1) What do we do with your data?
When you purchase something from our website, as part of the buying and selling process, we collect the personal data you give us such as your name, address, and email address. This data is held in a range of paper-based and electronic records.
When you browse our store, much of the data we collect—such as the domain from which you access the internet, the date and time you access this website, and the internet address of the website from which you linked directly to this website—is statistical only and not personally identifiable. We use data about the number of visitors and their use of this website in aggregate form to make this website more useful and attractive to you.
2) Legal basis for processing personal data under the General Data Protection Regulation (GDPR)
Rhonda.H.Y.Mason may process your personal data because:
We need to perform a contract with you.
You have given us permission to do so.
The processing is in our legitimate interests and it is not overridden by your rights.
It is required for payment processing purposes.
We need to comply with the law.
When you provide us with personal data to complete a transaction, verify your credit card, place an order, arrange for a delivery, or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal data for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your data, at anytime, by contacting us at email@example.com.
We may disclose your personal data if we are required by law to do so or if you violate our Terms of Service.
Our store is hosted on Squarespace. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Squarespace's data storage, databases and the general Squarespace application. They store your data on a secure server behind a firewall. For more insight, you may also want to read the Squarespace Terms of Service or Privacy Statement.
If you choose Stripe's direct payment gateway to complete your purchase, then Stripe stores your credit card data. Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction data is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card data by our store and its service providers. For more insight, you may also want to read Stripe's Terms of Service or Privacy Statement.
7) Third-party services
In general, the third-party providers used by us will only collect, use, and disclose your data to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the data we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal data will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your data may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal data, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
9) Age of consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
10) Accessing your personal data
You have a right to access your personal data, subject to exceptions allowed by law. If you would like to do so, please contact us at firstname.lastname@example.org.
Rhonda.H.Y.Mason reserves the right to charge a fee for searching for, and providing access to, your data on a per request basis.
11) Data protection rights under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Rhonda.H.Y.Mason aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal data.
If you wish to be informed about what personal data we hold about you and if you want it to be removed from our systems, please contact us at email@example.com.
In certain circumstances, you have the following data protection rights:
The right to access, update or delete the information we have on you: Whenever made possible, you can access, update, or request deletion of your personal data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification: You have the right to have your data rectified if that data is inaccurate or incomplete.
The right to object: You have the right to object to our processing of your personal data.
The right of restriction. You have the right to request that we restrict the processing of your personal data.
The right to data portability: You have the right to be provided with a copy of the data we have on you in a structured, machine-readable, and commonly used format.
The right to withdraw consent: You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
13) Questions and contact information
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, please contact us at firstname.lastname@example.org.