Privacy

Privacy

SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?

Collection of Information:

When you purchase a product from our store, we collect the personal information you provide as part of the buying and selling process. This may include your name, billing and shipping address, email address, contact number, and payment details, as necessary to process your order, arrange delivery, and administer your transaction.

Browsing Information:

When you browse our store, we automatically collect certain technical information about your device, including your Internet Protocol (IP) address, browser type, operating system, and related system information. This information is used to help us understand how visitors interact with the Website, improve functionality and performance, maintain security, and enhance the overall user experience.

Email Marketing:

With your consent, we may send you marketing communications by email, including information about our store, new products, promotions, and other updates. You may withdraw your consent or opt out of receiving marketing emails at any time by using the unsubscribe link included in our communications or by contacting us directly.

Text Message Communication:

With your permission, we may send you personalized automated marketing messages through an automatic telephone dialing system at the number provided. This includes text notifications for your order, abandoned cart reminders, and text marketing offers. Text marketing messages will not exceed 15 per month. Consent is not a condition of purchase. You can unsubscribe at any time by clicking on the unsubscribe link in the text message.

SECTION 3 - DISCLOSURE

We may disclose your personal information where required or authorized to do so by applicable law, regulation, court order, or lawful request by a government or regulatory authority.

We may also disclose your personal information where necessary to investigate, enforce, or respond to a suspected or actual breach of our Terms of Service, or to protect the rights, property, or safety of MAISON de SABRÉ, our customers, or third parties.

SECTION 4 - SHOPIFY

Our store is hosted by Shopify Inc., which provides the online e-commerce platform that enables us to offer and sell our products and services to you. Shopify processes and stores certain data on our behalf in order to facilitate transactions, manage orders, and support the operation of our Website in accordance with applicable privacy and data protection laws.

Data Storage:

Your data is stored through Shopify’s data storage systems, databases, and the general Shopify application. Shopify stores this information on secure servers protected by industry-standard security measures, including firewalls and encryption protocols designed to safeguard your personal information.

Payment:

If you choose to complete your purchase using a direct payment gateway, your payment information is processed and stored by Shopify in accordance with applicable security standards. Credit card data is encrypted in compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

Your purchase transaction data is retained only for as long as necessary to complete the transaction and fulfil related legal, accounting, or regulatory obligations. Once the transaction is completed and retention requirements have been satisfied, your payment information is securely deleted or anonymized in accordance with PCI-DSS requirements.

All direct payment gateways used by Shopify adhere to the standards established by PCI-DSS, which are managed by the PCI Security Standards Council, a joint initiative of major card brands including Visa, MasterCard, American Express, and Discover.

For further information, you may refer to Shopify’s Terms of Service and Privacy Policy.

SECTION 5 - THIRD-PARTY SERVICES

In general, the third-party service providers engaged by MAISON de SABRÉ will collect, use, and disclose your personal information only to the extent necessary to enable them to perform the services they provide to us, including payment processing, order fulfilment, analytics, and platform hosting.

Certain third-party providers, including payment gateways and transaction processors, maintain their own privacy policies in respect of the information we are required to provide to them for purchase-related transactions. We recommend that you review the privacy policies of these providers to understand how your personal information will be collected, used, stored, and disclosed by them.

Please note that some third-party service providers may be located in, or operate facilities in, jurisdictions different from either you or MAISON de SABRÉ. If you proceed with a transaction that involves a third-party service provider, your personal information may become subject to the laws of the jurisdiction(s) in which that provider or its facilities are located. Those laws may differ from the privacy laws in your own jurisdiction.

For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, your personal information used to complete that transaction may be subject to disclosure under United States legislation, including the USA PATRIOT Act.

Once you leave our Website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Website’s Terms of Service, and we are not responsible for the privacy practices of those external sites or services.

Links:

Our Website may contain links to third-party websites or services. When you click on these links, you may be directed away from our Website.

MAISON de SABRÉ is not responsible for the privacy practices, policies, content, or security of any third-party websites or services. We encourage you to review the privacy policies and terms of use of any external sites you visit, as their practices may differ from ours.

SECTION 6 - SECURITY

To protect your personal information, MAISON de SABRÉ implements reasonable administrative, technical, and physical safeguards and follows industry best practices to prevent unauthorised access, loss, misuse, disclosure, alteration, or destruction of your information.

Where you provide credit card details, the information is encrypted using Secure Socket Layer (SSL) technology and stored with AES-256 encryption. We comply with all applicable PCI-DSS requirements and maintain additional generally accepted industry security standards to safeguard payment data.

While we take reasonable steps to protect your information, no method of transmission over the Internet or electronic storage is entirely secure, and we cannot guarantee absolute security.

SECTION 7 - COOKIES

Our Website uses cookies and similar tracking technologies to enhance functionality, analyse performance, and improve your browsing experience. Cookies are small data files placed on your device when you visit a website. You may manage or disable cookies through your browser settings; however, doing so may affect certain features or functionality of the Website.

Below is a list of cookies used on our Website:

  • _session_id: A unique sessional token that enables Shopify to store information about your session, including referrer and landing page details.
  • _shopify_visit: Does not hold personal data. Persists for 30 minutes from the last visit and is used by Shopify’s internal analytics to record the number of visits.
  • _shopify_uniq: Does not hold personal data. Expires at midnight (relative to the visitor’s location) on the following day and is used to count the number of visits by a single customer.
  • cart: A unique token that persists for two (2) weeks and stores information relating to the contents of your shopping cart.
  • _secure_session_id: A unique sessional token used to maintain secure browsing sessions.
  • storefront_digest: A unique token with no set expiry. Where a store is password-protected, this cookie determines whether the current visitor has authorised access.

For more information on how we use cookies and how you can manage your preferences, please refer to your browser settings or applicable privacy controls.

SECTION 9 – EU GENERAL DATA PROTECTION REGULATION

From 25 May 2018, the processing of personal data of individuals located in the European Union is governed by the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”). This section outlines the rights of EU-based users and our obligations under the GDPR where applicable.

EU User Rights

If you are located in the European Union, you may have the following rights in relation to your personal data, subject to applicable law:

  • The right to access the personal data we hold about you;
  • The right to request correction of inaccurate or incomplete personal data;
  • The right to request erasure of your personal data (“right to be forgotten”);
  • The right to request restriction of processing;
  • The right to object to certain types of processing, including direct marketing;
  • The right to data portability, where applicable; and
  • The right to lodge a complaint with a competent supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us using the details provided in this Privacy Policy. We may require verification of your identity before responding to your request.

If you are located outside the European Union, you may also request access to, correction of, deletion of, or copies of your personal data, subject to applicable privacy laws.

Explanation and Copies of Your Data

You have the right to request confirmation of whether we hold personal information about you, to receive an explanation of the nature of that information, how it is used, and the legal basis on which it is processed. Where your personal information is processed on the basis of your consent, or where it is necessary for the performance of a contract or provision of services requested by you, you may also request a copy of the personal information we hold about you, subject to applicable law.

Correction

If you believe that any personal information we hold about you is inaccurate, incomplete, or out of date, you have the right to request that it be corrected. We will take reasonable steps to update or correct your information upon verification of your identity and the accuracy of the requested changes.

Deletion

You may request that we delete your personal information. We will comply with such requests to the extent required by applicable law. However, we may retain certain personal information where necessary to comply with legal obligations, resolve disputes, enforce our agreements, or for other legitimate business purposes permitted by law.

Objections and Complaints

You may object to certain types of processing of your personal information, where permitted by law. You may also lodge a complaint regarding our handling of your personal information by contacting our Privacy Compliance Officer. In addition, you have the right to submit a complaint to the relevant supervisory authority in your jurisdiction where applicable.

Grounds for Processing

The GDPR requires organisations that process the personal data of individuals located in the European Union to do so on one or more lawful bases. Where the GDPR applies, MAISON de SABRÉ processes personal data on the following grounds, as applicable:

Performance of a Contract

We process personal information where it is necessary to perform a contract with you or to take steps at your request prior to entering into a contract. This includes collecting and using personal information to:

  • Process and fulfil product orders;
  • Establish, administer, and maintain your account, including identity verification where required;
  • Communicate with you regarding your orders, transactions, or account; and
  • Enable secure payment processing.

Legitimate Interests

We may process personal information where it is necessary for our legitimate business interests, provided that those interests are not overridden by your fundamental rights and freedoms. This includes processing personal information:

  • To provide customer support and respond to enquiries;
  • For direct marketing purposes, including analysing data to identify trends, improve our services, and tailor marketing communications to user preferences (subject to applicable opt-in or opt-out requirements);
  • To detect, prevent, or investigate fraud or unlawful activity; and
    To enforce our Terms & Conditions and protect our legal rights.

Consent

We may process personal information on the basis of your consent where required by law. Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. If you withdraw consent, you may not be able to access or use certain services or features that rely on the collection or processing of the relevant personal information.

SECTION 10 - CHANGES TO THIS PRIVACY POLICY

MAISON de SABRÉ reserves the right to amend or update this Privacy Policy at any time. We encourage you to review it periodically. Any changes or clarifications will take effect immediately upon being posted on the Website, unless otherwise stated.

If we make material changes to this Privacy Policy, we will provide notice on the Website to inform you that it has been updated, including details of what information we collect, how we use it, and under what circumstances, if any, it is used or disclosed.

In the event that MAISON de SABRÉ is involved in a merger, acquisition, restructuring, or sale of all or a portion of its assets, your personal information may be transferred to the acquiring entity or successor organization to enable the continued provision of products and services.

SECTION 11 - QUESTIONS AND CONTACT INFORMATION

If you would like to access, correct, amend, or delete any personal information we hold about you, lodge a complaint, or request further information regarding our privacy practices, please contact our Client Services team at contact@maisondesabre.com. We will respond to your enquiry in accordance with applicable privacy laws.

Need more help?