PRIVACY STATEMENT

SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.

SECTION 2 - CONSENT

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at shopcerisetea@gmail.com.

SECTION 3 - DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SECTION 4 - THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

 

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

SECTION 5 - SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

SECTION 6 - COOKIES

Cerise Tea Clothing uses cookies according to the new Electronic Communications Act, which came into force on 25 July 2003. A cookie is a small text file stored on your computer that contains information that helps the website to identify and track the visitor. Cookies do no harm to your computer, consist only of text, can not contain viruses and occupies virtually no space on your hard drive. There are two types of cookies: "Session Cookies" and cookies that are saved permanently on your computer.

The first type of cookie commonly used is "Session Cookies". During the time you visit the website, our web server assigns your browser a unique identifier string so as not to confuse you with other visitors. A "Session Cookie" is never stored permanently on your computer and disappears when you close your browser. To use Cerise Tea without troubles you need to have cookies enabled.

The second type of cookie saves a file permanently on your computer. This type of cookie is used to track how visitors move around on the website. This is only used to offer visitors better services and support. The text files can be deleted. On Cerise Tea we use this type of cookie to keep track of your shopping cart and to keep statistics of our visitors. The information stored on your computer is only a unique number, without any connection to personal information.

SECTION 7 – PERSONAL DATA

This Application collects some Personal Data from its Users.

Data Controller and Owner

Cerise Tea,

shopcerisetea@gmail.com

Types of Data collected

Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Email address, Cookie and Usage data.

Other Personal Data collected may be described in other sections of this privacy policy or by dedicated explanation text contextually with the Data collection.

The Personal Data may be freely provided by the User, or collected automatically when using this Application.

Any use of Cookies - or of other tracking tools - by this Application or by the owners of third party services used by this Application, unless stated otherwise, serves to identify Users and remember their preferences, for the sole purpose of providing the service required by the User.

Failure to provide certain Personal Data may make it impossible for this Application to provide its services.

Users are responsible for any Personal Data of third parties obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.

Mode and place of processing the Data

Methods of processing

The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.

Place

The Data is processed at the Data Controller's operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.

Retention time

The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.

The use of the collected Data

The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Managing contacts and sending messages, Contacting the User and Analytics.

The Personal Data used for each purpose is outlined in the specific sections of this document.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Analytics

Google Analytics (Google)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.

Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

Personal Data collected: Cookie and Usage data.

Place of processing : USA – Privacy Policy – Opt Out

Contacting the User

Mailing List or Newsletter (This Application)

By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Application. Your email address might also be added to this list as a result of signing up to this Application or after making a purchase.

Personal Data collected: Email address.

Contact form (This Application)

By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.

Personal Data collected: Email address.

Managing contacts and sending messages

These services make it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.

These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

Mailchimp (Mailchimp)

Mailchimp is an email address management and message sending service provided by Mailchimp Inc.

MailChimp has TRUSTe's Privacy Seal, which means this privacy policy has been reviewed by TRUSTe for compliance with their program requirements, including transparency, accountability, and choice related to the collection and use of your Personal Information. The TRUSTe program covers our Websites, http://www.mailchimp.com, http://www.tinyletter.com, http://www.mandrill.com, as well as the Golden Monkeys mobile app. TRUSTe is an independent third party that operates a globally recognized privacy trustmark.

Personal Data collected: Email address.

Place of processing: USA – Privacy Policy

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.

The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.

System Logs and Maintenance

For operation and maintenance purposes, this Application and any third party services may collect files that record interaction with this Application (System Logs) or use for this purpose other Personal Data (such as IP Address).

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

The rights of Users

Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.

This Application does not support “Do Not Track” requests.

To determine whether any of the third party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller removes the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.

Information about this privacy policy

The Data Controller is responsible for this privacy policy, prepared starting from the modules provided by Iubenda and hosted on Iubenda's servers.

SECTION 8 – PAYMENT AND CREDIT/ DEBIT CARD INFORMATION

We use secure Stripe to handle all payment and checkout processes.

About Stripe :

PCI

Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.

SSL and HSTS

Stripe forces HTTPS for all services, including our public website. We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Chrome and Firefox.

For more about implementing SSL on your own website, read our SSL guide.

Encryption

All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share any credentials with Stripe's primary services (API, website, etc.).

Disclosure

We rapidly investigate all reported security issues. If you believe you've discovered a bug in Stripe's security, please get in touch at security@stripe.com (optionally using our PGP key at the bottom of this page). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Stripe.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact us at shopcerisetea@gmail.com.