Skip to main content
10% off* your 1st order w/ HELLO10

Crestline Privacy Policy

  1. What this Privacy Policy Covers
    • This Privacy Policy covers Crestline's treatment of personally identifiable information that Crestline collects when you visit or access Crestline sites (“This Website”), and when you use Crestline's services.
    • This policy also covers Crestline's treatment of any personally identifiable information that Crestline's business partners share with Crestline.
    • The data controller (who determines the purpose and way your Personal Data is used) is Crestline (referred to in this Privacy Policy as “we” or “us”). We use third parties to process data on our behalf (referred to in this Privacy Policy as “Data Processors”). Further details of the parties with whom we share your data are set out below.
    • This policy covers the interactions we have with our customers and potential customers. We interact with our customers and potential customers via our website, marketing tools, and social media. Additional ways you interact with us are described further in this Privacy Policy.
    • If you reside in the European Union (EU), please see the “EU Privacy Rights” section below.
    • If you reside in California, please see the “California Privacy Rights” section below.
    • This policy does not apply to the practices of companies not owned or controlled by Crestline, nor to people that Crestline does not employ or manage. This Website includes links to other websites, whose privacy practices may be different from ours. We encourage you to carefully read and understand the privacy policy of any website you visit prior to submitting Personal Data. We do not have any control over third-party websites and cannot be responsible for the protection and privacy of any information you provide to such sites.
  2. Definitions of Types of Data used in this Privacy Policy
    • “Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
    • Defined in this section are several types of Personal Data:
      • Contact data: this is information that details how we can contact you, such as your name, address, email, or telephone number.
      • Financial data: this is information about your bank account and payment card details or other payment account details.
      • Technical data: this is information about your device used to access our website and how you interact with our products and services. This information may include your IP address, your operating system, your browser ID, your browsing activity, and other information about how you interacted with our website or service. This allows us to create an analysis of you as a consumer to better judge what products and services to offer.
      • Feedback data: this is information collected about you as a user of our products and services more generally (compared to other types of data that relate to you directly for us to deliver our products to you). This may include where you engage in a Crestline services survey or contest offered through our websites, email, or social media. Information requested for entry may include Personal Data such as your name, address, phone number, email address, username, zip code, and similar details. This information is used to administer the survey or contest. We may use a third-party service provider to conduct these surveys or contests; that company will be prohibited from using our users’ personally identifiable information for any other purpose. Participation in these surveys or contests is voluntary and we will not share the personally identifiable information you provide with other third parties unless we give you prior notice and choice.
  3. Definitions of Types of Data Recipients used in this Privacy Policy
    • As mentioned above we use third parties to process Personal Data on our behalf (“Sub Processors”). In this section, we define the categories of Sub Processors who receive Personal Data from us to provide their services. Separate data privacy policies and cookie notices might apply, and these Sub Processors might provide your Personal Data to other parties to provide services. However, these other parties are required to protect the data in accordance with applicable data protection laws and may only use it for specified purposes and in accordance with our instructions.
    • Marketing Providers: we use third parties to send you informational and promotional content in accordance with your marketing preferences.
    • Analytic Providers: we use third party monitoring tools that allow us to see statistics for This Website. This allows optimization of the content, and the marketing programs that drive traffic to the website. Analytic providers do not store any Personal Data about website visitors but do use persistent cookies to identify repeat visitors.
    • Payment Providers: We collect Personal Data to bill and collect money owed to us by our customers. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need different payment information. We use third parties for secure debit and/or credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
    • Fraud Detecting/Law Enforcement: We may disclose Personal Data when we are required to disclose Personal Data to respond to subpoenas, court orders, legal processes, to establish or exercise our legal rights or defend against legal claims, to protect our rights as well as those of our affiliated and subsidiary companies, our customers, the public, or others, or to combat fraud or criminal activity.
    • Outside Suppliers: We use outside suppliers and shipping companies to fulfill orders. These companies do not retain, share, store or use personally identifiable information for any other purposes.
    • Service Providers: We use other third parties to provide software and hosting services for our site. We do not share any personally identifiable information with these service providers.
    • Social Media: We use social media networks, such as the FaceBook (Also known as Meta) “Like” button and the X (Also known as Twitter) “Follow” button, that are either hosted by a third party or hosted directly on our websites, who provide us solutions and/or services to help us market and promote our products.
    • Chatbots: If you engage with chatbots on our sites, your information will be used in accordance with this Policy, and specifically to:
      Provide responses to your questions
      Analyse and report on user engagement with the chatbot
      Review and improve the quality performance of the chatbot
      Develop related products and services
      Please note that our chatbots may leverage third party generative AI platforms. Where this is the case, we will:
      Undertake a data protection impact assessment, where legally required
      Put in place appropriate controls to ensure that data protection risks are mitigated to an acceptable level
      Follow a Privacy by Design approach when developing the chatbot
      Where our chatbots leverage third party generative AI platforms, the information you disclose via the chatbot may be shared with the provider of the AI platform for its purposes, over which we have no control.
      Please do not submit any information with our chatbots that you would not be willing to share publicly.
    • All Data Recipients with whom we share your personal data enter into a contract with us and are required to protect your personal data in accordance with applicable data protection laws and they may only use it for specified purposes and in accordance with our instructions.
  4. What we collect when you interact with us
    • When you register with Crestline services
      • When you make an account with This Website we ask for your name, email address, zip code, billing address and phone number. Once you register with Crestline and sign-in to our services, you are not anonymous to us, and additional verification steps will be taken.
      • We store information that we collect through cookies, log files, and clear gifs to create a “profile” of your preferences. We tie your personally identifiable information and your purchasing history to information in the profile, to provide tailored promotions and marketing offers and toimprove the content of the site for you.
    • When you browse This Website
      • Crestline also automatically receives and records information on our server logs from your browser including your IP address, Crestline cookie information, and the page you requested.
    • When you follow and/or interact with our social media
      • This Website includes social media features, such as the FaceBook (Also known as Meta) “Like” button. These features may collect information about your IP address and which page you are visiting on our websites, and they may set a cookie to ensure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. We also maintain presences on social media platforms including FaceBook (Also known as Meta), X (Also known as Twitter), and LinkedIn. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
      • For X (Also known as Twitter) interactions we collect information of our followers, their screen name, profile image, counts of our timeline engagement likes and retweets, and user mention information.
      • For FaceBook (Also known as Meta) interactions we collect page count information for views, engagements, and likes.
      • For LinkedIn interactions we collect, and store page counts only for engagement, impressions, likes and shares.
    • When you interact with our public blogs
      • Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Data appears on our blogs and you want it removed, contact us at the information provided in the “Contact Us” section. If we are unable to remove your information, we will tell you why.
    • Other sources of Personal Data
    • We may combine Personal Data with other information we collect or obtain about you (such as information we source from our third-party partners), to serve you specifically, such as to deliver a product or service according to your preferences or restrictions, or for advertising or targeting purposes in accordance with this Privacy Policy. We ensure that such third parties are legally permitted or required to disclose such information to us. We handle combined data using the same administrative and technical safeguards we use with Personal Data.
  5. Sharing Personal Data with other organizations
    • Apart from sharing Personal Data with the Data Recipients specified above, we might also share Personal Data with other organizations in the following circumstances:
      • Within Crestline where this is necessary for our internal processing purposes. Your data will only be seen and used by employees of Crestline. We operate a role-based access policy for Personal Data. What this means is that an employee will only have access to Personal Data if they need that access to do their job.
      • To transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition or in connection with any bankruptcy or reorganization proceeding brought by or against us. In that event, any acquirer will be subject to our obligations under this Privacy Policy. We will notify you of the change either by sending you an email or posting a notice on our website.
      • Where we have a good-faith belief sharing is necessary to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Website Terms of Use or as otherwise required to comply with our legal obligations; or
      • As you may otherwise consent from time to time.
  6. How we protect your Personal Data
    • We know how important it is to protect and manage your Personal Data. Below are some of the measures we have in place.
      • We apply physical, electronic, and administrative safeguards in connection with the collection, storage, and disclosure of Personal Data.
      • We protect the security of your information by using industry-standard SSL/TLS encryption to protect data transmissions.
      • We use computer safeguards such as firewalls and data encryption to keep data safe.
      • We only authorize access to employees and trusted partners who need it to carry out their responsibilities.
      • We regularly monitor our systems for vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
      • Your Crestline Account Information is password-protected for your privacy and security. It is important that you keep your login details and devices protected from unauthorized access.
  7. How long we use Personal Data
    • Your Personal Data is stored by us and/or our service providers for as long as necessary to provide service or to comply with our legal obligations, resolve disputes, prevent abuse, enforce our agreements, and to the extent permitted by applicable laws. When we no longer have a legitimate business purpose for your Personal Data, or when you request that we delete your Personal Data (except where we need to retain it to comply with a legal obligation or to establish, exercise or defend legal claims), we will remove or anonymize such information in our systems.
  8. Cookies
    • We use "cookies" on all our websites to enable you to sign in to our services and to help personalize your online experience. We use cookies to store your preferences and other information on your computer to save you time by eliminating the need to enter the same information repeatedly. They also allow us to remember what links and pages have been clicked or viewed during a session. We partner with third parties to display advertising on our website or to manage and serve our advertising on other sites. Our third-party partners may use cookies or similar tracking technologies to provide you with advertising or other content based upon your browsing activities and interests.
    • Some marketing you receive, including email marketing, may also be personalized based on your visits to our websites and your browsing and purchase history. In addition, when you click on some links in email marketing you receive, our email service provider may place a cookie on your browser. This cookie would be linked to your email address and used to gather information about the products and services you view on our websites. Information gathered may be used to personalize and customize future email marketing messages you receive.
    • By using your browser controls, you are always in control of the cookies we store and access on your computer. Many web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to sign in or use other interactive features of our websites and services that depend on cookies. You can also set your browser to notify you each time new cookies are placed on your computer or other device. You can find more detailed information about how you can manage cookies through your browser’s help function. If you choose to disable some or all cookies, you may not be able to make full use of our websites.
  9. Protecting Children’s Privacy
    • Our websites do not knowingly collect any personally identifiable information from children under the age of 16. If a parent or guardian believes that the Website has personally identifiable information of a child under the age of 16 in its database, please contact us immediately and we will use our best efforts to promptly remove such information from our records.
  10. How to unsubscribe to email
    • If you at any time, choose to no longer receive mailings from us and wish to opt-out from any future mailings you may opt out of this use by clicking on the unsubscribe link provided in every personalized email marketing message you receive sent from or on behalf of us. We will continue using your e-mail address for other purposes for which we have or do not require consent, such as fulfilling an order or obligation.
  11. EU/UK Privacy Rights
    • Crestline is based in the United States but has offices in the United Kingdom. Data is both collected and processed in the U.S., the UK, and any other global Crestline offices.
    • We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
    • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.
    • We process your personal data primarily on the basis of Legitimate Interest as a business but only if necessary for the purpose we collected it for. We will also process data on the basis of contractual and transactional obligations where necessary. We may process your data for the following reasons:
      • Sales and marketing activities such as calls, emails, and other types of communications
      • Understanding how you interact with the website and social media
      • Account activity such as, email, written and verbal communications and agreements
      • Financial activity, such as billing communications
      • To perform obligations under a contract with you or a business you may work for
    • Your rights and how can you exercise them
      • Under Articles 15 to 22 of the GDPR (General Data Protection Regulation), data subjects are entitled to exercise certain rights in relation to the Personal Data that Crestline holds about them (known as a “Data Subject Request” or “DSR”).
      • In the United Kingdom, data protection is governed by the Data Protection Act 2018 (DPA 2018)
      • Under the GDPR, DPA 2018, and applicable data protection laws in the EU/EEA countries, you have the rights listed and explained below, subject to certain limitations in individual cases. We need to confirm your identity before we can handle your requests. If we refuse your request for legal reasons, we will tell you why.
      • For all inquiries concerning your privacy and Personal Data, please contact us at the information listed below. We will verify the EU/UK resident’s identity before complying with any such request. We will require you to provide certain information about you and/or your account with us and you will have to declare who you claim to be.
      • Get a copy of your Personal Data
    • You have the right to obtain a copy of your Personal Data if it does not have a negative effect on other people.
      • Access to information about your Personal Data
    • You have the right to know whether we use your Personal Data, as well as the following information:
      1. Why we have your Personal Data.
      2. What categories of data we have.
      3. What we do with your Personal Data.
      4. Who has access to your Personal Data (and where they are).
      5. Where your Personal Data might be transferred to.
      6. How long we are keeping your Personal Data.
      7. If you did not provide your Personal Data directly to us, how did we get it.
      8. Your rights under applicable laws and the possibility to restrict processing.
      9. If we use your Personal Data for any automated decision-making; and
      10. In some cases, you have the right to know how our automated decision-making works, if the decision significantly affects you.
      • Make sure your Personal Data is correct
    • The right of rectification allows you to instruct an organization that is processing your Personal Data to rectify any mistakes.
      • Right to be forgotten
    • You have the right to ask us to delete your Personal Data.
      • Restrict how we use your Personal Data
    • You have the right to ask us to stop doing certain things to your Personal Data when:
      1. You do not think we are using the right Personal Data.
      2. You do not want us to delete your Personal Data, but you also do not think we are complying with the law.
      3. You want to make a legal complaint against us, but we want to delete the data; or
      4. You challenge our explanation of our use based on a "legitimate interest".
    • When you successfully restrict how we use your Personal Data, we will only use your Personal Data with your consent, or unless it is required by law.
      • Obtain a portable file so you can share it with another company
    • You have the right to obtain a portable file that contains the Personal Data you provided to us where the legal basis is either consent or the performance of contract and the processing is carried out by automated means.
      • Withdraw your consent
    • When we use your Personal Data based on your consent, you have the right to change your mind and withdraw your consent at any time. You may do so at the contact details below.
      • Object when we process your Personal Data based on “Legitimate Interest”
    • When we process your Personal Data based on “Legitimate Interest” as specified in this Privacy Policy, you may have the right to disagree and stop us from processing your Personal Data for this purpose. We may have compelling reasons, to continue processing your Personal Data even in the light of your objection. In such cases we will provide you with our rationale. We will respect and implement your objection in any case where it is related to direct marketing purposes.
      • Challenge the decision generated by our automated decision-making process
    • When we use automated decision-making tools or processes that lead to an outcome which produces a legal or other significant effect, you may have the right to understand the logic involved, the significance and possible consequences of this process. You may also have the right to request human intervention, especially when this is used to conclude a contract with us. You can challenge our decision by expressing your opinion.
      • File a complaint with your local data protection supervisory authority
    • Right to complain to the Information Commissioners Office (ICO): If you are not happy with an aspect of how Crestline is processing your data, you can lodge a complaint to the supervisory authority, which is the ICO. (www.ico.org.uk) Before escalating, please contact our Data Protection Officer at datasecurity@Crestline.com if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.
  12. California Privacy Rights
    • California law requires certain businesses to disclose information regarding the rights of California residents pursuant to the California Consumer Privacy Act (the “CCPA”) and the California Privacy Rights Act (the “CPRA”). All terms used in this section have the same meaning as defined in Cal. Civ. Code Section 1798.140 and do not have any other meaning as may be prescribed elsewhere in this Privacy Policy.
    • California residents may request that we disclose to them the following information covering the preceding 12 months:
      • The categories of Personal Data we have collected about them.
      • The categories of sources from which the Personal Data was collected.
      • The business or commercial purpose for collecting or selling Personal Data.
      • The categories of third parties with which we share Personal Data.
      • The categories of Personal Data about them that we have sold and the categories of third parties to which the Personal Data was sold.
      • The categories of Personal Data about them that we disclosed for a business purpose and the categories of third parties to which the Personal Data was disclosed.
      • The specific pieces of Personal Data we have collected about them.
    • Right to Know Request: A California resident may request the disclosure of the information listed above by contacting us using the information in the “Contact Us” section below. Pursuant to California law, we will verify the California resident’s identity before complying with any such request. In case of a telephonic request, we will require you to provide certain information about you and/or your account with us.
    • Request to Delete: A California resident has the right to request that we delete any Personal Data about them that we have collected from them, and that we direct any service provider to delete the California resident’s Personal Data from its records. However, pursuant to the CCPA, a California resident’s information may not be deleted under certain circumstances, including where maintenance of their Personal Data is necessary to: complete the transaction for which the Personal Data was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, to provide a good or service that they requested or that is reasonably anticipated within the context of their ongoing business relationship with us, or to otherwise perform a contract between us and them; to detect security incidents, protect against or prosecute fraudulent or illegal activity; to enable solely internal uses that are reasonably aligned with their expectations based on their relationship with us; to comply with a legal obligation; or to otherwise use their information internally in a lawful manner that is compatible with the context in which they provided the information. For more information about these and other situations in which we may not delete a California resident’s Personal Data, please see Cal. Civ. Code Section 1798.105(d). A California resident may request the deletion of information collected from the California resident by contacting us using the information in the “Contact Us” section below. In case of a telephonic request, we will require you to provide certain information about you and/or your account with us.
    • A California resident may use an authorized agent to submit a right to know request or a request to delete. To use an authorized agent, the California resident must provide the agent with written authorization. In addition, the California resident may be required to verify their own identity with us. We may deny a request from an agent that does not submit proof that they have been authorized by the California resident to act on their behalf. Such requirements, however, will not apply where a California resident has provided the agent with power of attorney pursuant to Cal. Prob. Code section 4000 to 4465.
    • California residents have the right to opt-out of the sale or sharing of their Personal Data at this link or at 1-800-243-2122.
    • California residents have the right to correct any inaccurate Personal Data we may have of theirs.
    • California residents have the right to limit the use or disclosure of their sensitive Personal Data.
    • We will not discriminate against a California resident because the California resident exercised any of their rights under the CCPA.
    • In the preceding 12 months, we have collected the following categories of Personal Data about California residents from the following sources and for the following purposes. The CCPA requires that we reference specific categories of Personal Data enumerated in the CCPA. We may collect only certain pieces of Personal Data described in each category and may not collect certain pieces of Personal Data described in each category.
    Category of Personal DataCategories of Third Parties to Whom We Disclose Personal Data for a Business Purpose Categories of Third Parties to Whom Personal Data is Sold or Shared
    Identifiers• Suppliers and other service providers
    • Other third parties, as reasonably necessary
    • Marketing and analytical providers
    Personal Data subject to the California Customer Records Act• Suppliers and other service providers
    • Other third parties, as reasonably necessary
    • Marketing and analytical providers
    Characteristics of protected classifications under California or federal law• Not collected• Not sold or shared
    Commercial information• Suppliers and other service providers
    • Other third parties, as reasonably necessary
    • Marketing and analytical providers
    Professional or employment-related information• Not collected • Not sold or shared
    Internet or other electronic network activity• Suppliers and other service providers
    • Other third parties, as reasonably necessary
    • Marketing and analytical providers
    Geolocation data• Suppliers and other service providers
    • Other third parties, as reasonably necessary
    • Marketing and analytical providers
    Audio, electronic, visual, olfactory, or other sensory information • Not collected• Not sold or shared
    Inferences• Suppliers and other service providers
    • Other third parties, as reasonably necessary
    • Marketing and analytical providers
    Sensitive Personal Data• Suppliers and other service providers
    • Other third parties, as reasonably necessary
    • Not sold or shared
    • California “Shine the Light” Law
      • Certain California residents may also request information from us once per calendar year about certain Personal Data disclosed to third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses to which we have disclosed such information. To request this information, please contact us by using the information provided in the “Contact Us” section below.
  13. Contact Us
    • If you have any queries regarding this Privacy Policy or complaints about our use of Your Data, please contact us at:
  14. Do-Not-Track
    • • Some web browsers incorporate a Do Not Track (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, then the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option, and DNT signals are not yet uniform. For this reason, many digital service operators, including Crestline with respect to most of the Sites, do not recognize or respond to DNT signals. To learn more about DNT signals, you may wish to visit http://www.allaboutdnt.com/.
  15. Changes to this Privacy Policy
    Crestline may edit this policy from time to time. If we make any substantial changes we will notify you by posting a prominent announcement on or pages.