Privacy Policy

Last Updated: January 8^th, 2026

Watkins Manufacturing Corporation (“Watkins Wellness,” “Watkins,” “we,” “us,” or “our”) want you to be familiar with how we collect, use, and disclose Personal Information in connection with our business operations. This Privacy Policy describes our practices in connection with Personal Information that we collect through:

Phone interactions;
Websites operated by us from which you are accessing this Privacy Policy, which includes but is not limited to https://www.calderaspas.com/, https://www.endlesspools.com/, https://www.hotspring.com/, https://www.watkins.pro/, https://sauna360.com/, https://tylo.com/, https://helosauna.com/, and any virtual assistants or chatbots we operate (the “Websites”);
Software applications that operate and/or complement our products that we make available for use on or through computers and mobile devices (the “Apps”);
Social media properties from which you are accessing this Privacy Policy , which includes but is not limited to https://www.facebook.com/calderaspas, https://www.facebook.com/HotSpringSpas, https://www.instagram.com/calderaspas/, https://www.instagram.com/hotspring_spas/, https://www.facebook.com/tylosaunanorthamerica/, https://www.instagram.com/tyloglobal/, https://www.facebook.com/helosaunas, https://www.instagram.com/helosaunas/, https://www.facebook.com/EndlessPools, and https://www.instagram.com/endlesspools/ (collectively, our “Social Media”);
HTML-formatted email messages or other communications that we send to you that link to this Privacy Policy (“Emails”); and
Any other offline business interactions you may have with us, including in-person interactions, such as at trade shows or our facilities, during in-person market research, and at retail stores where our products are sold (“Offline Interactions”).

Click here for additional information for residents of U.S. states.

Collectively, we refer to Phone Interactions, the Websites, Apps, our Social Media, Emails, and Offline Interactions as the “Services.” We encourage you to read this Privacy Policy before using the Services or submitting your Personal Information to us. Your use of the Services signifies that you agree with all the terms of this Privacy Policy.

CATEGORIES AND SOURCES OF PERSONAL INFORMATION COLLECTED

“Personal Information” is information that identifies an individual or relates to an identifiable individual. We generally collect Personal Information directly from you. However, we may also collect your Personal Information indirectly from third parties as described below.
When we collect Personal Information about you indirectly, we will take reasonable steps to notify you as soon as practicable that we have done so, where required by applicable law.

We collect the following categories of Personal Information:

Personal Information we receive from you
Identifiers	Such as first and last name, email address, telephone number, postal address, driver’s license, username, passwords and reminder questions/answers, identity card, and other government-issued ID numbers.
User Content	Such as reviews about our Services and other content that you may create or share with us during our relationship, including posts on our Social Media and comment sections.
Preferences	Such as language, interests, and other feedback/preferences that you might express during your use of our Services.
Marketing Data	Such as your choices regarding our newsletters, surveys, sweepstakes, contests, raffles, offers, and other marketing/advertising or promotions displayed or provided to you, and preferred methods of such promotional communication.
Visitor & Event Info	Such as travel and accommodation details, issued identification pass to access the premises, and other details specific to a particular event or conference that you share with us.
User Photos, Audio, and Videos	Such as photos, audio recordings, and videos submitted by you while using our Services.
Commercial Information	Such as details of your communications with us, transaction information and purchase history, including purchases considered, credit or debit card, which includes details like the cardholder’s name, primary account number (PAN), expiration date, and card verification value (CVV).

Personal Information collected automatically through your use of our Services:
Online Activity Data	Pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
Device Information	Your mobile device’s operating system type and version, manufacturer and model, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G, 5G), advertising ID, and general location information. This includes data obtained through cookies and similar technologies, as described in the COOKIES AND SIMILAR TECHNOLOGIES section below.
Audio/Visual Data	Audio, electronic, visual, thermal, olfactory, and similar information, such as call and video recordings created in connection with our business activities.
Geolocation Data	Such as device location and approximate location derived from IP address.

Other sources from which we collect Personal Information:
Social Media	Such as profile pictures, social media account ID, and other public social media profile information, including lists of friends/followers on social media.
Third-Party Logins	When you link, connect, or login to our Services with a third-party service (e.g., Google or Facebook), you direct the service to send us information as controlled by that service or as authorized by you via your privacy settings on that service.
Other Third Parties	We may collect information from sources such as publicly available databases, marketing partners, third-party providers, and data brokers.

We need to collect Personal Information to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

PERSONAL INFORMATION PROCESSING PURPOSES

We use Personal Information for legitimate business purposes, including:

Processing Purpose and Examples of Related Activities	Personal Information Used
Administering the Services: Providing the Services’ functionality to you, such as arranging access to your registered account; verifying your information; responding to your inquiries and fulfilling your requests, such as when you contact us via one of our online contact forms or otherwise (e.g., when you send us questions or comments, or when you request other information about our Services); supporting communications with you and making recommendations (including through a chatbot); to deliver products to you; enforcing our terms, conditions, and policies; to send you administrative information, such as information regarding the Services and changes to our terms, conditions, and policies; to facilitate sweepstakes, contests, raffles, and other promotions; and to allow you to send Services-related content to another person through the Services if you choose to do so.	Identifiers; User Content; Preferences; Marketing Data; Commercial Information; Visitor and Event Information; User Photos and Videos; Commercial Information; Online Activity Data; Device Information; Audio/Visual Data; and Geolocation Data
Operations and general business: Administering online Services (including troubleshooting and diagnostic testing, conducting performance analyses of our systems and Services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and hosting data); and facilitating mergers, acquisitions, and other reorganizations and restructurings of our business (including prospective transactions).	Personal Information as relevant for the specific business operation
Conferences, visits, and other events: Facilitating and participating in conferences and events, and welcoming guests and visitors to our premises.	Identifiers; Preferences; Visitor and Event Information; Commercial Information; Device Information; Online Activity Data; Audio/Visual Data; and Geolocation Data
Marketing: Sending you newsletters, event invitations, and mailings that we think may be of interest to you; fulfilling your event registration requests; and providing services, including providing events.	Identifiers; Commercial Information; Preferences; Marketing Data; Visitor and Event Information; Audio/Visual Data; User Content; Online Activity Data; Device Information; and Geolocation Data
Personalizing our Services: Personalizing our interactions with you and providing you with information and/or offers tailored to your interests, such as delivering content via our Services that we believe will be relevant and interesting to you.	Identifiers; Marketing Data; Commercial Information; Visitor and Event Information; User Photos and Videos; Online Activity Data; Device Information; Preferences; and Geolocation Data
Improving and developing Services that we may provide to you: Conducting data analysis, for example, monitoring and analyzing Services use and using data analytics to improve the efficiency of our Services; developing, training, using and improving artificial intelligence tools and models (including those provided by our service providers); developing new Services; considering ways to enhance, improve, repair, maintain, or modify our Services; identifying usage trends, for example, understanding which parts of our Services are most interesting to users; determining the effectiveness of our promotional campaigns, so we can adapt our campaigns to the needs and interests of our users; and operating and expanding our business activities.	Identifiers; Commercial Information; Preferences; User Content; Visitor and Event Information; Marketing Data; User Photos and Videos; Online Activity Data; Device Information; and Audio/Visual Data
Relationship building and engagement: Facilitating and responding to any social sharing and posts on our Services and other customer relationship building activities.	Identifiers; Marketing Data; Visitor and Event Information; User Photos and Videos; Online Activity Data; Device Information; and User Content
Aggregation and/or anonymization: Aggregating and/or anonymizing Personal Information so that it will no longer be considered Personal Information.	Personal Information as relevant for the specific business purpose
Security and fraud prevention: Conducting audits verifying that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements; monitoring for and preventing fraud; and for security purposes, including maintaining technological system security and on-site security of our premises.	Identifiers; Commercial Information; Geolocation Data; Online Activity Data; Visitor and Event Information; and Device Information
Legal and compliance: Fulfilling our legal and compliance-related obligations, including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities; meeting national security or law enforcement requirements, compliance with requirements set by industry-specific supervisory bodies; enforcing our terms and conditions and standards; protecting our operations; protecting our rights, privacy, or property; responding to auditors; and allowing us to pursue available legal remedies and make insurance claims, defend claims, and limit the damages that we may sustain.	Personal Information as relevant for the specific legal action, regulatory investigation, and/or legal processes in question
Emergency and incident response: Ensuring the safety of on-site personnel and visitors; responding to, handling, and documenting on-site accidents and medical and other emergencies; actively monitoring properties to ensure adequate incident prevention, response, and documentation (including CCTV); requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio‑visual device prompts, etc.).	Personal Information as relevant for the specific emergency and/or incident

Individuals in the EEA/UK: Please view the EEA/UK PRIVACY SUPPLEMENT below for more information regarding our legal basis for processing Personal Information.

DISCLOSURE OF PERSONAL INFORMATION

We disclose Personal Information to third parties and for the purposes described below, depending on each specific jurisdiction and applicable law:

Recipients	Purpose
Our Affiliates	For all the purposes listed above, we are responsible for the management of any jointly used Personal Information along with our parent and/or sister companies. Please click here for more information regarding our parent and sister companies.
Third-party service providers	Including service providers that provide website hosting, IT and related infrastructure, payment services, email delivery, analytics, and other services for the following purposes: Administering the Services Improving the Services Operations and general business Security and fraud prevention Marketing Personalizing our Services Relationship building and engagement Conferences, visits, and other events Legal and compliance
Advertising networks and social networks	Improving the Services Marketing Personalizing our Services Relationship building and engagement
Dealers and retailers	Third parties that offer our products for sale
Analytics providers	Aggregating and/or anonymizing Personal Information Security and fraud prevention Improving the Services Marketing Operations and general business Personalizing our Services
Business partners	Event co-sponsors, including contest sponsors Third parties in connection with licensing, joint development, or similar arrangements, including third parties with which we create co-branded pages and products
Law enforcement; public, regulatory, and government authorities; courts, tribunals, or third parties where necessary to comply with applicable law and regulations	Emergency and incident response Security and fraud prevention Legal and compliance
Professional advisors, such as accountants, actuaries, auditors, experts, consultants, lawyers, banks, and financial institutions	Security and fraud prevention Legal and compliance Improving the Services
Third parties, such as an acquiring entity and its advisors, in connection with a sale or business transaction	We may disclose or transfer your Personal Information in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your Personal Information in accordance with applicable law and the UPDATES TO THIS PRIVACY POLICY section.

By using the Services, you may elect to disclose Personal Information on message boards, chat, profile pages, blogs, and other services to which you are able to post information and content (including, without limitation, our Social Media), or through which you are able to send messages through the Services. Please note that any information you post or disclose in this context will become public and may be available to other users and the general public.

COOKIES AND SIMILAR TECHNOLOGIES

We and our service providers automatically collect certain information when you use our Services, like details about your browser and device, how you use our apps, and information from cookies and similar technologies. We also collect general demographic data and information that has been aggregated so it doesn’t identify you personally.

We and our service providers may collect information automatically in a variety of ways, including:

Your browser or device
- Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the Services (such as our apps) you are using. We use this information to ensure that the Services function properly.

Your use of our apps
- When you download and use our apps, we and our service providers may track and collect app usage data, such as the date and time the app on your device accesses our servers and what information and files have been downloaded to our app based on your device number.

Cookies
- Cookies are small files saved on your device. We use cookies to keep our Services secure, make navigation easier, show you relevant information, and understand how people use our Services. We also gather statistical information about use of the Services to continually improve their design and functionality, understand how they are used, and assist us with resolving questions regarding them. We currently respond to browser do-not-track signals.
- If you do not want information collected using cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If you don’t accept cookies, some features on the Services may not work as well. You also may not receive advertising or other offers from us that are relevant to your interests and needs.

We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://policies.google.com/privacy, and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

Pixel tags and other similar technologies
- Pixel tags (also known as web beacons and clear GIFs) may be used to see how people use our Services and emails, and to measure how well our marketing works.

Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies
- We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also go to the Global Storage Settings Panel and follow the instructions (which may explain, for example, how to delete existing Flash LSOs (referred to as “information”), how to prevent Flash LSOs from being placed on your computer without you being asked, and how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.

We may use and disclose information collected automatically for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat information collected automatically as Personal Information under applicable law, we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy. In some instances, we may combine information collected automatically with Personal Information. If we do, we will treat the combined information as Personal Information while it is combined.

SECURITY

We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the CONTACTING US section below.

EMAIL MARKETING & SMS CHOICES

You have choices regarding marketing-related communications and/or SMS communications. Where required by applicable law, we will ask for your prior opt-in consent. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out by following the unsubscribe instructions in any such message or by contacting us in accordance with the CONTACTING US section below. You may opt out of SMS text messages at any time by replying “STOP”.

We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.

RIGHTS AND REQUESTS

If you would like to request to access/review, correct, update, suppress/delete, object to, restrict or opt out of the processing of Personal Information, withdraw your consent where relied upon for processing (which will not affect the lawfulness of processing prior to the withdrawal), issue a complaint about our processing of your Personal Information, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent that these rights are provided to you by applicable law), please contact us in accordance with the CONTACTING US section below. We will respond to your request consistent with applicable law. If you are a resident of California, Nebraska, or Texas, please refer to the U.S STATE CONSUMER PRIVACY SUPPLEMENT below for more information about the requests you may make under applicable law.

In your request, please make clear the nature of your request (i.e., what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database, or the limitations you would like to put on our use of your Personal Information). For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after completion of such purchase or promotion). Further, certain Personal Information may be exempt from requests pursuant to applicable data protection laws or other laws and regulations.

Depending on your jurisdiction, you may also lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs. For example, a list of EEA data protection authorities is available at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Information regarding the UK data protection authority is available at: https://ico.org.uk/. Information regarding the Office of the Australian Information Commissioner is available at: https://www.oaic.gov.au/privacy/privacy-complaints. Information regarding the New Zealand Office of the Privacy Commissioner is available at: https://www.privacy.org.nz/your-rights/making-a-complaint-to-the-privacy-commissioner.

RETENTION OF PERSONAL INFORMATION

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained as outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable law. The criteria used to determine our retention periods include:

The length of time that we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services) and the length of time thereafter during which we may have a legitimate need to reference your Personal Information to address issues that may arise;

Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of transactions or communications for a certain period before we can delete them); or
Whether retention is advisable considering our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

THIRD-PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties. This includes any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us.

In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media.

THIRD-PARTY ADVERTISING

You may receive advertisements based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties. These companies place or recognize a unique cookie on your browser (including using pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the device on which you are accessing this Privacy Policy, click the “cookie preferences” link at the footer of this website.

THIRD-PARTY PAYMENT SERVICE

The Services may provide functionality allowing you to make payments to us using third-party payment services with which you have created your own account. When you use such a service to make a payment to us, your Personal Information will be collected by such third party and not by us and will be subject to the third party’s privacy policy, rather than this Privacy Policy. We have no control over, and are not responsible for, this third party’s collection, use, and disclosure of your Personal Information.

USE OF SERVICES BY MINORS

The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under 18.

CROSS-BORDER TRANSFER

Your Personal Information may be stored and processed in any country or region where we have facilities or engage service providers. By using the Services, you understand that your Personal Information will be transferred to countries outside of your country or region of residence, including but not limited to the United States, Canada, the EU, India, Mexico, and the UK, which may have data protection rules that are different from those of your country or region. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries or regions may be entitled to access your Personal Information.

Some countries outside of the EEA/UK are recognized by the European Commission and/or the UK government as providing an adequate level of data protection according to EEA/UK standards: the list of the EEA’s adequate jurisdictions is available here, and the list of the UK’s adequate jurisdictions is available here. For transfers from the EEA or the UK to countries not considered adequate by the European Commission or the UK government (as applicable), we have put in place adequate measures, such as the standard contractual clauses adopted by the relevant authority to protect your Personal Information. You may obtain a copy of these measures by contacting us in accordance with the CONTACTING US section below.

SENSITIVE INFORMATION

Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., Social Security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.

UPDATES TO THIS PRIVACY POLICY

The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. We encourage you to check this page regularly because your continued use of the Services following any changes to the Privacy Policy will constitute your acceptance of such change.

CONTACTING US

Watkins Manufacturing Corporation located at 1280 Park Center Dr, Vista, CA 92081 is responsible for the collection, use, and disclosure of your Personal Information under this Privacy Policy. If you have any questions about this Privacy Policy, concerns about our use of Personal Information, or believe that we have not complied with applicable privacy laws, you can contact us by email at custsvc@watkinsmfg.com or clicking here https://www.hotspring.com/privacy-policy/privacy-request, by calling 1-800-999-4688 (US Only), or by mail at 1280 Park Center Dr, Vista, CA 92081.

When contacting us, please provide as much detail as possible regarding your question or concern. We take all privacy inquiries seriously and will work to address and resolve them in an efficient manner.

You may also contact Kevin Edwards, Director of Data Analytics and Privacy at our parent company Masco Corporation at consumerprivacy@mascohq.com or 1-833-724-0948.

EEA/UK PRIVACY SUPPLEMENT

We process Personal Information based on the following legal bases:

Purpose	Legal Basis for Processing
Administering the Services	We engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
Operations and general business	We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as maintaining and improving our Services.
Conferences, visits, and other events	We engage in these activities to manage our contractual relationship with you and/or based on our legitimate interest, such as improving the quality of our events and responding to complaints and concerns relating to an event.
Marketing	Where required under applicable law, we obtain your consent to send you direct marketing communications. Where permitted by applicable law, we also engage in marketing activities based on our legitimate interest, such as to promote our Services.
Personalizing our Services	Where required under applicable law, we obtain your consent to provide personalized Services. Where permitted by applicable law, we also personalize the Services based on our legitimate interest, such as providing tailored Services based on your preferences.
Improving and developing Services that we may provide to you	We engage in these activities based on our legitimate interests, such as developing new Services, and with your consent to the extent required by applicable law.
Relationship building and engagement	We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as improving our Services.
Aggregation and/or anonymization	We engage in these activities based on our legitimate interest, such as to generate anonymized data for our own business purposes which does not identify you or another individual.
Security and fraud prevention	We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as identifying and preventing fraudulent transactions and cyberattacks.
Legal and compliance	We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as our interest in enforcing our terms and conditions and bringing and defending legal claims.
Emergency and incident response	We engage in these activities to manage our contractual relationship with you, to protect individuals’ vital interests, to comply with a legal obligation, and/or based on our legitimate interest, such as ensuring the safety of our premises.

U.S. STATE CONSUMER PRIVACY SUPPLEMENT

The following chart details which categories of Personal Information we collect and process, as well as which categories of Personal Information we disclose to third parties for our operational business or commercial purposes, including within the preceding 12 months. The chart also details the categories of Personal Information that we “sell” to third parties or “share” for purposes of cross‑context behavioral or targeted advertising, including within the preceding 12 months. For further details, please see above under the DISCLOSURE OF PERSONAL INFORMATION section.

Categories of Personal Information	Disclosed to Which Categories of Third Parties for Operational Business or Commercial Purposes
Identifiers	Affiliates; service providers; advertising networks; social networks; dealers and retailers; analytics providers; business partners; marketing partners; public, regulatory, and government authorities; professional advisors; third parties such as an acquiring entity; and other parties in litigation
Personal information as defined in the California customer records law, such as name, address, telephone number, email, profile picture, social media account ID and profile pictures, date of birth, passwords and reminder questions/answers, payment card information, and information related to employment, education and experiences, and preferences and interests	Affiliates; service providers; advertising networks; social networks; dealers and retailers; business partners; marketing partners; public, regulatory, and government authorities; professional advisors; other parties in litigation; and third parties such as an acquiring entity
Protected Class Information, such as characteristics of protected classifications under California or federal law, such as sex, marital status, age, race, disability, medical conditions, sexual orientation, gender identity and expression, citizenship, primary language, immigration status, and military/veteran status	Affiliates; service providers; advertising networks and social networks; dealers and retailers; analytics providers; business partners; public, regulatory, and government authorities; professional advisors; and third parties such as an acquiring entity
Commercial Information, such as transaction information, purchase history, financial details, and payment methods	Affiliates; service providers; dealers and retailers; business partners; dealers and retailers; business partners; public, regulatory, and government authorities; professional advisors; and third parties such as an acquiring entity
Internet or network activity information, such as browsing history, search history, and interactions with our online properties or advertisements	Affiliates; service providers; advertising networks and social networks; dealers and retailers; analytics providers; business partners; public, regulatory, and government authorities; professional advisors; and third parties such as an acquiring entity
Geolocation Data	Affiliates; service providers; advertising networks and social networks; dealers and retailers; analytics providers; business partners; public, regulatory, and government authorities; professional advisors; and third parties such as an acquiring entity
Audio/Video Data	Affiliates; service providers; advertising networks and social networks; dealers and retailers; analytics providers; business partners; public, regulatory, and government authorities; professional advisors; and third parties such as an acquiring entity
Inferences drawn from any of the Personal Information to create a profile, such as an individual’s preferences or characteristics	Affiliates; service providers; advertising networks and social networks; dealers and retailers; analytics providers; business partners; public, regulatory, and government authorities; professional advisors; and third parties such as an acquiring entity
Sensitive Personal Information, such as government-issued identification numbers, account login and financial information, racial or ethnic origin, citizenship, immigration status, medical data, personal information concerning an individual’s sexual orientation, precise/specific geolocation information, genetic data, and consumer health data	Affiliates; service providers; business partners; public, regulatory, and government authorities; professional advisors; and third parties such as an acquiring entity

We retain each category of Personal Information, including Sensitive Personal Information, as described above under the RETENTION OF PERSONAL INFORMATION section.

We have not engaged in such activities in the preceding 12 months. Without limiting the foregoing, we do not sell or “share” Personal Information, including Sensitive Personal Information, of minors under 16 years of age.

We collect, use, and disclose Personal Information for the purposes described above under the PERSONAL INFORMATION PROCESSING PURPOSES section.

We also collect, use, and disclose Sensitive Personal Information for purposes of performing services for our business; providing goods or performing services as requested or reasonably expected by you; ensuring safety, security, and integrity; countering wrong or unlawful actions; short-term transient uses; servicing accounts; providing customer service; verifying customer information; processing payments; activities relating to quality and safety control or product improvement; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use Sensitive Personal Information for additional purposes.

We collect Personal Information from several sources as described above under the CATEGORIES AND SOURCES OF PERSONAL INFORMATION COLLECTED section.

Individual Rights and Requests

You may, subject to applicable law, request that we:

Disclose to you the following information:
1. The categories of your Personal Information we collected and the categories of sources from which we collected your Personal Information;
2. The business or commercial purpose for collecting your Personal Information; and
3. The categories of your Personal Information that we disclosed and the categories of third parties to whom we disclosed your Personal Information;
Correct inaccuracies in your Personal Information;
Delete your Personal Information; and/or
Provide the specific pieces of your Personal Information, including a copy in a portable format.

To make a request, please use our webform https://www.hotspring.com/privacy-policy/privacy-request/email us at custsvc@watkinsmfg.com or call us at 1-800-999-4688 (US only).

You have the right to be free from unlawful discrimination for exercising your rights under applicable law.

We will verify and respond to your request consistent with applicable law, considering the type and sensitivity of the Personal Information subject to the request. For your protection, we may need to request information such as your name, email address, mailing address, and purchase history to verify your identity and protect against fraudulent requests. If you make a deletion request, we may ask you to verify your request before we delete your Personal Information.

Opt-out Preference Signals

We also process opt-out preference signals, such as the Global Privacy Control. These signals set your opt-out preferences only for the particular browser or device you are using and any consumer profile that we associate with that browser or device. For information about how to use the Global Privacy Control, please visit https://globalprivacycontrol.org/.

Sharing your Personal Information with Third Parties for Direct Marketing Purposes

If you prefer that we discontinue sharing your Personal Information on a going-forward basis with our affiliates and unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by contacting us as described in the CONTACTING US section above.

Appeals

To the extent available under applicable law, if we refuse to take action on your request, you may appeal this refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us as described in the CONTACTING US section above.

Authorized Agents

If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted above. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described above or confirm that you provided the agent permission to submit the request.

De-Identified Information

Where we maintain or use de-identified information, we will continue to maintain and use that information only in a de-identified form and will not attempt to re-identify the information.

We encourage you to read this Privacy Policy before using the Services or submitting your Personal Information to us. “Personal information” is information that identifies you as an individual or relates to an identifiable individual.

Your use of the Services signifies that you agree with all terms of this Privacy Policy, so please do not use the Services if you disagree with any part of this Privacy Policy.

Policy Modifications

Masco BU reserves the right to make changes to this Privacy Policy. In the event that BU makes a material change to this Privacy Policy, it will be posted here. We encourage you to check this page regularly because your continued use of the Services following any changes to the Privacy Policy will be deemed to constitute your acceptance of such change. You can determine when this Privacy Policy was last revised by referring to the “Last Updated” legend at the top of this page.

Notice Regarding Use of the Services by Children

The Services are not directed to children under the age of eighteen (18), and we request that children do not provide Personal Information through the Services.

Notice Regarding Chatbot Experiences and Artificial Intelligence

When you interact or communicate with us, you may interact and/or communicate with, or through, our service providers and their technologies, which may include automated chatbots. We and our services providers may process, record, and retain all chats (including the content of chats and information relating to your interactions). Some functionalities and experiences within our Services are facilitated by artificial intelligence (“AI”), including generative artificial intelligence (“GenAI”). For a full description of our policies and guidelines related to the chatbot and its uses, please refer to our website Terms of Use. PLEASE DO NOT UPLOAD OR SHARE ANY PERSONAL INFORMATION OR SENSITIVE PERSONAL INFORMATION (DEFINED BELOW) TO THE CHATBOT. DISCLOSURE OF PERSONAL INFORMATION TO THE CHATBOT IS DONE AT YOUR OWN RISK.

How We Collect and Use Personal Information

We may collect Personal Information about you, such as your name, postal address, telephone and mobile numbers, email address, credit card number or other payment number, date of birth, gender, IP address, profile pictures, contents of chats or other communications, or social media IDs through your use of the Services, such as when you create an account or profile, order or register a product, order literature, enter contests or incentive programs, sign up for newsletters, download an App, participate in a survey, contact customer service, interact with a chatbot, or otherwise do business with us or interact with the Services. We may also receive your Personal Information from other sources, such as affiliated entities, public databases and cooperative databases; joint marketing partners; social media platforms; from people with whom you are friends or otherwise connected on social media platforms; our service providers; as well as from other third parties. For example, if you elect to connect your social media account to your Site account, certain Personal Information from your social media account will be shared with us, which may include Personal Information that is part of your profile or your friends’ profiles. We may also receive information from you automatically when you use our services, such as your IP address.

We may use your Personal Information to do business with you or otherwise provide the Services you request from Masco BU such as responding to product information requests; registering products; fulfilling orders for parts, products or customer service; initiating refunds; administering contests or incentive programs; and facilitating on-line product visualization applications and preferred products catalogs. We may also use Personal Information to send you news about our products and promotions, to conduct online surveys, contests, other similar promotions or incentive programs via email, telephone or postal mail, and to notify you of special events and products that you might be interested in. Please see the “Sweepstakes, Contests, and Other Promotions” section below for more information on participating in such activities. Further, we may also use Personal Information to send you important information regarding the Services, changes to our terms, conditions, and policies and/or other administrative information. Because this information may be important to your use of the Services, you may not opt-out of receiving such communications. In addition, we may use the information to improve Masco BU’s online and other services, such as through customer service and product support, to understand consumer preferences in developing product improvements and innovations. We may also use your Personal Information for internal business purposes, such as optimizing users’ Services experiences and analyzing, managing and expanding our businesses. We may use Personal Information to develop, train, use, and improve AI tools and models (including those provided by third-party service providers) and to support communications with you and make recommendations (such a through a chatbot). If you apply for employment with Masco BU, we may use the Personal Information you supply to process your job application.

The Services may offer a feature that allows you to send an electronic postcard or otherwise share a message with a friend. If you choose to use this feature, we will ask you for the recipient’s name and email address, along with the text of any message you choose to include. By using this feature, you are telling us that you are entitled to provide us with the recipient’s name and email address for this purpose.

We may also use your personal information: (i) as necessary or appropriate under applicable law; (ii) where we determine that such use is necessary to comply with the request of a law enforcement or regulatory agency or other legal process; (iii) to protect our operations or those of any of the Affiliated Entities; (iv) to protect the rights, privacy, property, interests or safety of Masco BU, the Affiliated Entities, Services visitors, customers, business partners, employees or the public; (v) to permit us to pursue available remedies or limit the damages that we may sustain; (vi) to enforce our Terms of Use; (vii) to respond to an emergency; and (viii) in connection with any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Masco BU’s business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings).

How We Share Personal Information

Masco BU may share Personal Information collected via the Services with Affiliated Entities or other third parties as described below. You should also be aware that Personal Information about you may be transferred to or received by Affiliated Entities or third parties in the U.S. or in other countries, which countries may have different privacy regulations than those applicable in the country where you reside. The Affiliated Entities and third parties that process your Personal Information for us are required to do so in accordance with applicable law and cybersecurity/data privacy best practices.

Affiliated Entities. We may share Personal Information with our parent, subsidiaries and affiliates worldwide (collectively, “Affiliated Entities”) for the purposes described in this Privacy Policy, including to permit such Affiliated Entities to send you marketing materials. If you wish to opt-out from our sharing of your Personal Information with Affiliated Entities for their marketing purposes, please see the “Choice: Opt‑Out” section below for information on how to opt-out.

Service Providers. We may use third-party service providers to help us operate our business and the Services or to administer activities on our behalf, such as sending emails, hosting dealer locater sites, providing order fulfillment, conducting marketing or customer service, providing a chatbot, and administering contests or incentive programs. These third parties may process Personal Information for those business purposes. For instance, if you request a brochure, we may share Personal Information about you with fulfillment and management agencies to complete your request. If you share Personal Information with a chatbot, that information may be shared with third party service providers.

Dealers and Retailers. We may share Personal Information with third parties that offer our products for sale. The third-party dealer or retailer may contact you directly by email, phone or postal mail. If you provide any Personal Information to such a third party through its website or otherwise, your transaction will occur with the third party (and not on the Services) and the Personal Information you provide will be collected pursuant to the privacy policy of that third party. Masco BU recommends that you review the privacy policy of third parties who may contact you about Masco BU or Affiliated Entities’ products or services.
Advertising Partners. We may share Personal Information with advertising companies that collect information about your activities on the Services and other third party sites to help us better market our products and Services to you.
Other Third Parties. We may share Personal Information with unaffiliated third parties, including dealers and retailers discussed above, to permit such third parties to send you marketing materials.

E-mails to Friends. Please note that any Personal Information you provide in connection with sending an electronic postcard or other message to a friend through the Services, such as your name and your e-mail address, will, of course, be disclosed to your friend.

Social Media. We may share any Personal Information you provide with your friends associated with your social media account, to other website users and as well as to your social media account provider, in connection with your social sharing activity, such as if you connect your social media account to your Services account or log-into your Services account from your social media account. By connecting your Services account and your social media account you authorize us to share information with your social media account provider and you understand that the use of the information we share will be governed by the social media site’s privacy policy. If you do not want your Personal Information shared with other users or with your social media account provider, please do not connect your social media account with your Services account and do not participate in social sharing on the Services.

Promotions. We may share the Personal Information you provide in connection with sweepstakes, contests and similar promotions with third party sponsors of such promotions (irrespective of whether such promotions are hosted by us), or otherwise in accordance with the rules applicable to such promotion. Please see the “Sweepstakes, Contests, and Other Promotions” section below for more information on participating in such activities.

Assignment. We may transfer information that we collect from Services users to an Affiliated Entity or a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Masco BU’s business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings).

Other Disclosures. We may share your Personal Information as we believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to comply with the request of a law enforcement or regulatory agency (including agencies outside your country of residence) or other legal process; (iii) to protect our operations or those of any of the Affiliated Entities; (iv) to protect the rights, privacy, property, interests or safety of Masco BU, the Affiliated Entities, Services visitors, customers, business partners, employees or the public; (v) to permit us to pursue available remedies or limit the damages that we may sustain (vi) to enforce our Terms of Use; and (vii) to respond to an emergency.

Co-Branded Pages. From time to time, we may enter into a special relationship with another company that is not owned by or affiliated with Masco BU to provide additional features on the Services, such as co-branded pages. Both Masco BU and the third-party collect Personal Information on these co-branded pages. Masco BU’s collection, use and disclosure of the Personal Information are subject to this Privacy Policy, and the third party’s collection, use and disclosure of the Personal Information are subject to its privacy policy. You should review the privacy policies posted on these co-branded pages to understand how Personal Information collected through these pages will be collected and used.

Purchases. We may use third-party payment services (each, a “Payment Service”) to collect payments made through the Services. If you wish to make a payment through the Services, you will be directed to a webpage that is hosted by the Payment Service (or the Payment Service’s service providers) and not by us (such page, the “Payment Service Page”). Any Personal Information that you provide through the Payment Service Page will be collected by Payment Service and not by us, and will be subject to Payment Service’s privacy policy, rather than this Policy. Masco BU has no control over, and shall not be responsible for, Payment Service’s use of information collected through the Payment Service Page.

All the above categories of third parties with whom we share Personal Information excludes text messaging originator opt-in data and consent. We do not share any opt-in, consent or other text messaging information with any third parties except to the extent that our service provider will have access for purposes of carrying out the messaging program or as required by law.

How We Collect and Use Other Information

We may also collect other information that does not directly reveal your specific identity or directly relate to an individual through the Services (“other information”), such as domain, URL, browser, device and operating system information, information about visits to the Services pages, App usage data, physical location and information collected through cookies, pixel tags and other technologies, demographic information provided by you that does not reveal your specific identity, and information that has been aggregated in a manner such that it no longer reveals your specific identity.

We and our third-party service providers may collect other information in a variety of ways, including:

Through your browser or device. Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
Through your use of the Apps. When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
Using cookies. Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience while using the Services, as well as for online tracking purposes. We can recognize your computer to assist your use of the Services. We also gather statistical information about the usage of the Services in order to continually improve their design and functionality, understand how the Services are used and to assist us with resolving questions regarding the Services. Cookies further allow us to select which of our advertisements or offers are most likely to appeal to you and display them while you are on the Services. We may also use cookies in online advertising to track responses to our advertisements and to track how you arrived at our site from another website to improve your on-line experience with us. To learn more about the cookies or trackers currently deployed on our Sites, please see the “Cookie Preferences” link at the footer of this website.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies, or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Services. For example, we may not be able to recognize your computer and you may need to log in every time you visit the applicable Services. You also may not receive advertising or other offers from us that are relevant to your interests and needs.

Using pixel tags and other similar technologies. Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates.
We respond to browser do–not-track signals.
Using Google Analytics. We use Google Analytics, a Google service that uses cookies and other, similar technologies to collect and analyze information about use of the Services and report on activities and website trends. We also use an enhancement to Google Analytics called “Demographics and Interest Reporting,” through which Google provides us with information about our users’ demographics (e.g., age, gender) and interests. This information, which Google may collect by tracking a user’s behavior across third-party websites, helps us to learn more about our users. You can learn about Google’s practices in connection with this enhanced tracking and opt out of it by visiting www.google.com/settings/ads or by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Using Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies. We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to “information on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with the Services or our online content.
Physical Location. We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. We may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you choose to deny such uses and/or sharing, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content.
From you. Information, such as your preferred means of communication is collected when you voluntarily provide it. Unless combined with personal information, this information does not personally identify you.
By aggregating information. Aggregated Personal Information does not personally identify you or any other user of the Services (for example, we may aggregate Personal Information to calculate the percentage of our users who have a particular telephone area code).

AI Tools. We may use data collected from you to develop, train, use, and improve AI tools and models (including those provided by service providers) with Personal Information described in this Policy for certain business purposes, such as to analyze your experiences and activities with us, to improve the efficiency, quality, and speed of our business operations, to support communications with you and make product recommendations (such as through chatbots), to generate business content, and to provide personalized experiences.

We may use and disclose other information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat other information as Personal Information under applicable law, then we may use it for all the purposes for which we use and disclose personal information.

In some instances, we may combine other information with Personal Information (such as combining your name with your geographic location). If we do combine any other information with personal information, the combined information will be treated by us as Personal Information in accordance with this Policy.

Selling of Personal Information

We do not “sell”, as that term is defined by applicable law, your Personal Information nor any other information we collect about you to any third parties, affiliates and partners for marketing and promotions purposes.

Retention of Personal Information

We retain personal information for as long as needed or permitted in light of the purpose(s) for which it was collected. The criteria used to determine our retention periods include:

The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using our services) and the length of time thereafter during which we may have a legitimate need to reference your personal information to address issues that may arise;
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

User Generated Content Functions

Certain pages on the Services, including our Social Media Pages, enable users to create their own profile page or submit their own content (for example, message boards, forums, chat functionality and blogs, among other services). Any information you disclose in connection with such services may be publicly available and be read, collected, or otherwise used by anyone who visits the page on which you have chosen to comment, and you should exercise caution in deciding whether to disclose your information there. Masco BU cannot prevent such publicly-available information from being used by others in a manner that may violate this Policy, the law, or your personal privacy and safety, and is not responsible or liable for the results of any postings or the use or disclosure of any information that you disclose via such postings.

Choice: Opt-out

If you do not wish to receive marketing-related emails from us you may opt-out of receiving such marketing-related emails and from such sharing by following the unsubscribe instructions contained in each such email.

You can opt out of SMS text messages at any time by replying “STOP”.

We will endeavor to comply with your request as soon as reasonably practicable. Please note that, if you opt-out as described above, we will not be able to remove Personal Information about you from the databases of Affiliated Entities or other third parties with which we have already shared your Personal Information as of the date on which we implement your opt-out request. If you wish to cease receiving marketing-related emails from such Affiliated Entities or other third parties, please contact such Affiliated Entities or other third parties directly or utilize any opt-out mechanisms set forth in their respective privacy policies or marketing-related emails.

Sweepstakes, Contests, and Other Promotions

We may operate sweepstakes, contests, raffles and similar promotions through the Services that may require online registration with us or with third-party sponsors of such promotions. You should carefully review the rules of each promotion in which you participate through the Services, as they may contain additional important information about BU’s or a sponsor’s use or disclosure of your personal information. To the extent that the terms and conditions of such rules concerning the treatment of Personal Information conflict with this Policy, the terms and conditions of such rules shall control.

Third-Party Services

The Services may contain links to other sites which are not operated by Masco BU. MASCO BU IS NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OR THE CONTENT OF SUCH OTHER WEBSITES, INCLUDING WEBSITES OPERATED BY AFFILIATED ENTITIES. We provide such links only as a convenience, and the inclusion of links on the Services does not imply endorsement of the linked site by Masco BU. If you provide any Personal Information through any such third-party website, your transaction will occur on such third party’s website (and not on the Services) and the Personal Information you provide will be subject to the privacy policy of that third party. BU recommends that you review the privacy policy of third-party websites arrived at from links on the Services.

In addition, we are not responsible for the information collection, usage, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.

Third-Party Advertisers

We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services, based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties. To do so, these companies may place or recognize a unique cookie on your browser or use similar technologies, including pixel tags. They may also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Policy, please visit http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/. You may download the AppChoices app at www.aboutads.info/appchoices to opt out in mobile apps.

Security of Personal Information

Masco BU takes measures designed to protect Personal Information collected through the Services against unauthorized access, disclosure, alteration or destruction. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us in accordance with the “Questions” section below.

You are responsible for keeping confidential any account passwords you have created. For your own protection, we encourage you not to include sensitive Personal Information, such as payment card information, in any communication you may send to us, including emails and chatbot chats. Masco BU will not request sensitive Personal Information in our communications to you.

Jurisdictional Issues

Your Personal Information may be stored and processed in any country where we have facilities, where our Affiliated Entities are located, or in which we engage service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal information.

ADDITIONAL INFORMATION UNDER THE LAWS OF CALIFORNIA AND OTHER JURISDICTIONS

Collection, Disclosure, Sale and Sharing of Personal Information

The following chart details which categories of Personal Information we collect and process, as well as which categories of Personal Information we disclose to third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Policy was last updated. The chart also details the categories of Personal Information that we “share” for purposes of cross-context behavioral or targeted advertising, including within the 12 months preceding the date this Privacy Policy was last updated.

Categories of Personal Information	Disclosed to Which Categories of Third Parties for Operational Business Purposes	Sold to Which Categories of Third Parties	Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising
Identifiers, such as name, contact information, online identifiers (e.g., IP address), and Social Security numbers and other government-issued ID numbers	Affiliated entities; service providers; dealers and retailers; ad networks; social networks; business partners; marketing partners; other businesses; contest sponsors; legal authorities; other parties in litigation	N/A	Ad networks
Personal information as defined in the California customer records law, such as name, address, telephone number, email, profile picture, social media account ID and profile pictures, date of birth, passwords and reminder questions/answers, payment card information, and information related to employment, education and experiences, preferences and interests	Affiliated entities; service providers; dealers and retailers; ad networks; social networks; business partners; marketing partners; other businesses; contest sponsors; legal authorities; other parties in litigation	N/A	Ad networks
Protected Class Information, such as sex, marital status, age, race, disability, medical conditions, sexual orientation, gender identity and expression, citizenship, primary language, immigration status and military/veteran status	Affiliated entities; service providers	N/A	None
Commercial Information, such as transaction information, purchase history, financial details and payment methods	Affiliated entities; service providers; dealers and retailers; ad networks; social networks; business partners; marketing partners; other businesses; contest sponsors; legal authorities; other parties in litigation	N/A	None
Biometric Information, such as fingerprints and voiceprints	Affiliated entities; service providers	N/A	None
Internet or network activity information, such as browsing history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements	Affiliated entities; service providers	N/A	Ad networks
Geolocation Data, such as device location and IP location	Affiliated entities; service providers; contest sponsors	N/A	Ad networks
Audio/Video Data, such as images and audio, video or call recordings created in connection with our business activities	Affiliated entities; service providers	N/A	None
Education Information subject to the federal Family Educational Rights and Privacy Act, such as student records	Affiliated entities; service providers	N/A	None
Employment Information, such as work history, prior employer, information relating to references, CV, details of qualifications, skills and experience, human resources data and data necessary for benefits and related administration services	Affiliated entities; service providers	N/A	None
Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics	Affiliated entities; service providers	N/A	None
Sensitive Personal Information · Social security, driver’s license, state ID, or passport numbers · Account login, financial account info with security/access credentials · Precise geolocation · Racial/ethnic origin, beliefs, citizenship, immigration status, union membership · Contents of mail, email, and texts (unless intended recipient) · Genetic data · Health-related personal information · Medical history, treatment, or diagnoses · Biometric data used for unique identification · Information about sex life or sexual orientation	Affiliated entities; service providers; contest sponsors	N/A	None

We do not sell Personal Information, as defined under applicable law. We have not engaged in such activities in the 12 months preceding the date this Privacy Policy was last updated. Without limiting the foregoing, we do not knowingly sell or share the Personal Information of minors under 16 years of age.

Use of Sensitive Personal Information

Subject to your consent where required by applicable law, we may use Sensitive Personal Information for purposes of providing goods or services as requested by you; ensuring security and integrity; short term transient use such as displaying first party, non-personalized advertising; performing services for our business, including maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, and activities relating to quality and safety control or product improvement.

Individual Requests

Subject to applicable law, you may make the following requests:

You may request to know whether we process your Personal Information, and to access such Personal Information.
1. If you are a California consumer, you may request that we disclose to you the following information covering the 12 months preceding your request:
  1. The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
  2. The business or commercial purpose for collecting, sharing, or selling (if applicable) Personal Information about you;
  3. The categories of Personal Information about you that we sold or shared (as defined by the CCPA) and the categories of third parties to whom we sold or shared such Personal Information (if applicable); and
  4. The categories of Personal Information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).
You may request to correct inaccuracies in your Personal Information;
You may request to have your Personal Information deleted.
You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, request to obtain a copy of your Personal Information in a portable, readily usable format;
You may request to opt out of targeted advertising (as defined by applicable privacy law) or the “sharing” of your Personal Information for cross-context behavioral advertising (as defined by applicable privacy law); and
You may request to opt out of the “sale” of your Personal Information, as defined under applicable privacy law; however, please note that we do not “sell” Personal Information.
You may request to opt out of the processing of your Personal Information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you; however, please note that we do not use your Personal Information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

We will not unlawfully discriminate against you exercising your rights applicable privacy law. To make a privacy request, please contact us at https://www.hotspring.com/privacy-policy/privacy-request, custsvc@watkinsmfg.com, or 1-800-999-4688. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. In some instances, we may decline to honor your request where the law or right you are invoking does not apply or where an exception applies. We may need to request additional Personal Information from you, such as name, email address, postal address, and purchase history to verify your identity and protect against fraudulent requests. You may make a request on behalf of a child who is under 13 years old if you are the child’s parent or legal guardian. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Information.

We use services to help deliver targeted advertisements to you as described above. Applicable privacy laws may classify our use of some of these services as “sharing” your personal information with the advertising partners that provide the services, from which you have the right to opt-out. You can submit requests to opt-out of tracking for advertising purposes by clicking the “Consent Preferences” link at the footer of this website. Your request to opt-out will apply only to the browser and the device from which you submit the request. You can also broadcast the Global Privacy Control (GPC) to opt-out of targeted advertising for each participating browser you use. To learn more about GPC, visit https://globalprivacycontrol.org.

Authorized Agents

If we refuse to take action on your request, you may appeal this refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us via https://www.hotspring.com/privacy-policy/privacy-request, custsvc@watkinsmfg.com, or 1-800-999-4688.

Authorized Agents

If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests.” Not all kinds of requests can be made by authorized agents in all states. As part of our verification process, we may request that the agent provide, as applicable, proof concerning his or her status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.

De-Identified Information

Where we maintain or use de-identified or aggregated data, we will continue to maintain and use the de-identified or aggregated data only in a de-identified or aggregated fashion and will not attempt to re-identify the data

QUESTIONS

If you would like to exercise your privacy rights under the laws applicable to your place of residence, please see ADDITIONAL INFORMATION UNDER THE LAWS OF CALIFORNIA AND OTHER JURISDICTIONS below. If you have questions about this Policy or how Masco BU processes your personal information, you may contact Kevin Edwards, Director of Data Analytics and Privacy at Masco Corporation, our parent company, whom is responsible for overseeing our privacy program, by emailing consumerprivacy@mascohq.com or calling 1-833-724-0948.

ADDITIONAL INFORMATION REGARDING THE EUROPEAN UNION, EUROPEAN ECONOMIC AREA, AND SWITZERLAND

International Personal Information Handling

We take assorted measures to meet applicable legal requirements for the transfer of your Personal Information to recipients in countries outside of the EU, EEA or Switzerland to ensure that the transfer and handling of your Personal Information receives adequate protection in compliance with applicable data protection rules such as the General Data Protection Regulation (“GDPR”), including the use of EU Standard Contractual Clauses and verifying the recipients have adopted Binding Corporate Rules or adhere to the EU-US and Swiss-US Data Privacy Framework. Where your Personal Information is transferred within Watkins, we use an intracompany data transfer agreement.

Personal Information Retention

Your personal information will be retained no longer than reasonably necessary to fulfil the purposes set out in this Privacy Policy, unless a longer retention period is required by applicable law. Generally, this means we will retain your personal information so long as we have your consent to do so unless there is legitimate business or legal purpose to retain your personal information for a longer period (such as tax regulations, commercial laws or, for example, warranty purposes).

Your Rights

You have the right to request under the GDPR and other relevant European international or local data protection rules: (i) access to your personal information (Art. 15 GDPR); (ii) correction of your personal information if it is incomplete or inaccurate (Art. 16 GDPR); (iii) right to deletion (Art. 17 GDPR); (iv) right to restriction of processing (Art. 18 GDPR); (v) right to data portability (Art. 20 GDPR), and (vi) right to object to the processing of your data (Art. 21 GDPR). These rights do not apply if we can show there are compelling and legitimate business or legal reasons for processing that outweigh your interests, or if we need your data for the establishment, exercise or defence of legal claims. If you would like to request a copy of your personal information or exercise any of your other rights, please contact us EUprivacy@watkinsmfg.com.

You may also lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs.  A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.