The Data Controller
A Legendary LLC dba brxstr.com is the data controller for your data.
How to contact us
If you have any questions about this policy, please contact us at email@example.com.
The Data We Collect About You
Information We Collect From You:
The type of information that we collect from you varies based on your interaction with our website and may include:
- Account Creation: We require you to register with us before taking certain actions on our website. Specifically, you must register with us before making buying or selling an item in our marketplace, to take certain actions within our Studio Gallery, or to participate in our community discussions (i.e., our forum). To register, we collect your email address, your chosen username, and your region and country. You may choose to include information in your profile such as wanted items, interests, and a photograph of you (Collage Image). You may create an account without making a purchase. If you choose to purchase an item offered through the marketplace, then we collect your name, shipping and billing address, phone number as well as information about your purchase, including the item(s) purchased, the price, the seller from which you made the purchase, your payment card data, and all communication you make on our platform regarding the order. See below to learn more about information collected through our Forum.
- Additional Information Collected from Sellers: If you choose to participate in our online marketplace as a seller, we will collect data about the items you list for sale, the sale price, and additional information about you as a seller. In order to register as a seller, you must complete the New Seller Verification procedure, which will involve sending us images of legal documents to verify your identity.
- Reviews (feedback): Both sellers and buyers may publicly rate one another, and ratings will be associated with the respective accounts and available to other visitors to our website.
- Disputes: Both sellers and buyers may submit private transaction-related disputes (NSS/NPB). We will collect all communication and record of actions regarding these disputes and associate them with the respective accounts.
- Other Communications with Us: We also will collect any other information that you provide to us. For example, if you send an inquiry to customer service or otherwise contact us, we will collect that information from you. Depending upon the type of inquiry, we may associate that information with your account.
- Our Forums: Our platform facilitates communications among other LEGO® enthusiasts, and registered users may communicate with one another through our Gallery and Forum (collectively, our “Forums”). Any information posted to our Forums is considered public information, and although we do not actively monitor Forum content, we may use Forum content to make decisions in relation to user accounts.
Information Collected from Other Entities:
We also receive information via non-affiliated entities when you visit our page on social media sites or channels (e.g., Facebook, Twitter, YouTube, Instagram, Wechat etc).
As noted above, buyers and sellers may submit public reviews (feedback) about their buying/selling experience; we will collect that information and associate it with your account.
Information We Collect Automatically:
We collect information automatically using cookies, web beacons, and other automated technologies, when you use our website and our services. The type of information that we collect includes your internet protocol address, device ID (as permitted by the manufacturer if you access our website through your mobile device), length of time you are on our website, pages you click, and other information related to website usage. For additional information, please see our Cookies section below.
Collection of Data from Minors:
Brxstr users must be 18 years old in order to register for and maintain an account on our website and to use our Forums. Brxstr does not knowingly collect or share personal information directly from children—persons under the age of 13, or another age if required by applicable law—other than when required to comply with the law.
How We Use Your Personal Data
We use your personal data for the following purposes:
- To facilitate your purchase and sale of products through our online marketplace.
- To process and create your registration.
- To participate in our forum.
- To provide our services to you, to respond to your inquiries, and for other customer service purposes.
- As permitted by applicable law, to send you information about products and services we believe may be of interest to you. These communications may include products and services of our affiliated entities and of other entities that we think may be of interest to you.
- To assist us in advertising on third party websites, mobile apps, and other online services, and to evaluate the success of our adverting campaigns through third party channels (including our online targeted advertising and offline promotional campaigns).
- To protect our rights and interests, including the rights and interests of other users of our website, as part of our general business operations, and for other business administration purposes.
- For research and analytics purposes.
- To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
- For legal purposes, including to respond to requests from law enforcement.
- For fraud prevention. Please note that we may use automated decision-making in processing your personal data in connection with fraud prevention and detection. If you are an EU resident, then you may request a manual review of the accuracy of an automated decision if you are denied the ability to participate as a buyer or seller or to make a purchase through our platform.
- To evaluate the use of our website and to improve the usage of our website. For example, we may review which features of our website are most popular. We also may review your feedback to help us determine how to improve our website.
When We Share Your Personal Data
We share your personal data with the following categories of persons/entities for the purposes below:
- Buyers/Sellers: If you make a purchase from a seller through our website, then we will provide your name, postal address, email address, and phone number (if available) to the seller for purposes of order fulfilment. Similarly, the buyer also will be able to see the seller’s contact information. This information will be available on the Orders Placed or Orders Received portions of our website. Sellers you transact with may use your information to contact you for marketing purposes and to ensure you are not circumventing any seller-specific terms or requirements.
- Other Users of our Forums: If you choose to participate in our Forums, any information that you post to our website will be available to all other forum users, including public users that are not logged in. Please see additional information about the Forums below.
- Affiliates: We share your information with our affiliated entities, which, to the extent permitted by local law, may use your information to contact you for marketing purposes. Specifically, if permitted by law or with your consent, our affiliates may send you email communications about products and services that they believe would be of interest to you. Our affiliates may also help us by performing the following services:
- Deliver products and services you’ve requested
- Get in touch with you about your account or transactions
- Send you information about our websites, applications and policies
- Send you any newsletters you’ve signed up for (you can unsubscribe at any time)
- Process information that the affiliate is formally contracted to process on our behalf, e.g. carry out a purchase placed by you, manage your account activity or your account data.
- Identify, review and stop any activities that could breach our policies or break the law
- Service Providers: We share your personal data with our service providers, which include couriers, payment providers, IT platform providers, fraud detection and prevention providers, survey providers, product catalogue providers and customer service suppliers to deliver services on our behalf.
- Non-Affiliated Entities: as permitted by applicable law, or with your consent, we may share your personal data with third parties that may market their products and services to you.
We also share your information in the following circumstances:
- When we need to protect the safety, security, rights and property of our customers or partners;
- When we need to meet legal processes or if disclosure of the data is required by law;
- If (i) we or our affiliates, are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your personal data with lenders, auditors, and advisors, including attorneys and consultants.
Once you have created an account with us, you may exercise your preferences with regard to the communications that you want to receive from us, our affiliates, sellers, buyers, and other users of our website. For example, you may choose to receive coupons or notifications from a particular seller, or general notifications when items on your wanted list have been listed for sale. You may change your preferences at any time by visiting the preference center (My Settings). Please note that if you have previously purchased an item from a particular seller, then that seller will have your contact information and may use that information for its own purposes.
Sharing information on Our Forums
As our Forums can be read by everyone, any personal data you share on them can be seen publicly. When you post to our Forums, your username, country, state/region, and content of your post will be made available on our website. Personal information, especially contact information, is expressly prohibited in our Forums and will be removed when discovered. However, any personal information that you post will become public at least for a short period of time, and we cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy.
Like most websites, our online channels and our applications (apps) collect some information (e.g. information on IP addresses, browsers, internet service providers, referring pages, exit pages, operating systems, date stamps, time stamps and clickstream data) through cookies and other technologies. We may combine this information with other personal data we collect from you (and our service providers may do so on our behalf).
Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping, analytic, and advertising purposes. Some cookies allow us to make it easier for you to navigate our website and apps, while others are used to enable a faster log-in process or to allow us to track your activities at our website and apps.
Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our online channels and apps who disable cookies will be able to browse certain areas of the online channels and apps, but some features may not function.
Both we and our service providers use browser storage, app storage, cookies, pixels, beacons, scripts and tags to analyze trends, administer the site, track user movement through the site and collect demographic information about our overall user base. We may receive reports on these from our service providers on an individual and aggregate basis.
Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt-out of targeted advertising by following the instructions in the Ad Network section.
As noted above, we disclose certain information (such as your email address) to Google (to opt-out of Google Analytics Audiences and other Google advertising, go here)—so that we can better target ads and content to you and others with similar interests on non-affiliated websites or media (“Custom Audiences”). We may also work with other ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. You may also control how Google and other entities display certain ads to you, as explained further in their respective privacy policies or by using the opt-outs described below.
Users may opt out of many ad networks. Opting out does not mean you will no longer receive any advertising through our website, apps, or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out, your opt out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org.
Data security and integrity
The security, integrity and confidentiality of customer information is extremely important to us. We use technical, administrative and physical security measures to protect personal data from unauthorized access, disclosure, use and modification, including encryption for certain external transfers containing personal data. Credit card information is handled by approved service providers that meet PCI (Payment Card Industry) standards.
Our customers, employees and partners also play an important role in protecting information. We encourage customers to choose passwords that are difficult for others to guess and to keep their personal passwords secret.
Data transfers, storage and processing globally
Notice to European Union Residents:
The Legal Bases for Using Your Personal Data. We collect your personal data as a data controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:
- Our use of your personal data is in our legitimate interest as a commercial organization (for example, in order to make improvements to our products and services and to provide you with information you request); you have a right to object to processing as explained in the section below entitled Your Legal Rights;
- Our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (for example, to facilitate your use of the online channels when you agree to our Terms of Service, where we use your personal data to respond to your customer service requests);
- Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal data to a court or tax authority).
- Our use of your personal data is in accordance with your consent (for example, when you consent to receive electronic marketing communications from us). If you have provided your consent to our processing of your personal data you can withdraw this consent at any time by contacting firstname.lastname@example.org.
If you would like to find out more about the legal bases on which we process personal data, please contact us using the details below.
Retention of Your Personal Data. We retain your personal data for as long as necessary to provide our services to you, to fulfil the purposes described in this policy and/or our business purposes, or as required by law, regulation, or internal policy.
Profiling. We may analyze users purchases, online activities, interests, and preferences in order to provide our services, such as to customize our online channels and app, and for our marketing purposes.
Your Legal Rights. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, when we act as a data controller, European Union residents have certain rights in relation to their personal data:
Right to access, correct, and delete your personal data: You have the right to request access to the personal data that we hold about you and: (a) the source of your personal data; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal data may be transferred.
You also have the right to request that we delete your personal data.
We are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Right to restrict the processing of your personal data: You have the right to restrict the use of your personal data when: (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal data for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal data use where such use is justified on our legitimate interests and we must verify as to whether we have a compelling interest to continue to use your personal data.
We can continue to use your personal data following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to data portability: To the extent that we process your personal data (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal data in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal data: You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction: You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the EEA. As described above, your personal information may be transferred by us to countries outside of the EU. When we do so, we will take steps designed to ensure that the transfer complies with data protection law, which may include entering into data transfer agreements and relying on certification schemes such as the EU-US Privacy Shield Framework. You can ask to obtain a copy of, or reference to, the safeguards under which your personal information will be transferred.
Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request at email@example.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional personal data to confirm your identity and for security purposes before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
We may not always be able to fully address your request, for example if it would affect the duty of confidentiality we owe to others or if we are legally entitled to deal with the request in a different way.
Notice to California Residents:
Notice to Australian Residents:
We generally collect personal data directly from you where this is reasonable and practical but may also acquire information from other trusted sources to update or supplement the personal data you provided or which we processed automatically.
- We may also use your personal data to tell you about our products and services as well as the products and services of other entities. From time to time, we and our business partners may contact you by mail, telephone, email or other electronic messaging services (such as text, voice, sound or image messages including using automated calling systems) with information about products and services (including discounts and special offers). If you no longer wish to receive marketing or promotional information from us and our partners, you can unsubscribe at any time. There are certain messages relating to the goods and services we provide to you that cannot be unsubscribed from.
- Should we experience a data breach and your personal data be involved, we will contact you if there is a risk of serious harm to you and if we are legally obliged to do so. In some instances, we will also be legally obliged to contact (data protection) authorities when a breach of privacy information occurs.
- We will take such steps that are reasonable in the circumstances (if any) to destroy or de-identify personal data when it is no longer required.
Notice under Chinese Law (excluding Macau S.A.R., Hong Kong S.A.R. and Taiwan):
This section sets out additional obligations and rights of brxstr beyond the terms of this policy. If there is any inconsistency between this section and the policy, provisions under this section shall prevail.
Additional information regarding your provision of personal information to us:
- if you do not provide certain information that is necessary for the Core/Basic Functions (please refer to the section below entitled “When brxstr Collects Information from You”), this may impact your use of certain resources or services that are provided by brxstr;
For the purposes of Chinese residents (excluding Macau S.A.R., Hong Kong S.A.R. and Taiwan):
- the following purposes described above will be considered Core/Basic Functions:
- Account Creation
- Making Purchases
- Selling Items
- Customer Service Inquiries or Other Communications with brxstr
- the following purposes described above will be considered Additional Functions:
- Providing Feedback
- Filing a Dispute
- Our Forums
Your personal information might be transferred to jurisdictions that may have adopted different levels of protection for personal information or even have no data privacy law. In this circumstance, we will endeavor to ensure that your personal information will be protected to a level that is comparable to the level of protection provided in China. For example, we will, in accordance with the requirements of applicable law, obtain your consent to such cross-border transfer of personal information, put in place data transfer agreements with the data receiver, or de-identify the personal information before transferring the personal information out of China.
Your Legal Rights: Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, when we act as a data controller, Chinese residents have certain rights in relation to their personal information:
Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
You also have the right to request that we correct any inaccuracies in your personal information, and also to request that we delete your personal information.
Brxstr may not be able to respond to your requests under the following circumstances:
- If the personal information under request is directly related national security and national defense;
- If the personal information under request is directly related to public safety, public health, and public interests;
- If the personal information under request is directly related to criminal investigation, prosecution, trial, and judgment enforcement, etc.;
- If there is sufficient evidence to show that you are exercising these rights in bad faith;
- If responding to your request would seriously harm the legitimate rights and interests of yourself, other people or organizations;
- If the personal information under request is related to trade secrets
Notice to South Korea Residents:
We are required to obtain specific consent to certain collection and processing of your personal information. When you create an account, you will be asked to consent to the processing and use of your information as described in this policy.
This section sets out additional obligations and rights of brxstr beyond the terms of this policy. If there is any inconsistency between this section and the policy, provisions under this section shall prevail.
To the extent that brxstr is subject to the laws of South Korea when collecting, using, disclosing and/or processing personal information, it shall be the “data controller” under such laws.
Retention of Your Personal Information: We retain your personal information for as long as necessary to provide our services to you, to fulfill the purposes described in this policy and/or our business purposes, or as required by law, regulation, or internal policy.
Your Legal Rights If you’re a resident of South Korea, you, your legal representative or a third party to whom you have delegated the relevant authority have certain rights in relation to your personal information, subject to certain exemptions
- The right to be informed of the processing of such personal information;
- The right to consent or not, and to elect the scope of consent, to the processing of personal information;
- The right to confirm the processing of such personal information, and to demand access to such personal information;
- The right to suspend processing of, and to make correction, deletion and destruction of such personal information; and
- The right to appropriate redress for any damage arising out of the processing of such personal information in a prompt and fair procedure.