WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing: With your permission, we may send you emails about our store, new products and other updates.
How do you get my consent? When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent? If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at:
Rancho Santa Fe California US 92067
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
Payment: If you choose a direct payment gateway to complete your purchase, your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We do not rent, sell, or share your personal information with other people or nonaffiliated companies except to provide products or services you've requested, when we have your permission. In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Links: When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Google analytics: Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
- _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
- _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
- _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer. cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
- _secure_session_id, unique token, sessional storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
- PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where.
What We Collect When Using Cookies
Social Media Widgets and Advertising. Our services may include social media features, such as the Facebook Like button, Pinterest, Instagram, Twitter or other widgets. These social media companies may recognize you and collect information about your visit to our services, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.
We display targeted advertising to you through social media platforms, such as Facebook, Twitter, Instagram, and other social media forums. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. We may share a unique identifier, such as a user ID or hashed email address, with these platform providers or they may collect information from our website visitors through a first-party pixel, in order to direct targeted advertising to you or to a custom audience on the social media platform. These advertisements are governed by the privacy policies of those social media companies that provide them.
Third Party Partners. The following is a sample of the third-party service partners we work with to provide advertising services. As partners change and new technologies become available, this list is likely to change over time and may not always reflect our current partners.
- Google Analytics and Advertising. We use Google Analytics to recognize you and link the devices you use when you visit our websites or services on your browser or mobile device, log in to your account on our services, or otherwise engage with us. We share a unique identifier, like a user ID or hashed email address, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our services and to tailor our advertisements and content to you.
You can learn more about Google’s practices with Google Analytics by visiting Google.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at:
Privacy Compliance Officer
Rancho Santa Fe California US 92067
PLEASE READ THIS EU DATA PROCESSING ADDENDUM (“ADDENDUM”) CAREFULLY BEFORE USING THE WEBSITE, SOFTWARE OR SERVICES OFFERED BY LIZZY JAMES DESIGNS, INC. (“LIZZY JAMES” OR “COMPANY”). THIS ADDENDUM SHALL APPLY TO THE EXTENT LIZZY JAMES IS A PROCESSOR OF PERSONAL DATA (DEFINED BELOW) THAT IS SUBJECT TO CERTAIN DATA PROTECTION LAWS (DEFINED BELOW). YOU OR THE ENTITY YOU REPRESENT AGREE THAT YOU HAVE READ AND ACCEPT THE TERMS IN THIS ADDENDUM, WHICH SUPPLEMENT LIZZY JAMES ’S TERMS OF SERVICE AVAILABLE AT WWW. LIZZY JAMES.COM/PAGES/TERMS-OF-SERVICE (“TERMS OF SERVICE”).
IF YOU OR DO NOT UNCONDITIONALLY AGREE TO ALL THE TERMS AND CONDITIONS OF THIS ADDENDUM, YOU HAVE NO RIGHT TO USE LIZZY JAMES’ SERVICES AND MUST NAVIGATE AWAY FROM THIS PAGE.
This supplements the Terms of Service whenever any user of Lizzy James’ Services provides Lizzy James with personal data that is or will be subject to Data Protection Laws (for the purposes of this Addendum, each user who does so shall be referred to as a “Controller”). Any terms not defined in this Addendum shall have the meaning set forth in the Terms of Service. In the event of a conflict between the terms and conditions of this Addendum and the Terms of Service, the terms and conditions of this Addendum shall supersede and control.
1.1 “Data Subject” means any individual about whom Personal Information may be processed under these terms.
1.2 “Data Protection Legislation” means the GDPR (as defined below), together with any national implementing laws in any Member State of the European Union or, to the extent applicable, in any other country, as amended, repealed, consolidated or replaced from time to time.
1.3 “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
1.4 “Personal Information” means personal data (as defined under the Data Protection Legislation) that are subject to the Data Protection Legislation and that you authorize Lizzy James to collect in connection with Lizzy James’service terms.
1.5 “Process” or “Processing” means any operation or set of operations performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of Personal Information.
1.6 “Security Incident” means a breach of security of the Service or Lizzy James’ systems used to Process Personal Information leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise Processed by Lizzy James in the context of this Addendum.
1.7 “Sensitive Information” means Personal Information revealing a Data Subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation.
- Limitations on Use. Lizzy James will Process Personal Information solely on your behalf and in accordance with the Agreement, this Addendum and any other documented instructions from you (whether in written or electronic form), or as otherwise required by applicable law. Lizzy James is hereby instructed to Process Personal Information to the extent necessary to enable Lizzy James to provide the Service in accordance with the Agreement. In case Lizzy James cannot process Personal Information in accordance with your instructions due to a legal requirement under any European Union or Member State law to which Lizzy James is subject, Lizzy James shall (i) promptly notify you in writing (including by e-mail) of such legal requirement before carrying out the relevant Processing, to the extent permitted by the applicable law; and (ii) cease all Processing (other than merely storing and maintaining the security of the affected Personal Information) until such time as you provides Lizzy James with new instructions. You will be responsible for providing any necessary notices to, and obtaining any necessary consents from, Data Subjects whose Personal Information is provided by you to Lizzy James for Processing pursuant to this Addendum. You acknowledge that the Service are not intended or designed for the Processing of Sensitive Information, and you agree not to provide any Sensitive Information through the Service. Lizzy James may be notified at – Lizzy James Designs, Inc., POB 974, Rancho Santa Fe, CA 92067.
- Security. Lizzy James shall implement, and maintain throughout the term of the Addendum at all times in accordance with then current good industry practice, appropriate technical and organizational measures to protect Personal Information in accordance with Article 32 of the GDPR. On request, Lizzy James shall provide you with a written description of the security measures being taken. The Service provides reasonable technical and organizational measures that have been designed, taking into account the nature of its Processing, to assist you in securing Personal Information Processed by Lizzy James.
- Data Subject Requests. You are responsible for handling any requests or complaints from Data Subjects with respect to their Personal Information Processed by Lizzy James under this Addendum. Lizzy James will notify you promptly and in any event no less than fifteen (15) business days’ notice, unless prohibited by applicable law, if Lizzy James receives any such requests or complaints. The Service include technical and organizational measures that have been designed, taking into account the nature of its Processing, to assist customers, insofar as this is possible, in fulfilling their obligations to respond to such requests or complaints.
- Regulatory Investigations. At your request, Lizzy James will assist you in the event of an investigation by a competent regulator, including a data protection regulator or similar authority, if and to the extent that such investigation relates to the Processing of Personal Information by Lizzy James on your behalf in accordance with this Addendum. Lizzy James may charge a reasonable fee for such requested assistance except where such investigation arises from a breach by Lizzy James of the Agreement or this Addendum, to the extent permitted by applicable law.
- Security Incident. In the event that Lizzy James becomes aware of a Security Incident, Lizzy James will notify you promptly and in any event no later than forty-eight (48) hours after Lizzy James discovers the Security Incident. In the event of such a Security Incident, Lizzy James shall provide you with a detailed description of the Security Incident and the type of Personal Information concerned, unless otherwise prohibited by law or otherwise instructed by a law enforcement or supervisory authority. Following such notification, Lizzy James will take reasonable steps to mitigate the effects of the Security Incident and to minimize any damage resulting from the Security Incident. At your request, Lizzy James will provide reasonable assistance and cooperation with respect to any notifications that you are legally required to send to affected Data Subjects and regulators. Lizzy James may charge a reasonable fee for such requested assistance.
- Sub-Processors. You agree that Lizzy James may disclose Personal Information to its subcontractors for purposes of providing the Service (“Sub-Processors ”), provided that Lizzy James (i) shall enter into an agreement with its Sub-Processors that imposes on the Sub-Processors obligations regarding the Processing of Personal Information that are at least as protective of Personal Information as those that apply to Lizzy James hereunder, including requiring the Sub-Processors to only process Personal Information to the extent required to perform the obligations sub-contracted to them, and (ii) shall remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Sub-Processors. If you object to a new Sub-processor, as permitted in the preceding sentence, Lizzy James will use reasonable efforts to make available to you a change in the Service or recommend a commercially reasonable change to your configuration or use of the Service to avoid Processing of Personal Data by the objected-to new Subprocessor without unreasonably burdening you. If Lizzy James is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, either party may terminate the component of the Service which cannot be provided by Lizzy James without the use of the objected-to new Sub-processor by providing written notice to the other party.
- Data Transfers. In connection with the performance of the Agreement, you authorize Lizzy James to transfer Personal Information to the United States. You and Lizzy James will enter into Standard Contractual Clauses for the Transfer of Personal Data to Processors Established In Third Countries pursuant to Commission Decision 2010/87/EU of 5 February 2010 Countries ("Model Contract "), attached hereto as Exhibit A.
- Information. Lizzy James shall make available to you all information necessary to demonstrate compliance with the obligations laid down in this Addendum and allow for and contribute to audits, including inspections, conducted by you or an auditor mandated by you. Lizzy James shall immediately inform you if, in its opinion, an instruction infringes the Data Protection Legislation.
- Return or Disposal. Upon termination of your User Account for any reason, Lizzy James will return or destroy Personal Information at your request and choice.
- Limitation of Liability. The total liability of Company (and its respective employees, directors, officers, affiliates, successors, and assigns), arising out of or related to this Addendum, whether in contract, tort, or other theory of liability, shall not, when taken together in the aggregate, exceed the limitation of liability set forth in the Terms of Service.
ADDITIONAL CALIFORNIA PRIVACY DISCLOSURES
Scope of Disclosures
These CA Disclosures provide additional information about how we collect, use, disclose and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”).
Personal Information Disclosures
When we use the term “personal information” in these CA Disclosures, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
For the purposes of these CA Disclosures, personal information does not include:
- Publicly available information from government records.
- Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.
Information excluded from the CCPA's scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
- Information relating to our job applicants, employees, contractors and other personnel, which is not governed by these Disclosures.
Collection and Use of Personal Information
We collect various categories of Personal Information in connection with our services.
In the last 12 months, we have collected the following categories of personal information from the following sources of personal information:
Identifiers, such as your name, address, phone number, email address, IP address, account password or other similar identifiers.
California Customer Records (Cal. Civ. Code § 1798.80(e)), such as your birthdate, name, credit card number or other payment account number (including the three (3) or four (4) digit validation code for your credit card).
Commercial Information, such as your shopping history and purchasing and ordering behavior.
Internet/Network Information, such as your browsing history, log and analytics data, search history, and information regarding your interaction with the websites.
Geolocation Data, such as information about your physical location collected from geolocation features on your device, including your IP address and GPS (e.g. latitude and/or longitude).
Other Personal Information, such as information you post on our platform or on social media pages, including pictures or videos of you, or other information you submit to us, including your wedding or anniversary date and personal information of your family/friends.
In addition to the specific categories of sources identified above, the following “Common Sources” apply to all categories of personal information we collect:
— Directly from you
— Indirectly from you
— Our business partners and affiliates
— Third parties you direct to share information with us
Please note: In addition to the categories of sources identified above, we may collect information from publicly available sources and other third-party information providers in order to supplement the information we have otherwise collected.
Purposes for Collecting Personal Information
We collect, use, sell or disclose personal information about you for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, to allow you to place an order in-store or online, have it delivered to you, or to provide you with the information that you request. In addition, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry.
- To fulfill your transactions or purchases via Shopify payments (e.g., to process credit card payments in connection with your transaction).
- To communicate with you, including to send you service-related emails or messages and communications from or about Lizzy James Jewelry and to send you important information regarding the services, such as certain changes to our terms, conditions, policies, and/or other administrative information.
- To process your registration on our services, including verifying your information to ensure its accuracy and validity.
- To operate, maintain, and provide to you the features and functionality of the service.
- To market to you, including through email or direct mail, and to inform you of products, programs, services, and promotions that we believe may be of interest to you, including, without limitation, adding you to our email/mailing lists and permitting you to participate in sweepstakes, contests, and similar promotions (collectively, "Promotions").
- To evaluate your eligibility for certain types of Promotions, offers, products, or services that may be of interest to you.
- To personalize your experience (e.g., to locate the stores closest to your location) and to deliver custom content and product and service offerings relevant to your interests, including but not limited to targeted offers and ads through our website, email, social media channels, third-party sites, or on other devices you may use.
- To better understand the demographics of our visitors.
- To recognize you and remember your information when you return to our website and service.
- To measure traffic and analytics on our services.
- To help maintain the safety, security, and integrity of our service, technology assets, and business.
- For our internal business purposes, such as data analysis, customer research, audits, fraud prevention, developing new products and/or features, enhancing the services, improving our services, identifying usage trends, and determining the effectiveness of our promotional campaigns, including to inform our machine learning for purposes such as user engagement.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To evaluate, negotiate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Lizzy James Jewelry’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Lizzy James Jewelry about consumers is among the assets transferred or is otherwise relevant to the evaluation, negotiation or conduct of the transaction.
Your California Privacy Rights
As a California resident, you may be able to exercise the following rights in relation to the Personal Information about you that we have collected (subject to certain limitations at law):
The Right to Know
You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed in the last 12 months, upon verification of your identity:
The Right to Request Deletion
You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
The Right to Opt Out
You have the right to direct us not to sell personal information we have collected about you to third parties now or in the future.
If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.
The Right to
You have the right not to receive discriminatory treatment for exercising any of the rights described above.
However, please note that if the exercise of the rights described above limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products or services or engage with you in the same manner.
“Shine the Light”
California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code § 1798.83).
How to Exercise Your California Privacy Rights
To Exercise Your Right to Know or Right to Deletion
To exercise your Right to Know or your Right to Deletion, please submit a request by:
- emailing firstname.lastname@example.org
We will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account. We will only use personal information provided in connection with a Consumer Rights Request to review and comply with the request.
In certain circumstances, we may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity.
To Exercise Your Right to Opt Out of Personal Information Sales
Unless you have exercised your Right to Opt Out of Personal Information Sales, we may sell personal information to third parties for monetary or other valuable consideration. The third parties to whom we may sell personal information may use such information for their own purposes in accordance with their own privacy statements, which may include reselling this information to additional third parties.
As noted above, we do not sell personal information as most people think of that term. You may, however, exercise your right to opt out of any future potential sales by clicking the link below and following the instructions:
You do not need to create an account with us to exercise your Right to Opt Out of Personal Information Sales. However, we may ask you to provide additional personal information so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal information provided in an opt out request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.
Once you make an opt-out request, you may change your mind and opt back in to personal information sales at any time by contacting us at email@example.com
Third-Party Tracking and Online Advertising
We utilize third-party partners to engage in online advertising. These ad networks, social media companies and other third-party businesses collect your personal information directly from your browser or device through cookies or similar tracking technology when you visit or interact with our websites, use our apps or otherwise engage with us online. For example, they may collect Internet/Network information, such as a cookie or device ID, browsing history and website usage, Geolocation Data, and Inferences generated from your browsing history and interactions with our service as well as other sites and services. These third-party businesses use your personal information to serve relevant ads on our site, on other websites or mobile apps, or on other devices you may use, or to personalize content and perform other advertising-related services such as reporting, attribution, analytics and market research. These third parties may use such personal information for their own purposes in accordance with their own privacy statements, which may include reselling this information to additional third parties, including other advertising networks.
Minors Under Age 16.
We do not sell the personal information of consumers we know to be less than 16 years of age, unless we receive affirmative authorization (the “Right to Opt In”) from either the minor who is between 13 and 16 years of age, or the parent or guardian of a minor less than 13 years of age. Please contact us by emailing firstname.lastname@example.org
to inform us if you, or your minor child, are under the age of 16.
California’s ”Shine the Light” Law
At the time of this writing, we do not provide your personal information to third parties for their direct marketing purposes, as described in California's "Shine the Light" law (Civil Code Section §1798.83). To opt-out of having your personal information disclosed to third parties for their direct marketing purposes in the future, please email us. Please note that to opt-out of all disclosures to third parties for direct marketing purposes, you must provide your personal information to be added to our suppression list.
In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf where (i) you provide sufficient evidence to show that the requestor is an authorized agent with written permission to act on your behalf and (ii) you successfully verify your own identity with us.