Residents of the European Economic Area (“EEA”), which includes the member states of the European Union (“EU”), should consult the sections of this policy relating to the “Rights of EEA Residents” and “International Data Transfers” for provisions that may apply to them.
The store on our Site is hosted by Shopify, Inc. Shopify provides us with the online e-commerce platform that allows us to provide Services to you, including purchase of our Products. Your data is stored through Shopify’s data store, databases and the general Shopify application. Shopify stores your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted according to the requirements of the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. For further information, please consult Shopify’s Terms of Service (https://www.shopify.com/legal/terms) and Privacy Statement (https://www.shopify.com/legal/privacy).
Personal Data That We Collect and How We Use It
Grayson collects personal data about you when you visit the Site. “Personal Data” is information that may be used to directly or indirectly identify you, including your name, e-mail address, physical address, phone number or other information about you. The majority of such Personal Data is collected when you register with the Site, use our Services, including purchasing Products, subscribe to updates, contact customer service, post reviews or submit user-generated content to the Site, or otherwise provide us with your contact information. Some of this Personal Data will be required if you wish to partake in the Services that we provide, including making purchases of Products through the Site.
In general, the type of Personal Data we collect includes, but is not limited to:
- Personal Data to contact you to promote our Services or alert you to special offers, features or matters of interest;
- Personal Data necessary to use the Services that you have requested, including establishing an account, purchasing Products and posting reviews or other user generated content;
- Un-identifiable and aggregated Personal Data pertaining to your Site visits that help us maintain the appropriate features, functionality and user experience
We and our e-commerce providers use that data to: (i) enable you to log in to the Site or post content on the Site; (ii) fulfill your orders; (iii) guard against potential fraud; (iv) contact you if there is a problem with your account or order; (v) provide answers to your inquiries or questions; and (v) maintain regular communication with you as may be necessary to inform you of offers, updates and other information regarding Grayson and its Services and Products.
Non-Identifiable Data and Aggregated Personal Data
Grayson or our service providers, including Google Analytics, may also collect web surfing data related to your use of the Site. Such information may include: your Internet Protocol (IP) address, browser type, and internet service provider (ISP); your operating system; which of our web pages you access and how frequently you access them; referral or exit pages; click stream data; and the dates and times that you visit the Site. This data may be collected using cookies, web beacons, page tags or similar tools. As with cookies, the web surfing information is anonymous, "click stream" transactional data that is not associated with any users as individuals.
Web surfing data and similar information may be aggregated for administrative purposes. Grayson may, for example, use this aggregated information in the administration of the Site to improve its usability and to evaluate the success of particular marketing and advertising campaigns, search engine optimization strategies, and other marketing activities. We also use it to help optimize the Site based on the needs of our users.
How and When Your Information Is Shared With Other Parties
Grayson does not sell, trade or license Personal Data about its users for marketing purposes. We do, however, work with a number of trusted partners who perform vital functions as part of our operations, including processing payments for orders, customer service, posting user generated content, referrals and fulfilling orders or returns. We do not share your Personal Data unless it is necessary to fulfill our responsibilities, including providing information or services to you.
Additional Sharing of Information
We may engage third parties to help us carry out certain other internal functions such as account processing, client services, or other data collection relevant to our business. Personal Data is shared with these third parties only to the extent necessary for us to process the transactions you initiate or perform other specific services. Our partners are legally required to keep your Personal Data private and secure.
We may share your Personal Data with law enforcement or other government agencies as required by law or for the purposes of limiting fraud. We reserve the right to disclose your Personal Data when we believe that disclosure is necessary to protect our rights or to comply with a judicial proceeding, court order or legal process. We further reserve the right to disclose any of your Personal Data that we believe, in good faith, appropriate or necessary to take precautions against liability, to investigate and defend against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of the Site or our services, or to protect the rights, property or personal safety of Grayson, its users, issuers, or others.
We will not share your Personal Data if such sharing is prohibited by applicable privacy and data protection law, including, without limitation, the EEA’s General Data Protection Regulation effective May 25, 2018.
From May 25, 2018, all processing of Personal Data of EEA Residents is performed by Grayson in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Data and on the free movement of such data (“GDPR”).
Under the GDPR, Grayson is both the controller and a co-processor of the Personal Data of EEA Residents. Grayson’s purpose for collecting and processing Personal Data from EEA Residents is to authenticate subscription to our mailing lists, allow users to post reviews of products, allow users to refer other customers, and to provide marketing information about our Services, including our Products. The legal basis for collecting Personal Data for subscribing to our e-mail lists, posting reviews of products, and allowing referrals is your consent, including during the checkout process. You may withdraw consent for obtaining such communications by following the “Unsubscribe” instructions on any communication or by contacting us at firstname.lastname@example.org.
Grayson also collects and processes your Personal Data during the check-out process when you order Products. Grayson’s purpose for collecting and processing Personal Data from EEA Residents during the check-out process is to fulfill your request for Services, including purchases of our Products. The collection of this data is necessary to fulfill a contract between you and us for such Services, including purchases of Products. If EEA Residents do not provide Personal Data to Grayson during the check-out process we cannot fulfill your orders for Products.
EEA Residents may obtain information about the Personal Data that Grayson holds about them by contacting Grayson at email@example.com.
International Data Transfers
If you are resident outside the United States, including in the EEA, we transfer Personal Data provided by you for processing in the United States. Under the GDPR, Grayson is considered a “controller” and a “co-processor” of the Personal Data of EEA Residents. By providing Personal Data to Grayson for the purpose of obtaining Services and ordering Products, you consent to the processing of such data in the United States. The transfer of your Personal Data to the United States is necessary for the performance of a contract between you and Grayson for obtaining Services and Products.
Our e-commerce provider Shopify transfers data outside of the EEA upon the basis of the EU-U.S. Privacy Shield, as described in their privacy policies located at https://www.shopify.com/legal/privacy.
Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.
Notifications and Communications from Our Site
Communications Regarding Our Services
We will send you email notifications and free newsletters from time to time with offers, suggestions and other information. Some notifications are communications relating to us and our Services. You may “opt-out” from receiving such communications by following the “Unsubscribe” instructions provided in the e-mail.
Legal or Security Communications
Account and Order Communications
If you purchase Products, we may send you communications regarding such purchases. We may also send communications providing customer support or responses to questions regarding the operation of the Services. Generally, you may not opt out of such emails.
Deleting Your Information
If you want us to delete your Personal Data and your account, please contact us at firstname.lastname@example.org with your request. We will take steps to delete your information as soon as we can, but some information may remain in archived/backup copies for our records or as otherwise required by law.
Personal Data Retention
Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
Links to Other Sites
Privacy in Submitted Materials
If you submit any materials to us, either directly or through a social media platform, such as Instagram, such materials, including photos or product reviews may be displayed on the Site, including photos of yourself or other individuals. We may also display your name in connection with a review or photo submitted by you. By submitting such materials you forego any privacy rights in such materials. Please consult the Terms of Service for other conditions relating to submission of materials to Grayson directly or through social media sites.
We take commercially reasonable steps to protect our customers’ Personal Data against unauthorized disclosure or loss. However, no data transmission over the Internet can be guaranteed to be 100% secure. Therefore, while we strive to protect user information we cannot ensure or warrant the security of any information you transmit to us or from the Site. You engage in such transmissions at your risk.
If you believe your Personal Data is being improperly used by us or any third party, please immediately notify us via email at email@example.com.
Children Under 13
This Site is restricted to the use of adults over the age of majority in their place of residence. No portion of the Site is directed to children under the age of 13. Consequently, we do not knowingly collect personal identifying information from any person we know is a child under the age of 13. If we learn that we have collected personal information from a child under age 13 we will delete that information as quickly as possible. If you are a parent or guardian of a child under 13 years of age and you believe your child has provided us with Personal Information, please contact us at firstname.lastname@example.org.
Do Not Track
Although some browsers currently offer a “do not track (‘DNT’) option,” no common industry standard for DNT exists. We therefore do not currently commit to responding to browsers’ DNT signals.
Your California Privacy Rights
Under certain circumstances, California Civil Code Section 1798.83 states that, upon receipt of a request by a California customer, a business may be required to provide information regarding how that business has shared personal information of customers with third parties for direct marketing purposes. However, the foregoing does not apply to businesses like ours that do not disclose personal information to third parties for direct marketing purposes.
Your Rights and Obligations
We ask that you keep the Personal Data that you provide to us current and that you correct any information you have provided us by contacting us at email@example.com. You represent and warrant that all Personal Data you provide us is true and correct and relates to you and not to any other person.
If you are a resident of the EEA and wish to access or correct the Personal Data that Grayson has about you or have any questions relating to the processing of your Personal Data, please contact us at firstname.lastname@example.org with the subject line “GDPR Data.”
If you use the Site, you are responsible for maintaining the confidentiality of your account and for restricting access to your computer or device, and you agree to accept responsibility for all activities that occur under your account.