1.
How We Protect Your Information
1.1
We store all the Data submitted by you through
the Website at a secure database. Your payment processing information is
collected by Stripe and shipping information is collected by Shipstation and
Big Cartel on our behalf in order for us to provide the Website Services.
1.2
We are concerned with protecting your privacy
and Data, but we cannot ensure or warrant the security of any Data you transmit
or guarantee that your Data may not be accessed, disclosed, altered or
destroyed by breach of any of our industry standard physical, technical or
managerial safeguards.
1.3
No method of transmission over the Internet
or method of electronic storage is 100% secure. While we strive to use
commercially acceptable means to protect your Data, we cannot guarantee its
absolute security. If you have any questions about security of the Website, you
can contact us at [email protected].
1.4
Any Data supplied by you will be retained by
us and will be accessible by our employees, any service providers engaged by us
and third parties.
2.
Compliance with the GDPR
2.1
For users based in the EU, the Website shall
make all reasonable efforts to ensure that it complies with the General Data Protection Regulation (GDPR)
(EU) 2016/679 of the EU regarding the collection, use, and retention of Data
from the Users based in Member States of the EU. The Website shall make all
reasonable efforts to adhere to the requirements of notice, choice, onward
transfer, security, data integrity, access and enforcement.
2.2
The Rights of
Users: You may
exercise certain rights regarding your Data processed by us. In particular, users
based in the EU may do the following:
2.3
Right of
confirmation: You shall
have the right granted by the EU legislator to obtain from us the confirmation
as to whether or not personal data concerning you are being processed.
2.4
Right of Access:
You shall
have the right granted by the EU legislator to obtain from us free information
about your personal data stored at any time and a copy of this information.
Furthermore, the EU directives and regulations grant you access to the
following information:
2.4.1
the purposes
of the processing;
2.4.2
the
categories of personal data concerned;
2.4.3
the
recipients or categories of recipients to whom the personal data have been or
will be disclosed, in particular recipients in third countries or international
organizations;
2.4.4
where possible,
the envisaged period for which the personal data will be stored, or, if not
possible, the criteria used to determine that period;
2.4.5
the existence
of the right to request from us rectification or erasure of personal data or
restriction of processing of personal data concerning the data subject or to
object to such processing;
2.4.6
the existence
of the right to lodge a complaint with a supervisory authority;
2.4.7
where the
personal data are not collected from you, any available information as to its source;
2.4.8
the existence
of automated decision-making, including profiling, referred to in Article 22(1)
and (4) of the GDPR and, at least in those cases, meaningful information about
the logic involved as well as the significance and envisaged consequences of
such processing for you.
2.5
Furthermore,
you shall have a right to obtain information as to whether personal data are
transferred to a third country or to an international organisation. Where this
is the case, you shall have the right to be informed of the appropriate
safeguards relating to the transfer.
2.6
Right to
rectification: You shall
have the right granted by the EU legislator to obtain from us without undue
delay the rectification of inaccurate personal data concerning you. Taking into
account the purposes of the processing, you shall have the right to have
incomplete personal data completed, including by means of providing a
supplementary statement.
2.7
Right to
erasure (Right to be forgotten): You shall
have the right granted by the EU legislator to obtain from us the erasure of
personal data concerning you without undue delay and we shall have the
obligation to erase personal data without undue delay where one of the
following grounds applies as long as the processing is not necessary:
2.7.1
The personal
data are no longer necessary in relation to the purposes for which they were
collected or otherwise processed.
2.7.2
You withdraw
consent to which the processing is based according to point (a) of Article 6(1)
of the GDPR or point (a) of Article 9(2) of the GDPR and where there is no
other legal ground for the processing.
2.7.3
You object to
the processing pursuant to Article 21(1) of the GDPR and there are no
overriding legitimate grounds for the processing or you object to the
processing pursuant to Article 21(2) of the GDPR.
2.7.4
The personal
data have been unlawfully processed.
2.7.5
The personal
data must be erased for compliance with a legal obligation in EU or a Member
State law to which we are subject.
2.7.6
The personal
data have been collected in relation to the offer of information society
services referred to in Article 8(1) of the GDPR.
2.7.7
Where we have
made personal data public and are obliged pursuant to Article 17(1) to erase
the personal data, we, while taking account of available technology and the
cost of implementation, shall take reasonable steps including technical
measures to inform other controllers processing the personal data that you have
requested erasure by such controllers of any links to, or copy or replication
of, those personal data, as far as processing is not required. We will arrange
the necessary measures in individual cases.
2.8
Right of
restriction of processing: You shall
have the right granted by the EU legislator to obtain from us restriction of
processing where one of the following applies:
2.8.1
The accuracy
of the personal data is contested by the data subject for a period enabling us to
verify the accuracy of the personal data.
2.8.2
The
processing is unlawful and the data subject opposes the erasure of the personal
data and requests instead the restriction of their use instead.
2.8.3
We no longer
need the personal data for the purposes of the processing but we are required
by the data subject for the establishment, exercise or defence of legal claims.
2.8.4
You have objected
to processing pursuant to Article 21(1) of the GDPR pending the verification
whether our legitimate grounds override those of yours.
If one of the
aforementioned conditions is met and you wish to request the restriction of the
processing of personal data stored by us, you may at any time contact us.
2.9
Right to data
portability: You shall
have the right granted by the EU legislator to receive the personal data
concerning you, which was provided to us, in a structured, commonly used and
machine-readable format. You shall have the right to transmit those data to
another data controller without hindrance from us to which the personal data
have been provided as long as the processing is based on consent pursuant to
point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR
or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the
processing is carried out by automated means as long as the processing is not
necessary for the performance of a task carried out in the public interest or
in the exercise of official authority vested in us.