To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
We consider the right to personal data protection to be a moral duty and therefore we dedicate all the resources and efforts to process your data in full compliance with EU Regulation 2016/679 (General Data Protection Regulation or GDPR), as well as any other applicable legislation in United States, Canada and Australia.
One of the fundamental principles of this legal framework is transparency, so we have prepared this document through which we want to inform you about how we collect, use, transfer and protect your personal data when interacting with us about our products and services.
SECTION 1 - WHO WE ARE
Luisa Mora, with the website address http://www.luisamora.com is the for the purposes of the data protection legislation, called "operator" when it comes to processing your personal data.
SECTION 2 - TYPE OF PERSONAL DATA WE COLLECT
We collect personal data directly from you, so you have control over the type of information you provide us with. E.g:
• When you create an account, you are sending us: email address, first and last name; On your personal page (My Account) you can add additional information.
• When placing an order, you provide us with information such as: the product you want, your name and surname, delivery address, billing details, payment method, phone number, bank card data, etc.
• When you leave a comment on the web site, we collect the data shown in the comment forms, but also your IP address and the user agents in the browser to help us detect spam.
SECTION 3 - CONSENT
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com
SECTION 4 - FOR WHAT PURPOSE WE PROCESS YOUR DATA
We will use your personal data for the following purposes:
1. To provide ecommerce services for your benefit.
a) Create and manage your account
b) Processing of orders, including order confirmation, validation, shipping and invoicing;
c) Resolving cancellations or any issues related to an order, to the purchased goods or services;
d) Return of the products according to the legal provisions;
e) Reimbursement of the value of the products according to the legal provisions;
f) Provide support services, including providing answers to your questions about your orders or other goods available on our website
Also, certain processing underlying these purposes is required by applicable law, including tax and accounting legislation.
2. To improve our services
We always want to offer you the best online shopping experience. For this reason we may collect and use certain information about your buyer's behavior, we may invite you to fill in satisfaction queries subsequent to the completion of an order, or we can conduct market research and market research directly or through partners.
We base our activities on our legitimate interest in doing business, always taking care that your fundamental rights and freedoms are not affected.
3. For marketing purposes
We want to keep you informed about the best offers for the products / services you are interested in. In this regard, we may send you any type of message (such as: e-mail / SMS / etc) containing:
• General and thematic information, information about similar or complementary products to those you have purchased,
• Information on offers or promotions,
• Product information added to the "My Account / Basket" section or the "Account / Favorites" section or you showed interest in purchasing them
• Other commercial communications such as market research and opinion polls
• Personalized recommendations on the website.
In order to provide information of interest to you, we may use certain data about your buyer behavior (e.g., products viewed / added to wishlist / purchased) to create a profile. We always ensure that such processing is done with due respect for your rights and freedoms and that decisions made therein have no legal effect on you and do not affect you.
In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:
• Changing the settings in the client account
• Accessing the unsubscribe link displayed in the messages you receive from us;
• Direct contact using the contact details described below
4. To defend our legitimate interests
There may be situations in which we use or transmit information to protect our rights and commercial activity. These may include:
- Website protection measures against cyber attacks:
- Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
- Measures to manage various other risks.
The general basis of these types of processing is our legitimate interest in defending our commercial activity, being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
SECTION 5 - WHO WE SHARE YOUR PERSONAL DATA WITH:
As the case may be, we may transmit or give you access to certain personal data of the following categories of recipients:
- courier service providers;
- payment / banking service providers;
- Marketing / telemarketing service providers
- market research service providers;
- IT service providers;
- other companies with whom we can develop joint programs to market our goods and services.
If we have a legal obligation or if it is necessary to protect our legitimate interest, we can also disclose certain personal data to public authorities. in accordance with legal provisions on data protection and confidentiality of information, on the basis of contracts concluded with them.
SECTION 6 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 7 - HOW LONG DO WE KEEP YOUR PERSONAL DATA
We store your personal data while you have an account on our website. You may view, edit, or delete your personal information at any time, or request us to delete certain information or close your account and we will respond to these requests, subject to the reservation of certain information including after you close your account, for administrative, legal or security purposes.
If you leave a comment, your comment and metadata are kept indefinitely. This is how we can automatically recognize and approve all the following comments instead of keeping them in a queue for moderation.
Webmasters can also see and edit this information.
SECTION 8 - HOW WE PROTECT THE SECURITY OF YOUR DATA
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, Shopify databases and the general Shopify application. They store your data on highly secured servers behind a firewall.
The transmission of your personal data is done using state-of-the-art encryption algorithms and stored on secure servers, while ensuring data redundancy.
To make payments, we use payment processor services from 2Checkout and PayPal.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Shopify Privacy Statement here.
Despite the steps taken to protect your personal data, we note that the transmission of information via the Internet in general or through other public networks poses the risk that data may be seen and used by unauthorized parties. We can not be responsible for such vulnerabilities of systems that are not under our control.
SECTION 9 - YOUR RIGHTS
You can request:
• Access to your data
• Correcting any mistakes in our files
• Portability of data - the provision of personal data in a structured format
• Opposition - you can oppose any time processing your data for direct marketing purposes (including creating profiles) without invoking any reason, in which case we will cease this processing as soon as possible.
• deleting data. You may ask us to delete your personal data, but only if:
(a) they are no longer necessary for the purposes for which they were collected; or
b) You have withdrawn your consent (if the processing of the data is based on consent); or
c) You have a legal right to oppose you; or
d) they have been illegally processed; or
e) there is a legal obligation to do so.
We do not have to comply with your request for deletion of your personal data if processing of your personal data is required:
i. for compliance with a legal obligation; or
ii. to establish, exercise or defend a right in court.
SECTION 10 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org