Collecting Personal Information
Examples of Personal Information collected: a version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels [ADD OR SUBTRACT ANY OTHER TRACKING TECHNOLOGIES USED].
Disclosure for a business purpose: shared with our processor Shopify [ADD ANY OTHER VENDORS WITH WHOM YOU SHARE THIS INFORMATION].
Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers [INSERT ANY OTHER PAYMENT TYPES ACCEPTED]), email address, and phone number.
Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify [ADD ANY OTHER VENDORS WITH WHOM YOU SHARE THIS INFORMATION. FOR EXAMPLE, SALES CHANNELS, PAYMENT GATEWAYS, SHIPPING AND FULFILLMENT APPS].
Customer support information
Examples of Personal Information collected: [MODIFICATIONS TO THE INFORMATION LISTED ABOVE OR ADDITIONAL INFORMATION AS NEEDED]
Purpose of collection: to provide customer support.
Source of collection: collected from you.
Disclosure for a business purpose: [ADD ANY VENDORS USED TO PROVIDE CUSTOMER SUPPORT]
[INSERT ANY OTHER INFORMATION YOU COLLECT: OFFLINE DATA, PURCHASED MARKETING DATA/LISTS] [INSERT FOLLOWING SECTION IF AGE RESTRICTION IS REQUIRED]
VISITORS FROM THE EUROPEAN UNION
Legal Basis for Data Processing
If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our Site and services, manage our relationship with you and communicate with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our Site and our services, undertaking marketing, or for the purposes of ensuring the security of our Site and services and detecting or preventing illegal activities such as fraud.
If we ask you to provide Personal Data to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data). In some instances, you may be required to provide us with Personal Data for processing as described above, in order for us to be able to provide you all of our services, and for you to use all the features of our Site.
We retain your Personal Data as long as we have an ongoing legitimate business need to do so for example to provide services or products to you, or as required or permitted by applicable laws, such as tax and accounting laws. When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under section J. HOW TO CONTACT US below.
International Transfers of Personal Data
If you are a resident of the European Economic Area, you have the following data protection rights, which you can exercise at any time by contacting us using the contact details provided under section J. HOW TO CONTACT US below:
•The right to access, correct, update or request deletion of your Personal Data.
•The right to object to processing of your personal information when it is based on our legitimate interests, and separately the right to object to direct marketing.
•The right to ask us, in some situations, to restrict processing of your personal information or request portability of your personal information.
•The right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under section J. HOW TO CONTACT US below.
•If we have collected and process your personal information with your consent, then you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
If you are aware of changes or inaccuracies in your information, you should inform us of such changes so that our records may be updated or corrected.
The Site is not intended for individuals under the age of [INSERT AGE]. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful requests for information we receive, or to otherwise protect our rights.
[INSERT INFORMATION ABOUT OTHER SERVICE PROVIDERS] [INCLUDE FOLLOWING SECTION IF USING REMARKETING OR TARGETED ADVERTISING]
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
[INSERT IF APPLICABLE] We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
[INSERT OTHER ADVERTISING SERVICES USED] For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt-out of targeted advertising by:
[INCLUDE OPT-OUT LINKS FROM WHICHEVER SERVICES BEING USED. COMMON LINKS INCLUDE:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- GOOGLE - https://www.google.com/settings/ads/anonymous
- BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at http://optout.aboutads.info/.
Using Personal Information
We use your Personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
[INCLUDE THE FOLLOWING SECTION IF YOUR STORE IS LOCATED IN OR IF YOU HAVE CUSTOMERS IN EUROPE]
According to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
[INCLUDE ALL THAT APPLY TO YOUR BUSINESS]
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations; To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We [DO/DO NOT] engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denies listed IP addresses. This denylist persists for a small number of days.
[INCLUDE THE FOLLOWING SECTION ONLY IF YOU SELL PERSONAL INFORMATION, AS DEFINED BY THE CALIFORNIA CONSUMER PRIVACY ACT]