This Privacy Notice explains how THRIFTS + THREADS collects, uses, shares and processes your personal information as well as the rights and choices you have associated with that information. This Privacy Notice applies to all personal information collected during any written, electronic, and oral communications or collected online or offline, which includes: our website, located at www.thriftsthreads.com (“the Site”) as well as any other written, electronic, and oral communications with us (collectively, the “Services”).
Please read this Privacy Notice and our Terms of Service before accessing or using our Services. If you cannot agree with this Privacy Notice and our Terms of Service, please do not access or use our Services. If you are located in a jurisdiction outside the European Economic Area, by using our Services, you accept our privacy practices described in this Notice.
We may modify this Notice at any time, without prior notice, and changes may apply to any personal information we already hold about you, as well as any new personal information collected after the Notice is modified. If we make changes, we will notify you by revising the date at the top of this Notice. We will provide you with advanced notice if we make any material changes to how we collect, use or disclose your personal information that impact your rights under this Notice. If you are located in a jurisdiction other than the European Economic Area, the United Kingdom or Switzerland (collectively “European Countries”), your continued access or use of our Services after receiving the notice of changes, constitutes your acknowledgement that you accept the updated Notice.
In addition, we may provide you with real time disclosures or additional information about the personal information handling practices of specific parts of our Services. Such notices may supplement this Policy or provide you with additional choices about how we process your personal information.
SECTION 1 - PERSONAL INFORMATION WE COLLECT
We collect personal information when you use our Services, create an account with us or submit personal information when requested with the Site. Personal information generally is any information that relates to you, identifies you personally or could be used to identify you, such as your name, email address, phone number, address and payment account number. The definition of personal information varies by jurisdiction. Only the definition that applies to you based on your location applies to you under this Privacy Notice. Personal information does not include data that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.
The types of personal information that we may collect about you include:
Information You Directly and Voluntarily Provide to Us. We collect the personal information you give us when you use our Services. This includes when you visit our Site, contact us regarding service inquiries, or place an order. For example when you place an order, we collect information that you provide to us during the ordering process. This information will include your first and last name, mailing address, and email address.
You may also provide credit card information when you place an order. Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your credit card information is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. For more information about Shopify’s processing of your personal information please see Shopify’s Terms of Service (https://www.shopify.com/legal/terms) and Privacy Statement (https://www.shopify.com/legal/privacy).
Information You Post on the Site. You may be able to post information on public areas of the Site, for example a customer review, and that information may be collected and used by Thrifts and Threads, users of the Site, and the public generally. We strongly recommend that you do not post any information through the Site that allows strangers to identify or locate you or that you otherwise do not want to share with the public.
Mobile Marketing. You may be able to sign up to receive communications about our Services through your mobile device by submitting your mobile telephone number online or by texting us. If you sign up for mobile communications, we may send you autodialed marketing text messages about our products, services and promotions. It is your responsibility to notify THRIFTS+THREADS in the event that you disconnect your mobile number or change carriers. In the U.S., you may opt out of receiving text message communications on your mobile device by sending a text message with the word “STOP” to the short code in which you received the message. You will receive one additional text message, confirming that your request has been received. Outside the U.S., you may opt out of receiving these communications by contacting us as specified in the “How to Contact Us” section below. Depending on the terms of your mobile phone contract, you may incur charges for receiving and sending text messages on your mobile device. THRIFTS+THREADS is not responsible for these charges. Message frequency varies per month. Autodialed marketing messages will be sent to the mobile number you provide at opt-in. Message and data rates may apply. For help, text HELP to the short code in which you received the message. The wireless carriers are not liable for delayed or undelivered messages.
Information You Provide Via Chats.You may be able to communicate with us via a chat format on our Site. We strongly recommend that you do not post any information through the chat forum that you are not comfortable sharing with a chat employee.
Information Automatically Collected. We may automatically collect personal information about you when you use the Site. For example, if you access the Site through a computer, we will automatically collect information such as your browser type and version, computer and connection information, Internet Protocol (“IP”) address and standard web log information. If you access the Site through a mobile device, we may also be able to identify the location of your mobile device. You may choose not to share your location details with us by adjusting your mobile device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer. Please see Section 8 below to learn more about our automatic personal information processing activities and your choices. Combination and automated information. We may also combine the information we collect from providing our Services and across your devices and use different technologies to process your information for the purposes described above. For example, we may use automated systems that analyze your account status and payment information to detect the unsafe and unsecured payment. We also may use automated systems to assess security of your account and provide you suggestions on how to improve the security of your account.
SECTION 2 – BASIS FOR COLLECTING PERSONAL INFORMATION
Why are you collecting my personal information?
When you provide us with personal information we will use it to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we are collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your expressed consent, and provide you with an opportunity to opt-out as described below.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com.
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
We respect your privacy. We will only use information you provide through the Program to transmit your mobile messages and respond to you, if necessary. This includes, but is not limited to, sharing information with platform providers, phone companies, and other vendors who assist us in the delivery of mobile messages. WE DO NOT SELL, RENT, LOAN, TRADE, LEASE, OR OTHERWISE TRANSFER FOR PROFIT ANY PHONE NUMBERS OR CUSTOMER INFORMATION COLLECTED THROUGH THE PROGRAM TO ANY THIRD PARTY. Nonetheless, We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect Our rights or property. When you complete forms online or otherwise provide Us information in connection with the Program, you agree to provide accurate, complete, and true information. You agree not to use a false or misleading name or a name that you are not authorized to use. If, in Our sole discretion, We believe that any such information is untrue, inaccurate, or incomplete, or you have opted into the Program for an ulterior purpose, We may refuse you access to the Program and pursue any appropriate legal remedies.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org