We collect your Personal Data in a number of ways and for various purposes, including:
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, and email address.
When you browse our Site, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable and when legally allowed): With your permission and provided it is legal in your jurisdiction, we may, within time limits allowed by law, send you emails about our Site, new products and services, and other updates. By “permission” we mean express and provable permission granted by you. A permission to send commercial or marketing emails may be through any of the following instances which we deem as the existing business relationship with or inquiry from you:
All marketing emails shall conspicuously contain a notice that at no cost to you, you can opt-out of receiving more marketing emails from us. All marketing emails shall prominently display a one-click unsubscribe or opt-out option. Once you have opted out or unsubscribed, we shall immediately refrain from sending marketing emails to you.
We may use your personal information, including but not limited to your name, address, telephone, email address and other relevant data to conduct our business, improve our Sites, develop new products and services, provide information and support, to better understand your needs and interests, personalize communications and advertising, meet contractual obligations, and generally promote a quality experience for you. For example, we may use your personal information, including your email address, to:
You may manage your receipt of marketing and non-transactional emails by clicking on the “unsubscribe” link located on the bottom of our marketing and non-transactional emails. If at any point you choose not to receive our emails or newsletters, you can also opt-out or unsubscribe by emailing email@example.com, by following the opt-out instructions in the email or newsletter. The request to opt-out from the mailing list shall be honored immediately. You may not be able to opt-out of all information sharing, however, such as information sharing with credit card processors in connection with products or services that you order from us. While we offer you some control over marketing communication, certain transactional, relationship, and legally required communications will not be affected by the choices you have made about marketing communications.
We reserve the right to release and disclose any personal information relative or provided by you to law enforcement or other governmental officials as we, in our sole and absolute discretion, deem necessary to comply with any applicable law or at the request of any governmental entity or agency.
Any information stored in our Site is treated as confidential. All information is stored securely and is accessed by authorized personnel only. We implement and maintain appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft, or disclosure.
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you consent to our collecting your personal information and using it for that specific reason only.
If we ask for your personal information for a secondary reason, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you with future effect and without affecting the lawfulness of processing of your Personal Data based on the consent you provided before you withdrew it, at any time, by contacting us at email address firstname.lastname@example.org, by following the opt-out instructions in the email or newsletter. You may not be able to opt out of all information sharing, however, such as information sharing with credit card processors in connection with products or services that you order from us. Certain transactional, relationship, and legally required communications will not be affected by the choices you have made about information sharing. Depending on the service, collection and use of your Personal Data may be required for the services to work.
You can, at any time, request to edit, update, access, or delete your information by emailing us at email@example.com. We shall promptly be following receipt of the notice, delete Personal Data from our records and, upon completion of all transactions, comply with all reasonable instructions with respect to the deletion of any remaining Personal Data. We will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. You may request for a copy of your Personal Data, free of charge and in an electronic format. You may request for all Personal Data to be provided in a commonly used and machine-readable format and once obtained, you have the right to take the same to another company.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform certain services they provide to us. Certain third-party services, such as payment gateways and other transaction or payment processors are required to abide by security standards imposed on them, such as the Payment Card Industry Data Security Standard (PCI-DSS), which is a set of security standards designed to ensure that all payment processors that accept, process, store or transmit credit card information maintain a secure environment. All direct payment gateways we utilize adhere to PCI-DSS, which is a joint effort of brands like Visa, MasterCard, American Express and Discover, to safeguard card data handling.
Whilst we shall not store your credit card information, such payment gateways and other transaction or payment processors, under PCI-DSS, may store your purchase transaction data for only as long as is necessary to complete the transaction and thereafter for only as long as it is required by law.
Such third-party payment gateways and other payment transaction processors and other third parties have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with sensitive information, such as login credentials and credit card information, then such information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we use generally acceptable commercially standards to protect your personal information.
Unless otherwise prohibited by applicable law, we shall notify you, as soon as it is reasonably possible under the circumstances but in any event no later than within 72 hours after becoming aware, of any accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Personal Data (“Security Breach”) likely to result in a high risk of adversely affecting individuals’ rights and freedom. Such notification shall include: (a) a detailed description of the Security Breach, and (b) the type of data that was the subject of the Security Breach and we shall communicate (i) the name and contact details of our data protection officer or other point of contact where more information can be obtained; (ii) a description of the likely consequences of the Security Breach; (iii) a description of the measures taken or proposed to be taken by us to address the Security Breach, including, where appropriate, measures to mitigate its possible adverse effects; and (iv) additionally in such notification or thereafter as soon as such information can be collected or otherwise becomes available, any other information you may reasonably request relating to the Security Breach.
We shall take prompt action to investigate the Security Breach and shall use industry standard, commercially reasonable, efforts to mitigate the effects of any such Security Breach in accordance with its obligations hereunder and, subject to your prior written agreement, to carry out any recovery or other action necessary to remedy the Security Breach. Unless required to do so under applicable Privacy Law, we shall not release or publish any filing, communication, notice, press release, or report concerning any Security Breach.
We shall also report such Security Breach as may be required by law to relevant supervisory authority within 72 hours of becoming aware, where feasible.
Where personal data originating in the European Economic Area is processed outside the European Economic Area, in a territory that has not been designated by the European Commission as ensuring an adequate level of protection pursuant to applicable Privacy Law, we agree that the transfer shall be undertaken pursuant to SECTION 6 above, which we shall maintain in full force and effect.
We have a data processing agreements in place to ensure compliance with all relevant Directives. All processing is performed in accordance with the highest security regulations.
If our Company is acquired or merged with another company, we may disclose your Personal Data with our prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.
Residents of the European Economic Area: Our disclosure is limited to situations where we are permitted to do so under applicable European and national data protection laws and regulations.