By In

Privacy Policy

Last Updated: June 27, 2025

Previous version: https://www.bobmarley.com/privacy-policy-old/

Welcome

This Privacy Policy (“Policy”) explains how we collect, use, store, protect, and share your personal information through our services, including Bobmarley.com.  Bob Marley Music, Inc. is the data controller of the personal information collected through the services (as defined in our Terms of Service and including our website www.bobmarley.com) (“Terms”).  Bob Marley Music, Inc. is referred to in this Policy as “we”, “our,” “us,” or the “Company.”

How we handle your information depends on which services you use, and how you use them.  This Policy is grouped into these sections:

about us and this Policy;
information we collect;
how we use information;
when we disclose information to others;
your rights and controls; and
information about local privacy laws.

We encourage you to read this Policy carefully.  If you have questions, please contact us.

About us and this Policy

This Policy is designed to explain how we process your personal information and how you can exercise control over our processing.  Capitalized terms that are used but not defined in this Policy are defined in our Terms.  The Terms describe how the Services works in general, and establishes a contract between you and us governing your use of the Services.

Contact us

If you have any questions or feedback about this Policy, email us at privacy@tuffgongworldwide.com or write to us at: Bob Marley Music, Inc., 10153 1/2 Riverside Drive #422, Toluca Lake, CA 91602.

Changes to this Policy

Because the Services change often, this Policy may change over time.  Anytime we modify the Policy, we will post a revised version on the Services (including on our website) and update the Last Updated date above.  If we intend to use your personal information in a way that is materially different from the ways described at the time of collection, we will notify you before the material changes to this Policy take effect, so you have time to review them.  If we have your contact information (such as your email or phone number), we will notify you that way.  We may also post a temporary notice on the Services, or notify you by other means to the extent required by law.

We encourage you to review the Last Updated date periodically to ensure you’re aware of the current Policy.   By using or accessing the Services, you signify that you have read, understand and agree to be bound by this Policy and the Terms.

When this Policy applies

This Policy applies to you when you use the Services, effective as of the Last Updated date above.  However, some collection and use of information falls outside this Policy:

  • Outside services. Some areas of the Services contain links to third-party websites, resources and advertisers (“Outside Materials”).  Outside Materials include bobmarley.com which is operated by a third party.  Outside Materials are not part of the Services.  We do not control (and are not responsible for) third party content or privacy practices.  Information you provide to third parties is not covered by this Policy.  A separate third party privacy policy governs shop.bobmarley.com.  These third parties have their own policies and practices about data, which may include what information they share with us, your rights and choices on their services and devices, and where they store information.  We encourage you to familiarize yourself with their privacy notices and applicable contractual terms.
  • Our personnel: If you are a current or former employee or contractor of ours, this Policy does not apply to you. Reach out to your human-resources partner or supervisor with any inquiries about your personal information.

Information we collect

Information you provide

To provide you with many of our Services, we need some of your personal information.  Without it, we may not be able to provide all services requested.  For example, your personal information is necessary to establish an account, or subscribe to our newsletters or communications.  This information may include:

Contact and account information, such as your first name, last name, phone number, postal address, email address, date of birth, and profile photo, some of which will depend on the features you use and many of which are personal identifiers.

 

Information automatically generated when you use the services

As you use the services, cookies and other technology we use will generate technical data about which features you use, how you use them and the devices you use to access our services.  This information may include:

  • Device Information related to the devices you use, which may include devices’ IP address, advertising identifier(s), browser and operating system, internet service provider and settings.
  • Internet Activity related to your use of the services, such as the pages you visit, the sites you use before or after visiting ours, your actions within the services, the content or advertisements you interact with, general location information, time stamps and performance logs and reports.
  • Cookie data generated by cookies, web beacons, pixels, and other similar technologies, for measurement services, better targeting advertisements, and for marketing purposes.
  • Cookie data. We and certain of our third party contractors and partners, such as analytics and advertising partners, may use ‘cookies’ and other website technologies to collect information about your online activity over time and across different services.  We may use both session cookies (which are deleted from your device when you exit the services) and persistent cookies (which remain on your device for longer or until you delete them manually).  A session cookie disappears after you close your browser.  A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services.]

Information we receive from others

If you choose to connect to our services through a third-party social network login, such as Facebook or Google (each, a “Social Login”), we may receive information from your profile on such Social Login, such as your name, username, and e-mail address.  In addition, our services may offer social sharing features which allow you to “Share” or “Like” through a Social Login account.  If you decide to use a Social Login, it may allow the sharing and collection of Information both to and from the Social Login provider.  Because we do not control Social Login providers, you should review the privacy policy of your Social Login provider and the practices that apply when you use the Social Login.  These terms are generally summarized, and accessible in full, from a prompt in the Social Login’s connection flow.

           Cookies and other technology

We and our partners collect personal information on the services using cookies, pixel tags or similar technologies.  Such information may be used to promote events, services or products, including through our marketing and merchandising partner.  Our third party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services.  We may use both session cookies (which are deleted from your device when you exit the services) and persistent cookies (which remain on your device for longer or until you delete them manually).  We may also receive information about you from our advertising partners where Company ads are published on a partner’s service (in which case they may pass along details on a campaign’s success).

If you opt in to email or text messaging from us, cookies may be used to personalize your experience (e.g. send you personalized text messages such as shopping cart reminders).

We may infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”).

Our disclosures of information to others

Since our goal is to help you discover great products, content and services, the principal reason we exchange your information is to enhance your experience of the Services and make sure it works well for all users.

This section describes how and why we exchange personal information with contractors and third parties.  It also describes exchanges made for certain purposes, like advertising, legal reasons and consensual direct marketing.  We may also disclose deidentified and/or anonymized data for these purposes.

Functional disclosures

In addition to the use of trackers described above, we contract with companies or individuals to provide certain services related to the functionality and features of the Services, email and hosting services, software development and data management.  We refer to them as “contractors.

We may disclose information about you, such as Personal Identifiers, Commercial Information, Internet Activity and Device Information, to contractors as necessary for them to perform their services.  Contractors are not permitted to use information about you for any other purpose.  In the past twelve (12) months, we have disclosed these types of information to the following types of contractors:

  • Analytics providers, to tell us how the Services is doing, such as which parts interest visitors and how long they visit before leaving. Among other data, they may receive your IP address.
  • Various hosting services and data processors to provide the infrastructure of the Services, which ensure that traffic is from real people, not computers. Among other data, they may receive your IP address.

For personalized ads

We share information with advertising partners to make the advertising presented to you more relevant to you.  We also market the Services to you through ads facilitated by marketing vendors.

  • For example, we use Google and Facebook to serve ads on the Services and we may market the Services to you on third party services through Google. They use cookies or unique device identifiers, in combination with their own data, to show you ads based on your visits to our webpages and to other sites. You can opt out of the use of the these cookies by visiting the related Google and Facebook privacy policies.
  • We try to limit how our third-party advertising technology vendors use information they collect from you. Most providers require us to enter contracts that allow them to optimize their ad services and products.  Essentially, they combine any information they may gather about you through our Services with information they receive from their other clients.  This helps them target ads to you on behalf of their other clients, not just us.

In the past twelve months, we have shared these categories of personal information with third parties to personalize advertising:

  • Device Information (including Personal Identifiers)
  • Commercial Information
  • Internet Activity

For legal reasons

Finally, we may disclose personal information:

  • In response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us;
  • When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company, our users, or others; and in connection with the enforcement of our Terms and other agreements; or
  • In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

With your consent or at your request

We may periodically ask for your consent to disclose your information to third parties.  Whenever we ask your consent for this reason, we will summarize the purpose and scope of the disclosure.  For example, we may offer discounts to you if you consent to join our mailing list or participate in a promotion involving direct marketing communications.

  • In those cases, the Services will display a tickbox near an email-entry field explaining that by submitting your information, you agree to share your email with the content provider.
  • To be clear, we only exchange information about you with third parties for direct marketing purposes if you opt in, and will only do so until you opt out.

How long we retain your information

We retain your information only as long as we need it for the purposes described under How we use information, except when longer retention is required by our compliance policies and efforts toward applicable legal, tax, accounting and regulatory requirements.

How long we need information for those purposes varies by category, and even within categories.  These retention determinations always consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from its unauthorized use or disclosure, whether we can achieve those purposes without using the personal information.

For example, we delete some Internet Activity at some soon as you exit the Services, whereas we may retain records of your orders for services and products for several years as required by law or contract, such as agreements with our payment processors or under our accounting standards.

Your rights

In General

As a user of the Services, you have rights and choices about your personal information.  We want you to be in control of your information, so we want to remind you of the following options and tools available to you:

  • Content opt-outs: you may opt-out of any newsletters or promotional communications from us by following the unsubscribe instructions in the communication you receive. You may also opt-out of receiving newsletters and/or promotional communications through our Opt-Out Request Form. We may continue to send you communications regarding the Services, such as notices about administrative updates, transaction reports, and changes to the Services, this Policy or the Terms.
  • Exercising rights: If any of the location-specific rights listed below apply to you, see Requesting information.
  • Personalized ads: For more about targeted advertising, and how to opt out with your specific browser and device, go to the DAA Webchoices Browser Check and NAI Opt Out of Interest-Based Advertising. You can download the AppChoices app to opt out in mobile apps

Rights under GDPR

This section applies to you only if you reside in a jurisdiction where GDPR applies. 

For GDPR purposes, the data controller is Bob Marley Music Inc.

           Lawful bases

If we are aware that you reside in a GDPR jurisdiction, we only collect, use or share information about you when we have a valid reason. This is called a ‘lawful basis.’ Our lawful bases generally map to the Purposes above, but specifically include:

  • The consent you provide to us at the point of collection of your information
  • The performance of the contract we have with you
  • The compliance of a legal obligation to which we are subject, or
  • The legitimate interests of Bob Marley Music Inc. or a third party.

We have a legitimate interest in gathering and processing personal data, for example: (1) to ensure that our networks and information are secure; (2) to administer and generally conduct our business; (3) to prevent fraud; and (4) to conduct our marketing activities.

           GDPR rights

Depending on your jurisdiction’s enactment of GDPR, you may have these rights:

  • Request access (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you.
  • Request correction. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised objected to processing (see below), where we may have processed your personal data unlawfully, or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons.  If so, we will notify you at the time of your request.
  • Object to processing where we are relying on a legitimate interest (or those of a third party) and you object to particular processing due to a perceived impact on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
  • Request restriction of processing during the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we might not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. For clarity, withdrawal is not retroactive.

We do not charge for access to your personal data or to exercise any of the other rights.  However, we may refuse to comply with your request or charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

International Data Transfers

If you reside outside the United States, we transfer information about you for processing in the United States.  By providing your information to us, you consent to the processing of the information in the United States.  The transfer of this information to the United States is necessary for the performance of our contract for use of the Services.

Note that U.S. law is not equivalent to GDPR.  As of the Last Updated date, the U.S. has not been deemed an ‘adequate jurisdiction under GDPR for the purposes of international data transfers.  However, the EU and the U.S. are negotiating the terms of an adequacy determination that may go into effect in the years to come.

Use by minors

The Services is intended for adult users.  We do not knowingly collect information from anyone under the age of 16 16, and we do not share or sell information about anyone under 16 without affirmative authorization.  If we learn that we have collected information from a person under age 16, we will delete that information as quickly as possible.

  • If you are under 16: sorry, but please leave the Services.  If you’ve already sent us information, please contact us first so we can delete it.

If you are a parent or guardian of a person under 16 years of age and you believe that person provided information to us, please contact us.

Information about local privacy laws

The Services operates from the United States, but this Policy applies worldwide.  Our practices generally do not differ based on your location, but your rights and choices depend in part on the law where you live.  For example, you may have rights under: (1) “GDPR”: implementations of the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679; or (2) U.S. state data privacy laws like “CCPA”: the California Consumer Privacy Act, as amended.

As a result, certain sections of this Policy apply to you only if you reside in a particular location:

  • Residents of California and other U.S. states with data privacy laws should consult the Rights under U.S. state laws If you reside in a U.S. jurisdiction that has enacted a data privacy law similar to CCPA or GDPR, we extend the same rights CCPA grants to California residents to you, except where we specify otherwise.
  • Residents of jurisdictions where GDPR applies – such as U.K., EU and Swiss residents – should consult the Rights under GDPR and International Data Transfers

If those location-specific sections apply to you, those sections override any contrary descriptions elsewhere in the Policy as they relate to you.  If you have questions about your rights under other data privacy laws, please contact us.

Information for Users in Certain U.S. States

Exercising your rights: As described above, all our users have control over their information and can directly edit or delete information from their account and limit what data we process. If you are a resident of California, Colorado, Connecticut, Utah, Virginia or another state with a similar data-privacy law, you may have additional rights that you (or, in certain states, an authorized agent acting on your behalf) by contacting us, including the right to:

  • More information about the categories and specific pieces of personal information we have collected and disclosed for a business purpose in the last 12 months
  • Access and/or receive a copy of certain personal information we hold about you
  • Correct your personal information
  • Delete certain personal information we hold about you
  • Receive information about the financial incentives that we offer to you, if any
  • Opt out of the processing your personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects, if applicable
  • You also have the right to not be discriminated against for exercising your rights. You may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising.” We do not sell the personal data of our users or share personal data for targeted advertising purposes.

Certain information may be exempt from the requests above under applicable law. For example, we need to retain certain information in order to provide our services to you. We also need to take reasonable steps to verify your identity before responding to a request.  If you are an authorized agent submitting a request on a user’s behalf (where permitted), we may require proof of your written authorization before processing the request.  Depending on applicable law, you may have the right to appeal our decision to deny your request.

If you have any questions about these rights, wish to exercise them, or request an appeal, please reach out to us at privacy@tuffgongworldwide.com.

           Additional Information for Users in California

In addition to the rights described above, consumers residing in California are afforded the right to certain additional information with respect to their personal information under the California Consumer Privacy Act or (“CCPA”). If you are a California resident, this section applies to you.

  • ‍Our collection and use of personal information: We collect the following categories of personal information: identifiers (such as your username, the email address you used to sign up, and your phone number if you’ve chosen to provide it); internet or other network information (how you interact with the application); location information (because your IP address may indicate your general location); inference data about you (for example, what content you may be interested in); and other information that identifies or can be reasonably associated with you. For more information about what we collect and the sources of such collection, please see the Information we collect” section of the Privacy Policy.
  • We collect personal information for the business and commercial purposes described above.
  • ‍Disclosure of personal information: We may share your personal information with third parties as described above. We disclose the categories of personal information mentioned in that section for business or commercial purposes.
  • ‍No sale or “share” of personal information: The CCPA sets forth certain obligations for businesses that sell or “share” personal information. We do not sell or share the personal information of our users as those terms are defined in the CCPA. We do disclose certain information as outlined above and you can make choices with respect to your information as outlined in that policy.
  • We retain personal information as described above and in our data retention policy.

California’s “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties, as defined under applicable law, for their direct marketing purposes. We do not share your personal information with third-parties for their own direct marketing purposes.

Requesting information

           Submitting requests

To exercise any rights described in this Policy, please contact us.  Your request must:

  • provide sufficient information to identify you and the law that applies to you, such as your name, e-mail address, home or work address, or other information we maintain.
  • not include social security numbers, driver’s license numbers, third-party account numbers, credit or debit card numbers, or health information.

           Verifying requests

We verify requests by first confirming the source of the request and then by matching the information submitted to the information we maintain.  If your request is unclear or we are unable to authenticate your identity, we will respond with direction on how to remedy the deficiencies, in accordance with law that applies to you.

If we cannot verify the identity of the individual making the request, we may deny it, in full or in part.

           Responses to requests

We will respond to your request as quickly as we can, taking into account the nature of your request and the volume of pending requests.  The content of our response will vary with the nature of your request, but will always respond in accordance with any deadlines or requirements specified by the laws that applies to you.

Under certain circumstances, we may be unable to provide responsive personal information, such as when disclosure would create a substantial, articulable and unreasonable risk to the security of the information, customers’ account with us, or the security of our systems or networks.  We do not disclose account passwords or any other non-personal information that enables access to an account.

Please understand, however, that we reserve the right to retain an archive of any deleted information, to the extent permitted by law.  We may also retain deidentified or aggregate data derived from information about you.

Appealing decisions

Residents of California, Colorado, Connecticut, and Virginia may appeal a decision we have made regarding their requests by contacting us.