We take your privacy very seriously and are committed to protecting it. We believe you should easily know what personal data we collect and use. We also believe you should understand your rights with respect to your personal data.
SECTION 1 - WHO WE ARE
"German Valdivia" refers to GV Accessories, Inc., a New York based corporation.
"Shopify" refers to Shopify Inc., Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., Shopify Commerce Singapore Pte. Ltd. and Shopify International Limited.
SECTION 2 - INFORMATION WE COLLECT
Personal data is information relating to an identified or identifiable natural person. When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, email address, phone number, and location. We may collect personal data either directly from you or indirectly through our website, electronic forms, mobile applications, or interactions with social media platforms (collectively, "Digital Platforms").
We do not collect personal information from individuals under the age of 18 years old. By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
2.1 Information you provide directly to us
You may provide us with information under the following circumstances: (1) when you create an account online or interact with us in person; (2) when you subscribe to our newsletter; (3) when you use our Digital Platforms; (4) when you purchase products or services on our Digital Platforms or in person; (5) when you interact with us in person, including during in-home fittings; (6) when you participate in any of our events.
The information you provide us may include: (1) your full name and identity, including first name, last name, gender and image; (2) your contact details including your postal address, email address, and phone numbers; (3) your personal status (including any titles); (4) your purchases and repairs, including purchase history and order details; (5) your preferences such as sizing or color; (6) certain payment information including billing information, payment type or method, charge or credit card numbers; and (7) other information you may provide by filling out forms or by contacting us.
We will inform you when your information is required to process your request, to respond to any of your inquiries or to provide you with our products and services. If you opt not to provide us this information, then it may delay or prevent us from processing your request, responding to your inquiry and providing products or services to you.
To ensure accuracy of your data, we encourage you to update your information in case of any changes. We encourage you to update your information from time to time, and we may request that you do so.
We advise that your only provide the data requested or necessary for processing an inquiry with German Valdivia. We ask that you not provide information relating to your racial or ethnic origin, political opinions, religious or philosophical believes, data concerning health, sex life or sexual orientation.
We do not provide our services or products directly to, nor collect personal data of, persons below the age of 18. We ask you not to provide us with personal data of persons under 18 years of age.
2.2 Information you provide indirectly to us
We may also collect information about you from third parties, such as a spouse or personal shopper who contacts us on your behalf or from your friends who provide us with your information in order to invite you to events you may be interested in.
SECTION 3 - WHY WE COLLECT YOUR DATA AND HOW WE USE IT
We collect and use your personal data based on one or many of the following legal basis: (1) we have obtained your prior consent and you have not exercised your right to withdraw your consent at any time, such as email newsletters; (2) the processing is necessary in connection with any contract between German Valdivia and you, such as the processing of an online purchase; (3) we have a legitimate interest in carrying out the processing of your data and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms; (4) we have to process your personal data to comply with applicable laws and regulations.
Depending on the specific context, we may use your personal data in order to:
- provide you with the products or services you requested;
- conduct checks to identify you and verify your identity;
- send you marketing communications - with your prior consent (see section “Marketing Communications”);
- provide you after-sale services;
- respond to your queries, requests and suggestions;
- manage the events you registered and/or participated in;
- detect any fraudulent or illegal activity, including to secure your transactions by detecting and preventing fraud against you and German Valdivia;
- protect you, employees and other individuals in our stores as well as our property;
- manage the stock of certain types of rare products to allow a fair allocation of the products we sell;
- monitor and improve our Digital Platforms;
- conduct statistical analysis;
- improve our products and services;
- use automated decision making in processing your personal information for some services and products, subject to your right to request a manual review of any automated decision;
- provide information to regulatory bodies when legally required.
German Valdivia is not engaged in the sale of your personal data to any third-parties. Shopify is also not engaged in the sale of your personal data to any third-parties.
SECTION 4 - MARKETING COMMUNICATIONS
With your express prior consent (usually obtained by ticking a specific box in a form), you may receive information concerning offers, services, products or events sent by German Valdivia and/or by other German Valdivia group companies. In such a case, you also accept that your contact information is shared with other German Valdivia group companies for this purpose.
We rely on your consent to process the personal data you provide to us for this purpose. Therefore, if you no longer wish to receive such information, you can withdraw your consent at any time.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.
SECTION 5 - HOW LONG WE KEEP YOUR PERSONAL DATA
Your personal data is processed for the period necessary for the purposes for which they have been collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.
In order to determine the most appropriate retention periods for your personal data, we have specifically considered the amount, nature and sensitivity of your personal data, the reasons for which we collected your personal data, the service you deserve and expect from us together with the applicable legal requirements. For example:
- With regard to our prospects (potential customers): your data is stored for three years from your last action and then deleted or archived to comply with legal retention obligations;
- With regard to our customers: your data is stored for the duration of our commercial relationship and for up to ten years and then deleted or archived to comply with legal retention obligations;
-With regard to the cookies used on Digital Platforms: they are stored for up to 24 months from the moment they were installed on your device.
SECTION 6 - HOW DO WE DISCLOSE AND TRANSFER YOUR PERSONAL DATA
We disclose your personal data to German Valdivia employees or contractors that need to have access to your personal data and are authorized to process them in order to achieve the aforementioned purposes and who are committed to confidentiality. Third-party providers will only receive information necessary to allow them to perform the services they provide to you on our behalf.
For the specific purpose of combating payment fraud, your personal data is communicated to Shopify in order to process your order and to fight against online payment methods fraud attempts. As part of our legitimate interest to fight against fraud with payment methods, both German Valdivia and Shopify, acting as data controllers, can transmit your financial information to an external service provider with a fraud detection tool in order to authenticate a payment. Such service provider is committed to confidentiality.
We may also disclose personal data to third-party providers acting on behalf of German Valdivia and approved by German Valdivia. All such processing is based on our prior instructions set out in a binding contract that is compliant with the requirements of applicable law. Such disclosures are made for different purposes including: (1) IT development and support; (2) Hosting and carrying out marketing and business studies and marketing campaigns; (3) Verifying your information, authenticating payments and processing orders and payments, to third parties that provide credit reporting, payment or order fulfilment services; (4) delivery services. These providers are committed to confidentiality and are not permitted to use your personal data for any other purposes. We also require them to use appropriate security measures to protect your personal data in accordance with applicable law.
We may be required by the binding requirements of an applicable law, or for the purposes of responding to legal proceedings or other lawful requests to disclose your personal data to authorities or third parties.
We may also disclose or otherwise process your personal data, in accordance with applicable law, to defend our legitimate interests (for example, in civil or criminal legal proceedings). For example, we may disclose such personal data as necessary to identify, contact or bring legal action against a person or entity who may be violating our Terms and Conditions of Sale and Use, or who may be causing injury to, or interfering with, other users of our Digital Platforms.
In the event that German Valdivia or German Valdivia group companies, or all or part of its or their assets, are acquired by a third party, your personal data may be included in the transferred assets.
SECTION 7 - HOW WE PROTECT YOUR PERSONAL DATA
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
All your personal data is strictly confidential and will only be accessible, on a need-to-know basis, to duly authorized personnel of German Valdivia and third-party providers acting on our behalf with appropriate technical and organizational security safeguards.
German Valdivia has implemented security measures to protect your personal data against unauthorized access and use. We follow appropriate security procedures in the storage and disclosure of your personal data so as to prevent unauthorized access by third parties and to prevent your data from being accidentally lost. We limit those who access your personal data to those who have a genuine business need to access it. Those who do access your data will be subject to a duty of confidentiality towards German Valdivia.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We also require those parties to whom we transfer your personal data to comply with the same. However, unfortunately, the transmission of information via the internet is not completely secure in all instances. We cannot ensure the security of your personal data transmitted by you to us via the internet. Any such transmission is at your own risk and you acknowledge and agree that we shall not be responsible for any unauthorized use, distribution, damage or destruction of your Information, except to the extent we are required to accept such responsibility under the law. Once we have received your personal data, we will use the security measures referenced above.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
SECTION 8 - WHAT RIGHTS DO YOU HAVE ON YOUR PERSONAL DATA?
In accordance with the applicable data protection laws, you can, at any time, request access, rectification, erasure and portability of your personal data or restrict and object to the processing of your personal data. A summary of these rights is provided below:
Your right to be informed: the right to be informed means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to.
Your right of access: the right to be provided with a copy of your personal data.
Your right to rectification: the right to require us to correct any mistakes in your data or to complete your information.
Your right to be forgotten: the right to require us to delete your personal data, such as when your personal data is no longer required for the purposes it was collected for, you withdrawn your consent, or the personal data has been unlawfully processed.
Your right to restriction of processing: the right to require us to restrict processing of your personal data — in certain circumstances, for example if you contest the accuracy of the data.
Your right to data portability: the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party — in certain situations.
Your right to object to processing: the right to object at any time to your personal data being processed for direct marketing and, in certain other situations, to our continued processing of your personal information such as any data processing carried out for the purpose of our legitimate interests.
Your right to object to automated decision making and profiling: You have the right to not be subject to a decision based solely on automated processing.
You may at any time decide to withdraw your consent to the processing of your personal data. If your consent is withdrawn, it does not prevent us from processing your personal data based on other legal bases if any, such as fulfilling your orders and storing your order data as required by applicable law.
If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.
You also have the right to lodge a complaint with your local data protection authority in case of alleged infringement of the data protection rules applicable to you. To exercise any of those rights, please contact us using the contact information below.
Please note that upon exercising any of the rights listed above, you will be requested to let us know what right you want to exercise and provide information (copy of an identity card, passport or other legally recognized identity) for identification purposes in order to process your request and protect you against fraudulent requests from third parties.
[For California Residents] What are your rights under California Civil Code Sections 1798.83-1798.84?
California Civil Code sections 1798.83-1798.84 give California residents the right to ask us for a notice describing what categories of personal customer information we share with third parties or corporate affiliates for their direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties and affiliates with which it was shared, along with their names and address. If you are California resident and would like a copy of this notice, please submit a written request to: email@example.com.
SECTION 9 - CONTACTING US
In issues relating to your account, to withdraw your consent, to ask general questions or to lodge a complaint, please contact our Customer Service:
- By email: firstname.lastname@example.org
- By phone: 646.907.9996
- By mail: PO Box 1046, New York, NY 10150
In issues specifically related to marketing emails, we remind you that you can, at any time, directly unsubscribe through the “unsubscribe” link in any electronic marketing messages we sent to you.
SECTION 5 - THIRD-PARTY SERVICES
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where