Your Privacy Rights
Effective Date: [ August 1st ], 2020
Regardless of where our servers are located, your personal data may be processed by us in the United States, where data protection and privacy regulations may or may not be to the same level of protection as in other parts of the world. BY VISITING THE SITES AND USING THE SERVICE, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF ANY INFORMATION COLLECTED OR OBTAINED BY US THROUGH VOLUNTARY SUBMISSIONS, AND, TO THE EXTENT POSSIBLE, THAT U.S. LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.
1. Who Collects Your Information On Our Service?
We do. Under the CCPA we are a “Business” and pursuant to the GDPR, Chantecaille is what is known as the “Controller” of the PII that you provide to us. We collect information from you on the Service, and we are responsible for protection of your information.
2. What Information Does Chantecaille Collect?
A. Personal Information. We collect certain personal information about you, which may be supplied when you sign-up for the Service, when you complete a survey, when you create or update an account, when you use the Service, when you request services, otherwise when you submit such information to us, or from third parties, which may be integrated into our Service, such as your Shopify account. We only collect basic personal data about you that does not include any special types of information (e.g., health-related) as defined in the GDPR, or location-based information. The types of personal information we collect and save include:
- Contact and account information such as name, email address, physical address, location data, social media information, and other information collected through the Service’s social media integration;
- Technical information collected in our logs. Such information may include standard web log entries that contain your IP address, device identifiers, cookies (first party, third party, session, and persistent), web beacons, page URL and timestamp. Some information of this nature may be collected by Shopify, which we can then import.
You may also provide us information when you interact with us through email, online chat, messaging functions within the Service, or otherwise. We may retain such information in order to provide you with Services, and you agree that we may share this information as needed with other users in order to resolve any issues that may arise between you and another user of the Service.
The Service may record photos, audio or video of your usage of the Service for quality and security purposes. The Service may also request permission and access to your photo gallery, camera roll or other device storage holding your images, audio or videos, in order for you to upload and transmit them through the Service.
You may provide us information when you interact with other users on the Service through the Service.
Although it may appear that the Service collects financial information, it is actually collected and processed through our third-party payment processor, Shopify, (“Payment Processor”) to process payments for the Service. Our Payment Processor may collect information such as banking information or credit card number, name, CVV code or date of expiration, from you on the Service. Chantecaille does not hold your financial information.
B. Non-personal Information. Non-personal information is anonymous or non-personally identifiable information about you, including but not limited to links and materials posted, information about your web browser, enrollment history, purchase history, the pages accessed most frequently, how pages are used, applications downloaded, search terms entered, and similar non-personal data.
Automatically tracking Internet Protocol (IP) addresses is one method of automatically collecting information about your activities online and information volunteered by you. An IP address is a number that is automatically assigned to your device whenever you surf the internet. Further, the Service may utilize web beacons, pixel tags, cookies, embedded links, and other commonly used information-gathering tools. Through collecting your IP address, we may be able to approximate your geographic location, however, unless and until this is information is paired with your PII, it cannot be used to identify you. If non-personal information is paired or linked to any of your PII, we will treat that non-personal information as if it was also PII.
C. Aggregate Information. We may also collect anonymous, non-identifying and aggregate information such as the type of browser you are using, the date and time of any request, language preference, referring site, and the domain name of your Internet service provider.
3. Why Is My Information Being Collected?
We accept and gather information in an effort to provide the Service to you. We need to collect your personal information so that we can respond to your requests for information or to be added to our email lists, to integrate with social media platforms, and to process your payment for the Service. We also collect aggregate information to help us better design the Service. We collect log information for monitoring purposes to help us to diagnose problems with our servers, administer the Service, calculate usage levels, and otherwise provide services to you.
4. How Do We Use the Information We Collect?
A. We use the personal information you provide for the purposes for which you have submitted it including:
- Internal Uses. We may use your PII to respond to your inquiries, to fulfill your requests for information, track usage trends, conduct experiments, fraud prevention,develop and improve the Service and other offerings, and perform research and analytics.
- Creating and Maintaining Your Account. We use your PII to create and maintain an account for you to allow you to purchase and use the Service.
- Paying For the Service. Our Payment Processor uses your PII to process your payment for the Service.
- Communicating With You About Our Services. We may use your PII to send you information about new services, discounts, loyalty/rewards benefits, and other items that may be of interest to you.
- Social Media Integration. We may use your PII to integrate your social media accounts with the Service, and to provide to you the social media features of the Service.
- Serve You Targeted Advertisements. We may use your PII to serve you advertisements with the Service that are targeted to your interests.
B. We may use anonymous information that we collect to improve the design and content of our Service, and to enable us to personalize your internet experience. We also may use this information in the aggregate to analyze how our Sites are used, as well as to offer you programs or services.
Text Marketing and notifications:
By entering your phone number in the checkout and initialising a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed 20 a month. You acknowledge that consent is not a condition for any purchase.
If you wish to unsubscribe from receiving text marketing messages and notifications reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply.
For any questions please text HELP to the number you received the messages from. You can also contact us for more information. If you wish to opt out please follow the procedures above.
5. Do We Share Your Personal Information?
We will not share your personal information except: (a) for the purposes for which you provided it; (b) with your consent; (c) s may be required by law or as we think necessary to protect our organization (including the defense of legal claims) or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); or (d) with persons or organizations with whom we contract to carry out internal operations or business activities. With your knowledge and/or consent, we may share your personal information with our business partners. We may also share aggregate information with others, including affiliated and non-affiliated organizations.Finally, we may transfer or disclose your personal information to a third party, or our successor in interest, in connection with, and/or as the result of, an acquisition, sale, merger or bankruptcy involving our company.
6. How Can You Access And Control Your Information?
After becoming a user of the Service, you may revise or edit your information through your account or by sending an email to firstname.lastname@example.org. For instructions on how you can further access your personal information that we have collected, or how to correct errors in such information, please send an e-mail to email@example.com. We will also promptly stop using your information and remove it from our servers and database at any time upon your e-mail request. You may opt-out of the use of your personal information by the Service to send you promotional emails by sending an email to firstname.lastname@example.org with “Opt-Out” in the subject line. To opt-out of targeted ads, please see section 8B below. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information.
7. How Do We Store and Protect Your Information?
A. After receiving your personal information, we will store it on our servers for future use. We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect. Unfortunately, no data transmission over the internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our or our service providers' systems.
B. Please note that our Payment Processor is fully PCI-Compliant.
C. If you are visiting the Sites from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be securely stored in our servers and internal systems located within the USA.
D. We store your personal information until you request us to remove it from our servers. We store our logs and other technical records indefinitely.
A. To enhance your online experience with us, our web pages may presently or in the future use "cookies." Cookies are text files that our web server may place on your hard disk to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie. Although it may be possible to turn off the collection of cookies through your device or browser, certain features of the Services may not function properly without the aid of cookies.
C. Chantecaille or our service providers may also use "pixel tags," "web beacons," "clear GIFs" or similar means (collectively, "Pixel Tags") in connection with some Chantecaille Sites and HTML-formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count users who have visited certain pages of the Chantecaille Sites, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.
D. Our Service uses the “Custom Audience pixel” of Facebook, Inc., 1 Hacker way, Menlo Park, CA 94025 USA (“Facebook”) on our website. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 letter f of the GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads. For more information about interest-based ads, or to opt-out of having your web browsing information used for behavioral advertising purposes, please visit http://optout.aboutads.info
E. As you use the internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as "clickstream data”, can be collected and stored by a website's server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to the Chantecaille Site. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Site, how visitors navigate through the Site, and how we may tailor our web pages to better meet the needs of visitors. We will only use this information to improve our site.
F. Do Not Track. At present, the Sites do not specifically respond to browser do-not-track signals.
9. Collection of Information by Others.
Our Terms of Service document identifies certain third party websites to which we may provide links, and that you may click on our Site. Please check the privacy policies of these other websites to learn how they collect, use, store and share information that you may submit to them or that they collect.
10. ‘European Union’ Privacy Rights.
If you currently reside in the EEA, the GDPR applies to your PII and you are a Data Subject. The GDPR requires that we, as a Controller, have a legal basis to process your PII.
A. We process your PII under one or more of the following legal bases:
- Processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- To perform the contract that we are about to enter with you (e.g. our Terms of Service);
- To comply with a legal obligation; and/or
- If we have your consent to do so.
B. Under the GDPR, as a Data Subject you have certain rights. They are:
- The right to be informed. This is your right to be informed about what they are processing, why, and who else the data may be passed to.
- The right of access. This is your right to see what data about you is held by us.
- The right to rectification. This is the right to have your data corrected or amended if what is held is incorrected in some way.
- The right to erasure. This is the right to have your personal data to be deleted in the event that such data is no longer required for the purposes it was collected for, your consent for the processing of the data is withdrawn, or the data is being unlawfully processed.
- The right to restrict processing. This is the right to ask for a temporary halt to processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
- The right to data portability. This is the right to ask for your personal data to be provided to you in a structured, commonly used, and machine-readable format.
- The right to object. This is the right to object to further processing your personal data if such processing is inconsistent with the primary purposes for which it was collected.
- Rights in relation to automated decision making and profiling. This is the right to not be subject to a decision based solely on automated processing. The service does not engage in automated decision making and profiling.
11. Children and Young People’s Information.
We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, the CCPA, the USA’s Children's Online Privacy Protection Act (“COPPA”) and associated Federal Trade Commission (“FTC”) rules for collecting personal information from minors. Please see the FTC's website (www.ftc.gov) for more information. If you have concerns about this Site, wish to find out if your child has accessed our services, or wish to remove your child's personal information from our servers, please contact us at email@example.com. Our Sites will not knowingly accept personal information from anyone under 13 years old in violation of applicable laws, without consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided PII to us, we will make efforts to delete the child’s information in accordance with COPPA. If you believe that your child under 13 has gained access to our Sites without your permission please contact us at firstname.lastname@example.org.
12. California Privacy Rights. To the extent that the CCPA applies to our practices with respect to PII and you currently reside in California, the CCPA provides you with certain rights.
A. Consumers Rights Under the CCPA.
- California consumers have the right to request that we disclose Personal Information we have collected about them in the previous 12 months including, but not limited to, the categories of information collected by us, the source(s) of such information by category, and the purpose for collecting such information. This right may not be exercised more than twice in a 12 month period. In the previous 12 months, we have collected the following categories of Personal Information about consumers;
- Identifiers. Identifiers can be your name, unique personal identifiers (device identifier, IP Address, cookies, beacons, pixel tags, mobile ad identifiers), email, phone number, and similar information;
- Personal Information Under the California Customer Records Law (Cal. Civ. Code §1798.80) (“CCRLPI”), which is similar in nature to Identifiers;
- Commercial Information. Commercial information includes records of personal property, products or services purchased, obtained or considered, or other purchased or consuming histories or tendencies;
- Geolocation Data. Such geolocation data may include GPS data;
- Internet/Network Activity. Internet Activity Information includes browsing history, cookies, search history and a consumer’s interaction with a website; and;
- Inferences drawn from any other category of personal information.
- As a California consumer, you also have the right to request that we tell you which of your Personal Information we have disclosed for a business purpose, or sold, in the previous 12 months. With respect to Personal Information being disclosed for a business purpose, the consumer shall receive the categories of information disclosed and the types of entities they have been disclosed to. This right may not be exercised more than twice in a 12 month period. For Personal Information being sold, this includes the categories of information being sold and the categories of third parties to whom it is being sold. In the past 12 months, we have disclosed personal information falling under the following categories of Personal Information:
- Commercial Information;
- Geolocation Data; and
- Internet/Network Activity.
- You have the right to opt out of the sale of your Personal Information, if applicable.
- You also have the right to request the deletion of the Personal Information that we have collected from you at any time. However, we may not be required to comply with such request under several circumstances including, but not limited to, when the data is necessary for the underlying transaction, to comply with applicable law, to detect security incidents, to debug glitches, and for our internal purposes.
- In the event that you exercise one of your rights under the CCPA, you have the right to not be discriminated against by us in any way, including by the denial of goods or services, providing you a different level of goods or services, or charging you different prices or rates for the goods or services, unless the change in price is reasonably related to the value you receive from your personal information.
- You may submit your requests to exercise your rights under the CCPA by calling us, toll free, at 1-877-673-7080 or accessing our web request form, located here, [ Do not sell my information ]. When submitting a request via the web form, please indicate which CCPA right you wish to exercise and provide sufficient information to allow us to locate your file.
- We will acknowledge receipt of your request within 10 business days of receiving it, and will do our very best to respond within 45 calendar days of receipt of your request, and in no event will our response come more than 90 days after receiving your request. If we are unable to provide our response within the first 45 day window, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond
- Before we respond to any CCPA based requests relating to your personal information, we will take steps to reasonably verify the identity of the person making the request (“Requestor”) to make sure it’s you, or your authorized agent. We do this to this avoid disclosing your information to third parties and bad actors, not to inconvenience you in any way. To do this, we will ask the Requestor to confirm at least two pieces of information that we have in our files. As the sensitivity of the information being requested goes up, we will ask the Requestor to confirm more pieces of information. If an agent is acting on behalf of the consumer, we will need to also verify the agent’s identity and their authority to act on the consumer’s behalf. For requests to delete information, after verification, we will confirm the consumer’s desire to delete one final time before actually deleting the information. If the identity of the Requestor cannot be reasonably verified, either as the consumer or their agent, then in order to protect that consumer, we shall not disclose the personal information requested.
B. How do you exercise your rights under the CCPA?
13. Changes to this Policy.
14. Our Contact Information.
Copyright © Chantecaille Beaute Inc. All rights reserved. The Service is the property of Chantecaille, and is protected by national and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Service, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.