Privacy Policy
-
Introduction
We respect your privacy and are committed to protecting your personal information. This privacy policy outlines how your personal information is collected, used, and protected when you use our services (known as, “Services”) including, but not limited to, our website, www.superbonsai.com. “We” and “us” refers to SuperBonsai, Inc. and any of our corporate affiliates and partners. This privacy policy applies to customers, marketing newsletter subscribers, and website visitors. This privacy policy does not apply to data that is not personal data, including anonymous, de-identified, or aggregated data, even when such data has been derived from personal data.
Information We Collect
When using our Services, we collect certain information about your device, your interaction with the website, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.
Device Information
- Examples of Personal Information Collected: version of web browser, IP address, time zone, cookie information, what site or products you view, search terms, and how you interact with our Services.
- Purpose of collection: to ensure our Services work properly for you, to perform analytics on usage in order to optimize our Services, and to verify accounts and activity in order to monitor suspicious or fraudulent activity and identify violations of Service policies.
- Source of collection: Collected automatically when you access our Services using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processor, Shopify.
Other Information
- Examples of Personal Information collected: name, billing, address, shipping address, payment information (including credit card numbers, email address, and phone number.
- Purpose of collection: to provide products and services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you, the user.
- Disclosure for a business purpose: shared with our processor, Shopify.
Customer Support Information
- Purpose of collection: to provide customer support.
- Source of Collection: collected from you, the user.
What We Do With Your Information
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email Marketing: With your permission, we may send you emails about our products, services, and other updates.
Text Marketing: With your permission, we may send text messages about our store, new products, and other updates. Updates include Checkout reminders. Webhooks will be used to trigger the Checkout Reminders messaging system.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Behavioral Advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use our Services. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page here: https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by visiting the Digital Advertising Alliance’s opt-out portal here: http://optout.aboutads.info/.
Lawful Basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your Personal Information under the following lawful bases:
- Your consent;
- The performance of the contract between you and our Services;
- Compliance with our legal obligations;
- To protect your vital interest;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Automatic Decision Making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision making (which includes profiling), when that decision making has a legal effect on you or otherwise significantly affects you.
We DO NOT engage in fully automated decision making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
Selling Personal Information
Our Services DO NOT sell Personal Information, as defined by the California Consumer Privacy Act of 2018 (“CCPA”)
Children’s Privacy
Our Services are not intended for individuals under the age of 18. We do not intentionally collect (or sell) Personal Information from children. If you are the parent or legal guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.
Your Rights
GDPR
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us at the email below with the subject line: Privacy Support.
For more information on how data transfers comply with GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
CCPA
If you are a resident of California, you may exercise certain consumer rights under the California Consumer Privacy Act (CCPA) by contacting us at the email below with the subject line: Privacy Support. Your CCPA rights are described below.
Right to Know
You have the right to request information regarding the categories and specific pieces of information we have collected about you, as well as the sources of that information, the business purpose for collecting it, and what types of third parties we share or sell it with.
If you make a request more than twice in a 12-month period, you may be required to pay a small fee for this service.
Right to Deletion
You have the right to request that we delete any of your Personal Information. We will delete any Personal Information that is not critical to the normal business operation from our records and direct all of our service providers to do the same.
We consider data to be critical to our business operation if they are used to:
- Provide goods or services to you
- Detect and resolves issues related to security and functionality
- Comply with legal obligations
Do Not Sell my Personal Information
We do not sell any information that identifies you, such as your name or contact information. However, we may ask advertisers to collect information from website visitors in order to advertise our services to them after they visit our website. This is called “retargeted advertising.” Under the CCPA’s broad definition of what it means to “sell” personal information, this form of advertising may be considered a “sale” of your information. The only information provided to the advertisers is your IP address, your activity while on our website, and information about your device (such as the name and model number of your device). If you do not want us to provide this information to our advertisers, you may opt out here:
Right to Non-Discrimination
If you exercise your consumer rights:
- We will not deny goods or services to you
- We will not charge different prices or rates for goods or services including through the use of discounts or other benefits imposing penalties
- We will not provide a different level or quality of goods or services to you
Authorized Agent
You may designate someone an authorized agent to make a request under CCPA on your behalf. You can do this by providing written permission to authorize an agent to act on your behalf; the agent will need to verify their identity with us. Agents authorized by power of attorney are exempt from having to provide written permission, but must show documentation that power of attorney has been granted.
We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
Request Verification
Use the email address associated with the personal information we have collected about you to make your request. If you no longer have access to that email address, you will need to verify your identity through another piece of information we have collected about you, such as your phone number via SMS or voice call, or your address through mail.
If you have purchased our product in the past, we may ask you to confirm two to three pieces of behavioral data in order to verify your identity.
If we cannot verify your identity, we cannot fulfill requests to exercise any rights accorded to you by CCPA.
Changes to this Policy
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Contact Us
If you have any questions about our Privacy Policy, please feel free to contact us via email at hello@superbonsai.com or by mail at:
SuperBonsai
3940 Laurel Canyon Blvd. #189
Studio City, CA 91604