SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at:
5792 W Jefferson Blvd.
Los Angeles, CA 90016
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at:
[Re: Privacy Compliance Officer]
5792 W Jefferson Blvd.
Los Angeles, CA 90016
California Consumer Privacy Act (CCPA)
If you are a California resident, you have certain rights when it comes to your personal information. These rights, and how you are able to exercise them, are outlined below. Exercising these rights will have no adverse impact on the price or quality of our products.
You may request information about our disclosure of your personal information to third parties or their affiliates for their direct marketing purposes. To make such a request, please email us at firstname.lastname@example.org and allow up to 30 days for us to process your request. You may make a request once a year.
You have the right to request that we delete any of your personal information that we have collected (“Right to Delete”). However, some information is exempted from deletion by law, such as information necessary for security and fraud detection and information needed to provide you with goods or services. For example, if you ask us to delete your data but keep you on our email list, we will retain the information needed to continue sending you our emails. If you request deletion, we will explain what, if any, information we keep and why. Note: information that is anonymized or pseudonymized is not considered personal information by law, thus we may “delete” your information by anonymizing or pseudonymizing it.
You have the right to non-discrimination for exercising the rights above, meaning we will not deny you goods or services or charge you different rates for using these rights.
You may make a request to know or delete by emailing email@example.com. When you make a request, we will take steps to verify your identity before we respond; this is to protect you and your information. First we will ask you for your email and your physical address, which must match the addresses connected to your account with us (if you have one). We will then send a physical letter to your physical address with a one-time code, which you must email to us from the email address you provided. After this, we will respond to your request.
You may designate an “Authorized Representative” to make these requests on your behalf. You will have to verify for us that you did in fact authorize this representative. Your authorized representative must provide us with your contact details, unless the law requires otherwise, after which we will contact you to confirm that you authorized this representative. Once you confirm, we will respond to your request.
You may contact us at firstname.lastname@example.org for more information.
If you are a California resident, you have the right to opt out of the “sale” of your personal information to “third parties.”
The word “sale” in this law is defined quite broadly. It doesn’t only mean exchanging data for money; it covers any transfer of personal information to a “third party” in exchange for “other valuable consideration.”
We do not transfer your information to third parties in exchange for money, and we will not do so. However, we do transfer personal information to certain third parties so that we can operate our business (for example, to market our products). It’s a possibility that someone could claim that this transfer was in exchange for “other valuable consideration.” We want to be careful and respectful of your personal information; therefore, if you opt out, we will not transfer your information to any “third parties” except as outlined below (and as allowed by law).
Please be aware that opting out may have effects on your experience with HAPP that you (and we) don’t expect. Any transfer of data to a “third party” may be considered “sale” of that data, and the law considers any other business a “third party.” As a result, if you opt out of the “sale” of data, we will not be able to send data to some of our business partners. This means that after you opt out, you may not receive all of the marketing or other information you are used to getting from us. It’s also possible that some features of our website may not work for you after you opt out.
Please also be aware that California law prohibits us from asking you to “opt in” for 12 months afer you have “opted out.” We are allowed to notify you if a specific transaction requires we transfer data to a third party, which we will do so that you can opt in in order to complete the transaction.
We do not “sell” the data of individuals under age 16, nor do we intend to collect data related to individuals under 13.
The law provides some exceptions to the opt-out that you should be aware of:
Even if you opt out, we are allowed, and will continue, to transfer data to a “service provider,” which the law does not consider a “sale.” A service provider is a business that agrees not to use your information for any purpose other than providing the services specified in our contract.
Even if you opt out, we are allowed to transfer your data to a third party in cases where you direct the transfer, or you direct us to interact with the third party.
Even if you opt out, we are allowed to continue collecting and processing your personal information, because the law does not consider the collection and use of this information for our own purposes a “sale.”
Opting out only applies to “personal information” - data that is or is able to be linked to you. Anonymized or pseudonymized information is not considered personal information.
Please note that there are some technical limitations to opting out; our ability to identify data related to you and prevent the “sale” of that information is limited. Where we can reasonably determine that information relates to you and that you have opted out, we will not “sell” it to “third parties” except as allowed by law. However, in cases where we can’t determine that information relates to you, that information may then be inadvertently “sold” to a third party.
Opting out is not the same as unsubscribing. Opting out of the “sale” of your personal information will not prevent you from receiving marketing messages from us (because this is not a “sale” of your data). If you wish to unsubscribe from our emails, follow the “unsubscribe” link in the footer of one of your emails.
General Data Protection Regulation (GDPR)
How to Opt Out
If you would like to opt out of the “sale” of your data, or exercise any of the other rights mentioned above, you may click the appropriate link below or email us with your request at email@example.com.
If you choose to opt out using the links below, we will ask for your email address. You must provide this in order to proceed. We will then send a message to that address. You must reply from the same email address to complete the process. This step is so we can authenticate your identity and prevent fraud and abuse. If you wish to opt out multiple email addresses, you must provide each address to us. This is because we have no reasonable way to link a single address you give us to other addresses you may have.
Please note that if you send us an email at [email address] us to opt out instead of using the links below, we will have no way of setting the cookie on your device that tells us not to “sell” your personal data, which will limit our ability to prevent the “sale” of your data. For this reason, the links below are the most complete way to opt out.
Please also note that if you do opt out using the links below, but then delete the cookie, or return via a different browser or device, we will not be able to connect the session to your opt-out, thus cannot prevent the “sale” of your data.
You can use the link below to update your account data if it is not accurate.
You can use the links below to download all the data we store and use for a better experience in our store.
Access to Personal Data
You can use the link below to request a report which will contain all personal information that we store for you.
Right to be Forgotten
Use this option if you want to remove your personal and other data from our store. Keep in mind that this process will delete your account, so you will no longer be able to access or use it anymore.