SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing: With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com.
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org
California Consumer Privacy Act
California Information: If you're a resident of California, you have certain rights with respect to your personal information. Those rights and how you may exercise them are described below. The fact that you have elected to exercise these rights will have no adverse effect on the price and quality of our products.
Right to Request Information About Disclosure To Third Parties For Their Direct Marketing Purposes: You may request information about our disclosure of personal information to third parties or affiliated companies for their direct marketing purposes. To make such request, please email us at the address listed above. Please allow up to 30 days for us to process your request. You may submit such a request once per year.
Right to Know: You may request that we provide you for the last 12 months a list of the categories of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting or “selling” the information, and the categories of “third parties” to whom we disclosed or “sold” that information. You may also request that we provide you in machine readable format a copy of the specific pieces of personal information we have collected about you in the past 12 months. You may make a request to know up to two times in a 12-month period, subject to limitations described in the law.
Right to Delete: You may request that we delete any personal information that we have collected from you. However, the law exempts certain information from deletion. For example, we may keep information necessary for security and fraud detection. We also may keep information needed to provide you goods or services.
Non-discrimination: You have the right to be free from discrimination for using these rights. We will not deny you goods or services, charge you different rates, or give you different discounts because you used one of these rights.
How to Make a Request: You may make a request to know or delete by emailing us here. When you make a request, we will take steps to verify your identity before responding. This is to protect your information. We will ask you to provide us your email and physical address. If you maintain an account with us, these must match the addresses connected to your account. We will then send you a physical letter to this address with a one-time code. You must email us this code from the email address you provided. Once you do, we will respond to your request.
Authorized Representatives: You may also designate an authorized representative to make data subject rights requests on your behalf. We will require verification that you did in fact authorize the representative. Unless the law requires otherwise, your authorized representative must provide contact details for you. We will contact you to confirm that you authorized the representative. Once you confirm, we will promptly respond to the rights request.
Contact For More Information: If you have questions please contact us at email@example.com
Right to Opt Out of "Sale" of Personal Information: If you are a California resident, you have the right to opt out of the “sale” of your personal information to “third parties.”
Sale is defined very broadly. The law defines “sale” more broadly than you might think. It doesn’t just include the exchange of data for money. Instead, it covers any transfer of personal information to a “third party” in exchange for “other valuable consideration.”
We do not transfer your information to third parties in exchange for money and we will not do so. However, we do transfer personal information to certain third parties in order to operate our business (for example, to market our products and services). It is possible that someone could claim that this transfer was in exchange for “other valuable consideration.” We want to be careful with and respectful of your information. Therefore, if you opt out, we will not transfer your information to any “third party” except as explained below (and allowed by law).
Opting out may have impacts you don’t expect. Any transfer of data to a “third party” may be considered a “sale” of data. The law considers any other business a “third party” unless that business agrees to specific contractual provisions. We try to get all of the businesses to whom we send information to add this special language to their contracts with us. But not everyone will or can agree to those terms.
As a result, if you opt out of the “sale” of data, we will not be able to send data to some of our business partners. That may mean that, after you opt out, you may not receive all of the marketing and other information you are accustomed to receiving from us. In the extreme, if one of our critical partners cannot agree to the special contract language, and is considered a “third party”, it is possible that some features of our web site or other services may not work for you after you opt out.
In addition, California law prevents us from asking you to “opt in” for a year after you “opt out.” We are allowed to tell you, however, if a specific transaction requires a transfer of data to a third party. We may alert you if a transaction requires a transfer to a third party so that you can opt in if you would like to continue with the transaction.
Minors. We do not “sell” the data of people under 16, and do not intend to collect data related to people who are under 13.
Exceptions to the opt out. The law creates several exceptions that are important for you to be aware of.
We are allowed to transfer data to a “service provider” even if you opt out. The law does not consider that kind of transfer to be a “sale.” A service provider is a business that agrees not to use your information for any purpose other than providing the services specified in our contract. For example, we transfer data to business partners to provide data security and detect fraud. Those businesses are “service providers.” Even if you opt out, we will continue to transfer data to our service providers.
We are also allowed to transfer your data to a third party where you direct the transfer or direct us to interact with the third party. For example, if you direct us to use a specific payment method to pay for your order, even if you have opted out, we will still transfer the data necessary to process your order.
Collecting information and using it ourselves is not a “sale.” Opting out of the “sale” of your data does not prevent us from continuing to collect and process your personal information.
The “opt out” only applies to “personal information.” This is information that is or is capable of being linked to you. That data is not “personal information.” Opting out will not limit our transfer of that data to third parties.
Technical limitations on opt out. Please note that there are technical limits to our ability to identify data related to you and, if you opt out, to prevent the “sale” of that information to other parties. Where we can reasonably determine that information relates to you and you have opted out, we will not “sell” it to “third parties” (except as allowed by the law). However, we may not be able to determine that information relates to you. In that case, the information may be “sold” to a third party.
Opting out is not unsubscribe. Opting out of the “sale” of personal information will not prevent you from receiving marketing messages from us. If you wish to unsubscribe from our emails, please follow the unsubscribe link in one of our emails. If you wish to unsubscribe from text messages, please follow the unsubscribe process for the program you opted into.
How to Opt Out: If you would like to opt out of the “sale” of your data, you have you may email us at firstname.lastname@example.org.