Collecting Personal Information
- Examples of Personal Information collected: Version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processor Shopify.
- Examples of Personal Information collected: Your name, billing and shipping address, payment details (including but not limited to credit and/or debit card number, Apple Pay, Shop Pay, Google Pay, PayPal, email address, and phone number), material you choose to submit, and non-personal information, such as aggregated information, technological information such as how users interact with our Websites and Applications or other information that cannot reasonably identify you (see details in next section).
- Non-Personal Information: Non-personal information refers to data and information that does not personally identify you as the individual to whom the data or information relates, which may include data that (i) is aggregated (that is, relates to a group of individuals) ("aggregated information"), or (ii) cannot reasonably identify or be linked to you ("deidentified information").
- Purpose of collection: We collect and process only the data that is required to allow us to provide our services to you. We process your payment information, arrange shipping, and provide you with invoices and/or order confirmations. We collect your contact details so that we can reach out to you if there are any issues with your order, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: Information collected from you.
- Disclosure for a business purpose: Shared with our processor Shopify.
Customer support information
- Examples of Personal Information collected: We process the personal data required to complete and despatch your purchase, including your name, billing address, delivery address, payment details, mobile or telephone number and email address.
- Purpose of collection: We collect your email address in order to send you confirmation of your order, we collect your telephone number so that we can contact you if there are any issues with the order. If you provide us with someone else's data - for example, if you purchase a product to be delivered to a friend or as a gift - we will collect and process the personal data required to complete the transaction such as the name, delivery address and other contact details for your friend. If you are receiving an item as a gift, we will process your data only to fulfill the gift request and our contractual obligations.
- Source of collection: Information collected from you.
- Disclosure for a business purpose: Shared with our processor Shopify.
If you are a parent or guardian and have reason to believe that a child under the age of 13 (or 16) has provided Personal Information, please contact Totery with sufficient detail by sending an email, including the Website and Application or line of business to which your request pertains, to firstname.lastname@example.org. to enable us to delete that information from our databases.
Sharing Personal Information
We collect your data in several ways including when you choose to share it with us, when you shop with us or engage with our digital properties, and from our affiliates and partners. We intend to comply with applicable laws no matter how we obtain your data. We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
We do not transfer your information to third parties in exchange for money and we will not do so. However, we do transfer personal information to certain third parties in order to operate our business (for example, to market our products and services). Some state laws may define this as a “sale” of data even though we do not exchange data for money. We want to be careful with and respectful of your information. Therefore, we intend to comply with all applicable laws regarding the collection, use and transfer of your data.
We may share your data with our affiliates, service providers, certain third parties, and as necessary for legal requirements.
Affiliates. Affiliates are companies that control, are controlled by, or are under common control with us. We may share your data with our affiliates.
Service providers. Service providers are partners who have agreed to use your data only for the purpose of providing the services in our contract and who have agreed not to “sell” your data. We may share your data with our service providers as described below.
Third parties. Third parties are unaffiliated companies that have not agreed to limit their use of your data only to provide the services in our contract and/or have not agreed not to “sell” your data. For example, they may need to use the data to provide you services directly that go beyond our contract with them (e.g. your credit card company). We share your data with “third parties” only as allowed by applicable law.
“Personal” vs. Anonymized Information. We collect and maintain both “personal” and anonymized data. “Personal” data is information that identifies you or could reasonably be associated with or linked to you. Anonymized information is data that is is not linked and could not reasonably be linked to you.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- If you choose to give others your data directly (like Google or Facebook) their rules apply to that data, not ours. We sometimes buy ads on other sites. Even if we don’t share (or have) your data, you might see those ads. We can’t always control how they choose to place our ads.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- GOOGLE - https://www.google.com/settings/ads/anonymous
- BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
When The Totery processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.
To review, correct or change your personal information collected by Totery, please send your request, including the Website, Application, or line of business to which your request pertains, to email@example.com.
Please note that in some cases we may not be able to allow you to access certain personal information in certain circumstances, for example if it contains personal information of other persons or for legal reasons, including where the information is subject to legal privilege.
We may ask you for information to allow us to confirm that the person making the request is you or is authorized to access your personal information before granting access. For example, we may require you to verify your identity before you access your personal information.
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
If you are a resident of the European Economic Area ("EEA") , you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. This applies only to individuals coming to our Websites from within the EEA and applies only (1) if we collect through the Website any Personal Data of those individuals or (2) if we track individuals in the EEA who access our Websites.
Subject to applicable law, you may be able to exercise any of the following rights in relation to your Personal Data:
- Right to know what information we have about you: This is known as the "right of access" and gives you the right to find out what, if any, Personal Data we have about you, how we process it, and to request a copy of the Personal Data.
- Right to correct your information: This is known as the "right of rectification" and gives you the right to ask that we correct or complete any Personal Data we have about you.
- Right to delete your information: This is known as the "right to erasure" or "right to be forgotten" and gives you the right to ask us to delete your Personal Data.
- Right to change how we use your information: This is known as the "right to restrict processing" and gives you the right to ask us to change how we use your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us using it in a certain way.
- Right to move your information: This is known as the "right to data portability" and gives you the right to ask to receive your Personal Data from us in a structured, commonly used and machine-readable format or to have it transmitted to another controller.
- Right to stop us from using your information: This is known as the "right to object" and gives you the right to ask us to stop using your Personal Data when applicable.
- Rights relating to how we use your information to categorize you or make decisions about you: This is known as the "right in relation to automated decision-making and profiling": You have the right to be free from decisions we may make that are based solely on automated processing of your Personal Data, including profiling, if they produce a significant legal effect on you, unless such decision-making or profiling is necessary for entering into or performing a contract between you and us, or is made with your explicit consent.
- Right to withdraw consent: If we rely on your consent to use your Personal Data, you have the right to withdraw that consent at any time. This will not affect our use of your data before we received notice that you wished to withdraw your consent.
- Right to file a complaint with the supervisory authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the supervisory authority that is authorized to hear those concerns in your jurisdiction. However we invite you to email us with any concern as we would be happy to try and resolve it directly.
If you would like to exercise these rights, please contact us by email at firstname.lastname@example.org The requests above will be considered and responded to in the time period stated by applicable law. Certain information may be exempt from such requests. We may require additional information from you to confirm your identity in responding to such requests.
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
California Consumer Privacy Act ("CCPA") Disclosure
If you are a California resident, you have certain rights with respect to your personal information. Those rights and how you may exercise them are described below.
- You may request information about our disclosure of personal information to third parties or affiliated companies for their direct marketing purposes. To make such request, please email us at email@example.com. Please allow up to 30 days for us to process your request. You may submit such a request once per year.
- You may request that we provide you for the last 12 months a list of the categories of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting or “selling” the information, and the categories of “third parties” to whom we disclosed or “sold” that information. You may also request that we provide you in machine readable format a copy of the specific pieces of personal information we have collected about you in the past 12 months. You may make a request to know up to two times in a 12-month period, subject to limitations described in the law.
- You may request that we delete any personal information that we have collected from you. However, the law exempts certain information from deletion. For example, we may keep information necessary for security and fraud detection. We also may keep information needed to provide you goods or services. For example, if you ask us to delete your data but retain your loyalty account, we will keep the information we need to continue providing you loyalty benefits. When we respond to your request to delete, we will explain what (if any) information we have kept and why. Please note that the law does not consider anonymized or pseudonymized information to be “personal information,” and we may “delete” your information by anonymizing or pseudonymizing it.
- You have the right to be free from discrimination for using these rights. We will not deny you goods or services, charge you different rates, or give you different discounts because you used one of these rights.
You may make a request to know or delete by emailing firstname.lastname@example.org. When you make a request, we will take steps to verify your identity before responding. This is to protect your information. We will ask you to provide us your email and physical address. We will then send you a one-time code. You must email us this code from the email address you provided. Once you do, we will respond to your request.
You may also designate an authorized representative to make data subject rights requests on your behalf. We will require verification that you did in fact authorize the representative. Unless the law requires otherwise, your authorized representative must provide contact details for you. We will contact you to confirm that you authorized the representative. Once you confirm, we will promptly respond to the rights request.
If you are a California resident, you have the right to opt out of the “sale” of your personal information to “third parties.” Sale is defined very broadly. The law defines “sale” more broadly than you might imagine. It doesn’t just include the exchange of data for money. Instead, it covers any transfer of personal information to a “third party” in exchange for “other valuable consideration.”
We do not transfer your information to third parties in exchange for money and we will not do so. However, we do transfer personal information to certain third parties in order to operate our business (for example, to market our products and services). It is possible that someone could claim that this transfer was in exchange for “other valuable consideration.” We want to be careful with and respectful of your information. Therefore, if you opt out, we will not transfer your information to any “third party” except as explained below (and allowed by law). Any transfer of data to a “third party” may be considered a “sale” of data. The law considers any other business a “third party” unless that business agrees to specific contractual provisions. We try to get all of the businesses to whom we send information to add this special language to their contracts with us. But not everyone will or can agree to those terms. As a result, if you opt out of the “sale” of data, we will not be able to send data to some of our business partners. That may mean that, after you opt out, you may not receive all of the marketing and other information you are accustomed to receiving from us. In the extreme, if one of our critical partners or affiliates cannot agree to the special contract language, and is considered a “third party”, it is possible that some features of our web site or other services may not work for you after you opt out.
California law prevents us from asking you to “opt in” for a year after you “opt out.” We are allowed to tell you, however, if a specific transaction requires a transfer of data to a third party. We may alert you if a transaction requires a transfer to a third party so that you can opt in if you would like to continue with the transaction.
We do not “sell” the data of people under 16, and do not intend to collect data related to people who are under 13.
The law creates several exceptions that are important for you to be aware of. We are allowed to transfer data to a “service provider” even if you opt out. The law does not consider that kind of transfer to be a “sale.” A service provider is a business that agrees not to use your information for any purpose other than providing the services specified in our contract. For example, we transfer data to business partners to provide data security and detect fraud. Those businesses are “service providers.” Even if you opt out, we will continue to transfer data to our service providers.
- We are also allowed to transfer your data to a third party where you direct the transfer or direct us to interact with the third party. For example, if you direct us to use a specific payment method to pay for your order, even if you have opted out, we will still transfer the data necessary to process your order.
- Collecting information and using it ourselves is not a “sale.” Opting out of the “sale” of your data does not prevent us from continuing to collect and process your personal information.
- The “opt out” only applies to “personal information.” This is information that is or is capable of being linked to you. We use anonymization and pseudonymization to protect privacy. That data is not “personal information.” Opting out will not limit our transfer of that data to third parties.
Please note that there are technical limits to our ability to identify data related to you and, if you opt out, to prevent the “sale” of that information to other parties. Where we can reasonably determine that information relates to you and you have opted out, we will not “sell” it to “third parties” (except as allowed by the law). However, we may not be able to determine that information relates to you. In that case, the information may be “sold” to a third party.
Opting out of the “sale” of personal information will not prevent you from receiving marketing messages from us. If you wish to unsubscribe from our emails, please contact us at email@example.com.
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
|_ab||Used in connection with access to admin.|
|_secure_session_id||Used in connection with navigation through a storefront.|
|cart||Used in connection with shopping cart.|
|cart_sig||Used in connection with checkout.|
|cart_ts||Used in connection with checkout.|
|checkout_token||Used in connection with checkout.|
|secret||Used in connection with checkout.|
|secure_customer_sig||Used in connection with customer login.|
|storefront_digest||Used in connection with customer login.|
|_shopify_u||Used to facilitate updating customer account information.|
Reporting and Analytics
|_landing_page||Track landing pages|
|_orig_referrer||Track landing pages|
|_shopify_sa_p||Shopify analytics relating to marketing & referrals.|
|_shopify_sa_t||Shopify analytics relating to marketing & referrals.|
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible. You may also lose any personalized activity, and the advertising you receive when you visit this website will not be tailored to your interests.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org and https://www.youronlinechoices.com/
Your interest browser contains instructions on how to carry out these procedures of deletion. The below links provide instructions on how to alter these settings for each browser:
• Microsoft Internet Explorer: https://support.microsoft.com/en-nz/help/17442/windows-internet-explorer-delete-manage-cookies
If you use multiple browsers (e.g. Google Chrome, Firefox, etc.) You must repeat this procedure with each one, and if you connect to the web from multiple devices (e.g. Your mobile or computer), then you will need to set your preferences on each browser on each device. Please also note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioral Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Last updated: 10/20/2020