SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com or mailing us at:
Scrappy Hats, LLC.
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
SECTION 10 - Your California Privacy Rights under the California Consumer Privacy Act (CCPA)
If you are an individual who is a resident of California (a California “consumer”), you have the following rights under the California Consumer Privacy Act, which went into effect on January 1, 2020, with respect to your “personal information” (as defined by CCPA):
• Right to Know. You have the right to request that we disclose to you, following your “verifiable consumer request”:
- The categories of personal information we have collected about you
- The categories of sources from which the personal information is collected
- The business or commercial purpose for collecting personal information
- The categories of third parties with which we share personal information
- The specific pieces of personal information we have collected about you
- The categories of personal information about you that we disclosed for a business purpose
- If we sell your personal information (to our knowledge, we do not sell personal information of California consumers – see below in this section under the heading “Disclosure of Personal Information”):
- The categories of personal information that we sold about you
- The categories of third parties to which your personal information was sold, by category or categories of personal information for each category of third parties to which the personal information was sold
- The business or commercial purpose for selling personal information
• Right to Delete. You have the right to request that we delete, following your “verifiable consumer request”, the specific pieces of personal information we have collected about you.
- Categories of personal information we collect
- Specific pieces of personal information we have collected about you
- Categories of sources from which we collect personal information
Right to Non-Discrimination. We may not discriminate against you because you exercise any of your rights under CCPA, including by:
- Denying goods or services to you
- Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
- Providing a different level or quality of goods or services to you
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services
Methods of Submitting Requests
If you are a California consumer, you may submit requests to exercise your “right to know” or your “right to delete” via either of the following methods:
• By email, to: firstname.lastname@example.org
CCPA Personal Information
We collect (and during the last 12 months have collected) the following categories of personal information, from the following categories of sources, and for the following business or commercial purposes:
Categories of Personal Information
Categories of Sources
Identifiers (such as a real name, postal address, email address, an online identifier, or an internet protocol address)
We receive such informationdirectly from consumers (such as when they complete a purchase on our Website) and/or from third-
For our operational and commercial purposes, including to manage, perform, and administer our contracts and relationships with consumers,to contact consumers, and/or to send information (including marketing information about our products) to consumers, and to engage in tailored advertising
Commercial information (such as records of the products a consumer purchased)
We receive such information directly from consumers (based on the purchase activities of those consumers on our Website) and/or from third-party vendors (such third-party data providers
For our operational and commercial purposes, including to manage, perform, and administer our contracts and relationships with consumers, to engage in tailored advertising, and to manage our supply chain (including with respect to buying decisions)
Internet or other electronic network activity information (such as browsing history, search history, and information regarding interactions with our Website and our advertising)
For our operational and commercial purposes, including to engage in tailored advertising and to manage our supply chain (including with respect to buying decisions)
We receive such information directly from consumers (such as when they complete a purchase on our Website) or from third-party vendors (such as third-party data providers)
For our operational and commercial purposes, including to manage, perform, and administer our contracts and relationships with consumers,to contact consumers and/or to send information (including marketing information about our products) to consumers
Inferences (drawn from any of the other categories of personal information of the information to create a profile about a consumer reflecting, for example, aconsumer’s product
We receive such information from third-party vendors, including vendors that perform analytics and remarketing services for us
For our operational and commercial purposes, including to engage in tailored advertising
Disclosure of Personal Information
We disclose (and during the last 12 months have disclosed) each of the above categories of personal information for a business purpose with our authorized service providers that perform certain services on our behalf, including fulfillment, shipping, and handling providers, payment service providers, data analytics providers, technology service providers, and advertising and marketing service providers and platforms. These services may include fulfilling orders, processing credit card payments, providing customer service and marketing assistance, performing business and sales analysis, supporting our Website functionality and supporting other features offered through our Website, and providing advertising and marketing services (including delivering tailored advertising and email marketing campaigns, and analyzing and improving the effectiveness of our advertising and marketing).
To our knowledge, we do not sell personal information of California consumers. Prior to January 1, 2020 (including during the 12 months prior to January 1, 2020), we shared the personal information (in particular, identifiers, commercial information, Internet or other electronic network activity information, and geolocation data) of California consumers with third-party data resellers in connection with our use of their data cooperative and data provision, enrichment, verification, and analytics services, but we ceased that sharing practice with respect to California consumers prior to January 1, 2020.
Your California Privacy Rights under “Shine the Light”
For more information, please email us at email@example.com with “California Shine the Light Privacy Request” in the subject line, and your full name, email address, postal address and specific services you have used in the body of your email.
Your Data Protection Rights Under the European General Data Protection Regulation (GDPR)
If you are in the EEA and certain requirements are fulfilled, you have the following data protection rights:
- The right to access, update or to delete your personal data. Whenever made possible, you can access, update or request deletion of your personal data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your personal data rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your personal data if we have no legitimate reasons to do so, and to direct marketing.
- The right of restriction. You have the right to request that we restrict the processing of your personal data (i.e., we would need to secure and retain the personal data for your benefit but not otherwise use it).
- The right to data portability. You have the right to be provided with a copy of your personal data in a structured, machine-readable and commonly used format (or have this transferred to a third party).
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Scrappy Hats relied on your consent to process your personal data.
If you wish to exercise one of the above-mentioned rights, please send us your request via email to: firstname.lastname@example.org
You also have the right to complain to a data protection authority about our collection and use of your personal data. We would, however, appreciate the opportunity to address your concerns before you approach a data protection authority, and would welcome you directing an inquiry first to us at: email@example.com.
Links to Third-Party Websites and Third Party Features
- Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Website that allows you to “like” or “share” content on, or log-in to your Scrappy Hats' account through, third-party services, including social networks such as Facebook. If you choose to engage with such a third-party service through our Website, we may collect any information you have authorized the third-party service to share with us (such as your user ID, billing information, public profile information, email address, birthday, friends list, and other account and profile data). Likewise, if you choose to engage with such a third-party service through our Website or visit our Website while logged in to that third-party service on your device or through our Website, the third-party may receive information about your activities on our Website and be able to associate that information with information the third-party already has about you.
Our Website is not intended for children under the age of 13.
We do not knowingly collect personal information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that personal information from our servers.
To Contact Us
LAST UPDATED: December 1, 2020
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at
Scrappy Hats, LLC.
[Re: Privacy Compliance Officer]