PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. We also have a separate Cookies Policy which you can read.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, Paypal and Apple Pay), email address, and phone number. We refer to this information as “Order Information.”
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
-Communicate with you;
-Screen our orders for potential risk or fraud; and
-When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services. For example, subscribing to our newsletter.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use SquareSpace to power our online store--you can read more about how SquareSpace uses your Personal Information here: https://www.squarespace.com/privacy/. We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/ . You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
When you subscribe to our newsletter, your email address will be stored with MailChimp. Joining our mailing list is completely voluntary and should you wish to opt out at any time, you can click on the link ‘unsubscribe’ at the end of any newsletter. For more information on how MailChimp uses your data, please read their Privacy for Contacts page.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted (GDPR Act 2018). If you would like to exercise this right, please contact us through the contact information at the bottom of this policy.
Additionally, if you are a European resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information may be transferred outside of Europe, including to Canada and the United States.
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
We take security on our website very seriously as we want to ensure that your data is only used how you want it to be.
We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use, including:
-only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
- using secure servers to store your information;
- verifying the identity of any individual who requests access to information prior to granting them access to information; and
- using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via our website.
If you receive any warnings or notice any issues with our website please get in touch immediately by emailing us at email@example.com. We can then check for any issues at our end and rectify it as quickly as possible, however this circumstance is unlikely.
DATA RELATING TO PAYMENT METHODS
We only officially store your details if you create a Customer Account and you select ‘Save Payment Method’. This is only applicable for Apple Pay and card payments.
Through ‘Guest Checkout’ your payment details are only kept alongside your order so that we have the relevant information for processing any returns. The only data visible to Imouto Ltd. relating to your payment method is your billing address and the last 4 digits of your card number, if this option is used (this is so we can cross reference when processing returns).
For card payments, we use Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1 - this is the most stringent level of certification available in the payments industry. All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
Saved payment methods on your Customer account
You can create an account and save payment methods during checkout or by using a ‘Sign In’ link through the navigation menu.
This store is connected to Stripe where you can securely save credit card payment information to your account. With a saved card, only the last few digits of the card will be visible to Imouto Ltd. This allows us to make sure that any refunds are processed to the right card relating to your order.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org. We will endeavour to respond to you as quickly as possible and take privacy concerns very seriously.