A: Identifiers. Marketing and advertising service providers; security services; payment and chargeback processors; suppliers; mailing and shipping services; government entities and law enforcement, if necessary; employee-related service providers; affiliates. Not for traditional sale.
      We share Data for targeted advertising with marketing and advertising service providers.
      B: Customer Records Personal Data categories. Marketing and advertising service providers; security services; payment and chargeback processors; suppliers; mailing and shipping services; government entities and law enforcement, if necessary; employee-related service providers; affiliates. Not for traditional sale.
      We share Data for targeted advertising with marketing and advertising service providers.
      C: Protected classification characteristics under state or federal law. Disclosed only for purposes of qualifying employment. Not disclosed.
      D: Commercial information. Supplier sales and marketing representatives, marketing and advertising service providers; government entities and law enforcement, if necessary; affiliates. Not for traditional sale.
      We share Data for targeted advertising with marketing and advertising service providers.
      E: Biometric information. Not collected. Not disclosed. Not collected. Not disclosed.
      F: Internet or other similar network activity. Marketing and advertising service providers; security services; suppliers; government entities and law enforcement, if necessary; employee-related service providers, affiliates. Not for traditional sale.
      We share Data for targeted advertising with marketing and advertising service providers.
      G: Geolocation data. Not collected. Not disclosed. Not collected. Not disclosed.
      H: Sensory data. Not collected. Not disclosed. Not collected. Not disclosed.
      I: Professional or employment-related information. Employee-related service providers; affiliates; limited to employment context. Not disclosed.
      J: Non-public education information. Not collected. Not disclosed. Not collected. Not disclosed.
      K: Inferences drawn from other Personal Data. Marketing and advertising service providers; security services; suppliers; government entities and law enforcement, if necessary; affiliates. Not for traditional sale.
      We share Data for targeted advertising with marketing and advertising service providers.
    4. Your Privacy Rights and Choices

      The State Privacy Laws provide consumers (their residents) with specific rights regarding their Personal Data. This section describes your rights under applicable laws and explains how to exercise those rights.

      1. Right to Know and Data Portability

        You have the right to request access and disclosure of certain information about our collection and use of your Personal Data over the past twelve (12) months as well as to have a copy of that Data provided to you (collectively referred to here as the “right to know”). Once we receive your request and confirm your identity (see “Exercising Your Rights to Know or Delete“), we will disclose to you the following:

        1. The categories of Personal Data we collected about you.
        2. The categories of sources for the Data we collected about you.
        3. Our business or commercial purpose for collecting or sharing that Data.
        4. The categories of third parties with whom we share Personal Data.
        5. If we shared or disclosed your Personal Data for a business purpose, two separate lists disclosing:
          1. The Personal Data categories a recipient purchased; and
          2. Any such disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained.
        6. The specific pieces of Personal Data we collected about you.
        7. A copy (if requested) transferred to you of the Personal Data collected and maintained about you in a commonly used electronic format.

      2. Right to Delete and Correct

        You have the right to request that we delete or correct the Personal Data collected or maintained about you, subject to certain exceptions (collectively referred to here as the “right to delete”). Once we receive your request and confirm your identity (see “Exercising Your Rights to Know or Delete“), we will review your request to see if an exception allowing us to retain the Data applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

        1. Complete the transaction for which we collected the Data, provide a good or Service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
        2. Detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for such activities.
        3. Debug products to identify and repair errors that impair existing intended functionality.
        4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
        5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
        6. Comply with a legal obligation.

        We will delete or de-identify and/or correct Personal Data not subject to one of these exceptions from our records and will direct our service providers to take similar action.

      3. Exercising Your Rights to Know or Delete

        To exercise your rights to know or delete described above, please submit a request by either:

        1. Calling us at (855) 745-0707
        2. Emailing us at [email protected]

        Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. You may only submit a request to know (or delete) twice within a twelve (12)-month period. Your request to know or delete must:

        1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative; and
        2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

        We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. You do not need to create an account with us to submit a request to know or delete, however, we do consider requests made through a password protected account sufficiently verified when the request relates to Personal Data associated with that specific account.

        We will only use Personal Data provided in the request to verify the requestor’s identity or authority to make it.

      4. Personal Data Sales or Sharing Opt-Out Rights

        Cheddar Does Not Engage in the “Sale” of Personal Data

        We do not collect the Personal Data of consumers and sell, or intentionally disclose, Personal Data in any way that could constitute a sale for value, although our Sites and applications may use cookies or similar technologies as described in our Cookie Notice for targeted advertising purpose.

        Cheddar Does Engage in the “Sharing” of Personal Data for Targeted Advertising

        Cheddar Does utilize third-party service providers to conduct cross-context behavioral advertising (targeted advertising) on our behalf. Some State Privacy Laws provide you with the right to opt out of such “sharing” of your Personal Data, including any for targeted advertising. The CCPA, for instance, defines “sharing” to include certain sharing of your Personal Data for purposes of serving you advertisements relevant to you based on your activity across our Services and other sites.

        Like many companies, we use services to help deliver interest-based ads to you, and our Sites may use cookies or similar technologies that allow advertising partners to collect your Data for our benefit. On our Sites, we provide you with the right to opt-out of the sharing of your Personal Data via our Cookie Preferences Center, which provides the notice and the opportunity to opt-out of our use of cookies which would follow your use and behavior across our Sites and the Internet.

        To opt-out (or to change your mind after opting-out), you may adjust your Data collection preferences by accessing our Cookie Preferences Center.

        Please note certain cookies and other technologies are used to allow our Sites to securely operate, provide you with a better experience, and facilitate transactions you may choose to make with Cheddar. Those essential, functional, and analytic technologies provide you with a more efficient and effective experience, and help us to understand how you navigate and use our Site. When you refuse those supporting technologies, it will affect how our Sites function and whether our Sites recognize you as a prior user or not.

        Also, some disclosures of your Data may not be considered “sharing,” and certain exemptions may apply under the State Privacy Laws. Your choices do not affect other disclosures of your Personal Data, as outlined in this Notice, such as when we process payments, provide services to you, or prevent fraud.

        Cheddar does collect “sensitive” Data as that is defined under most State Privacy Laws. However, any sensitive Personal Data collected by us is collected or processed to provide Services requested by the consumer, not for the purpose of inferring characteristics about the consumer and is thus not subject to requests to limit.

      5. Response Timing and Format

        We will confirm receipt of your request to know or delete within ten (10) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

        If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the Data from one entity to another entity without hindrance.

        We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

      6. Appealing Privacy Rights Decisions

        Depending on your state of residence, you may be able to appeal a decision we have made in connection with your request to know of delete. All appeal requests should be submitted via email to [email protected].

    5. Do Not Track or Global Privacy Setting

      We recognize the Global Privacy Control (the “GPC”) signal. The GPC is a browser setting that allows consumers to opt-out of targeted advertisements and/or the sale of Personal Data through a pre-determined signal. The GPC allows you to make a single opt-out request that applies to all websites able to recognize the signal. Cheddar’s Sites recognize such a signal.

      Although our Sites currently do not have the mechanisms to recognize all “Do Not Track” signals for various browsers, we do offer our customers choices to manage their cookie preferences and tracking opt-out in our Cookie Preferences Center, as well as described in this Notice and the Cookie Notice. To learn more about browser tracking signals and Do Not Track, please visit www.allaboutdnt.com.

    6. Non-Discrimination

      We will not discriminate against you for exercising any of your privacy rights under applicable law. However, we may offer you certain financial incentives that can result in different prices or rates. Any permitted financial incentive we offer will reasonably relate to your Data's value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, that you may revoke at any time by visiting our Cookie Preferences Center or sending an email to [email protected].

  6. Changes to this Privacy Notice

    We may update and amend this Notice from time to time, which may be needed and may occur at any point in the future. When we make changes to this Notice, we will post the updated Notice on our Sites and update the effective date. Your continued use of our Sites following the posting of changes constitutes your notice of and acceptance of such changes.

  7. Children

    Our Services and Sites at this time are not geared or in any way directed to individuals under the age of sixteen (16). We do not knowingly collect Personal Data from those under the age of sixteen (16) and as such, we furthermore do not knowingly sell or share the Personal Data of consumers under the age of sixteen (16). If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please send an email to [email protected], or by any method identified in the “How to Contact Us” section below, and we will take steps needed to delete any under 16 Personal Data from our systems.

  8. How to Contact Us

    If you have questions or comments about this Notice or the ways in which Cheddar collects and uses Personal Data it processes, please do not hesitate to contact us at:

    If you need to access this Notice in an alternative format due to having a disability, please contact [email protected] or (855) 745-0707