Who we are
This privacy policy (“Policy”) describes how Frozen Tundra Designs (“FT”, “we”, “us” or “our”) collects, protects and uses the personally identifiable information (“Personal Information”) you (“User”, “you” or “your”) may provide on the frozentundradesigns.com website and any of its products or services (collectively, “Website” or “Services”).
It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
What personal data we collect and why we collect it
Automatic collection of information
When you visit the Website our servers automatically record information that your browser sends. This data may include information such as your device’s IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.
Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding Website usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.
Collection of personal information
You can visit the Website without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the Website’s features, you will be asked to provide certain Personal Information (for example, your name and e-mail address). We receive and store any information you knowingly provide to us when you make a purchase, create an account, publish content, or fill any online forms on the Website. When required, this information may include the following:
- Personal details such as name, country of residence, etc.
- Contact information such as email address, address, etc.
- Account details such as user name, unique user ID, password, etc.
- Any other materials you willingly submit to us such as feedback, images, etc.
You can choose not to provide us with your Personal Information, but then you may not be able to take advantage of some of the Website’s features. Users who are uncertain about what information is mandatory are welcome to contact us.
While you visit our Website, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
We’ll also use cookies to keep track of cart contents while you’re browsing our site. Please refer to our detailed Cookie Policy.
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We will also store comments or reviews, if you choose to leave them.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. You may review relevant sections of this Policy for more information. Specific cases of personal data collection follow.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, a timestamp, and also the visitor’s IP address and browser user agent string to help spam detection. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content.
For security reasons and to protect this website from spam, comment data will be processed in the CleanTalk Cloud Service and will be stored in log files for 7 days. On the expiry of the mentioned period, they will be deleted completely. CleanTalk may use information of spam activity of IP/email addresses to offer proper anti-spam protection to all websites connected to its service. It concerns exclusively those IP/email addresses that are being used for spam mailing.
Jetpack (by Automattic) provides the comments feature and will store the comment author’s name, email address, and site URL (if provided during the comment submission) in cookies. Learn more about these specific cookies on the Jetpack website.
An anonymized string created from your email address (also called a hash) provided in the comment form may be provided to the Gravatar service (by Automattic) to see if you are using it. If so, the hash enables Gravatar Hovercards feature to retrieve your profile image. After approval of your comment, your profile picture is visible to the public in the context of your comment. See Automattic’s privacy policy for more information.
Review relevant sections of this Policy for more information on data sharing.
Reviews
FT uses Customer Reviews for Woocommerce by ivole to collect and collate trusted, verified reviews of our products. After a purchase, the purchaser’s name and email address and an email request are sent to Customer Reviews. Customer Reviews does not use your name and email address for any purpose other than to request a review and send a follow up email and offer code when a review is placed. Review requests will only be sent once for each product.
Reviews are published on the Customer Reviews for Woocommerce website www.cusrev.com in addition to being displayed on our Website. They will collect the information that you provide in form fields as well as your IP address. If you do not respond to an email request for a review, Customer Reviews will delete your personal information after 3 months. Review Customer Reviews privacy policy for more information.
You can delete your review at any time and/or contact Customer Reviews at [email protected] to have your personal information deleted. Please also contact us at the address in this document to ensure any personal information relating to your review is removed from this site as well.
Reviews published on this Site will automatically be scanned by our anti-spam service provider CleanTalk. Your data may be processed accordingly in the CleanTalk Cloud Service and stored in log files for 7 days. On the expiry of the mentioned period, they will be deleted completely.
Likes
Only users logged in to WordPress.com can access this feature. In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code. Post likes are tracked.
Notifications
This feature is only accessible to registered users of the site who are logged in to WordPress.com. This feature provided by Jetpack uses the following information: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to FT via this feature including email address, WordPress.com username, site URL, email address, comment content, follow actions, etc.
The following activities relating to this feature may be tracked: sending notifications (i.e. when Jetpack send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.
Media
If you upload images to the website (for example, as part of a product review), you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Newsletters
We offer electronic newsletters (email updates) to which you may voluntarily subscribe at any time. We are committed to keeping your e-mail address confidential and will not disclose your email address to any third parties except as allowed in the information use and processing section or for the purposes of utilizing a third-party provider to send such emails (see below). We will maintain the information sent via e-mail in accordance with applicable laws and regulations.
In compliance with the CAN-SPAM Act, all e-mails sent from us will clearly state who the e-mail is from and provide clear information on how to contact the sender. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, you will continue to receive essential transactional emails.
Newsletters are sent through the third-party automated communications platform Mailchimp. Mailchimp receives information that you provide in the email signup form and additionally collects information through cookies and other tracking technology (see Cookie Policy). This includes information on your device and interaction with the email, such as opening the email and browsing. Mailchimp uses this data to ensure compliance with terms, to protect rights and safety, meet legal obligations (including providing to attorneys and accountants), to provide support, to perform analytics, and to carry out other business purposes. For more details on how your data is collected and used, including how to opt out of certain data collection and use, see the Privacy for Contacts section of Mailchimp’s Privacy Policy.
Contact forms
The contact form is managed using Jetpack by Automattic. If you contact us through the contact form, the actual submission data is stored in the database of our Website and is emailed directly to FT. This email will include the submitter’s IP address, timestamp, name, email address, website, and message. The submission data is stored on the website only as long as is required for customer service and website improvement purposes. Record of the emailed submission may persist on the email server (hosted by Zoho – see their Privacy Policy). We do not use the information submitted through the contact form for marketing purposes.
For security reasons and to protect this website from spam, your data will be processed in the CleanTalk Cloud Service and will be stored in log files for 7 days. On the expiry of the mentioned period, they will be deleted completely. CleanTalk may use information of spam activity of IP/email addresses to offer proper anti-spam protection to all websites connected to its service. It concerns exclusively those IP/email addresses that are being used for spam mailing. Review relevant sections of this Policy for more information on data sharing.
Cookies
The Website uses “cookies” to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
We may use cookies to collect, store, and track information for statistical purposes to operate our Website and Services. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you will not be able to use many of the features of the Website and Services. To learn more about cookies and how to manage them, visit internetcookies.org
Please review our full Cookie Policy for more information.
Payments
Payments are processed off-site through the secure third-party payment processors PayPal or Square, depending on your payment choice made at checkout. Both payment gateways feature end-to-end encryption and are fully PCI-DSS (Payment Card Industry Data Security Standard) compliant, with payment information processed directly on their own servers. No credit card or bank payment details are collected or maintained by FT.
Woocommerce collects some payment related information, such as the purchase total, currency, and billing information, which is stored in the website database as order information and passed to the payment processors in order to process or support the payment. Destination address, purchased product IDs, dimensions, weight, and quantities are used for checkout rates, and customer’s name, address, product dimensions, weight, price, and quantities are used to create shipping and customs labels. See relevant sections of this Policy for details on how information is stored and shared.
Additionally, data pertaining to gift card purchases will be collected by Gift Up!, a third party platform that enables Frozen Tundra gift cards. The following information is collected to support and process the order and payment, screen for risk and fraud, and authenticate: your name, email, shipping and billing address, payment details, IP address, information about the order you initiate, and information about the device and browser you use. Some of the personal information provided to Gift Up will be used to conduct some level of automated decision-making.
Payments for gift cards are still processed through Square or PayPal payment processors.
Both payment processors will collect information required to complete the payment including geolocation data, and any additional information you willingly provide through your account with them in the case of Paypal, which is collected, processed, and stored in accordance with their privacy policies and user terms. For more information on payment security and privacy, see Square’s security details and Privacy Policy and Paypal’s safety and security page and Privacy Policy.
Login Protection
In order to check login activity and potentially block fraudulent attempts, the following information is used by Jetpack: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
Failed login attempts (these include IP address and user agent) are tracked. Jetpack also sets a cookie for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this specific cookie on the Jetpack website.
Social Media Sharing
Each social media sharing button on the Website loads content directly from its service in order to display the button as well as information and tools for the sharing party. As a result, each service can in turn collect information about the sharing party.
Links to other websites
Our Website contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or third-parties. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that may collect Personal Information.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
WordPress.com statistics are collected through Jetpack by Automattic. The Personal Information used to power these statistics include IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, and country code. Jetpack collects the same information based on additional loads in the case of Infinite Scroll (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). FT does not have access to any of this information via this feature. For example, we see the number of views for a specific page but not which Users viewed it. Stats logs containing visitor IP addresses and WordPress.com usernames (if available) are retained by Automattic for 28 days and are used for the sole purpose of powering these Site statistics.
As part of this feature, Jetpack tracks specific activity by Users: post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. Jetpack also tracks performance on each page load exclusively for aggregate performance tracking across Jetpack sites in order to monitor plugin performance. This includes the tracking of page load times and resource loading duration (image files, JavaScript files, CSS files, etc.). See Automattic’s privacy policy for more information.
Do Not Track signals
Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. Our Website respects Do Not Track signals.
However, there is currently no standard dictating response of websites to this signal, and many websites do not respect the request. Some third party sites may keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.
Managing personal information
You are able to delete certain Personal Information we have about you. The Personal Information you can delete may change as the Website or Services change. When you delete Personal Information, however, we may maintain a copy of the unrevised Personal Information in our records for the duration necessary to comply with our obligations to our affiliates and partners, and for the purposes described below. If you would like to delete your Personal Information or permanently delete your account, you can do so on the settings page of your account on the Website or simply by contacting us.
Use and processing of collected information
In order to make our Website and Services available to you, or to meet a legal obligation, we need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Some of the information we collect is directly from you via our Website. However, we may also collect Personal Information about you from other sources. Any of the information we collect from you may be used for the following purposes:
- Create and manage user accounts
- Respond to inquiries and offer support
- Request user feedback
- Administer prize draws and competitions
- Sell products/ fulfill orders
- Enforce terms and conditions and policies
- Protect from abuse and malicious users
- Respond to legal requests and prevent harm
- Run and operate our Website and Services
Processing your Personal Information depends on how you interact with our Website, where you are located in the world and if one of the following applies:
- (i) You have given your consent for one or more specific purposes. This, however, does not apply, whenever the processing of Personal Information is subject to California Consumer Privacy Act or European data protection law;
- (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof;
- (iii) Processing is necessary for compliance with a legal obligation to which you are subject;
- (iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
- (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
We may also use and share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify any individual, for instance, aggregate statistics on Website and Service use.
Information transfer and storage
Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this Policy or inquire with us using the information provided in the contact section.
Who we share your data with
We share information with third parties who help us maintain our website and provide our store services to you.
Automattic powers many of the core Site features as described in this Policy, via WordPress, Woocommerce, and Jetpack. Jetpack and Woocommerce in particular interact with much of the Personal Information collected on this Site. In order to maintain functionality, some of the data collected must be synced to Automattic/Woocommerce and/or WordPress servers. Following is a list of those instances:
- If you use the Contact Form: post and post meta data associated with the contact form submission.
- If you leave a comment on the Site: all data and metadata associated with the comments. This includes the status of the comment.
- For WordPress logins: failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
If you make a purchase on the Site, order and payment related details are also sent to third parties as required to complete the request for service and described below.
- For payment: the purchase total, currency and customer’s billing information (Name, Email, Address, Phone, City/State/Zip) is sent to the respective payment processor. Please see the respective third party’s privacy policy (Square’s Privacy Policy and Paypal’s Privacy Policy) for more details.
- For checkout rates: the destination ZIP/postal code and purchased product dimensions, weight and quantities are sent to Canada Post.
- For shipping labels: your name, address as well as the dimensions, weight, and quantities of purchased products are sent to EasyPost. Purchased shipping labels are stored on the Woocommerce server to make it easy to reprint them and handle support requests.
Note: Woocommerce does not retain any of the following information regarding orders: Purchaser’s billing and shipping street address, Purchasing billing and shipping company’s name, Purchaser’s email address, Purchaser’s phone number, Transaction ID, Purchaser’s IP address, Purchaser’s user agent.
For more detailed information on the above, see Automattic’s Privacy Policy as well as their Privacy Notice.
Frozen Tundra gift cards are offered through Gift Up! services. If you purchase a gift card, Gift Up will collect the following information to support and process the order and payment, screen for risk and fraud, and authenticate: your name, email, shipping and billing address, payment details, IP address, information about the order you initiate, and information about the device and browser you use. Some of the personal information provided to Gift Up will be used to conduct some level of automated decision-making.
Gift Up retains personal information only for as long as necessary to provide services and according to the information use and retention described in relevant sections of this Policy. Data is handled in accordance with the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Please review Gift Up’s relevant policies for more details on how information is collected, processed, and held: Privacy Policy, Data Processing Agreement, and Terms and Conditions.
Data connected to comment forms, registration, and contact forms are sent to CleanTalk Anti-Spam including IP address, e-mail, text and values of each filled form field if they exist. CleanTalk receives and processes this data on their servers for security measures. CleanTalk Inc has implemented the Privacy Shield Principles to adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. For more information on how they process and store data, see the CleanTalk Privacy Policy.
In order to collect trusted and verified customer reviews, your personal data including your name and email address and the product you bought are provided to Customer Reviews for Woocommerce. They will send an email on our behalf to collect information for a product review. Customer Reviews for Woocommerce directly collects data for your review via a form, and then shares the review with us. This review data may include the product purchased, your name and location if provided, email address, a customer service star rating, a product star rating, any text as part of the review, and any media uploaded for the review. Customer Reviews for Woocommerce will not use your name and email address for any purpose other than to send review-related emails on our behalf. For more information, see Customer Review’s Privacy Policy and relevant sections of this Policy.
Storing personal information (How long we retain your data)
We will retain and use your Personal Information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. User accounts can be deleted at any time by contacting us at [email protected].
Contact form entries will be kept for the length of time required to respond to any concerns and complete any appropriate follow-up measures to improve site functionality or business practice, or other needs as required.
Incomplete orders (cancelled, failed, or pending/abandoned) will be retained for a period of three days to allow any pertinent follow-up. After three days they will be removed from the system.
Records relating to completed orders will be retained in full (including relevant personal information) for a period of 1 year to support the FT warranty offer. After 1 year, the personal information associated with an order is anonymized, and the anonymized purchase data is retained for a further nine year period for accounting and tax purposes.
Where we send your data
Frozen Tundra Designs and our website host and secure server are located in Canada. Personal data of customers will be transferred internationally as required to fulfill our services as outlined in this policy. Some of our third-party services are based in the US and globally. Details regarding the safeguarding and transfer of data are provided below. Review relevant sections of this Policy for additional information on security.
Automattic‘s services including WordPress, Jetpack, and Woocommerce are global in nature. Automattic commits to ensuring EU standards are met throughout its services through Privacy Shield or other European Commission approved standard contractual arrangements. Please visit Automattic’s privacy policy for more information.
If you use Paypal as the payment option at checkout, your personal information will be transferred internationally to provide the requested service. Paypal has taken specific steps, in accordance with EEA data protection law, to protect your Personal Data. For transfers of data within PayPal related companies, they use on Binding Corporate Rules approved by competent Supervisory Authorities (available here) while other transfers may be based on contractual protections. Please visit Paypal’s privacy policy for more information.
If you use Square as the payment option at checkout, your personal information may be transferred internationally to provide the requested service. Square operates internationally with many systems based in the United States. When transferring personal data, they use standard contractual clauses which have been approved by the European Commission. Please visit Square’s privacy policy for more information.
Gift Up is located in the UK but may send personal information outside of EEA to complete requests for service. Data is handled in accordance with the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Please review Gift Up’s Privacy Policy and Data Processing Agreement for more details on how information is collected, processed, and held.
CleanTalk monitors visitor comments, reviews, contact form submissions, and login to secure and protect the site, transferring related data to their own servers. CleanTalk Inc has subscribed to and adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by adopting and implementing the Privacy Shield Principles. Please visit CleanTalk’s Privacy Shield Policy for more information.
Customer Reviews for Woocommerce maintains its servers and web host in the US. Customer Reviews is committed to ensuring safeguards are in place guaranteeing a similar level of protection to the data subject as they would have within the European Economic Area. Please see Customer Review’s Data Protection Policy and Privacy Policy for more information
The rights of users (What rights you have over your data)
You may exercise certain rights regarding your information processed by us. In particular, you have the right to do the following:
- (i) you have the right to withdraw consent where you have previously given your consent to the processing of your information;
- (ii) you have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent;
- (iii) you have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing;
- (iv) you have the right to verify the accuracy of your information and ask for it to be updated or corrected;
- (v) you have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it;
- (vi) you have the right, under certain circumstances, to obtain the erasure of your Personal Information from us;
- (vii) you have the right to receive your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.
If you have an account on this Site, made a purchase, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
The right to object to processing
Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. You must know that, however, should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to FT through the contact details provided in this Policy. These requests can be exercised free of charge and will be addressed by FT as early as possible.
California privacy rights
In addition to the rights as explained in this Privacy Policy, California residents who provide Personal Information (as defined in the statute) to obtain products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the Personal Information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain this information please contact us.
Privacy of children
We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through our Website or Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Website or Service without their permission.
If you have reason to believe that a child under the age of 13 has provided Personal Information to us through our Website or Service, please contact us. You must also be at least 16 years of age to consent to the processing of your Personal Information in your country (in some countries we may allow your parent or guardian to do so on your behalf).
Information security (How we protect your data)
We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.
Specific measures taken to protect user data include but are not limited to:
- Data center and hosting:
- Industry standard TLS 1.2 to ensure secure and private encrypted communication channel between you and our servers.
- bcrypt hashing algorithms to store your account passwords.
- Maintain at-rest encryption of user database.
- Modern WAF (Web Application Firewall) solutions to mitigate SQL injection, cross-site scripting, file inclusion, and various other attacks.
- Secure key-based passwordless access to our hosting infrastructure.
- Hosting provider maintains compliance with ISO/IEC 27001:2013 certification, SOC 1 Type II (SSAE 16 and ISAE 3401) and SOC 2 Type II international certifications and PCI DSS level 1 certification.
- Website:
- Endpoint firewall.
- Security and Malware scanners.
- Brute-force protection.
- Two-factor authentication.
Data breach
In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website, send you an email.
Legal disclosure
We will disclose any information we collect, use, or receive if required or permitted by law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Changes and amendments
We may update this Privacy Policy from time to time in our discretion and will notify you of any material changes to the way in which we treat Personal Information. When changes are made, we will revise the updated date at the bottom of this page. We may also provide notice to you in other ways in our discretion, such as through contact information you have provided. Any updated version of this Privacy Policy will be effective immediately upon the posting of the revised Privacy Policy unless otherwise specified. Your continued use of the Website or Services after the effective date of the revised Privacy Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Data in a manner materially different than what was stated at the time your Personal Data was collected. Policy was created in part with WebsitePolicies.
Acceptance of this policy
You acknowledge that you have read this Policy and agree to all its terms and conditions. By using the Website or its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website and its Services.
Contacting us
If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to [email protected]
This document was last updated on February 5, 2020 to include gift cards.