Last Updated: 25 July 2020
Part 1: Information Collection
1.1 Personal Information. The term “Personal Information” means information relating to a living person who is or can be identified from that information or from that information in conjunction with other information that is in, or comes into, our possession.
1.2 Cart and Billing Information. When you purchase something from us, as part of the buying and selling process, we collect the Personal Information you give us such as your name, address, email address, and billing address (“Billing Information”). In the event that you reach the checkout and fill out your Personal Information but decide to abandon your cart, your cart and Personal Information will still be stored in our system as an abandoned cart (collectively, “Abandoned Cart Information”). Abandoned Cart Information can be deleted at your request at any time. We may also send you an automated e-mail within 24 hours of abandoning your cart to remind you to complete your purchase.
1.3 Usage Information. When you browse our website, we also automatically receive information, which may include Personal Information, regarding your access to and use of our website. This information includes your computer’s internet protocol (IP) address, in order to provide us with information that helps us learn about your browser type, operating system, device type, language, referring website URLs, log files, pages on our website that you visit and links that you click on (collectively, “Usage Information”).
1.4 Payment Information. Our store is executed through WooCommerce using Paypal and Stripe. When you choose a direct payment gateway to complete your purchase, Paypal or Stripe store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Paypal or Stripe store your purchase transaction data only as long as is necessary to complete your purchase transaction. After your purchase transaction is complete, Paypal or Stripe delete your purchase transaction data. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Paypal and Stripe’s Terms of Service and Privacy Policies.
Part 2: Use of Information
2.1 Transaction and Billing. We use information you submit, including Personal Information, to process your transactions. We utilize WooCommerce, Paypal and Stripe applications to detect fraud, verify your credit card, provide shipping rates, prevent purchases in excess of applicable limits, process, ship and complete purchase orders.
2.2. Customer Service and Technical Support. We may contact you using the information you provide in order to respond to inquiries you send us, to communicate with you regarding our offerings (e.g., updates about our store, including new products),
and to market our offerings to you. If you do not wish to receive such emails, you can choose to opt-out of receipt using the unsubscribe link within each email. You may also opt-in to receive email notifications when products are back in stock.
2.3 Operation and Improvement of our Services. We use your information, including Personal Information, to operate our business and provide our offering to you. We use information to personalize the offering we provide to you. We may use your information to verify your identity, for fraud prevention, to enforce the Terms of Service, and to protect the integrity of our offerings. We may also use your information to develop new offerings and to improve the quality of our offerings.
Part 3: Information Sharing & Disclosure
3.1 Service Providers. We may share your information, including Personal Information, with third-party services providers who assist us in providing the offerings to you and operating our business. The third-party service providers we use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies, so you can understand the manner in which your Personal Information will be handled by these providers in order for them to provide their services to us. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. Therefore, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
3.2 As Required By Law. We may disclose your information, including Personal Information, as required by law, such as in response to a court order, subpoena, lawful demand by a public authority, or similar legal process.
3.3. To Protect Our Business. We may disclose your information, including Personal Information, if we believe it is necessary to protect our property and/or rights, to protect the safety of the public or any person, in the event of a legal dispute, or to prevent or stop activity we believe may pose a risk of being illegal, unethical, or in violation of our Terms of Service.
3.4 Business Transfers. We may sell, assign, transfer, or otherwise share some or all of our assets in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. We may disclose or share your Personal Information in connection with such business transfers.
3.5 Google Analytics. We use Google Analytics to help us learn about who visits our website and what pages are being looked at in order to bring you a better experience and for marking and advertising purposes. We collect data using Google Analytics for the following reasons:
Display and search remarketing;
Age, gender, and interest reporting; and
Cookies to store user-specific preferences
Part 4: Children
Our website is not intended for persons under 16 years of age. By using our website, you represent that you are at least 16 years of age or the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given your consent to allow any of your minor dependents to use our website. If you are a parent or guardian and believe that your minor dependent has provided us with Personal Information without your consent, please contact us at firstname.lastname@example.org
Part 5: Security
We take reasonable precautions and follow generally accepted industry standards to protect the information we collect, including your Personal Information, against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, misuse, and other unauthorized processing. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. Paypal and Stripe store your information, including Personal Information, in their data storage, databases, and general applications on a secure server behind a firewall. We cannot, and do not, guarantee the security of any information you transmit to us, and you do so at your own risk. We also cannot, and do not, guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe your Personal Information has been compromised, please contact us at email@example.com
Part 6: Cookies
We utilize technologies to recognize you when you access or use our website, track your interactions with our website, personalize your experience, and market to you. These technologies include cookies, web beacons, pixels and similar devices. You maintain control over some of the information we collect through the use of such technologies through your browser setting preferences. If you choose not to accept cookies and similar devices, you may not be able to access all portions or functionality of our website.
Part 7: California Privacy Rights
If you reside in California, please note that we do not share your Personal Information with third parties for their direct marketing purposes without your consent.
Part 8: EU Data Subject Rights
8.1 Lawful Grounds. If you reside in the European Economic Area or Switzerland (collectively the “EU”), we rely on the following lawful grounds under the General Data Protection Regulation (“GDPR”) to process (collect, store, and use) your Personal Information: (a) it is necessary for the performance of a contract; (b) our or a third party’s legitimate business interest; or (c) your consent.
8.2 Data Transfer Notice. We are located in Australia and process all data in Australia. When you enter a contract with us, it is necessary for our performance of the contract to transfer and process your Personal Information in Australia. Section 3.1 provides additional information about processing by our third-party service providers.
8.3 Individual Rights. You may contact us at firstname.lastname@example.org to request access to, transfer of, and rectification or erasure of your Personal Information, or restriction of processing, or to object to processing of your Personal Information. Please specify the nature of your request and the information that is the subject of your request. We may require you to submit additional information necessary to verify your identity and status as an EU data subject. If you are a visitor or user of our Services, we will respond to your request directly within 30 days.
If we are processing your Personal Information based upon the lawful ground of your consent, you have the right to withdraw your consent for such processing at any time without affecting the lawfulness of processing based on consent before it is withdrawn. To withdraw consent, email us at email@example.com.
8.4 Retention. At a minimum, we will retain your personal data for a long as necessary for the purpose in which it was collected such as to perform a contract, for our or a third party’s legitimate interest, or your consent.
Part 9: Changes
Part 10: Contact
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, please contact us on firstname.lastname@example.org