CONFIDENTIALITY DECLARATION —-
Last Update: November 2021
ARTICLE 1 – PERSONAL INFORMATION COLLECTED
When you make a purchase on our store, as part of our purchase and sale process, we collect personal information that you provide to us, such as your name, address and e-mail address.
When you browse our store, we also automatically receive the Internet Protocol (IP) address of your computer, which allows us to get more details about the browser and the operating system you are using.
Email marketing (if applicable): With your permission, we may send you emails about our shop, new products and other updates.
ARTICLE 2 – CONSENT
How do you get my consent?
When you provide us with your personal information to complete a transaction, check your credit card, place an order, schedule a delivery or return a purchase, we assume that you consent to us collecting your information and using it to this end only.
If we ask you to provide us with your personal information for any other reason, for marketing purposes, for example, we will ask you for your explicit consent or we will give you the opportunity to opt out.
How can I withdraw my consent?
If after giving us your consent, you change your mind and no longer consent to us contacting you, collecting your information or disclosing it, you may notify us by contacting us at firstname.lastname@example.org
ARTICLE 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms and Conditions of Sale and Use.
ARTICLE 4 – upcmall
Our shop is hosted on upcmall Inc. They provide us with the online e-commerce platform that allows us to sell you our services and products.
Your data is stored in upcmall’s data storage system and databases, and in upcmall’s general application. Your data is stored on a secure server protected by a firewall.
If you make your purchase through a direct payment gateway, then upcmall will store your credit card information. This information is encrypted in accordance with the data security standard established by the Payment Card Industry (PCI-DSS). Information about your purchase transaction is retained for as long as necessary to finalize your order. Once your order is finalized, the details of the purchase transaction are deleted.
All direct payment gateways comply with PCI-DSS, which is managed by the PCI Security Standards Board, and is the result of joint efforts by companies such as Visa, MasterCard, American Express, and Discover.
The PCI-DSS requirements ensure the secure processing of credit card data by our store and service providers.
ARTICLE 5 – SERVICES PROVIDED BY THIRD PARTIES
In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to perform the services they provide to us.
However, some third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide to them for your purchase transactions.
For these providers, we recommend that you read their privacy policies carefully so that you understand how they will treat your personal information.
It should be remembered that some providers may be located or have facilities located in a different jurisdiction than you or ours. So if you decide to pursue a transaction that requires the services of a third-party provider, your information could then be governed by the laws of the jurisdiction in which that provider is located or those of the jurisdiction in which its facilities are located.
For example, if you are located in Canada and your transaction is processed through a US-based payment gateway, your proprietary information that was used to complete the transaction could be disclosed under US law. United States, including the Patriot Act.
You may have to leave our website by clicking on some links on our site. We do not assume any responsibility for the privacy practices of these other sites and recommend that you read their privacy policies carefully.
ARTICLE 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to ensure that they are not lost, misappropriated, accessed, disclosed, altered, or destroyed in an inappropriate manner.
If you provide us with your credit card information, they will be encrypted through the use of the SSL security protocol and stored with AES-256 type encryption. Although no method of Internet transmission or electronic storage is 100% secure, we follow all the PCI-DSS requirements and implement additional standards generally recognized by the industry.
FILES WITNESSES (COOKIES)
Here is a list of cookies that we use. We have listed them here so that you have the opportunity to choose whether you want to allow them or not.
_session_id, session unique identifier, allows upcmall to store information about your session (referrer, landing page, etc.).
_upcmall_visit, no data retained, persists for 30 minutes since the last visit. Used by the internal statistics tracking system of the provider of our website to record the number of visits.
_upcmall_uniq, no data retained, expires at midnight (depending on the visitor’s location) the next day. Calculates the number of visits to a store per single customer.
cart, unique identifier, persists for 2 weeks, stores information about your shopping cart.
_secure_session_id, unique session identifier
storefront_digest, unique identifier, undefined if the shop has a password, it is used to know if the current visitor has access.
ARTICLE 7 – European Residents
Data Subject Requests
If you are a European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may submit a request here. If you have a upcmall account, you may also review, update, and delete certain personal data by logging into your account.
Legal Basis for Processing
If you are a European Resident, we process your personal data when:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the upcmall products you have ordered).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data for performance marketing activities, to conduct data analytics and to provide, secure, and improve our Services.
- We need to do so to comply with a legal obligation to which we are subject.
- We need to do so to protect your vital interests or those of others.
- We have your consent to do so, which you may withdraw at any time.
Data Subject Requests
If you are a European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may submit a request via email email@example.com . If you have a upcmall account, you may also review, update, and delete certain personal data by logging into your account.
Questions or Complaints
If you are a European Resident and have a concern about how we process personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you live. For contact details of your relevant local Data Protection Authority, please see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or, if you are a resident of Switzerland, https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
ARTICLE 8 – California Privacy Rights
The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) and the Shine the Light law (Cal. Civ. Code § 1798.83) afford consumers residing in California certain rights with respect to their personal data. If you are a California resident, this section applies to you.
California Consumer Privacy Act
The CCPA requires us to disclose the following information with respect to our collection, use, and disclosure of personal data. In the preceding 12 months, we have collected the following categories of personal data: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet or electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory, or similar information; inferences; and other categories of personal data that relates to or is reasonably capable of being associated with you. For examples of the precise data points we collect, please see “Information We Collect” above. We collect personal data for the business or commercial purposes described in the “How We Use Your Information” section above. In the preceding 12 months, we have disclosed the following categories of personal data for business to the following categories of recipients:
|Category of Personal Data||Categories of Recipients|
|Identifiers||Advertising networks, marketing partners, data analytics providers, market research platform, payment processors, fulfilment partners, customer support partners, Internet service providers, operating systems and platforms, other users, fraud prevention partners, cloud service providers, technical maintenance and system security providers|
|Commercial Information||Data analytics providers, advertising networks, marketing partners, market research platform, payment processors, fulfilment partners, customer support partners, and fraud prevention partners, cloud service provider|
|Characteristics of Protected Classifications under state or federal law, such as age||Advertising networks, marketing partners, market research platform, other users, customer feedback platforms|
|Internet or other electronic network activity||Advertising networks, marketing partners, data analytics providers, Internet service providers, operating systems and platforms, cloud service providers, fraud prevention partners, technical maintenance and system security providers|
|Geolocation data||Advertising networks, marketing partners, data analytics providers, Internet service providers, operating systems and platforms|
|Audio, electronic, visual, or similar information||Customer support partners, market research platform, facility security partners|
|Inferences||Advertising networks, data analytics providers, customer support partners, fraud prevention partners, cloud service providers|
upcmall does not sell your personal data. We do allow our advertising partners to collect certain device identifiers and electronic network activity via our Services to show ads that are targeted to your interests. To opt out of having your personal data used for targeted advertising purposes, please see the Advertising and Analytics Services Provided by Others section above.
Subject to certain limitations, California consumers have the right to (1) request to know more about the specific pieces and categories of personal data we collect, use, and disclose, (2) request deletion of their personal data, and (3) opt out of any “sales” of your personal data that may be occurring, and (4) not be discriminated against for exercising these rights. You may make a request to know more about or delete your personal data by emailing firstname.lastname@example.org. We will verify your request by contacting you after receiving your request to verify your identity. Please note that we may retain certain information as required or permitted by applicable law. If you request to delete your personal data, certain of our products and services may no longer be available to you.
If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
We offer various financial incentives. For example, we may provide discounts or other benefits to customers who sign up to receive our marketing emails. When you participate in a financial incentive, we collect personal data from you, such as identifiers like your name and email address. You can opt into a financial incentive by following the sign-up instructions, and you have the ability to opt-out of the incentive by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. The value of your personal data is reasonably related to the value of the offer or discount presented to you.
Shine the Light
California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes or to opt out of such sharing. We do not share your personal data with third parties for their own direct marketing purposes.
ARTICLE 9 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, and that you have given us your consent to allow any dependent minor to use this Website. website.
If our store is being acquired by or through a merger with another company, your information may be transferred to new owners so that we may continue to sell you products.
QUESTIONS AND CONTACT
If you wish to: access, correct, modify or delete any personal information we have about you, file a complaint, or simply want more information, contact our Privacy Standards Officer at email@example.com.