PRIVACY POLICY

Notice

Dark Iron is now a Thrasio company. Thrasio is the fastest growing acquirer of Amazon businesses. The exponential growth of the Amazon ecosystem has lead to the creation of thousands of multimillion dollar niche brands, virtually overnight. Many of these companies lack the capacity to sustain further growth without the influx of capital or nuanced expertise. That’s where Thrasio steps in.
As part of operating Dark Iron, we have updated the Privacy Policy to reflect how Thrasio collects, uses, and shares your personal information. Under this new Privacy Policy, we will share your information with other Thrasio brands so that they can market their own products to you. 
If you do nothing, we will handle your information as the new Privacy Policy describes, starting on that date.
If you do not want the new Privacy Policy to apply to your information, please click on the unsubscribe link below, and we will remove your information from our mailing list.

UNSUBSCRIBE

Thank you,
The Thrasio Team

Dark Iron Privacy Policy

Effective as of September 11, 2020
Dark Iron is a Thrasio brand. This Privacy Policy describes Dark Iron's privacy practices, and the rights and choices available to individuals with respect to their information.
California residents can learn about their additional privacy rights in the “Additional information for consumers located in California” section below.
Personal information we collect
Information you provide to us:
  • Personal contact information, such as your first and last name, email and mailing addresses, and phone number.
  • Transaction information, such as your billing and shipping address, purchase details, and payment information.
  • Registration information, such as information that may be related to a service, an account or an event you register for.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.
  • Usage information, such as information about how you use the services and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the services.
  • Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.
Information we obtain from third parties. We may maintain pages on social media platforms, such as Facebook, LinkedIn, Instagram, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy. We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources and data providers.
Cookies and other information collected by automated means. We, our service providers, and our business partners may use cookies, browser web storage (also known as locally stored objects, or "LSOs"), web beacons, and similar technologies to automatically collect information about your interaction with our services through your computer or mobile device, including:
  • Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, and general location information such as city, state or geographic area.
  • Online activity data, such as the website you visited before browsing to our website, and information about your use of and actions on our websites, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access; and
  • Communications response data, such as whether you open emails we send you, and the links and other actions you take in response to the emails.
See our Cookie Policy below for more information.
How we use your personal information
To operate our services:
  • Provide, operate, maintain, secure and improve our services
  • Fulfill a payment or return transaction initiated by you
  • Administer our loyalty or rewards program
  • Provide information about our services
  • Communicate with you about our services, including by sending you announcements, updates, security alerts, and support and administrative messages
  • Understand your needs and interests, and personalize your experience with our services and our communications
  • Respond to your requests, questions and feedback
For research and development. To analyze and improve the services and to develop new products and services, including by studying use of our services.
For marketing purposes. To send marketing emails to the email address you provide to us (provided, however, that any such marketing emails will tell you how to opt out of receiving further marketing emails).
To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention, and safety. To: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our website and services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
To create anonymous data. To create anonymous data from your personal information and other individuals whose personal information we collect.  We make personal information into anonymous data by removing information that makes the data personally identifiable to you. 
How we share your personal information
Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).
Dark Iron website visitors. You may choose to leave a product review, which we may post publicly for visitors of our website to view. This review may include your name, country of residence, and other personal information.
Thrasio brands. We may also share information among Thrasio brands for those brands’ marketing purpose.
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above. 
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.
Your choices
In this section, we describe the rights and choices available to all users. Users who are located in California or the European Economic Area, Switzerland or the United Kingdom (collectively, “Europe”) can find additional information about their rights below.
Access or update your information. If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into the account.
Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacy@thras.io.  You may continue to receive service-related and other non-marketing emails. 
Cookies & browser web storage. Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies, the services may not work properly.  Similarly, your browser settings may allow you to clear your browser web storage. For more details, see our Cookie Policy below.
Targeted online advertising. Some of the business partners that collect information about users’ activities on or through our services may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.
Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly titled link). Users of our mobile applications may opt out of receiving targeted advertising in mobile apps through participating members of the Digital Advertising Alliance by installing the AppChoices mobile app, available here, and selecting the user’s choices. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
In addition, your mobile device settings may provide functionality to limit our, or our partners’, ability to engage in ad tracking or targeted advertising using the Google Advertising ID or Apple ID for Advertising associated with your mobile device.
If you choose to opt out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Shopify
Our store is hosted on Shopify. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more information, please read Shopify’ Terms of Service here or Privacy Statement here.
Other sites, mobile applications and services
Our website may contain links to other websites, mobile applications, and other online services operated by third parties.  These links are not an endorsement of, or representation that we are affiliated with, any third party.  In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions.  Other websites and services follow different rules regarding the collection, use and sharing of your personal information.  We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
Security practices
We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. In the event that we are required to notify you about a situation involving your data, we may do so by email or telephone to the extent permitted by law.
International data transfers
We are headquartered in the United States and have service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country. 
European users should read the important information provided below about transfer of personal information outside of Europe.
Children 
Our website and services are not intended for children, and we do not collect personal information from them. We define "children" as follows:
  • Residents outside of Europe: anyone under 13 years old; and
  • Residents of Europe: anyone under 16 years old, or the age needed to consent to the processing of personal information in your country of residence.
If we learn we have collected or received personal information from a child without verification of parental consent, we will delete the information. If you believe we might have any information from or about a child, please contact us at privacy@thras.io.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it our website. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through our services.
Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on our website (or as otherwise indicated at the time of posting). In all cases, your continued use of the services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
How to contact us
Please direct any questions or comments about this Policy or privacy practices to privacy@thras.io. You may also write to us via postal mail at:
Mailing Thrasio, 85 West Street, Floor 3, Walpole, MA 02081
Additional information for consumers located in California
This section applies only to California residents. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.
We do not sell personal information.  Like most companies, we use cookies and other tracking tools to analyze website traffic and facilitate advertising. If you would like to opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online tracking opt-out guide below.
Your California privacy rights. The CCPA grants individuals whose information is governed by the CCPA the following rights: 
  • Information. You can request information about how we have collected and used your Personal Information during the past 12 months. We have made this information available to California residents without having to request it by including it in this Privacy Policy.
  • Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
  • Deletion. You can ask us to delete the Personal Information that we have collected from you.
You are entitled to exercise the rights described above free from discrimination.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request.  If we deny your request, we will communicate our decision to you. 
How to exercise your rights
You may exercise your California privacy rights described above as follows:
  • Right to information, access and deletion. You can request to exercise your information, access and deletion rights by:
    • Mailing us at Thrasio, 85 West Street, Floor 3, Walpole, MA 02081
    • emailing privacy@thras.io
  • Identity verification. We will need to confirm your identity and California residency to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
  • Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf.  We will require the authorized agent to have a written authorization confirming that authority.
Online tracking opt-out guide
Like many companies online, we may use services provided by Google and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.
Notice to European users
The information provided in this “Notice to European users” section applies only to individuals in Europe.
Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation. 
Controller. Dark Iron is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. 
Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.
Processing purpose (click link for details)
Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”.
  • Legal Basis
To operate our services
  • Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services.  If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.
For research and development
For marketing purposes
For compliance, fraud prevention and safety
To create anonymous data
  • These activities constitute our legitimate interests.  We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law
  • Processing is necessary to comply with our legal obligations.
With your consent
  • Processing is based on your consent.  Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services, or otherwise to us.
If you provide us with any sensitive personal information to us when you use the services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our services.
Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. 
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.  If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
Your rights. European data protection laws give you certain rights regarding your personal information.  If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:
  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct.  Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights. 
You may submit these requests by email to privacy@thras.io or our postal address provided above.  We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.  If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.  You can find your data protection regulator here
Cross-border data transfer. If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed:
  • Pursuant to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield (or Swiss-US Privacy Shield, as applicable), or Binding Corporate Rules.
  • Pursuant to the consent of the individual to whom the personal information pertains.
  • As otherwise permitted by applicable European requirements.
You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.
Cookie Policy
This Cookie Policy explains how Dark Iron uses cookies and similar technologies in connection with the https://darkironfitness.com/ website and any other website or mobile application that we own or control and which posts or links to this Cookie Policy (collectively, the “Sites”).
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website.  Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. 
Our Sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third party cookies, which are served by service providers or business partners on our Sites, and can be used by these parties to recognize your computer or mobile device when it visits other websites. Third party cookies can be used for a variety of purposes, including site analytics, advertising and social media features.
What types of cookies and similar tracking technologies does Dark Iron use on the Sites?
On the Sites, we use cookies and other tracking technologies in the following categories described in the table below.
Type
  • Advertising
Description
  • These cookies are used by advertising companies to collect information about how you use our Sites and other websites over time.  These companies use this information to show you ads they believe will be relevant to you within our services and elsewhere, and to measure how the ads perform.
Who serves the cookies 
(link to privacy policy/site)
How to control them
  • See ‘your choices’ below.
-------
Type
  • Analytics
Description
  • These cookies help us understand how our services is performing and being used.  These cookies may work with web beacons included in emails we send to track which emails are opened and which links are clicked by recipients.
Who serves the cookies 
(link to privacy policy/site)
How to control them
  • See ‘your choices’ below.
  • Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here and about how Google protects your data here.  You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin available here.
-------
Type
  • Essential
Description
  • These cookies are necessary to allow the technical operation of our services (e.g., they enable you to move around on a website and to use its features).
Who serves the cookies 
(link to privacy policy/site)
How to control them
  • See ‘your choices’ below.
-------
Type
  • Functionality/performance
Description
  • Enhance the performance and functionality of our services.
Who serves the cookies 
(link to privacy policy/site)
How to control them
  • See ‘your choices’ below.
Other technologies
In addition to cookies, our Sites may use other technologies, such as Flash technology to pixel tags to collect information automatically.
Browser Web Storage
We may use browser web storage (including via HTML5), also known as locally stored objects (“LSOs”), for similar purposes as cookies. Browser web storage enables the storage of a larger amount of data than cookies. Your web browser may provide functionality to clear your browser web storage.
Flash Technology
We may use Flash cookies (which are also known as Flash Local Shared Object (“Flash LSOs”)) on our Sites to collect and store information about your use of our Sites. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash LSOs stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our Sites.
Web Beacons
We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Sites and in our HTML formatted emails to track the actions of users on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.
Mobile Application Software Development Kits (SDKs)
We may use third-party software development kits (“SDKs”) in our mobile applications. A SDK is third-party computer code that may be used for a variety of purposes, including to provide us with analytics regarding the use of our mobile applications, to integrate with social media, add features or functionality to our app, or to facilitate online advertising. SDKs may enable third parties to collect information directly via our App.
Your choices
Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies, the Sites may not work properly. 
For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.  If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.
Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly titled link). Users of our mobile applications may opt out of receiving targeted advertising in mobile apps through participating members of the Digital Advertising Alliance by installing the AppChoices mobile app, available here, and selecting the user’s choices. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.
For more information about how we collect, use and share your information, see our Privacy Policy.
Changes
Information about the cookies we use may be updated from time to time, so please check back on a regular basis for any changes.
Questions
If you have any questions about this Cookie Policy, please contact us by email at privacy@thras.io.
Last modified August 18, 2020