1. What personal data do we collect?1.1 We may collect the following information: 1.1.1 Information that you provide to us (e.g. by completing a form on the Website or contacting us).
- Your name and contact details (including telephone number, home address and email address);
- Billing information (including delivery address and payment details, including credit card information). We reserve the right to request additional evidence or proof of billing information where we think this is necessary;
- Expressed personal preferences (e.g. communications and language settings);
- Interactions with us (e.g. transaction history); and
- Correspondence and communications between us and you.
- Technical information, including your computer's IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Information about your visit, including the URL clickstream to, through and from our Website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
2. Why do we need your personal data?2.1 We may use your personal data for the following reasons:
- Order management and fulfillment and to complete any contractual arrangements between us and you;
- Transaction processing (including the processing of your payment details, credit checks and fraud prevention activities). These checks may be required, among other things, to verify your identity, to validate your credit or debit card, to obtain an initial credit or debit card authorization and/or to authorize individual purchases;
- Website and business analysis, administration and management;
- Allowing you to participate in the interactive features of the Website (e.g. accessing social network platforms);
- Sending you communications via newsletter subscription – should you elect affirmatively to sign up and receive - about our products, services and promotions (including service updates) and making product or service recommendations to you;
- Sending you a discount code for your first purchase when you sign up for the newsletter;
- Customizing the Website to suit your preferences;
- Keeping our Website secure; and
- Collecting money owed to us.
- Banks and the providers of credit reports for the purposes of transaction processing, which may keep a record of that information. If you choose a direct payment gateway to complete your purchase, we will store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After your purchase transaction is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, and American Express. PCI-DSS requirements help to ensure the secure handling of credit card information by our store and its service providers;
- Certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. We recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers;
- Third parties (such as social networks), where you direct us to do so. Your personal data will become subject to the privacy policies of those third parties when it is shared with them. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements;
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets that may be disclosed to the prospective and eventual buyers; or
- Strictly necessary cookies are essential for your use of the Website and its features, such as making a product purchase. We have to use these cookies to make the Website work as it should, whether or not you agree to cookies being used;
- Performance cookies collect information about how visitors use the Website, so that we can understand how our Website is used. We may use Google Analytics for this purpose: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies;
- Functionality cookies allow the Website to remember you in order to provide enhanced customized features (e.g. language preferences); and
4. Keeping your personal data secure4.1 We take steps to ensure that your personal data is protected against unauthorized loss or disclosure. However, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately misused, accessed, disclosed, altered, lost or destroyed. 4.2 You are responsible for maintaining the confidentiality of your account password and for any access to or use of our Website using your password, whether or not authorized by you. Please notify us immediately of any unauthorized use of your password or account or any other breach of security. 4.3 Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how those third parties may use your personal data. Please check these policies before you submit any personal data to these websites. 4.4 We do not knowingly collect information about anyone under 18 years of age or the age of majority in your state or province of residence. By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
5. Your Rights5.1 In accordance with applicable law, users of our Website may have the right to:
- access to the personal data that we hold about you;
- request that we correct, amend or update your personal data; and/li>
- request that we stop using your information for marketing purposes and, in certain circumstances, that we stop using your personal data altogether.
6. California Laws6.1 Do Not Track Notice 6.1.1 Under California law, website and online service operators are required to disclose how they respond to web browser "do not track" signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about a consumer’s online activities over time and across third party websites, to the extent the operator engages in that collection. At this time, we do not track our customers' personal information over time and across third-party websites and therefore this requirement does not apply to us. 6.1.2 California law also requires website and online service operators to disclose whether third parties may collect personal information about their users' online activities over time and across different sites when the users use the operator's website or service. Third parties that have content or services on our site such as a social feature, analytics service, or an advertising network partner, may obtain information about your browsing or usage habits but this information does not include personal information. We do not knowingly permit such third parties to collect any personal information from our site unless you directly provide it to us and we provide it to them with your consent. 6.2 California Privacy Notices 6.2.1 If you are a California resident under 18 years old and a registered user of the Site, you can request that we remove content or information that you have posted to our Site or on our Social Media Channels. Please note that responding to your request may not ensure complete or comprehensive removal from our Site or on our Social Media Channels (e.g., if the content or information has been reposted by another user). To request removal of content or information, please contact us at the address, telephone or email below.
7. International Users.7.1 Please note that the Website is directed towards users who reside in the United States, as well as users who reside outside the United States. By using the Website, you consent to the collection, storage, processing, and transfer of your information in and to the United States, or other countries and territories, pursuant to the laws of the United States. Some of these countries may not offer the same level of privacy protection as your own. Any such transfers will comply with safeguards as required by relevant law. If applicable, you may have a right to claim compensation for damages caused by a breach of relevant data protection laws. 7.2 If you are a resident of the EEU or Switzerland, the following information applies: 7.2.1 Right to lodge a complaint Users that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here. 7.2.2 Purposes of processing and legal basis for processing As explained above, we process personal data as defined under data protection laws in various ways depending upon your use of the Website. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to sell products; and (3) as necessary for our legitimate interest in operating the Website where those interests do not override your fundamental rights and freedom related to data privacy. 7.2.3 Transfers Personal information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities. Upon the start of enforcement of the General Data Protection Regulation (GDPR), we will ensure that transfers of personal information to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR. 7.2.4 Individual Rights If you are a resident of the EEA or Switzerland, you are entitled to the following rights, which may be exercised by contacting us as described below. In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you.
- The right to request data erasure. You have the right to have your data erased from our website if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
- The right to restrict or object to our processing. You have the right to restrict or object to our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.
8. Contacting UsIf you have any questions about our privacy or security practices or you would like to request access to or a correction to your personal information, please contact us via email at firstname.lastname@example.org. Your right to access or correct your personal information is subject to applicable legal restrictions. We may take reasonable steps to verify your identity before granting access or making corrections.
9. Texting:Only individuals who opt in to texting on this website will receive texts for the purpose of receiving the newsletter, cart reminders, and information about promotions and product launches. Texting is supported by Attentive Mobile Inc. (“Attentive”) and information about Attentive and their policies can be viewed here. For those who opt into texting, the following information will be taken from you by Us and shared with Attentive:
- Your Name
- Your Email Address
- Your Cell Phone Number
- Attentive codebase is hosted in Amazon Web Services inside a secure Virtual Private Cloud. Amazon Web Services is compliant with the latest information security compliance programs (e.g. IS27018, SOC 3, etc). More information on compliance is available here: https://aws.amazon.com/compliance/.
- Customer data is stored in a MySQL database that is firewalled inside the Virtual Private Cloud. Database access is restricted by IP address.
- Attentive collects phone numbers from users that wish to opt-in to hear from Us through SMS text messaging. User phone number is encrypted in transit and at rest. Attentive also collects email addresses, which is subject to the same encryption as phone numbers.