WHAT INFORMATION DO WE COLLECT AND WHAT DO WE DO WITH IT?
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): When you sign up to receive our e-newsletters or marketing emails, you give us permission to send you emails about our store, new products and other updates.
Here is a partial list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you imply that you consent to our collecting it and using it for that specific reason only.
Under the General Data Protection Regulation (GDPR), additional lawful basis we may rely on for processing your information are:
- We have a contractual or legal obligation
- We have a vital or legitimate interest.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say ‘no.’
DATA STORAGE AND RETENTION
When you sign up for our e-newsletter, marketing or other notifications, your data is stored on our servers, which may be outside the United States. We maintain your data until you unsubscribe from our email notifications. You can unsubscribe by clicking the “unsubscribe” link in our notices.
When your purchase products through our on-line store, your data is stored through Shopify’s data storage, databases and the general Shopify application. In general, Shopify will keep your data as long as Shopify provides the platform for our online store and purge it 90 days after our store is closed.
SHARING PERSONAL INFORMATION
We do not sell any personal information we collect from you without your consent to any other business or vendor who does not need your information to provide a service to us or to you related to your interaction with our Website.
We and our affiliates (including Shopify, Inc.) may share personal information about you with third parties in the following circumstances:
- Your personal information, and the contents of all of your online communications on or through our sites and services may be accessed and monitored as necessary to operate our sites and perform our services, and may be disclosed:
- to satisfy any applicable laws or regulations,
- to defend ourselves in litigation or a regulatory action,
- when we have a good faith belief that we are required to disclose the information in response to legal process (for example, a subpoena, court order, or search warrant),
- where we believe our sites and services are being used in the commission of a crime, including to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and risk management.
- We may share personal information about you for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
- We may affiliate with other businesses to assist us in our marketing, communications, and sales efforts, and may share information about you for these purposes. If any of those communications require us to obtain your authorization to disclose your personal or health information, we will obtain your authorization first.
- In addition, information about our users, including personal information, may be disclosed as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of insolvency, bankruptcy or receivership in which personal information could be transferred to third parties as one of our business assets.
YOUR DATA PROTECTION RIGHTS
We provide all our customers, including those who are residents of the European Union, the following rights;
- Right to Withdraw Consent – You have the right to withdraw previously given consent to the processing of your data. If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at the address below.
- Right of Access – You have the right to ask us for copies of your personal information.
- Right to Rectify – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure – You have the right to ask us to erase your personal information in certain circumstances. However, we cannot erase your order information for 180 days, which is the window of time in which Shopify allows a customer to make chargeback.
- Right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
- Right to data portability – You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances. You may request your data by contacting us at the address under the “Questions and Contact Information” heading below.
If you would like to exercise any of these rights, please contact us through the contact information below. If you make a request, we will make reasonable efforts to respond within 30 days unless required by applicable law to respond sooner.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you should read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
It is important to remember that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our services. We cannot assume responsibility or liability for unauthorized access to our servers and systems. When disclosing any personal information, you should remain mindful of the fact that it is potentially accessible to the public and, consequently, can be collected and used by others without your consent. Accordingly, you should consider carefully if you want to submit sensitive information that you would not want disclosed to the public and should recognize that your use of the Internet and our sites and services is solely at your risk.
LINKED SITES AND SERVICES
We may also provide social media features on our sites and services that enable you to share personal information with your social network(s) and to interact with our sites and services. Depending on the features, your use of these features may result in the collection or sharing of personal information about you. We encourage you to review the privacy policies and settings on the social media site(s) with which you interact. We are not responsible for the privacy or security of any information you share on such sites.
DO NOT TRACK
We do not currently actively respond to "Do Not Track" browser signals or mechanisms that indicate a request to disable online tracking of individual users who use our sites and services.
AGE OF CONSENT
We do not intend to collect any information from anyone under 18 years of age in compliance with the Children’s Online Privacy Protection Act (COPPA) and the General Data Protection Regulation (GDPR) of the European Union. If you are under 18, please do not disclose or provide any information. If we learn that we have collected personal information from a child under 18, we will take steps to promptly delete the information.
By using this site, you represent that you are at least 18 years of age or the age of majority in your state or province of residence. Alternatively, if you are the parent or guardian of someone under 18, you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Data Protection/Privacy Compliance Officer at firstname.lastname@example.org or by mail at:
Grassroots Self Treatment
Attn: Privacy Compliance Officer
1760 South 1100 East, Suite 3
Salt Lake City, Utah US 84105