Privacy Policy


This Privacy Policy outlines how Cristina Embroidery Atelier collects, uses, and discloses your Personal Information when you visit or make a purchase on the Site.

Collection of Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information.” See the list below for more details on what Personal Information we collect and why.

Device Information

- Examples of Personal Information collected: web browser version, IP address, time zone, cookie information, sites or products viewed, search terms, and how you interact with the Site.
- **Purpose of collection:** to accurately load the Site for you, and to perform analytics on Site usage to optimise our Site.
- **Source of collection:** collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- **Disclosure for a business purpose:** shared with our processor Shopify.

Order Information

- **Examples of Personal Information collected:** name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
- **Purpose of collection:** to provide products or services to fulfil our contract, process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and, in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- **Source of collection:** collected from you.
- **Disclosure for a business purpose:** shared with our processor Shopify.

Customer Support Information

- **Examples of Personal Information collected:** details provided during customer support.
- **Purpose of collection:** to provide customer support.
- **Source of collection:** collected from you.
- **Disclosure for a business purpose:** shared with service providers for customer support assistance.

Minors

The Site is not intended for individuals under 16 years of age. We do not intentionally collect Personal Information from minors. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion of such information.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfil our contracts with you, as described above. For example:

- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: [https://www.shopify.com/legal/privacy](https://www.shopify.com/legal/privacy).
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information we receive, or to otherwise protect our rights.

Behavioural Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: [https://policies.google.com/privacy?hl=en](https://policies.google.com/privacy?hl=en). You can also opt-out of Google Analytics here: [https://tools.google.com/dlpage/gaoptout](https://tools.google.com/dlpage/gaoptout).
- We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (to which you may consent, depending on your location).

For more information about how targeted advertising works, you can visit the educational page of the Network Advertising Initiative (“NAI”) at [http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work](http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work).

You can opt out of targeted advertising by:

- FACEBOOK: [https://www.facebook.com/settings/?tab=ads](https://www.facebook.com/settings/?tab=ads)
- GOOGLE: [https://www.google.com/settings/ads/anonymous](https://www.google.com/settings/ads/anonymous)
- BING: [https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads](https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads)

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: [http://optout.aboutads.info/](http://optout.aboutads.info/).

Use of Personal Information

We use your Personal Information to provide you with our services, which include: offering products for sale, processing payments, shipping and fulfilling your order, and keeping you informed about new products, services, and offers.

Lawful Basis

In accordance with the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to delete this information. For more information about your right to deletion, please see the ‘Your Rights’ section below.

Automated Decision-Making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (including profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data. Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you. Services that include elements of automated decision-making include:

- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

**Selling Personal Information**

Our Site sells Personal Information, as defined by the California Consumer Privacy Act of 2018 (“CCPA”).

INSERT:

- Categories of Information Sold;
- Instructions on how to opt-out of the sale of information;
- Whether your business sells information of minors (under 16 years old) and whether you obtain affirmative authorisation;
- If you provide a financial incentive not to sell information, provide information about what that incentive is.

**GDPR**

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or deleted. If you would like to exercise these rights, please contact us through the contact information below.

Your Personal Information will be initially processed in Ireland and then transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: [https://help.shopify.com/en/manual/your-account/privacy/GDPR](https://help.shopify.com/en/manual/your-account/privacy/GDPR).

**CCPA**

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or deleted. If you would like to exercise these rights, please contact us through the contact information below.

If you would like to designate an authorised agent to submit these requests on your behalf, please contact us at the address below.

Cookies

A cookie is a small amount of information that is downloaded to your computer or device when you visit our Site. We use a variety of cookies, including functional, performance, advertising, and social media or content cookies. Cookies enhance your browsing experience by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another.