1. GENERAL INFORMATION
Here you can find some general information about us and the Website.
1.2 Data controller. The Website is owned and operated by Private Label LLC having a registered address at 16192 Coastal Highway, Lewes, Delaware 19958, the United States of America, and the company number 626485 (“we,” “us,” and “our”).
1.3 Minors. The Website is not intended for use by persons under the age of 18. We do not knowingly collect personal data belonging to persons younger than 18. If you become aware that such a person has provided us with his or her personal data and you are a parent or a legal guardian of that person, please contact us immediately and we will remove the child’s personal data from our systems.
2. WHAT DATA DO WE COLLECT?
Here we explain in detail what personal data we collect from you, for what purposes we use it, what technical data is collected automatically when you use the Website, and how we communicate with you.
2.1 Sources of personal data. We obtain your personal data from the following categories of
Directly from you. For example, if you submit your personal data when you place an order or contact us;
Directly or indirectly through your activity on the Website. When you use the Website, we automatically collect technical information about your use of the Website; and From third parties. We may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a legal basis for disclosing your personal data to us (for example, for payment processing purposes).
2.2 Collection of personal data. We comply with data minimisation principles. This means that we collect only a minimal amount of personal data that is necessary for your use of the Website.
your personal data was provided. Below, you can find an overview of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing it.
Your Account. When you create your user account, we collect your first name, last name, email address, and password. We use such information to register and maintain your user account, enable you to place your orders, provide you with the requested services, contact you, if necessary, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate interests’ (i.e., operate, analyse, grow, and
administer the Website). We will store this data until you delete your user account.
Orders. When you place an order, we collect your email address, phone number, first name, last name, company, and delivery address. We use the said information to deliver your orders, send you transactional receipts, contact you, if necessary, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate interests’
(i.e., to administer the Website). We will store this data for as long as required by the applicable law or you delete your user account, whichever later.
Payments. When you make a payment, our third-party payment processors (as specified insection 4.2 below) collect your personal data, such as your name and payment details (e.g., credit
card or PayPal details). We do not have access to your full payment data; only a part of your personal data is made available to us by the payment processors. Your payment data is used to process payments and maintain our accounting records. The legal bases on which we rely are performing our contractual obligations’ and ‘pursuing our legitimate interests’ (i.e., to administer
our business). We store such data for the time period prescribed by law.
Inquiries. When you contact us by email, we collect your first name, last name, email address, phone number, and any information that you decide to include in your message. We use such data to respond to your inquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., to grow and promote the Website) and ‘your consent’ (for optional personal data). We will store this data until you stop communicating
analyze our content and protect the Website) and ‘your consent’. We will store this data as long as analytics records are necessary for our activities or you withdraw your consent.
Reviews. When you leave a review about the products purchased by you through the Website, we collect your name, email address, and any information that you decide to provide in your review. We use the said data to feature your review and enforce our legal terms. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., to protect the Website) and ‘your consent’. We will store this data as long you ask us to delete your review.
2.2 Sensitive data. We do not collect or use any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data refers to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.
2.3 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask for it, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Website, receive the requested information, or get our response.
Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.
2.4 Collection of analytics data. When you browse the Website, we collect or have access to certain technical analytics data collected from you. Such data includes the following information:
Your activity on the Website (time of visit, pages visited, products viewed, time spent on each page, clicks, scroll depth, interaction with widgets);
URL addresses from which you access the Website;
Your browser type and version;
Your operating system;
Your device details;
Information about your orders;
IP address; and
Your other online behavior.
2.5 Purposes of analytics data. We use your analytics data to analyze what kind of users access and use the Website, measure your engagement with the Website, see which products are interesting to you, improve our content, develop new products and services, and investigate and prevent security issues and abuse. In most cases, such analytics data is non-personal and it does
not allow us to identify you as a natural person. However, some of such data (like your IP address) may be considered personal data and we will make sure that we have the necessary legal basis for processing such data. When we process your analytics data that is personal data, we rely on the ‘legitimate interest’ (i.e., to analyze and improve the Website) and ‘your consent’ bases.
2.6 Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records).
2.7 Aggregated and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be
considered personal data and we may use it for any legitimate purpose.
2.8 Commercial communication. If you opt-in for our newsletter by ticking a box or subscribe for a newsletter by giving us your email address, we will inform you about our new products, features of the Website, and special offers. The legal basis on which we rely is ‘your consent’. Please note that we send you our commercial communication only if:
You provide us with your consent (e.g., by ticking a box);
You voluntarily subscribe to our newsletter; or
You purchase products from us and we would like to inform you about our similar products that may be of interest to you.
2.10 Transactional notices. If we have your email address and it is necessary to do so, we may send you important informational messages, such as order updates, payment receipts, invoices, shipping information, and other technical or administrative emails. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related
3. HOW LONG DO WE STORE YOUR DATA?
Here we explain for how long we keep your data in our systems and how we delete it.
legal obligations, resolve disputes and enforce our agreements.
3.3 Storage as required by law. When we are obliged by law to store your personal data for a certain period of time (e.g., for keeping accounting records), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
4. HOW DO WE DISCLOSE YOUR DATA?
Here you can find information about third parties that may have access to your personal data.
4.1 Disclosure to data processors. We keep your personal data in strict confidentiality. However, if necessary for the intended purpose of your personal data, we will disclose your personal data to entities that provide services on our behalf (our data processors). Your personal data may be shared with entities that provide technical support services to us, such as hosting, payment processing, and email distribution services. We do not sell your personal data to third parties and do not intend to do so in the future. The disclosure of your personal data is limited to the situations when it is required for the following purposes:
Ensuring the proper operation of the Website;
Delivering your products;
Processing your payments;
Responding to your inquiries;
Pursuing our legitimate interests;
Enforcing our rights, preventing fraud, and security purposes;
Carrying out our contractual obligations;
Law enforcement purposes; or
If you provide your prior consent to such a disclosure.
Our hosting, cloud storage, newsletter, and marketing service provider Shopify located in Canada;
Our analytics service providers Shopify (Canada), Google (USA), Snapchat (USA), and Facebook
Our payment service providers Shopify (Canada), PayPal (USA), Stripe (USA), Afterpay
(Australia), Google Pay (USA), and Apple Pay (USA);
Our live chat service provider Gorgias located in the United States;
Our shipping service providers Shopify (Canada) and ShipBob (USA);
Our email marketing service provider Elastic Email located in Canada;
Our text messaging service provider Emotive located in the United States;
Our accounting software provider located in the United States; and
Our independent contractors and consultants.
4.3 International transfers. We and some of our data processors may be based outside the country where you reside. For example, if you reside in the EEA or the UK, we may need to transfer your personal data outside the EEA or the UK. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protection (e.g., a data processing agreement based pre-approved standard
4.4 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose as it does not identify you as a natural person. For example, we may share it with prospects or partners for business or research purposes, for improving the Website, responding to lawful requests from public authorities or developing new products and services.
4.5 Legal requests. If requested by a public authority, we will disclose information about the users of the Website to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
5. HOW DO WE PROTECT YOUR DATA?
Here you can find information on how we protect your data against breaches.
5.1 Security measures. We implement technical and organizational information security measures that protect your personal data from loss, misuse, unauthorized access and disclosure. The security measures taken by us include proper authentication, secured networks, encryption, strong passwords, limited access to your personal data by our staff, anonymization of personal data (when possible), and carefully selected data processors.
5.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communication and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by
the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
6. HOW CAN YOU MANAGE YOUR PERSONAL DATA?
Here you can find detailed information about the rights that you have with regard to your personal data and how to exercise those rights.
6.1 The list of your rights. You have the right to control how we process your personal data. Subject to any exemptions provided by law, you have the following rights:
Right of access: you can get a copy of your personal data that we store in our systems and a list
of purposes for which your personal data is processed;
Right to rectification: you can rectify inaccurate personal data that we hold about you;
Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our
Right to restriction: you can ask us to restrict the processing of your personal data;
Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another
Right to object: you can ask us to stop processing your personal data;
Right to withdraw consent: you have the right to withdraw your consent, if you have provided
Right to complaint: you can submit your complaint regarding our processing of your personal data.
6.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no
later than 30 days). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
Our email address: firstname.lastname@example.org
Postal address: Private Label LLC, 16192 Coastal Highway, Lewes, Delaware 19958, the United States of America