NOTICE TO CALIFORNIA RESIDENTS: THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA) PROVIDES CALIFORNIA RESIDENTS WITH SPECIFIC RIGHTS WHICH ARE EXPLAINED TO THESE PARTIES IN THE FOLLOWING SECTIONS:
SPECIFIC DATA RIGHTS PURSUANT TO THE CCPA
THE CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT FROM YOU.
THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION
WHO WE SHARE YOUR PERSONAL INFORMATION WITH AND FOR THOSE PURPOSES.
YOUR RIGHT TO HAVE ACCESS TO YOUR PERSONAL INFORMATION, YOUR DATA PORTABILITY RIGHTS, AND YOUR DELETION REQUEST RIGHTS; AND HOW TO ACCESS THESE RIGHTS
NOTICE REGARDING SALE OF ANY PERSONAL INFORMATION TO A THIRD PARTY
NOTICE UNDER THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (“GDPR”). THE GDPR PROVIDES THE EU’S DATA SUBJECTS (AS SUCH TERM IS DEFINED IN THE GDPR) WITH SPECIFIC RIGHTS WHICH ARE EXPLAINED TO SUCH PARTIES AS FOLLOWS:
SPECIFIC DISCLOSURES PURSUANT TO THE GDPR
THE CATEGORIES OF PERSONAL DATA 9AS SUCH TERM IS CONTEMPLATED UNDER THE GDPR) THAT WE COLLECT FROM DATA SUBJECTS.
THE PURPOSES FOR WHICH WE USE A DATA SUBJECT’S PERSONAL DATA.
WHO WE SHARE A DATA SUBJECT’S PERSONAL DATA WITH AND FOR WHAT PURPOSES.
THE FOLLOWING ADDITIONAL RIGHTS OF THE DATA SUBJECT
- INFORMATION WE COLLECT
During a User’s access or use of the Company Website or any other Company Program, the Company may, either directly or by using its service providers, gather, collect, record, hold, distribute, share, disclose or otherwise use personal information or data about You which You provide to Us, as described in Section 1.1 below, or which is automatically collected, as described in Section 1.2 below (hereinafter collectively referred to as the User’s “Personal Information”).
1.1 INFORMATION YOU PROVIDE TO US.
We collect Personal Information that You provide directly to Us. For example, we may collect Personal Information from You if You:
- provide Us with any data about You through the Company Website or any other Company Program, or via telephone;
- create an account with Us;
- purchase or otherwise request any of the Company’s products or services;
- request any customer support;
- request any exchange or return of any of the Company’s products or services;
- request any information from or about the Company, such as a newsletter, e-alert, or any other information about Our products, services, events or business partners;
- fill out any other information through any Company Program;
- communicate with any other representative of our Company;
- communicate with Us via third party social media sites;
- participate in any contest, promotion or sweepstake;
- apply for a job with the Company; or
- otherwise communicate with Us in any other way.
In these instances, the types of Personal Information that We may collect from You includes:
- Your name;
- Mailing address and/or billing address;
- E-mail address;
- Phone (or mobile) number;
- Date of birth or age;
- Your user name/password for Your account (if any);
- Credit or debit card number and other information about the same (if You make a payment either directly to Us or by using a third party payment provider that handles payments and will receive Your payment card information);
- Information about Your bank or checking account (if you make a payment through Your bank transfer);
- Gift card information or related gift information;
- Photos, videos, reviews, audio or similar content uploaded by You;
- Information You provide when You purchase any of Our goods or services, including product or service parameters or preferences You provided when making a purchase;
- Information You provide or otherwise involved in the return or exchange of a product, such as information about the transaction, product details, purchase price, and the date and location/media of the transaction; or
- The history of Your prior purchases of Our goods/services or any records about the foregoing, or the specific products or services You considered purchasing.
1.2 INFORMATION AUTOMATICALLY COLLECTED.
When a User accesses or otherwise uses the Company Website or any other Company Program, We automatically collect certain Personal Information about You, including:
- Device Information. We (or our service providers) may collect information about the computer, tablet, phone or other device you use to access any of the Company Programs, including the Internet Protocol address, hardware models, operating system and version, mobile network information and other unique device identifiers (hereinafter collectively referred to as “Device Identifiers”).
- Geo-location Data: Subject to any of Your device permissions, We (or our service providers) may be able to collect information about the precise location of your device or may gather other general location data based on GPS data, mailing address, and/or billing address (hereinafter collectively referred to as “Geo-location Data”).
- Social Media Information. If any of Our Company Programs offer any social media features, such as the Facebook Like buttons or similar social media interactive mini-programs, these features may collect Your Internet Protocol address, which page You are visiting on Our Company Program, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on Our Company Program. Your interactions with these features maybe governed by the privacy policies of the company providing it (see Section 8 regarding Third Party Sites).
1.3 EXCLUSIONS FROM PERSONAL INFORMATION
Personal Information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- HOW WE USE YOUR INFORMATION.
2.1 PRIMARY WAYS WE USE YOUR INFORMATION. User’s Personal Information may be gathered, collected, recorded, held, or otherwise used by or on behalf of the Company (including by Our service providers) to provide, maintain, and improve our Services to You, including for the following purposes:
- Process your purchase transactions, fulfill your orders, process exchanges and returns and send shipping notifications;
- Send support and administrative messages, and respond to your comments, questions, and customer service requests;
- Communicate with you about products, services, offers, and events offered by Us and others, and provide news and information We think will be of interest to You (if you prefer not to receive promotional communications from Us, you may “Opt Out” at any time by following the “Opt Out” instructions in Section 5.1 herein;
- Monitor and analyze trends, usage, and activities in connection with Our goods or services;
- To conduct credit card screenings or to otherwise protect against fraud or unauthorized transactions, including by identifying potential unauthorized users or hackers;
- Personalize Your experience and the advertisements and content You see when You use any Company Program based on Your preferences, interests, and browsing and purchasing behavior;
- For compliance purposes as may be required by applicable laws or regulations or as requested by any judicial process or governmental agency (including without limitation for Company’s tax reporting) or as may be requested under any subpoena;
- To facilitate Your use of various social media sharing features or other integrated tools (such as the Facebook “Like” button) which You may use as part of social media pages;
- To facilitate any contests, sweepstakes, or promotions and process and deliver entries and rewards; or
- To carry out any other purpose described to You at the time the Personal Information is collected.
2.2 OTHER WAYS WE MAY USE YOUR INFORMATION. In addition to the above, Your Personal Information may be gathered, collected, recorded, held or otherwise used for the following additional purposes:
- To use with, or otherwise distribute, share or disclose to, any of the Company’s professional advisors such as attorneys or accountants (“Outside Professionals”) in order to facilitate the professional advice from those Outside Professionals; or
- To use with, or otherwise distribute, share or disclose to, any government agencies or third parties in order to comply with, or otherwise pursuant to, any subpoena, court order, or other governmental order, law or regulation (including without limitation tax reporting).
2.3 OTHER TERMS REGARDING THE USE OF YOUR INFORMATION.
2.3.1 We will use or share Your Personal Information only for the purposes as described in this Section 2 and in Section 3 herein, unless We reasonably determine We need to use it for another reason and that reason is compatible with the original purpose(s) described herein. For example, We consider de-identification, aggregation, and other forms of anonymization of Personal Information to be compatible with the purposes listed herein and in Your interest because the anonymization of such information reduces the likelihood of improper disclosure of that information. If We need to use Your Personal Information for an unrelated purpose, We will notify You and We will explain the legal basis which allows Us to do so.
- SHARING OF INFORMATION
We may distribute, share or disclose Personal Information about You as follows or as otherwise described herein:
- Affiliates and Subsidiaries. We may disclose Your Personal Information with our affiliates or subsidiaries for any of the purposes described herein.
- Service Providers. We may share or disclose Your Personal Information with Our service provides or other third party vendors that We retain in connection with the provision of the Company Programs, including without limitation the following types of service providers that We may engage:
- Email, internet or other telecommunication service providers;
- Cloud, other data storage, or other hosting service providers;
- Third party payment service providers, including without limitation third party credit card processors (see Third Party Application Providers below);
- Analytics companies who assist Us with various types of data analytics (see Analytics Partners below);
- Third parties shippers; or
- Other third party contractors we engage to assist Us in providing Our goods and services.
- Third Party Application Providers. If a third-party application is used to support Our Company Programs, We may share or disclose Your Personal Information to such third party application providers, including without limitation third party credit card processors or other third party payment service providers.
- Analytics Partners. We may use analytics services provided by a third party analytics service provider or by using one of their tools, such as but not limited to Google Analytics, to collect and process certain analytics data. These services may also collect data about Your use of other websites, apps, and online resources.
- Aggregated Form. We may make certain automatically-collected, aggregated, or otherwise de-identified Personal Information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Company Programs.
- Advertising Partners. We may work with third party advertising companies (collectively, “Advertising Partners”) in order to provide You with advertisements or other information that We think may interest You. These Advertising partners may set or access their own cookies, pixel tags or similar technologies on our Company Programs or they may otherwise collect or have access to data about You which they may collect over time and across different online services. These Advertising partners may also provide Us with their own independent data about potential customers and such data could include data about You previously collected by the Advertising Partner.
- Social Media Features. The Company Programs may offer social media features, including certain sharing tools or other integrated tool (such as the Facebook “Like” button), which let You share actions that You take on Our social media pages. Your use of such features enables the sharing of Personal Information with the public, depending on the settings You establish with the entity that provides the social sharing feature.
- As Required By Law, Subpoena or Similar Government Order. We may access, preserve, share, or disclose Your Personal Information if We believe doing so is required or appropriate to: (i) comply with all laws or regulations, including any tax reporting requirements of the Company; (ii) comply with any other law enforcement requests or legal process, such as a court order or subpoena; (iii) respond to Your requests; or (iv) protect Your, Our, or others’ rights, property, or safety. FOR THE AVOIDANCE OF DOUBT, WE MAY BE REQUIRED TO DISCLOSURE YOUR PERSONAL INFORMATION TO: (I) TAXING AUTHORITIES AS PART OF OUR TAX REPORTING REQUIREMENTS; OR (II) LAW ENFORCEMENT AUTHORITIES OR OTHER GOVERNMENTAL AGENCIES OR VIA SUBPOENA ARISING OUT OF YOUR USE OF ANY UNLAWFUL OR INFRINGING CONTENT WHILE USING ANY COMPANY PROGRAM.
- Company’s Outside Professional Advisors. We may share or disclose Your Personal Information with any of the Company’s Outside Professional Advisors (as defined in Section 2.2 herein) in order to facilitate the professional advice such Outside Professionals provide to the Company.
- Consent. We may also share or disclose Your Personal Information with your permission.
- ADDITIONAL RIGHTS OF CALIFORNIA RESIDENTS UNDER THE CCPA
4.1 ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS
Each User has the right to request that the Company disclose certain information to You about the Company’s collection and use of Your Personal Information over the past 12 months. Once the Company receives and confirms Your verifiable consumer request (see Section 4.4: Exercising Your Access, Data Portability, and Deletion Rights), the Company will disclose to You (per your request):
- The categories of Personal Information We collected about You.
- The categories of sources for the Personal Information We collected about You.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom We share that Personal Information.
- The specific pieces of Personal Information We collected about You (also called a data portability request).
- If We sold or disclosed your Personal Information for a business purpose; two separate lists disclosing:
- Sales (if any), identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
4.2 DELETION REQUEST RIGHTS
Each User has the right to request that the Company delete any of Your Personal Information that the Company collected from You and retained, subject to certain exceptions. Once the Company receives and confirms Your verifiable consumer request (see Section 4.4: Exercising Your Access, Data Portability, and Deletion Rights), the Company will delete (and direct our service providers to delete) Your Personal Information from our records, unless an exception applies. However, the Company may deny Your deletion request if retaining the information is necessary for the Company or its service provider(s) to:
- Complete the transaction for which We collected the Personal Information, provide a good or service that You requested, take actions reasonably anticipated within the context of Our ongoing business relationship with You, or otherwise perform Our contract with You;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if You previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us; or
- Comply with a legal obligation; or
- Make other internal or lawful uses of that information that are compatible with the context in which You provided it.
4.3 NOTIFICATION REGARDING SALE (IF ANY) OF PERSONAL INFORMATION
In view of the definition of “sale” under CCPA, our company may, either now or in the future, exchange, share, and/or “sell” (as defined under the CCPA) certain Personal Information to certain third parties. CLICK HERE for the Company’s notification to California residents about their right to opt-out of any such “sale”, if any such “sales” exist”.
4.4 EXERCISING YOUR ACCESS, DATA PORTABILITY, AND DELETION RIGHTS
To exercise the access, data portability, deletion rights, and other rights described in this Section 4, the User must submit a verifiable consumer request to the Company by either:
Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable consumer request to the Company related to Your Personal Information. You may also make a verifiable consumer request on behalf of Your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows the Company to reasonably verify that You are the person about whom We collected Personal Information or an authorized representative.
- Describe Your request with sufficient detail that allows the Company to properly understand, evaluate, and respond to it.
The Company cannot respond to Your request or provide You with Personal Information if the Company cannot verify Your identity or authority to make the request and confirm the Personal Information relates to You. Making a verifiable consumer request does not require You to create an account with us. The Company will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
4.5 RESPONSE TIMING AND FORMAT
If You send a verifiable consumer request as set forth in Section 4.4 above, the Company will endeavor to respond to such verifiable consumer request within forty-five (45) days of its receipt. If We require more time (up to a total aggregate of 90 days), the Company will inform You of the reason and extension period in writing. If You have an account with Us, We will deliver our written response to that account. If You do not have an account with Us, We will deliver Our written response by mail or electronically. Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide Your Personal Information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to Your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell You why We made that decision and provide You with a cost estimate before completing Your request.
4.6 NON-DISCRIMINATION NOTICE
The Company will not discriminate against You for exercising any of Your rights under the CCPA. Unless permitted by the CCPA, We will not:
- Deny You goods or services;
- Charge You different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide You a different level or quality of goods or services; or
- Suggest that You may receive a different price or rate for goods or services or a different level or quality of goods or services.
- CERTAIN ADDITIONAL CHOICES YOU MAY HAVE ABOUT YOUR INFORMATION
5.1 OPT-OUT FROM RECEIVING INFORMATION FROM THE COMPANY.
5.3. GEO-LOCATION DATA.
You may be able to prevent your device from sharing precise location information, including without limitation some or all of the Geo-Location Data described in Section 1.2 above, at any time through your device’s operating system settings
5.3. DO NOT TRACK: SPECIAL ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS.
Some browsers have a “DO NOT TRACK” feature that lets website users inform websites or other applications that they do not want to have their online activities tracked. These “do not track” features may also give website users other choices regarding the collection of their personal identifiable information. However, these “do not track” features and “do not track’ signals are not yet uniform. ACCORDINGLY, EACH USER OF THE COMPANY WEBSITE OR ANY OTHER COMPANY PROGRAM IS HEREBY NOTIFIED THAT THE COMPANY WEBSITE AND THE OTHER COMPANY PROGRAMS ARE NOT CURRENTLY SET UP TO RESPOND TO ANY OF THE USER’S “DO NOT TRACK” FEATURES OR “DO NOT TRACK” SIGNALS.
This Company Website is not directed to children under the age of 13. We adhere to the Children's Online Privacy Protection Act ("COPPA") and will not knowingly register or otherwise collect personal information from any child under the age of 13. We ask that minors under the age of 13 not submit any personal information to us. If you have reason to believe a child under the age of 13 has provided us with personal information, please contact us at Privacy@StephanieWindsor.com and request that such information be deleted from our records.
- USER RESPONSIBLE FOR UPDATING USER’S OWN PERSONAL INFORMATION.
Users are solely responsible for correcting, updating, or modifying any and all of the User’s Personal Information as it appears in, and as otherwise stored or contained in, any Company Program. Without in any way limiting the foregoing, User acknowledges and agrees that the Company does not have an independent obligation to maintain the accuracy or completeness of any of Personal Information provided by the User to the Company, including such Personal Information once it is stored, described or otherwise contained in the Company Website or in any other Company Program.
- LINKS TO, AND USE OF, THIRD PARTY SITES OR PROGRAMS.
The Company Website or other Company Programs may now or in the future provide links or other access to Internet websites, forums or other programs which are not under the Company’s sole control and not solely owned by the Company (collectively referred to as “Third Party Sites”). If a User clicks on a link to, or otherwise gains access to, any such Third Party Site, the User will be transported to one of these Third Party Sites.
WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, EACH USER AGREES THAT IF THE USER USES ANY THIRD PARTY SITES IN ANY WAY, THE USER IS AWARE THAT ANY OF THE USER’S PERSONAL INFORMATION THAT THE USER PROVIDES TO THAT THIRD PARTY SITE MIGHT BE READ, COLLECTED, SHARED, DISTRIBUTED, OR OTHERWISE USED BY OTHER USERS OF THAT THIRD PARTY SITE OR BY ANY OTHER THIRD PARTIES, AND COULD BE USED TO SEND THE USER UNSOLICITED MESSAGES. THE COMPANY IS NOT RESPONSIBLE FOR ANY PERSONAL INFORMATION THAT THE USER ELECTS TO SUBMIT IN, OR OTHERWISE MAKE AVAILABLE TO, THESE THIRD PARTY SITES.
Any link to any Third Party Site from the Company Website or any other Company Program does not imply any endorsement of the privacy practices of such Third Party Site by the Company, and no such Third Party Site is authorized to make any representation or warranty on our behalf.
- ADDITIONAL NOTICE UNDER THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (“GDPR”).
Data Subjects (as such term is defined in the GDPR) are hereby notified that they have the following additional rights pursuant to the GDPR:
- Pursuant to GDPR Article 15 (Right of Access by the Data Subject), to obtain from Us confirmation as to whether or not Personal Data (as such term is defined in the GDPR) has been Processed (as such term is defined in the GDPR) and, if that is the case, access to that Personal Data and additional information about how it has been Processed, including without limitation: (i) the purpose of the Processing; (ii) the category of Personal Data concerned; (iii) the categories of recipients to whom the Data Subject’s Personal Data has been disclosed; (iv) the planned retention period; (v) the existence of Your right of rectification, deletion, limitation of processing or opposition; (vi) the existence of a right to complain; (vii) the source of the collection of Personal Data if not collected from Us; (viii) and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
- Pursuant to GDPR Article 16 (Right to Rectification), to request the correction (modification) of incorrect Personal Data or any completed Personal Data stored by Us;
- Pursuant to GDPR Article 17 (Right to Erasure; “Right to be Forgotten”), to request the deletion of the Data Subject’s Personal Data stored by Us, except for the allowed continued uses permitted by the GDPR, including without limitation as far as the Processing is needed to exercise the right to freedom of expression and information, for the fulfillment of a legal obligations, for reasons of the public interest or for the assertion, exercise or defense of legal claims if required;
- Pursuant to GDPR Article 18 (Right to Restriction of Processing), to demand the restriction of the Processing of the Data Subject’s Personal Data where one of the following applies: (i) as far as the accuracy of the Personal Data is disputed by the Data Subject; (ii) the Processing of the Personal Data is unlawful, but the Data Subject rejects its deletion; (iii) We no longer need the Personal Data, but the Data Subject requires it to exercise or defend legal claims; or (iv) the Data Subject has objected to the Processing of the Personal Data in accordance with GDPR Article 21;
- Pursuant to GDPR Article 20 (Right to Data Portability), the right of the Data Subject to receive his/her Personal Data as provided to Us, in a structured, common and machine-readable format or to request the transfer to another person responsible;
- Pursuant to GDPR Article 7(3) (Conditions of Consent), the Data Subject’s right to withdraw, at any time, the Data Subject’s once granted consent. As a result, We are no longer allowed to continue the Processing of Personal Data based on that consent for the future, but such withdrawal does not affect the lawfulness of the Processing of Personal Data based on such consent before such withdrawal; and
- Pursuant to GDPR Article 77 (right to Lodge a Complaint with a Supervisory Authority), the right of the Data Subject to complain to a Supervisory Authority, as such term is defined in the GDPR. As a general rule, the Data Subject can contact the Supervisory Authority of the Data Subject’s usual place of residence or work or place of the alleged infringement.
- COMMUNICATING WITH COMPANY.