Last Updated: November 27, 2023
SECTION 1 - WHAT INFORMATION DO WE COLLECT?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, and email address.
When you browse our store, we automatically collect certain information about your device, such as details regarding your web browser, IP address, and time zone. We also collect information about the page(s) you visit, actions you take on the site (e.g., completing a purchase), or how you arrived at our site (e.g., search, paid advertisement).
To track and store this information, we use the following technologies/services:
- Cookies are small files stored in browsers which are used to save user preferences.
- Google Analytics. To gather information about how customers shop in our store, we use Google Analytics, a service provided by Google. You can view more information on this service here. Remember, all of your Google data may be accessed and/or deleted by you via My Activity.
- Klaviyo tracks browsing behavior and will associate it with your email address if you provide it to us.
Additionally, when you begin or complete a purchase through our website, we collect certain information from you, including your name, email, billing/shipping address, and payment information.
Collectively, all types of information gathered or provided to us by you are referred to as "Personal Information."
SECTION 2 - HOW DO WE USE YOUR INFORMATION?
When you provide Personal Information as part of a transaction, we use the order information to fulfill any orders placed through our website. This includes processing payment, shipping item(s), and sending order information/confirmations. We may also use it to communicate with you regarding your order, screen orders for potential fraud, or provide advertising for additional products/services.
Other information collected as you browse the site, including page(s) visited, actions taken, or referral source, may be used to personalize your browsing experience, assess website performance, or shared with third parties for marketing/advertising purposes. With your permission, we may also send you emails about our store, new products, and other updates.
Our marketing partners include:
- Facebook (opt out of targeted advertising here)
- Google (opt out of targeted advertising here)
- Pinterest (opt out of targeted advertising here)
- Snapchat (opt out of targeted advertising here)
- TikTok (opt out of targeted advertising here)
We do not sell your personal information.
SECTION 3 - HOW DO YOU GET MY CONSENT?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason (e.g., email marketing), we will either ask you directly for your expressed consent or provide you with an opportunity to say no.
SECTION 4 - HOW DO I WITHDRAW MY CONSENT?
If, after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com.
If you wish to delete or block cookies from your browsing activity, you may do so within your browser.
If you wish to opt out of being tracked by Google Analytics, you may do so here.
We will never discriminate against you for withdrawing consent, and you will continue to be eligible for our best products & services regardless of whether you enable tracking.
SECTION 5 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 6 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then the processor of your choosing (e.g. PayPal or AfterPay for credit card payments) will store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
SECTION 7 - THIRD-PARTY SERVICES
In general, the third-party providers and brand partners used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us and/or market products and services that may be of interest to you.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 8 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Here is a partial list of cookies that we use. We’ve listed them here so you can choose if you want to opt-out of cookies or not.
- _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
- _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
- _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
- cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
- _secure_session_id, unique token, sessional
- storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 9 - DATA RETENTION & MANAGEMENT
We retain Personal Information we receive as described in this policy for as long as you use our services or as long as is necessary to fulfill the purpose(s) for which it was collected. When you place an order through the Site, we will store your order Information unless and until you ask us to delete this information.
You may have the right to request: (i) access to your personal data; (ii) an electronic copy of your personal data; (iii) correction of your personal data if it is incomplete or inaccurate; or (iv) deletion or restriction of your personal data in certain circumstances as provided by applicable law. We will not discriminate against you for the exercise of these rights. If you request to delete your account, you can create a new account on our Platform at any time. If you have a request regarding your personal data that cannot be fulfilled from your account settings, please contact us at firstname.lastname@example.org with the subject line “Privacy.”
SECTION 10 - RIGHT OF ACCESS
If you are a European resident, you have the right to access any personal information we have collected from you. You also have the right to ask that your personal information be corrected, updated, or deleted. To exercise this right, please contact us at email@example.com.
Also, if you are a European resident and have provided personal information to us for marketing, browsing, or transactional reasons, please note that your information will be transferred outside of Europe, including to Canada and the United States.
SECTION 11 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 12 - NOTICE TO CALIFORNIA RESIDENTS
This section outlines certain data privacy rights afforded by the California Consumer Privacy Act, as amended by the California Privacy Rights Act, to California residents under state law. Right to Know
You can request information about how we have collected, used and shared and used your personal information during the past 12 months. We have made this this information available to California residents without having to request it by including it in this notice.
Right to Access
You can request a copy of the personal information that we maintain about you.
Right to Delete
You may request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive your request and confirm your identity, we will review your request. We may deny your deletion request if retaining the information is proper and necessary or if an exception allowing us to retain the information applies.
Right to Correct
You may also request that we correct any of your personal data that has become outdated or needs correction for any reason.
Exercising Your Rights
To access or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. As permitted by applicable law, any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”). We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information.
California residents may exercise their rights described above by:
- Emailing us at: firstname.lastname@example.org with subject line "Verifiable Consumer Request"
Only you, or someone legally authorized to act on your behalf (an "Authorized Agent"), may make a request to know or delete related to your personal data. We require Authorized Agents to provide written authorization confirming they may submit a request on your behalf. You may only submit a request to know twice within a 12-month period. We endeavor to substantively respond to a Verifiable Consumer Request within forty-five (45) days of its receipt, unless we require an extension. If we reasonably require an extension, we will inform you of the reason and extension period.
We will not discriminate against you for exercising any of your data subject rights. We do not charge a fee to process or respond to your Verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
SECTION 13 - EU DATA PROTECTION RIGHTS
This section applies to users of our Service who are residents of the European Economic Area and the UK. If you are a resident of the European Economic Area and the UK, you have the right to:
Access, correct, update or request deletion of your personal information.
Object to processing of your personal information and request that we restrict processing of your personal information.
Opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, by using the contact details below.
Complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- For the purposes of the data collected on our Services, labdip serves as the data controller. Our Services are hosted on Shopify, and Shopify acts as our data processor. In instances where a consumer is located in the European Economic Area, that individual’s personal information will be processed by Shopify’s Irish Affiliate, Shopify International, Ltd.
How to Exercise Your Rights
To exercise your data protection rights, please submit a request by:
- Emailing us at: email@example.com with subject line “EU Data Request”
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Only you or someone legally authorized to act on your behalf may submit a request that affects your data. Therefore, we will need to verify your identity or the identity of whoever is submitting a request on your behalf.
We will not discriminate against you for exercising any of your data protection rights. We do not charge a fee to process or respond to your data protection request, unless it is excessive, repetitive or manifestly unfounded.
SECTION 14 - CHANGES TO POLICY
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org.