This statement summarizes Retrokid Inc.’s (“Retrokid”, “we”, “us” or “our”) policies in relation to personal information that may be collected or submitted to us through our website (the “Website”) at www.retrokid.ca. We are committed to ensuring that the information we collect about our customers (“you” and “your”) remains secure and protected.
SECTION 1: COLLECTION AND USE OF INFORMATION
When you purchase something from our online store, as part of the buying and selling process, we collect your personal information such as your name, mailing address and email address. We use this personal information to process your order and maintain the Website. This information can also be used to contact you to further discuss interest in our company, the services we provide, and to send information regarding RetroKid, its partners, its products and other activities such as promotions and events. You may be invited to receive email correspondence by providing an email address. Your email address and any personal information will not be distributed or shared with third parties unless it is to transact such business as you have contracted us to do, to comply with legal processes and/or law enforcement requests, or to conduct any business as RetroKid, in its sole discretion, deems reasonable.
Additionally, when you browse our online store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
RetroKid may also email (or send via other methods) information regarding updates to the Website, newsletters, advertisements, or other correspondence. You will have an opportunity to unsubscribe to any emails or mailings by clicking on an "unsubscribe" hyperlink contained in such promotional emails or by emailing us at email@example.com. Despite unsubscribing from such list, RetroKid may send confirmation emails if you order online and may need to contact you by phone, email or regular mail with questions or issues concerning your order. Any opt-out by you is not deemed valid until processed by RetroKid. RetroKid shall not be liable for problems arising from the opt-out procedure.
You can opt out of seeing online interest-based ads from Facebook, Google and other participating companies through the Digital Advertising Alliance in the US, the Digital Advertising Alliance of Canada in Canada, or the European Interactive Digital Advertising Alliance in Europe or through your mobile device settings. Please note ad blockers and tools that restrict our cookie use may interfere with these controls.
SECTION 2: CONSENT
How is your consent obtained?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
How do you withdraw your consent?
If you change your mind, you may withdraw your consent for the continued use or disclosure of your personal information; however, archival or backup copies of said information will not cease to exist and RetroKid shall not be liable for any problems in this process. To withdraw your consent, including your consent to be contacted for marketing activities, please contacting us, at any time, at firstname.lastname@example.org.
SECTION 3: SHARING YOUR INFORMATION
Your personal information will not be traded, sold, or leased by RetroKid to any external companies without obtaining your prior written consent. Your information will only be used for RetroKid’s legitimate business purposes, or as otherwise required to meet legal and regulatory requirements.
For greater certainty, we may disclose your personal information with your express prior consent to the following parties for the following purposes and/or under the following circumstances:
- to a lawyer representing us;
- to a government institution or part of a government institution that has made a request for the information and has identified its lawful authority to collect that information;
- to an investigative body, a government institution or part of a government institution where we have reasonable grounds to believe that the information relates to a breach of an agreement or a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed;
- to a person who needs the information because of an emergency that threatens the life, health or security of an individual;
- to a person where the disclosure is required by law including, but not limited to in response to a subpoena or warrant or an order made by a court; and
- in connection with a sale of all or substantially all of RetroKid’s assets, a merger or other significant corporate reorganization.
Note that RetroKid will only disclose such personal information as is required for the purposes or circumstances above.
SECTION 4: ACCESSING YOUR INFORMATION
You have the right to access your personal information that we have under our control, subject to any legal restrictions or legal rights of refusal by RetroKid. You may also request a correction of your personal information. When making a request for access or correction, please contact email@example.com, stating the details of your personal information that you are requesting.
SECTION 5: SHOPIFY
Our store is hosted by Shopify Inc. (“Shopify”). They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS are managed by the PCI Security Standards Council. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
SECTION 6: THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you to a third party’s website or application. We are not responsible or liable for the privacy practices of other sites or applications and encourage you to read their privacy statements.
SECTION 7: SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is completely secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Cookies: Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our Website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8: AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 9: EU RESIDENT PERSONAL DATA RIGHTS
RetroKid is the data controller of your information, and Shopify acts as the data processor in storing the information on a secure server behind a firewall.
Under certain circumstances, EU Residents may have rights under data protection laws in relation to your personal data as outlined below:
- Be informed by fully transparent personal data and privacy policies of the corporation;
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be notified to you, if applicable, at the time of your request;
- Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it affects your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms;
- Request restriction of the processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
- Protection from automated decision making processes, which protects individuals against the risk that a potentially damaging decision is made without human intervention, whereby the decision could have legal consequences on the individual or is based on automated processing; and
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact firstname.lastname@example.org.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
EU Residents may have the right to make a complaint at any time to the supervisory authority for data protection issues. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority, so please first contact us directly to allow us to do so.