LAST REVISED: APRIL 30, 2021
REVISIONS TO THIS POLICY
SECTION 1 – COLLECTION OF PERSONAL DATA
We collect personal data from you in connection with your access to and use of our website, your in-store or online purchases of our products or services, or if you provide us with personal data through other channels or media, such as social media or an event registration service. In particular, we collect personal data directly from you in connection with the following activities:
Registering for an account or filling in forms on our websites or in our stores (this includes information you provide when you request additional information, in writing or verbally, about our products or services or sign up to receive our e-mail newsletters, marketing messages or coupons);
Completing a profile or uploading goals to our website;
Interacting with us on social media, such as by tagging us and/or our products, or permitting us to follow your social media profile;
Purchasing any product or service from us;
Providing design or product feedback or making other submissions to us;
Requesting information or assistance from us, including correspondence with our customer service team and through social media;
Participating in or responding to surveys or requests for opinions, feedback and preferences regarding our products and services;
Participating in or registering for events, consumer contests, sweepstakes and other promotions;
Using other features of our websites that may be offered from time to time, which may require such information in order to utilise the feature.
We collect the following types of personal data in connection with the activities described above: your name, username, password, e-mail address, address, telephone number, credit card and debit card numbers (with expiration dates), personal preferences, goals, and any other personal data that you choose to include in your profile or in other communications with us.
When you access and use our websites, we also automatically collect data, including personal data, using cookies, pixels and local storage. The data we automatically collect includes your IP address, browser type, access times, pages viewed, the frequency of your visits to our websites, the routes by which you access our websites, and your use of any hyperlinks available on our websites. This helps us to provide you with a good experience when you browse our websites and allows us to improve our websites.
You may have the option to link your social media account to our social media account (such as on Facebook). If you do link your social media account to our social media account, the social media service may share certain data about you and your activities with us in accordance with their privacy policies and your privacy settings on their services. If we receive data about you in this manner, we combine that data with the personal data we collect directly from you.
SECTION 2 - WHAT DO WE DO WITH YOUR INFORMATION?
In general, we use your personal data to respond to your requests, conduct your requested transactions, maintain and customize your account and our interactions with you and provide, maintain and improve our products and services. The specific purposes for which we process your personal data are set out below:
To administer your online account and profile (the legal basis for this processing is our legitimate interest in better understanding user needs and expectations and improving our website);
To provide products and services to you, which includes processing payments, sending notifications related to your purchases, and processing exchanges and returns (the legal basis for this processing is the performance of the purchase agreement between you and TSR);
To conduct or administer events, contests, prize draws, sweepstakes or other promotions in which you have participated (the legal basis for this processing is the performance of the agreement between you and TSR related to such contest, prize draw, sweepstakes or other promotion);
To respond to any communications from you, including to troubleshoot problems with our websites (the legal basis for this processing is our legitimate interest in providing you with a functional website);
To analyse your use of and customise your experience on our websites (the legal basis for this processing is our legitimate interest in better understanding user needs and expectations and improving our websites);
To develop and manage TSR's business and operations (the legal basis for this processing is our legitimate interest in understanding shopping behaviour, improving our selection of products and services, and exploring ways to develop and enhance our business);
To measure your social media engagement with our brand (the legal basis for this processing is our legitimate interest in understanding the efficacy of our marketing strategies);
To detect, investigate and prevent fraudulent transactions, error, negligence, breach of contract, and other illegal activities and protect against harm to the rights, property or safety of TSR and our users, customers, employees or the public, including by using video surveillance systems (the legal basis for this processing is our legitimate interest in preventing fraud, error, negligence, contractual breach and other illegal activities and protecting and securing our premises, customers, employees and the public);
To comply with our legal obligations, including our tax obligations, those related to the prevention of fraud and money laundering, and those required for you to benefit from rights recognized by law, or any regulatory requirements or provisions (the legal basis for this processing is compliance with our legal obligations under laws in Canada related to, for instance, taxation, money-laundering and terrorism financing and consumer protection law);
To offer you opportunities to purchase products or services that we believe may be of interest to you, by supplementing the information we collect about you with information from third parties (the legal basis for this processing is our legitimate interest in providing information about products and services that may be of interest to you, unless applicable law requires us to obtain your consent, in which case we will do so).
SECTION 3 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com or mailing us at:
The Saree Room
1655 Dupont Street
SECTION 3 - DISCLOSURE
We do not share personal data about you with third parties except as follows:
- Our affiliates and subsidiaries. We disclose your personal data to our subsidiaries and affiliates for the purposes described in Section 2 ABOVE. Please note that these disclosures may involve cross-border transfers of your personal data.
- Our Service Providers. We share personal data with third parties that perform services for us, including customer support, web hosting, information technology, payment processing, product fulfilment, fraud control, direct mail and email distribution, contest, event, sweepstakes and promotion administration, and analytics services. We only share with service providers the personal data that they need to perform services for us. Since our service providers are located around the world, please note that these disclosures involve cross-border transfers of your personal data.
- Corporate Transactions. Personal data may be disclosed or transferred as part of, or during negotiations of any purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, securitisation or financing involving TSR.
- Professional Advisors. We share personal data with our legal, financial, insurance and other advisors in connection with the kinds of corporate transactions described above or in connection with the management of all or part of TSR’s business or operations.
- Compliance with Law. We disclose personal data when we believe doing so is reasonably necessary to comply with applicable law or legal process (including requests from authorities), to respond to claims (including inquiries by you in connection with your purchases from TSR), or to protect the rights, property or personal safety of TSR, our users, employees or the public.
- Consent. We share personal data with third parties when we have your consent to do so. For example, if you decide to participate in certain interactive areas or features of our websites, such as creating a public profile and posting your goals, you consent to the disclosure of this information to other users of our websites.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. Shopify stores your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, Shopify will store your credit card data. This data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read:
Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or
Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 – DATA SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. Unfortunately, the transmission of information via the internet is not completely secure or private. You understand that any messages or information you send to our websites may be read or intercepted by others.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. If you have any questions about the security of personal data collected by TSR, you may email us at firstname.lastname@example.org
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so that you can choose if you want to opt-out of cookies or not.
- _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
- _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
- PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where
SECTION 8 – YOUR CHOICES
Consistent with applicable law, you may exercise any of the choices described in this section. Please note that we may ask you to verify your identity and request before taking further action on your request.
ACCESS & DATA PORTABILITY
In certain jurisdictions, applicable law may entitle you to request access to or copies of your personal data stored by TSR. You may also be entitled to request copies of personal data that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
You may review and modify your account and profile information by logging into your online account at any time. If you cannot update the information yourself, you can also contact us at email@example.com and request that we update your account or profile information.
In certain jurisdictions, applicable law may entitle you to request deletion of your personal data stored by TSR. Please note that if you request the erasure of your personal data, we may retain and/or use your personal data to:
- Exercise our legitimate business interests, such as fraud detection and prevention and enhancing safety against malicious, deceptive, fraudulent or illegal activity, and/or to prosecute those responsible for such activity;
- Establish, exercise or defend legal claims, or comply with applicable law;
- Perform our contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- Perform a task carried out in the public interest or in the exercise of official authority vested in TSR;
- Identify, debug and/or repair errors that impair intended functionality;
- Exercise free speech, and ensure the right of others to exercise their free speech or another right provided by law;
- Complete a transaction and/or provide a good or service requested by you or reasonably anticipated by you within the context of the business relationship, or to otherwise perform the contract;
- Protect your vital interests, or the vital interests of others; and,
- As otherwise permitted under applicable law.
You may opt out of receiving promotional communications from us by following the instructions in those communications or by logging into your online account and changing your communications preferences. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations.
COOKIES AND SIMILAR TRACKING TECHNOLOGIES
Attn: Privacy Officer
The Saree Room Inc.
1655 Dupont Street