Last Updated: March 27, 2019
If you reside in the European Economic Area or Switzerland, please see Section 8 below titled “Supplemental Notice to EU Data Subjects.”
SECTION 1 – Information We Collect
1.1 Personal Information. The term “Personal Information” means information relating to a living person who is or can be identified from that information or from that information in conjunction with other information that is in, or comes into, our possession.
1.2 Cart and Billing Information. When you purchase something from our Services, as part of the buying and selling process, we collect the Personal Information you give us such as your name, address, email address, and billing address (“Billing Information”). In the event that you reach the checkout and fill out your Personal Information but decide to abandon your cart, your cart and Personal Information will still be stored in our system as an abandoned cart (collectively, “Abandoned Cart Information”). Abandoned Cart Information can be deleted at your request at any time. We may also send you an automated e-mail within 24 hours of abandoning your cart to remind you to complete your purchase.
1.3 Usage Information. When you browse our Services, we also automatically receive information, which may include Personal Information, regarding your access to and use of our Services. This information includes your computer’s internet protocol (IP) address, in order to provide us with information that helps us learn about your browser type, operating system, device type, language, referring website URLs, log files, pages on our website that you visit and links that you click on (collectively, “Usage Information”).
SECTION 2 – Use of Information We Collect
2.1 Transaction and Billing. We use information you submit, including Personal Information, to process your transactions. We utilize Shopify applications to detect fraud, verify your credit card, provide shipping rates, prevent purchases in excess of applicable limits, process, ship and complete purchase orders.
2.2. Customer Service and Technical Support. We may contact you using the information you provide in order to respond to inquiries you send us, to communicate with you regarding our Services (e.g., updates about our store, including new products), and to market our Services to you. If you do not wish to receive such emails, you can choose to opt-out of receipt using the unsubscribe link within each email. We utilize Shopify applications for these purposes and to assist customers with exchanges and returns. You may also opt-in to receive email notifications when products are back in stock.
2.3 Operation and Improvement of our Services. We use your information, including Personal Information, to operate our business and provide the Services to you. We use information to personalize the Services we provide to you. We may use your information to verify your identity, for fraud prevention, to enforce the Terms of Service, and to protect the integrity of our Services. We may also use your information to develop new Services and to improve the quality of our Services.
SECTION 3 – Information Sharing and Disclosure
3.1 Service Providers. We may share your information, including Personal Information, with third-party services providers who assist us in providing the Services to you and operating our business. We use the following Shopify Apps to assist us in providing our Services to you and operating our business:
The third-party service providers we use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies, so you can understand the manner in which your Personal Information will be handled by these providers in order for them to provide their services to us. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. Therefore, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
3.2 As Required By Law. We may disclose your information, including Personal Information, as required by law, such as in response to a court order, subpoena, lawful demand by a public authority, or similar legal process.
3.3. To Protect Our Business. We may disclose your information, including Personal Information, if we believe it is necessary to protect our property and/or rights, to protect the safety of the public or any person, in the event of a legal dispute, or to prevent or stop activity we believe may pose a risk of being illegal, unethical, or in violation of our Terms of Service.
3.4 Business Transfers. We may sell, assign, transfer, or otherwise share some or all of our assets in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. We may disclose or share your Personal Information in connection with such business transfers.
3.5 Google Analytics. Our Services use Google Analytics to help us learn about who visits our Services and what pages are being looked at in order to bring you a better experience and for marking and advertising purposes. We collect data using Google Analytics for the following reasons:
- Display and search remarketing;
- Advertising reporting;
- Age, gender, and interest reporting; and
- Cookies to store user-specific preferences
SECTION 4 – Policy Regarding Children
Our Services are not intended for persons under 16 years of age. By using our Services, you represent that you are at least 16 years of age or the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given your consent to allow any of your minor dependents to use our Services. If you are a parent or guardian and believe that your minor dependent has provided us with Personal Information without your consent, please contact us at firstname.lastname@example.org.
SECTION 5 – Security
We take reasonable precautions and follow generally accepted industry standards to protect the information we collect, including your Personal Information, against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, misuse, and other unauthorized processing.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Shopify stores your information, including Personal Information, in its data storage, databases, and general Shopify application on a secure server behind a firewall.
We cannot, and do not, guarantee the security of any information you transmit to us or store on the Services, and you do so at your own risk. We also cannot, and do not, guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe your Personal Information has been compromised, please contact us at email@example.com.
SECTION 6 – Cookies and Similar Technologies
We utilize technologies to recognize you when you access or use our Services, track your interactions with our Services, personalize your experience, and market to you. These technologies include cookies, web beacons, pixels and similar devices. You maintain control over some of the information we collect through the use of such technologies through your browser setting preferences. If you choose not to accept cookies and similar devices, you may not be able to access all portions or functionality of the Services.
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits.
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional.
storefront_digest, unique token, indefinite, If the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where.
_ab, _orig_referrer, _secure_session_id, cart, cart_sig, cart_ts, cart_currency, checkout_token, Secret, storefront_digest, persistent for 2 weeks, necessary for functional use of store features, customer accounts, and user checkout
secure_customer_sig, persistent for 1 day, checks for a secure customer login.
__olAlertsForShop, sessional, tracks alert data for notifying users of store updates.
_landing_page, _orig_referrer, persistent for 2 weeks, used to track customer landing pages and referrer.
_shopify_fs, _shopify_s, _shopify_sa_p, _shopify_sa_t, _shopify_uniq, _shopify_visit, _shopify_y, _y, persistent for 2 weeks, used for tracking and reporting storefront analytics.
tracked_start_checkout, tracks storefront analytics related to the customer checkout process.
cookie_notice_accepted, set after the user directly accepts cookies to prevent additional notification
wistia-http2-push-disabled, a testing cookiethat optimizes download performance from our video provider
_biz_flagsA, _biz_nA, _biz_pendingA, _biz_uid, used by Cloudflare, our CDN, to ensure proper performance.
_mkto_trk, used by cloudflare, and further used to determine if the user visited the site via an email
_ga, used by Google Analytics
SECTION 7 – Your California Privacy Rights
We do not share your Personal Information with third parties for their direct marketing purposes without your consent.
SECTION 8 – EU DATA SUBJECT RIGHTS
8.1 Lawful Grounds. If you reside in the European Economic Area or Switzerland (collectively the “EU”), we rely on the following lawful grounds under the General Data Protection Regulation (“GDPR”) to process (collect, store, and use) your Personal Information: (a) it is necessary for the performance of a contract; (b) our or a third party’s legitimate business interest; or (c) your consent.
8.2 Data Transfer Notice. We are located in the United States and process all data in the United States. When you enter a contract with us, it is necessary for our performance of the contract to transfer and process your Personal Information in the United States. Section 3.1 provides additional information about processing by our third-party service providers.
8.3 Individual Rights. You may contact us at firstname.lastname@example.org or heychickadee.zendesk.com to request access to, transfer of, and rectification or erasure of your Personal Information, or restriction of processing, or to object to processing of your Personal Information. Please specify the nature of your request and the information that is the subject of your request. We may require you to submit additional information necessary to verify your identity and status as an EU data subject. If you are a visitor or user of our Services, we will respond to your request directly within 30 days.
If we are processing your Personal Information based upon the lawful ground of your consent, you have the right to withdraw your consent for such processing at any time without affecting the lawfulness of processing based on consent before it is withdrawn. To withdraw consent, email us at email@example.com or contact us at http://pusheen.zendesk.com.
8.4 Retention. At a minimum, we will retain your personal data for a long as necessary for the purpose in which it was collected such as to perform a contract, for our or a third party’s legitimate interest, or your consent.
SECTION 10 – Questions and Contact Information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, please contact our Privacy Compliance Officer at http://pusheen.zendesk.com or email us at firstname.lastname@example.org.