privacy policy
Overview
This Privacy Policy describes how Design Like Whoa LLC (“Design Like Whoa”, “We”, “Our”) collects, uses, discloses, transfers, and stores your personal information as we engage with you to provide services.
The current version of our Privacy Policy can be found at: www.designlikewhoa.com/privacypolicy
Information Collection and Use
In order to provide services to our customers, we must collect certain personal information. Such services may include submitting shipping orders on your behalf, as well as others. Design Like Whoa does not sell personal information.
The types of personal information collected, processed, and stored by Design Like Whoa will be limited to those which are required to establish and maintain these services. This information has been collected and transferred to third parties within the last 12 months. Such information may include:
Name
Contact information (phone number and e-mail address)
Shipping Address
UserID and user profile information for Design Like Whoa website and applications
Occasionally we may request tax ID information when shipping internationally
We may also collect the following information from you:
Billing information, such as: credit card number, billing address. Note that billing information will be collected through a secure 3rd party payment system
Information about your business, such as: company name, company size, business type
How We Use Personal Information
Design Like Whoa will use the information it collects in order to establish and maintain services as well as respond to inquiries, or perform other tasks that are necessary when acting as a merchandiser. In addition, information may be used for other legal purposes, such as audit, security, fraud prevention, or preserving and defending Design Like Whoa’s legal rights.
We may also collect, from you, the following personal information about your contacts: name, physical address, phone number. When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at privacy@designlikewhoa.com.
For the data subject, uses may also include contacting you to establish or maintain shipping information involving you. These communications will only come directly from Design Like Whoa (or agents working on behalf of Design Like Whoa).
Data that has been anonymized does not personally identify you and is not covered by this Privacy Statement.
Design Like Whoa will retain your personal information for as long as is necessary to provide our services, except where retention of personal information is necessary for compliance with a law, regulation, or other legal authority, or is otherwise permitted to be maintained for other legal purposes, such as audit, security, fraud prevention, or preserving and defending Design Like Whoa’s legal rights.
Collection and Use of Non-Personal Information
We may also collect data in a form that, on its own, does not allow us to identify or contact a specific individual. We may use, transfer or disclose non-personal identifiable for any purpose. The following are examples of non-personal information that we collect and how we may use it:
When you visit our websites, we may collect technical and navigational information, such as web browser type, Internet protocol address, language, location, time zone, unique device/browser identifier, and URLs requested so that we may better understand visitor behavior and improve our products, services, and content.
We may also collect information regarding specific activities that you perform on our websites. This information is used to help us improve the content and usability of our websites. This information is aggregated and we consider aggregated information as non-personal for the purposes of this privacy policy.
If we combine non-personal information with personal information the combined information will be considered personal information for the purposes of this Policy. Aggregated or anonymized information is not covered by this Policy.
Cookies and Other Technologies
Design Like Whoa’s websites, products, services, and content may use “cookies” and other technologies such as web beacons and pixel tags. These technologies may be used to deliver our services as well as to help us better understand user behavior.
“Cookies” are alphanumeric identifiers in the form of data files that are inserted and stored by your web browser on your computer’s hard drive. We may set and access cookies on your computer to monitor usage history and to store your preferences and login information.
Most internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer, however, if you choose to eliminate cookies, the functionality of the website may be impaired or not operate properly.
We, or third-party service providers acting on our behalf, may use web beacons, or pixel tags to collect certain usage information. Web beacons are images embedded in a web page or email for the purpose of measuring and analyzing website usage and activity.
We use this information to provide, enhance and improve our products, services and content as well as to monitor and analyze its usage. Web beacons may also be used for the technical administration of our services, to better tailor our websites to user needs, to generate and derive useful data and information concerning the interests, characteristics and usage behavior of our users, and to verify that users meet our access criteria.
Pixel tags are also used to enable us to send email messages in a format a customer can read. They also tell us whether email has been opened. We may use this information to reduce, tailor, or eliminate messages that we send to users.
In some of our email messages we may use a “click-through URL” linked to web pages on our websites. When a recipient clicks on these URLs, a separate web server records their click before arriving at the destination. We use click-through data to help us determine the interest in particular content or topics. If you prefer not to be tracked in this way you may opt to not click on links contained in our emails.
Like most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data.
We may use this information to analyze trends, administer our website, and to learn about user behavior.
Transfer to Third Parties
In order to manage services that involve you, your information may be shared with third-party service providers that may be engaged to assist us in managing the processes required to provide these services. Any engagement of a third-party service provider will be governed by appropriate contractual requirements prohibiting the use of your information for any purposes beyond those specifically directed by Design Like Whoa, and requiring that they ensure sufficient administrative and technical security mechanisms are in place to prevent your information from being improperly used, disclosed, or accessed.
As a result of the global scope of our operations, the sharing of your information with other service providers, partners, and customers may result in your data being sent to countries outside of your country of residence, which may have data protection laws that differ from those in your country of residence. Regardless of the source or destination location of your information, Design Like Whoa will protect your information as described in this Privacy Statement and abide by all applicable data protection laws. Design Like Whoa remains responsible for information that we share with third parties for processing on our behalf.
For individuals located in the European Economic Area (“EEA”) or Switzerland, when transfers to third parties outside of the EEA or Switzerland occur, Design Like Whoa will put sufficient protections in place to ensure compliance with the applicable legal requirements, such as use of European Union (“EU”) Model Contracts, or language requiring adherence to the EU-U.S. or Swiss-U.S. Privacy Shield, or other such protocols as may be in place from time to time.
In addition, your personal information may be transferred to a third-party as a result of an asset sale, acquisition, merger, reorganization or other change of control or if we sell, merge or transfer any part of our business. Part of the sale may include your Personal Information.
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security, law enforcement or data privacy requirements.
Access to Personal Information
The amount of personal information that we require you to supply in order to use our services will be limited to that which is relevant to supply such services.
You have the right to request access to, withdraw your consent to the use and processing of, and request the correction of inaccuracies or erasure of your information that we maintain about you, subject to our obligations to maintain your information under applicable laws. We may limit or deny requests that interfere with our legitimate interests, or charge reasonable fees for access, except as prohibited by applicable law.
Because such information is necessary to the performance of the merchandising services that we provide to you, any request to withdraw consent for processing, or request erasure of your information may result in Design Like Whoa being unable to continue providing its services. In response to a consent withdrawal request, Design Like Whoa will describe the specific consequences of processing your request, with respect to Design Like Whoa’s ability to continue providing services.
Design Like Whoa will only store personally identifiable data about you for as long as it’s reasonably required to fulfill the purposes under which it was first provided by you unless a longer retention period is required or permitted by law.
You may make review, update access, correction, or deletion requests by contacting us at privacy@designlikewhoa.com.
Protection of Personal Information
We take precautions to safeguard your information. Design Like Whoa uses commercially reasonable technical, administrative and physical controls to protect your data. We use a combination of firewall barriers, data encryption techniques and authentication procedures, among others, to maintain the security of your personal information and our systems from unauthorized access.
Your personal information is stored and located on a secured server behind a firewall. We only authorize access to personal information for those employees, contractors and agents who need to know that information in order to administer, deliver, maintain, develop or improve our services.
Design Like Whoa & the General Data Protection Regulation (GDPR)
Any transfer of data to a state that is not a member state of either the European Union or the European Economic Area will only occur in compliance with the GDPR and if the specific requirements of Article 44 et seq. of the General Data Protection Regulation (GDPR) have been fulfilled. Specifically, a transfer requires a clear contractual agreement between Design Like Whoa and any subcontractor that guarantees at least the same level of data protection under standard contractual clauses (SCCs) as stipulated by the European Commission.
Billing
For billing we use 1) Shopify’s ecommerce platform or 2) Stripe. Your checkout & purchase data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, they use the best-in-class security tools and practices to maintain a high level of security at Stripe.
Third-Party Sites and Services
Our websites and content may contain links to other websites. As such, Design Like Whoa does not endorse and is not responsible for the privacy practices or the content of these third-party websites. We exercise no control over how your information is stored, maintained or displayed by third parties or on third-party sites.
Privacy Shield
Design Like Whoa LLC complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Design Like Whoa has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Design Like Whoa has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov
In compliance with the EU-US and Swiss-US Privacy Shield Principles, Design Like Whoa commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact us via email at privacy@designlikewhoa.com, or via mail at:
Attention: Privacy
531 Jessie Street,
San Francisco, CA, 94103
For inquiries or complaints related to personal data, Design Like Whoa will cooperate with EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner (collectively, “Data Protection Authority”) in the investigation and resolution of complaints brought under the Privacy Shield, including complying with advice given by Data Protection Authorities (as described in the Privacy Shield Principles). Individuals may contact their Data Protection Authority directly to resolve disputes.
Design Like Whoa has committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to JAMS, an independent recourse mechanism provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Our commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Children
Design Like Whoa’s service is not directed to children. We do not knowingly collect personally identifiable information from children. If you, as a parent or guardian, become aware that your child has provided us with Personal Information without your consent, please contact us. If we become aware that a user is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
Consumer Rights Under the California Consumer Privacy Act.
This section applies solely to individuals who reside in the State of California (“Consumers”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California laws. Any terms defined in the CCPA have the same meaning when used in this notice.
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if our need to retain the information meets the exception criteria described in the CCPA.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us with the mechanism described in the above section “Access to Personal Information”
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights.
Privacy Changes and Questions
Design Like Whoa LLC may update its Privacy policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.
Last Updated: 1/1/23