Effective Date: May 25, 2018
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If, after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at: BAGGU 2415 3rd Street, Suite 239, San Francisco, CA, 94107, United States
SECTION 3 - DISCLOSURE
We may disclose personal information that we collect or you provide as described in this Policy:
- To fulfill the purpose for which you provide it.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of the Site's assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information about our Site users is among the assets transferred.
- We may, without restriction, disclose aggregated information about our users and information that does not identify any individual.
- To enforce our Terms of Service.
- To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Site, our customers or others.
- For any other purpose disclosed by us when you provide the information.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored in Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
We may share personal information with our service providers, including those who assist us with marketing, and with other trusted parties whom we believe offer products or services that may be of interest to you.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Your consent applies to the following domains: www.baggu.com
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|__RequestVerificationToken||cookiebot.com||Helps prevent Cross-Site Request Forgery (CSRF) attacks.||Session||HTTP Cookie|
|ASP.NET_SessionId||cookiebot.com||Preserves the visitor's session state across page requests.||Session||HTTP Cookie|
|ASPXAUTH||cookiebot.com||Identifies the user and allows authentication to the server||Session||HTTP Cookie|
|CookieConsent||cookiebot.com||Stores the user's cookie consent state for the current domain||1 year||HTTP Cookie|
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
|userlang||cookiebot.com||Remembers the user's selected language version of a website||1 year||HTTP Cookie|
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
|Unclassified||Session||HTML Local Storage|
|_ga||cookiebot.com||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||2 years||HTTP Cookie|
|_gid||cookiebot.com||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||Session||HTTP Cookie|
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
|_hjIncludedInSample||cookiebot.com||Determines if the user's navigation should be registered in a certain statistical place holder.||Session||HTTP Cookie|
|Regulates synchronisation of user identification and exchange of user data between various ad services.||1 year||HTTP Cookie|
|collect||google-analytics.com||Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.||Session||Pixel Tracker|
|fr||facebook.com||Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.||3 months||HTTP Cookie|
|GPS||youtube.com||Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.||Session||HTTP Cookie|
|id||yieldlab.net||Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.||1 year||HTTP Cookie|
|IDE||doubleclick.net||Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.||1 year||HTTP Cookie|
|khaos||rubiconproject.com||Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.||1 year||HTTP Cookie|
|KRTBCOOKIE_#||pubmatic.com||Registers a unique ID that identifies the user's device during return visits across websites that use the same ad network. The ID is used to allow targeted ads.||3 months||HTTP Cookie|
|PREF||youtube.com||Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites.||8 months||HTTP Cookie|
|PUBMDCID||pubmatic.com||Registers a unique ID that identifies the user's device during return visits across websites that use the same ad network. The ID is used to allow targeted ads.||3 months||HTTP Cookie|
|PugT||pubmatic.com||Unclassified||29 days||HTTP Cookie|
|put_#||rubiconproject.com||Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.||29 days||HTTP Cookie|
|rpb||rubiconproject.com||Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.||29 days||HTTP Cookie|
|rpx||rubiconproject.com||Unclassified||29 days||HTTP Cookie|
|test_cookie||doubleclick.net||Used to check if the user's browser supports cookies.||Session||HTTP Cookie|
|Unclassified||3 months||HTTP Cookie|
|tuuid_last_update||360yield.com||Unclassified||3 months||HTTP Cookie|
|tuuid_lu||bidswitch.net||Unclassified||1 year||HTTP Cookie|
|um||360yield.com||Unclassified||3 months||HTTP Cookie|
|umeh||360yield.com||Unclassified||3 months||HTTP Cookie|
|VISITOR_INFO1_LIVE||youtube.com||Tries to estimate the users' bandwidth on pages with integrated YouTube videos.||179 days||HTTP Cookie|
|YSC||youtube.com||Registers a unique ID to keep statistics of what videos from YouTube the user has seen.||Session||HTTP Cookie|
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
|ZD-buid||cookiebot.com||Unclassified||Persistent||HTML Local Storage|
|ZD-currentTime||cookiebot.com||Unclassified||Session||HTML Local Storage|
|ZD-settings||cookiebot.com||Unclassified||Persistent||HTML Local Storage|
|ZD-suid||cookiebot.com||Unclassified||Persistent||HTML Local Storage|
SECTION 7 - CHILDREN’S PRIVACY
Our Site is not directed to children under the age of 18. We do not knowingly collect any personal information about children under the age of 18. If we obtain actual knowledge that we have collected personal information about a child under the age of 18, that information will be promptly deleted from our database, unless it is necessary to retain it for legal purposes. If a parent believes that his or her child has submitted personal information to us, he or she can contact us via e-mail. We will promptly delete the information upon learning that it relates to a child under the age of 18. Please note that it is possible some of this information may remain archived in web logs and back-up archives after we delete the information from our active database.
- YOUR CALIFORNIA PRIVACY RIGHTS
We will not share any personal data with third-parties for their direct marketing purposes to the extent prohibited by California law. If our practices change, we will do so in accordance with applicable laws and will notify you in advance. California law requires that operators of online services disclose how they respond to a Do Not Track signal. Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the online service that a user visits, indicating that the user does not wish to be tracked. We do not currently respond to Do Not Track signal.
- EU USERS’ RIGHTS
- Your GDPR rights to be informed, to access, rectify, erase or restrict the processing of your personal information. You have the right to receive free information about what personal data we have obtained about you, where it is stored, for how long, for what purposes it is used, to whom it was disclosed. You have the right to require that we, without undue delay, rectify of inaccurate personal data concerning you. That means you can request we change your personal data in our records, or have you incomplete personal data completed. You have the “right to be forgotten,” i.e. to have us delete your personal information, without undue delay, if the data is no longer necessary in relation to the purposes for which it was collected. However, GDPR gives us the right to refuse erasure if we can demonstrate compelling legitimate grounds for keeping your information.
GDPR gives you the right to restrict processing if any of the following applies:
If you contest the accuracy of your personal data, we will restrict processing it for a period enabling us to verify its accuracy.
ii. The processing is unlawful and you oppose its erasure and request instead the restriction of its use.
iii. We no longer need your personal data for the purposes of the processing, but you require us to restrict processing for the establishment, exercise or defence of legal claims.
iv. You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether ourlegitimate grounds override yours.
- Right to data portability. Upon request, we will provide you your personal data in our possession, in a structured, commonly used and machine-readable format. You have the right to transmit that data to another controller if doing so does not adversely affect the rights and freedoms of others.
- Right to object. You can object, on grounds relating your particular situation, at any time, to processing of your personal information, if based on point (e) or (f) of Article 6(1) of the GDPR. We will then have to stop processing, unless we can demonstrate compelling legitimate grounds for the processing. If you object to the processing for direct marketing purposes, we will have to stop processing for these purposes.
- Right to withdraw consent. GDPR grants you the right to withdraw your earlier given consent, if any, to processing of your personal data at any time.
- Rights related to automated decision making. As a responsible business, we do not rely on any automated decision making, such as profiling.
We retain your personal data for as long as your account is active or for as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise permitted or required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our rights. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at BAGGU
[Re: Privacy Compliance Officer]
[2415 3rd Street, Suite 239, San Francisco, CA, 94107, United States]