Effective date: 20 June 2018
SECTION 1 – WHAT INFORMATION DO WE COLLECT?
When you interact with our Site, we, or our service providers (acting on our behalf), collect “Personal Information” (which is information that, on its own or when combined with other information, can be used to identify you) that you provide to us, such as your first and last name, address, email address, and when necessary, credit card information. We collect this information when you:
- Purchase something from our store, as part of the buying and selling process;
- Make arrangements to return an item you have purchased;
- Inquire about our Site;
- Create an account on our Site; or
- Sign up for email updates or to receive our newsletter and/or advertisements.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address as well as other information that helps us learn about your browser and operating system (“Usage Information”). Usage information includes your Device type, your unique Device identifier, your location, and the type of browser software and operating system you are using.
We, and/or our third party service providers, place “cookies” (data files placed on a Device when it is used to visit our website), on your Device to collect Usage Information, for security purposes, and to enable you to use the Site. To learn how to reduce the number of cookies you receive, or delete cookies that have already been installed in your browser’s cookie folder, please refer to your browser’s help menu or other instructions related to your browser. You can also learn more about cookies by visiting https://ico.org.uk/for-the-public/online/cookies, which includes additional useful information on cookies and how to block cookies using different types of browsers.
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
- _session_id, unique token, sessional, Allows Shopify, our website provider, to store information about your session (referrer, landing page, etc.).
- _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits.
- _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
- cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
- _secure_session_id, unique token.
- sessional storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
Currently the Site is not designed to respond to “Do Not Track” signals sent from your browser.
SECTION 2 – HOW DO WE USE YOUR INFORMATION?
We use the Personal Information we collect about and from you:
- To perform our responsibilities under a contract we have with you. For example:
- If you purchase goods using the Site, we will need to use your Personal Information to process your order and to enable delivery; and
- When we have a legitimate interest to do so. For example:
- To prevent fraud and protect the security of our Site;
- To communicate updates and improvements;
- To develop and optimize our products and services;
- To help us provide and operate the Site; and
- To comply with our legal obligations.
- With your consent. For example:
- We send marketing communications to you only if you consent to receive them.
- We do not share your Personal Information with third parties for their direct marketing purposes without your consent.
If you consent to a particular use of your information and you change your mind, you may withdraw your consent at any time by contacting us at firstname.lastname@example.org.
Machines For Freedom
15130 Concord Circle, Morgan Hill, CA 95037
SECTION 3 – WHO DO WE SHARE YOUR INFORMATION WITH
Business Transfers. We will share your Personal Information if we are acquired by or enter into a merger with another company, or otherwise reorganize our business.
Third Party Service Providers. We use third parties to help us provide the Site to you. We will provide your Personal Information to these third-party service providers when the information is necessary for them to perform their duties. Keep reading to learn more about our third-party service providers.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose to pay with a credit card to complete your purchase, then Shopify stores your credit card data. It is encrypted as required by the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways that process credit card information are bound by the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 4 – THIRD-PARTY LINKS AND SERVICES
SECTION 5 – SECURITY
We use a variety of current technologies and processes and maintain physical, technical and administrative safeguards to protect your Personal Information from loss, misuse, alteration or destruction, and, where possible, we ask that any third parties to whom we may transfer your information take comparable steps to protect that information. If you provide us or our service providers with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. We require our service providers who collect credit card information to follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Although we will use all reasonable efforts to safeguard the confidentiality of your Personal Information, we cannot guarantee that your information will always be secure.
Email is not a secure form of communication. Please do not send us your credit card number, social security number or other Personal Information via email.
SECTION 6 – Transfers of Personal Information to THE UNITED STATES
MFF has its headquarters in the United States of America. Information we collect from you will be processed in the United States. The laws of the United States may not protect the privacy of your information at the same level as provided by the laws of your country. In an effort to safeguard individual privacy, we will only transfer personal information from the European Economic Area to the United States if one of the following applies: we have entered into an agreement using standard contract clauses (approved by the European Commission or a data protection authority) with our service provider or Affiliate regarding the transfer; the service provider that transfers the data is certified under the EU-US Privacy Shield Framework; or you give your express consent to the transfer.
SECTION 7 – STORAGE OF YOUR INFORMATION
We will generally store information associated with your account until it is no longer necessary to provide services to you, until you ask us to delete it, or until your account is deleted, whichever comes first; but there are some exceptions to this general rule. We will retain information from deleted accounts to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, process warranty claims, distribute important product information (such as recall information), enforce our agreements, and take other actions permitted by law.
You can request deletion of your Personal Information at any time by contacting us using the contact details set out below.
SECTION 8 – YOUR RIGHTS AND CHOICES
You can stop receiving promotional communications from us by following the opt-out instructions provided in any such communication you receive. You can also email email@example.com.
If you are in the European Economic Area, you have certain rights related to the Personal Information we hold about you:
- Access. You have the right to access the Personal Information we hold about you. If you wish to obtain a copy or description of the Personal Information we hold about you, please contact us using the contact details set out below. We may ask you to verify your identity and to provide further details about your request.
- Accuracy. We will do our best to ensure the Personal Information we retain about you is accurate. We may from time to time send you an email update to remind you to tell us about any updates or changes to your Personal Information. You have the right to request that any inaccurate Personal Information is corrected and any incomplete information is completed by contacting us using the contact details set out below.
- Deletion and Processing Restriction Requests. You have the right to request that we delete Personal Information that we hold about you. You also have the right to ask us to stop processing your Personal Information, subject to certain exceptions. If you would like us to erase or stop processing the Personal Information that we hold about you, please contact us using the contact details set out below.
- Portability Requests. You have the right to request that we provide certain parts of your Personal Information to you or transmit it directly to another company that processes Personal Information. If you would like us to transfer your Personal Information, please contact us using the contact details set out below.
- Withdrawing Your Consent to Receive Marketing Messages. You may ask us to stop using your Personal Information for advertising or marketing purposes at any time. If you wish to do this, please follow the removal instructions in any communication you receive, or send us an email to firstname.lastname@example.org with “UNSUBSCRIBE” in the subject line.
SECTION 9 – CHILDREN
The Site is not designed for or directed at children. As such, we do not knowingly process Personal Information about children under 16 years of age.
SECTION 11 – QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our data privacy specialist at email@example.com or by mail at
Machines For Freedom
c/o Specialized Bicycle Components, Inc.
15130 Concord Circle
Morgan Hill, CA 95037
In addition, if you are in the European Economic Area and you have any complaints about how we use your Personal Information, you have the right to lodge a complaint with the data protection authority in your country. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.