GDPR

Table of Contents

  1. GDPR Compliance for EEA Residents
  2. Automatic Decision-Making
  3. Your Rights under GDPR
  4. Exercising Your Rights
  5. Lawful Basis for Processing
  6. International Data Transfers
  7. GDPR Compliance
  8. For Users from Other Regions
  9. Right to Lodge a Compliant
  10. GDPR Updates
  11. Contact Information 
  1. GDPR Compliance for EEA Residents

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). This section outlines these rights and how we address them. 

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below. 

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above.

Please refer to International Data Transfers more information.

  1. Automatic Decision-Making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include: Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours. Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

  1. Your Rights Under GDPR:
  1. Right to Access: You have the right to request copies of your personal data.
  2. Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete any information you believe is incomplete.
  3. Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  4. Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  5. Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  6. Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
  7. Right to Withdraw Consent: If we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time.
  1. Exercising Your Rights:

If you wish to exercise any of these rights, please contact us using the contact information provided at the end of this Privacy Policy. We will respond to your request within 30 days.

  1. Lawful Basis for Processing:

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

  1. Consent: You have given clear consent for us to process your personal data for a specific purpose.
  2. Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  3. Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
  1. International Data Transfers:

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, our website data is hosted in Ireland and then transferred outside of the EEA for storage and further processing, including to Canada and the United States.

When we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  3. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

For more information on how data transfers comply with the GDPR, please refer to Shopify's GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

  1. GDPR Compliance

Our website is accessible globally, and we recognize that different countries and regions have varying approaches to data privacy and cookie use.

For European Union (EU) and European Economic Area (EEA) Residents: We comply with the General Data Protection Regulation (GDPR). Our use of cookies for users from these areas is in line with GDPR requirements.

Key points include:

  1. We only use non-essential cookies with your explicit consent.
  2. You have the right to withdraw your consent at any time.
  3. We provide clear information about the cookies we use and their purposes.

For more detailed information on how we handle personal data under GDPR, please refer to our GDPR Compliance section in our Privacy Policy https://maryflournoy.net/pages/privacy-policy.

  1. For Users from Other Regions

While specific regulations may vary, we strive to apply high standards of data protection and transparency for all our users globally. We recommend reviewing both this Cookie Policy and our Privacy Policy https://maryflournoy.net/pages/privacy-policy to understand how we handle your data.

  1. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

  1. Data Breach Notification

We take the security of your personal information seriously and employ reasonable and appropriate security measures to protect your personal information from unauthorized access, use, alteration, or disclosure. However, no method of data transmission or storage is 100% secure. In the event that we become aware of a data security breach affecting your personal information, we will take the following steps:

  1. Timely Notification: We will notify you promptly and without unreasonable delay, consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  2. Method of Notification: We will notify you via email or, if this is not possible, via a conspicuous posting on our website.
  3. Content of Notification: Our notification will include:

   - A description of the incident in general terms

   - The type of personal information that was subject to the unauthorized access and acquisition

   - The actions we have taken to protect your personal information from further unauthorized access

   - A telephone number where you can call for further information and assistance, if one is available

   - Reminders to remain vigilant by reviewing account statements and monitoring free credit reports

  1. Law Enforcement Delay: In some cases, law enforcement might delay our notification if they determine that the notification will impede a criminal investigation.
  2. Cooperation with Authorities: We will fully cooperate with any law enforcement investigation related to the breach.

Please note that while we will make every effort to secure your data and notify you in case of a breach, you also play a crucial role in protecting your personal information. We encourage you to use strong, unique passwords for your account with us and to not share your login credentials with others.

If you suspect any unauthorized access to your account or misuse of your personal information, please contact us immediately at mary@maryflournoy.net.

  1. Data Protection Officer

As of July 14, 2024, our organization has not appointed a Data Protection Officer (DPO) as we do not meet the criteria requiring such an appointment under Article 37 of the GDPR.

If you have any questions, concerns, or requests regarding your personal data or this GDPR Policy, please contact us using the Contact Information below.

We are committed to addressing any questions or concerns you may have about our data practices and will respond to your inquiry as soon as possible, typically within 30 days.

If we make changes to our data protection practices that would require the appointment of a DPO in the future, we will update this policy accordingly and provide the relevant contact information.

  1. GDPR Updates

We are committed to maintaining the accuracy and relevance of this GDPR Policy. We review this policy regularly and may update it from time to time to reflect changes in our practices, technologies, legal requirements, and other factors.

When we do update the policy, we will revise the "Last Updated" date at the bottom of this policy and take any other steps required by applicable law. We encourage you to periodically review this page to stay informed about our privacy practices.

For significant changes that materially alter your rights or obligations under this policy, we will make reasonable efforts to notify you. This may include posting a notice on our website or sending you an email (if we have your email address on file).

Your continued use of our services after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about changes to this policy, please contact us using the information provided in the "Contact Information" section.

  1. Contact Information

For more information about our privacy practices, please review our full Privacy Policy. If you have any questions or comments about this notice, the ways in which we collect and use your information, your choices and rights regarding such use, or wish to exercise your rights under GDPR law, please do not hesitate to contact us at mary@maryflournoy.net and/or Mary O Flournoy 221 West A Street, #871, Dixon, CA 95620.

Last updated: 14th day of July, 2024.