Last Updated: 05/23/18
WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at: Hollywood Racks 12812 South Spring Street Los Angeles CA 90061
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify's data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify's Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
For example, if you are located in another country and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links in our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
TYPES OF DATA WE COLLECT
What are cookies, and what are you doing with my data from them?
What information do they collect, and why?
The cookies we have on our site collect information on things like which pages you visit, which device you're on, your IP address, and publicly available information. These cookies such as the ones used by Google Analytics, Adwords, Google Tag Manager, and others (that are shown in the Cookies Section below this paragraph), so they and us can do things like show you targeted ads, banner ads, collect information to monitor the success of campaigns, competitions etc., and trigger automations for us to get in touch with you. It's also pretty important for us to effectively run our website, especially when it comes to things like site navigation, market research, and customer service. It sounds like a lot, but all this does is help tailor our communication to you and let us know the kind of stuff you might like to know more about. We may also keep an eye on the data coming through for crime and fraud prevention, detection, and related purposes, or if we have a legal right or duty to disclose your information. No data is passed on to third party marketers, it stays between us, Hollywood Racks, and the software companies stated above.
SHOPIFY / E-COMMERCE COOKIES
Here is a list of cookies that we use. We've listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, session, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider's internal stats tracker to record the number of visits.
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, session
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
OTHER WEBSITE COOKIES
_wp_session, Expiry: Session, Essential session management cookies for WordPress. Used to maintain information about each visit to the website and enable core site functionality. These cookies do not contain any personal information.
AWSELB, Expiry: 1 year, This cookie stores information about which part of the Amazon AWS server farm was used by your most recent visit. This allows us to optimise our site, and your experience for various performance and server management reasons. For more information please see: http://docs.aws.amazon.com/ ElasticLoadBalancing/ latest/APIReference/ API_CreateAppCookie StickinessPolicy.html
GOOGLE ANALYTICS COOKIES
_ga, Expiry: 2 years, Google Analytics - Google Analytics uses this cookie to distinguish users and has an expiration of X. This is responsible for ensuring any session data is sent to the appropriate Google Analytics profile. This cookie will be followed by a series of numbers to fulfil this purpose.
_gid, Expiry: Session, This is part of Google Analytics.
_utma, Expiry: Session, This is part of Google Analytics, that uses multiple UTM parameters to help define the source, medium, device, campaign name, country, keyword (if avalible) and other generic information tied to the current session. As there are many different UTM parameters Google Analytics uses multiple UTM cookies with this cookie name.
_utmb, Expiry: Session, The __utmb and __utmc cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires. You see, __utmc has no way of knowing when a user closes their browser or leaves a website, so it waits 30 minutes for another pageview to happen, and if it doesn't, it expires.
_utmc, Expiry: Session, The __utmb and __utmc cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires. You see, __utmc has no way of knowing when a user closes their browser or leaves a website, so it waits 30 minutes for another pageview to happen, and if it doesn't, it expires.
__utmt, __utmt_, Expiry: Session, This cookie is used to track and log events in Google Analytics.
__utmz, __utmz, Expiry: Session, keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website. It expires in 6 months. This cookie is how Google Analytics knows to whom and to what source / medium / keyword to assign the credit for a Goal Conversion or an Ecommerce Transaction. __utmz also lets you edit its length with a simple customization to the Google Analytics Tracking code.
_dc_gtm_, Expiry: Session, Google Analytics ID, injected via Google Tag Manager. This cookie only appears on sites that integrate Google Analytics via Google Tag Manager. The purpose of which is to allow for hassle free implementation of Google Analytics, and additional layers of flexibility in anonymising personal identifiable information.
_gat_UA-XXXXXXXX-X, Expiry: Session, This cookie does not store any user information, it's just used to limit the number of requests that have to be made to Google Analytics, and has an expiration of 10-minutes. 10 Minutes
_gat, Expiry: Session, This cookie does not store any user information, it's just used to limit the number of requests that have to be made to Google Analytics, and has an expiration of 10-minutes.
VISITOR_INFO1_LIVE, Expiry: 179 days, These cookies are set by the YouTube video service on pages with embedded YouTube video. The VISITOR_INFO1_LIVE expires after eight months, and is used to send watch statistics to YouTube.
YSC, Expiry: Session, These cookies are used to collect anonymous statistics and performance data for embedded Youtube videos on the website. YSC is session-based, and expires once the session has ended.
PREF, Expiry: 8 Months, These cookies are set by the YouTube video service on pages with embedded YouTube video. The PREF cookie may store user preferences and other information such as dark mode, last set volume, and preferred resolution.
How do I disable cookies in my browser?
Browse in Incognito/InPrivate/Private mode!
Google Chrome Incognito (CTRL+SHIFT+N) Mozilla Firefox in Private Browsing with Tracking Protection (CTRL+SHIFT+P) Microsoft Edge in InPrivate browsing - tap the "Settings and more" button in the top-right corner, choose "New InPrivate window." Opera in Private Browsing (CTRL+SHIFT+N) Internet Explorer in InPrivate browsing (CTRL+SHIFT+P)
For Google Chrome:
Choose Settings> Advanced Under "Privacy and security," click "Content settings". Click "Cookies" and simply choose the settings you'd like from there.
For Microsoft Internet Explorer:
Click on "Tools", and then "Internet Options" Click on the "privacy" tab and simply choose the settings you'd like from there.
Choose Preferences > Privacy Click on "Remove all Website Data" This will get rid of cookies!
For Mozilla firefox:
Choose the menu "tools" then "Options" Click on the icon "privacy" Find the menu "cookie" and pick what you'd like to do from there.
For Opera 6.0 and further:
Choose the menu Files"> "Preferences" Privacy and simply choose the settings you'd like from there.
You've signed up for our mailing list! You love us after all! We've loads of stuff to talk about, but first, let's explain what information we've collected, and how and why we use it.
When you first sign up, we collect your information for things like your name and email address. We do that because you've asked to get our newsletter via email, to keep up to date with Hollywood Racks, or anything else we provide that you've opted into. So we'll stick to that in terms of contacting you, unless we need to get in touch to get some more information from you or make sure you're happy and that your details are up to date.
Hollywood Racks will (with your say so) send you updates on company services, special offers and newsletters. It's all stuff we think you'll find relevant, but if you don't like it, you can always unsubscribe by email or by simply contacting us in the email listed below!
If you have contacted us in the past and processing your data is necessary to serve that interest, then we will contact you. It could be for selling our services to you; promoting, marketing, or advertising our services; sending personalized marketing understanding customers needs, behaviors, preferences, activities; improving our services; again, for crime and fraud prevention, detection, and related purposes; handling customer complaints, queries, disputes etc.; and generally fulfilling our duties to our customers, team, and data subjects! We will only get in touch if it is absolutely necessary in order to fulfill your request, or your order, or your return. And if it's really not wanted, you can always tell us to stop through the email already stated, or through unsubscribe buttons where applicable.
If we're required to process your information by law, we'll do that.
So you've given your details to us at Hollywood Racks. You're in good hands, but you may be wondering what rights YOU have. In regards to all the rights below, you can get in touch with us at email@example.com. Simply insert into "[MY DATA - MY RIGHT] the subject line of your email request and let us know what you'd like from us, and we'll get back to you as soon as we can and in line with GDPR requirements.
If you've given us consent, you have the right to withdraw your information from us. Also, if you don't want us to get in touch any more, you can simply unsubscribe or get in touch with us at firstname.lastname@example.org.
You can lodge a complaint with a supervisory authority. We're a friendly bunch, here, and you can talk to us about anything, but if you'd like to lodge a complaint with a higher power, you can! You've got the right to be informed about the collection and use of personal data. For more information please have a look here for more details: https://ico.org.uk/for-the-public/raising-concerns/
If you want to see the data we have for you, you can ask for it at any time by contacting us at email@example.com.
If the data we have on file for you is outdated, incomplete, or just plain wrong, you also have the right to change that.
You can ask to be forgotten. In the case you want us to forget you, you can ask us to do that, just see this guidance from the ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ You can ask for us to "restrict processing" of your data. If it's wrong, if it's not been processed in line with the GDPR, if you need it for legal reasons (but we don't need it any more), or if you've asked us to stop processing your information altogether - while we consider stopping processing it, you can ask to restrict it.
You've got the right to ask for your data to be given to you. This applies to when you've given us consent to use your data.
You can ask us to stop processing your data.
If we're marketing to you, or if we're processing your data on the grounds of legitimate interests, you can ask us to just quit doing that.
You also have rights related to automated decision making and profiling, where serious decisions made by automated processing (all systematic, no human interaction), where you can ask us not to automate any decision making process, and you can ask us for the information we've used to make that processing possible.
International Transfers On occasion, we may possibly have to share your data outside of the European Economic area (EEA). You should rest easy, though, it's subject to special rules under GDPR. If we do have to do this, we'll make sure it's done in line and compliantly with data protection laws to make sure it is secure. If we ever need to do it, we'll make sure the standard data protection contract clauses are signed or at the very least covered by their own data protection terms.
How long do we keep your data? We'll not keep your data any longer than is needed under this notice, and the longest we'll hold onto any personal data after the purpose has been completed is 6 years.
AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Please note due to high demand, orders will ship in 3-5 business days