Last Updated: 10th February 2019
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, operating system, the website from which you reached our website (referrers), IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, PayPal details, Apple Pay details, Google Pay details, Afterpay details and ZipPay details), email address, and phone number. We refer to this information as “Order Information”.
How do you get my consent?
When you provide us with personal information (including your name, email, shipping and billing address and telephone number) to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, or by unsubscribing from our mailing list or by contacting us at firstname.lastname@example.org.
AGE OF CONSENT
By using this Site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this Site.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use your Personal and Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Personal and Order Information to:
- Register you for an account on our Site, if you choose to;
- Provide a product or service;
- Operate, maintain and enhance our Site and the products and services that we provide;
- If your preferences permit, provide you with recommendations and personalised products and services;
- Understand and analyse trends and preferences, to improve our products and services and to develop new products and services;
- Communicate with you to provide customer assistance;
- Respond to comments and questions via email or social media;
- To conduct free prize draws, prize competitions, or promotions, as permitted by law;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- in the case of non-personally identifiable information only—or personal information only with your explicit consent—to promote and market ourselves, our products and services, and our websites (including any social media pages maintained or operated by us such as Facebook and Instagram etc).
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
WHAT WE DON’T DO WITH YOUR PERSONAL INFORMATION
We do not and will never share, disclose, sell, rent, or otherwise provide personal information to other companies for the marketing of their own products or services.
SHARING YOUR PERSONAL INFORMATION
Personal information and data we collect stays within our company, other than in the following circumstances:
- when you give us explicit consent to share your data;
- when we share it with our affiliates, partners and other trusted organisations we work with to provide products and services to you;
- when we share it with trusted external service providers and data processors such as data centres, web hosts, cloud storage and cloud software providers, customer support providers, payment processors, debt collectors, accountants, and insurers;
- when we share it with prospective sellers or buyers of our business or assets; or
- when we share it with regulators and other relevant parties for the purpose of legal or contractual compliance, to respond to a subpoena, search warrant or other lawful request for information we receive, or for reporting purposes, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or the rights of third parties or the public at large.
We share your Personal Information with third parties to help us provide you with our products and services. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
LINKS TO THIRD PARTY WEBSITES
PAYPAL AS A PAYMENT PROCESSOR
On this website, we have integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services.
If you choose "PayPal" as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, you agree to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.
The transmission of the data is aimed at payment processing and fraud prevention. We will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and us for the processing of the data will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks. PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.
The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook & Instagram: https://www.facebook.com/settings/?tab=ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.
Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. We cannot ensure or warrant the security of any information you transmit to us or store on the Site, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your personal information has been compromised, please contact us on the below details.
If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
CONSENT TO INTERNATIONAL TRANSFER OF DATA
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the website or online service that a user visits, indicating that the user does not wish to be tracked. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signal. We continue to work with the online industry to define a common understanding of how to treat Do Not Track signals.
In the meantime, you may opt out of receiving interest-based advertising from advertising networks that may be delivered on our platform and other websites by visiting the following websites. If you want to opt out of this online behavioural advertising, visit the following sites: http://www.aboutads.info/consumers and http://www.networkadvertising.org.
This will opt you out of many – but not all - of the interest-based advertising activities in which we or third parties engage. Choices you make may be browser and device specific. If you delete your cookies or use a different browser or a different computer or device, you may need to update your opt-out choices. Other third-party Sites provide visitors with the ability to opt-out of receiving interest-based ads on their Sites that you need to control through your settings on that Site. For example, to opt out of Google’s use of your online behaviour for advertising purposes, visit Google’s Ad Settings page.
We respect your privacy rights and understand under the laws of some jurisdictions, you may have the right to request details about the information we collect, to correct inaccuracies or you may request that we erase your personal information. Any further statutory user rights remain unaffected. We will promptly respond to all requests and reserve the right to decline to process requests that jeopardise the privacy of others, are extremely impractical, or are not permitted by local law.
You may unsubscribe from our marketing communications by following the unsubscribe instructions located on the bottom of our emails or by emailing us at email@example.com.
You may update, correct, or delete your account information and preferences. If you would like to exercise this right, please contact us through the contact information below. You may be asked to prove your identity before any personal information is provided.
Right of access:
You have the right to ask whether or not we collect or process personal data about you, and, if we do, to request access to your personal data. You have the right to find out what personal data we have collected about you, the purpose of the collection and who else we have shared this data with. Your access may be restricted, though, by other people’s rights and interests. Requests for access to your personal data can take up to 30 days to process.
Right to Request Rectification:
At your request, we will rectify inaccurate personal data concerning you within 30 days of your request. You also have the right to ask us to complete personal data about you that is incomplete.
Right to be Forgotten:
If you wish to have all your personal data erased from our Service, we can honour that request within 30 days of your account removal. Please note that this request means you will have to delete your existing account and everything else that is stored in your account.
Right to Request Restriction of Processing:
You have the right to obtain from us restriction of processing your personal data. In such case, we will only process your data for certain purposes that are mandatory by law.
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We will retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org or by mail using the details provided below:
Little Kitty Co
[Re: Privacy Compliance Officer]
PO Box 511,