SECTION 1 – COMPLIANCE WITH SAFE HARBOR FRAMEWORK[(S)]
The United States Department of Commerce and each of the European Commission and Switzerland have agreed on a set of data protection principles regarding the collection, use, and retention of personal information to enable U.S. companies to satisfy European Union (EU) and Swiss law requirements for adequate protection of personal information transferred from the European Economic Area (EEA) and Switzerland to the United States (collectively, the “Safe Harbor Privacy Principles”). EP has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view EP’s certification, please visit http://export.gov.
SECTION 2 - WHAT INFORMATION DO WE COLLECT FROM YOU AND WHAT DO WE DO WITH IT?
Our online store is hosted on Squarespace. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Accordingly, when you submit personal information in connection with purchases made via the Site, such information is not collected by EP but rather is sent directly to Squarespace. When you purchase something from our store, as part of the buying and selling process, Squarespace collects the following personal information: your first name, last name, company name, mailing address and billing address, phone number, email address, purchase information, gender and credit card payment information. We also may keep interactions with our Customer Services Team, or visits to our website/store. Please see Section 4 for more information on Squarespace’s policies.
We collect information in the following circumstances:
When you register to or use our website
When you register to or use our in-store WIFI
When you allow social media sites to provide your data to us
When you enter any event, prize draws or competitions run by us
When completing any of our surveys or leaving us a review
When completing any forms for transactional, employment or other purposes
When you buy products or gift cards/vouchers
When you've given a third party permission to share with us the information they hold about you
The Site allows you to register with us for an account through the Create Account page on the Site. When you register for an account via the Site, you will be providing us with your first name, last name and email address. Such registration information enables us to make the purchase of products quicker and easier.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system, and your activity while using the Site. See Section 8 –COOKIES below, for information on technical information we collect as a result of your use of the Site and how we use such information.
In addition, the Site permits you to subscribe to our newsletter via the Subscribe page on the Site. With your permission, we may send you emails about our store, new products and other updates. In order to sign up to receive the newsletter, you need only provide us your email address. You may opt out of receiving our newsletter or other communications from us by following the opt-out link provided in any email received or by un-checking the applicable box on the Check Out page hosted by Squarespace.
The Site permits you to reach out to various ASH Smoke departments through email. Whenever you send us an email, you will be providing us with your email address and any information you choose to provide in the text of your message. For example, you may choose to provide your full name, mailing address or other information necessary or helpful for us to address your query or concern. Your personal information will be used to respond to your communications.
We use your personal data in the following ways:
To enable us to personalize your shopping experience on our sites.
To allow us to handle your orders, deliver products and process your payments and refunds (including to ensure secure payment and prevent fraud).
To respond to your questions, refund requests and complaints.
To keep a record of when and why you contact us and to keep your contact details up-to-date.
For statistical, analytical or survey purposes - so we can improve our websites and the services we offer you.
To enable third parties to carry out technical, logistical or other business functions on our behalf such as advertising on social media sites you might use and visit (our ability to do this will depend on the privacy settings you have on your social media accounts).
Where you are an existing customer (or you have otherwise given us your data) and have not opted out, or where you have consented, we use your data to send you information about our business and products we think you might like and to notify you of products or special offers that may be of interest to you.
To process your application when you enter a competition promotion or prize draw. (If there are other purposes specific to that competition promotion or prize draw, these will be explained in the applicable competition terms & conditions).
In order to help us manage our customer relationships, we use third party platforms. These platforms assist us to do lots of things, including: conduct email marketing campaigns, advertise online, undertake customer analytics, plan and put on events, fulfill orders, make deliveries, returns and refunds etc. We therefore pass on your personal data to these third parties, on the condition that they agree to handle your information in line with this notice.
Why are we allowed to handle and store your personal data?
There are a number of legal bases which allow us to use your personal data. The following sets out more detailed explanations of the bases we rely on to collect and process your personal data:
If you visit our site and are not an existing customer, or if you fill in any in-store materials, such as prize-draw entries, we might ask for your consent to process your data, so that we can send you our special offers and news.
2. Contractual obligations
Our primary use of this basis is when you purchase our products. In this situation it is necessary for us to process your personal data in order to fulfill your order and send your goods to you.
3. Legal compliance
In some circumstances, we may be legally required to collect and process your data e.g. to pass it on to the police if criminal activity is suspected.
4. Legitimate Interest
It may be necessary to use your data to help us run our business. For example, to action any changes to your account that you request, or to personalize the services we provide - with the aim of improving your customer experience. We will only use your data in these instances, where doing so does not materially impact your rights, freedom or interests.
How Long do we keep your personal data for?
We only keep your personal data for as long as we deem necessary for the purpose for which it was collected (subject to any legal requirements). Once it is no longer necessary, we will either delete the data, or anonymize it. The use of anonymized data helps us to optimize our customer service.
ACCESS TO YOUR INFORMATION/ACCURACY OF INFORMATION
You may obtain from us, by mail or email, the personal information contained in our records. We strive to maintain the accuracy of any personally identifiable information that may be collected from you, and will use our commercially reasonable efforts to respond promptly to update our database when you tell us the information in our database is not accurate. However, it is your responsibility to ensure that any personal information you provide to us via the Site is accurate, complete and up-to-date. If you wish to make any changes to any personal information you have provided to us, you may do so at any time by contacting us at email@example.com .
SECTION 3 - CONSENT
How do you get my consent?
If we ask for your personal information for a secondary reason, like marketing, or for a purpose incompatible with the purpose for which it was originally collected, we will either ask you directly for your expressed consent, or provide you with an opportunity to say “no.”
You have the right to correct any information we store which might be incorrect, incomplete, or out of date. You can do this yourself by logging into your account, or by contacting our Customer Services Team who will give you step-by-step advice on how to do this. You can contact them by emailing: firstname.lastname@example.org
How do I withdraw my consent?
If we are processing your personal data on the basis of our legitimate interest, you have the right to ask us to stop. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right at any time to stop us from sending you marketing material. You can do this in the following ways:
Click the 'unsubscribe' link in any email communication that we send you. We will then stop any further emails from that particular division.
Contact our Customer Services Team by emailing: email@example.com or visit the link.
If you have an account, log into your account and change your preferences
You can unsubscribe from receiving push notifications by disabling the relevant options in your phone ‘settings'
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Please note that if you follow a link which clicks through to a third party site, this notice will not apply and you will need to review that third party's privacy terms and conditions.
You have the right to ask us what data we hold which concerns you. Such requests are usually free, but we will ask you to submit your query in writing and include the following:
Full name (we will ask you to verify your identity)
Specific details on what you require or are requesting
We will process your request and will either respond within 30 days, or contact you to gather more information before we fulfill your request. In the event that we might refuse to fulfill your request (for example if it is unreasonable), we will give a full explanation as to why.
Please submit your requests through the following channels: firstname.lastname@example.org
What can you do if you are unhappy with how we handle your data?
Your first port of call should be to contact our Data Protection Officer as outlined above. However, if you still feel that your data is not being handled appropriately, you have the right to lodge a complaint with the Federal Trade Commission or Information Commissioner's Office. If you are outside of the US or UK, please contact the relevant data protection regulator in your country of residence.
SECTION 4 - Squarespace
Squarespace protects credit card information according to the Payment Card Industry Data Security Standard (PCI-DSS), a set of security requirements managed by the PCI Security Standards Council, which is a joint effort of the payment brands, including Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by merchants and service providers. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. The description above is qualified in its entirety by the terms and conditions of Squarespace’s privacy policies, and you should review the policies posted on Squarespace’s site to be fully informed.
SECTION 5 – THIRD PARTY SERVICES; SHARING YOUR INFORMATION
We do not sell or rent your personally identifiable information to third parties. We share your information only with our affiliates and service providers or as otherwise described herein in order to provide you with our products and services.
We will do this in the following circumstances:
To process your order e.g. with delivery drivers, or with third party payment service providers
To handle complaints e.g. with our Customer Services call centre
To detect any fraudulent activity, or assist law enforcement authorities
To help us offer you a more personalised shopping experience by sending you offers and updates
When we share information with third parties, we will ensure that:
We only provide the data they need to perform their specific function
They only use the data provided as intended
They have the requisite measures in place to protect your data and delete it once the function has been performed, or delete it when we cease working with them
In general, our agreements with third party providers used by us require that they only use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
The Site may also reference or provide links to other third party websites, such as advertisers. For these third parties, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the USA Patriot Act (P.L. 107-56).
Additionally, some of our partners and third parties who may receive your personal data are based outside of the European Economic Area. In such cases, we ensure that our partners are contractually-bound to protect your data to the same degree that is required in the European Union.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow common industry practices to guard against such information being lost, misused, accessed, disclosed, altered or destroyed. We use security technologies and internal procedures to ensure that your data is kept safe and secure. Please be aware, however, that Internet data transmission and computer networks are not always secure and we cannot and do not guarantee that information you transmit utilizing the Site is secure.
SECTION 7 - COOKIES
session_id, unique token, sessional, Allows Squarespace to store information about your session (referrer, landing page, etc).
_Squarespace_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_Squarespace_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
_storefront_digest, unique token, indefinite, If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 – TRACKING
EP keeps track of the web pages our users visit within the Site, in order to determine what EP products are the most popular. Please note, however, we do not engage in the collection of personal information about your online activities over time and across third party websites or online services. Accordingly, we do not currently process or comply with any web browser’s “do not track” signal or other mechanisms that provide consumers with the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time and across third party websites. Further, we have not knowingly authorized third parties to collect personally identifiable information about your online activities over time and across different websites when you use the Site.
SECTION 9 - AGE OF CONSENT
In compliance with the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501-06 and 16 C.F.R. §§ 312.1-312.12, we do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register with us. If you are under 13, please do not attempt to register with the Site or send any information about yourself to us, including your name, address, mobile device number, or email address. By using this Site, you represent that (i) you are not under 13 years of age, and (ii) you are at least the age of majority in your state or province of residence.
SECTION 11 - BUSINESS TRANSFER
Please also note that if we are acquired or merged with another company, your personal information and/or technical information we obtain from you via the Site may be disclosed to any potential or actual purchasers and/or may be transferred to the new owners so that we may continue to sell products to you.
SECTION 12 – UNRESOLVED PRIVACY COMPLAINTS
Under the Safe Harbor program, any unresolved privacy complaints can be referred to an independent dispute resolution mechanism. We use the ICDR/AAA Safe Harbor Program, which is operated by the International Centre for Dispute Resolutions, the international division of the American Arbitration Association. If you feel that we have not satisfactorily addressed your complaint, you can visit the ICDR/AAA Safe Harbor Program website at https://apps.adr.org/webfile for more information on how to file a complaint.by into something more. Or maybe you have a creative project to share with the world. Whatever it is, the way you tell your story online can make all the difference.