Effective Date: 6/10/19

EC Design LLC (“EC,” “we,” “us,” or “our”) is committed to protecting your privacy and compliance with all relevant legislation, including the General Data Protection Regulation (GDPR), where this applies to EU citizens, and the EU-US and Swiss-US Privacy Shield. This Privacy Policy (“Policy”) describes how we collect, use, store, process, and share your information in relation to www.erincondren.com (the “Site”). This Policy is part of and incorporated into the Site Terms & Conditions (“Terms”), governing your use of the Site. Parts of the Terms affect this Policy, so be sure to review the Terms prior to using the Site. Capitalized terms not defined herein have the definitions set forth in the Terms.

  1. CHANGES TO THIS POLICY. EC reserves the right to revise this Policy from time to time by updating it and posting it at https://www.erincondren.com/privacy-policy, with the new Policy taking effect on the date of posting. We will directly inform you if any substantial changes take place.

  2. APPLICABILITY OF THIS POLICY. This Policy covers our treatment of information that is gathered by the Site, including personally identifiable information or personal data and non- personally identifiable information or non-personal data. In order to access certain features, such as registering for an Account, making a purchase, registering to receive marketing updates from us or interacting with our LifeChat feature, you may be asked to provide personally identifiable information, such as your name, address, phone number, email address, and billing information. This Policy does not apply to information collected by third party Linked Sites, including third party websites or services. We have no control over and no responsibility or liability for any third-party collection, use, disclosure, or retention of your information and that collection, use, disclosure, and retention is not subject to this Policy. Please review the privacy policies of any Linked Sites you may access.  

  3. INFORMATION COLLECTION. We collect the following types of information:

    1. Identity Information. We will collect personal information from you if you sign/up register on the EC website for an account or make a purchase, register to receive our newsletter or interact with our LiveChat feature. This information may consist of your name, email address, postal address and telephone number and demographic information such as age and gender.

    2. Account, Login, Purchase, and Shipping Information. We will collect personal information from you if you create an account on the Site (“My Account”), which will include Login details, including your username and password. If you make a purchase, you will be asked to provide some information about yourself, including credit card information and potentially the names and addresses to whom purchases are shipped (if applicable). 

    3. Payment Information. Payments information, including bank details and card details, will be are handled through PayPal or CyberSource, our third-party payment processor. EC does not access or store your credit card information. PayPal or CyberSource will collect and may retain your credit card information in order to process your payment. We do not control PayPal or CyberSource or their use of your information. Please also see the “Affiliated Entities and Service Providers” section below.

    4. Product History and Interests Information. When you make a purchase or save certain products, we will also store information on your orders, any “wish list” of products that you create, or products you save as “favourites.”

    5. Product Personalization Information. The Site may allow you to voluntarily submit content created by you in connection with your purchase of personalized products. For example, you may provide text selected by you, or your photos or other images (“User Content”). We will collect and store User Content indefinitely in a profile specific to you. Even if you remove or delete your User Content, copies may remain in cached or archived areas of the Site. We may also collect additional personal information from you if you elect to upload User Content from a third party website or application (e.g., Facebook, Instagram, or Flickr, etc.).

    6. Customer Service Requests. The Site may provide functionality which allows you to voluntarily submit request or inquiry forms, including, for example, requests for help with the Site or requests for product information. The Site may also allow you to submit suggestions or comments. These forms may require that you share Identity information, in addition to an order number, a description of your comment or question, or a photo related to your comment or question. Any personal communications that you or a third party voluntarily submits to us in any format, including by email, postal mail, online form, or any other method of communication, may be collected and saved indefinitely in a profile specific to you. 

    7. Live Chat Information. The Site may allow you to instantly “chat” with an EC agent in your browser in order to answer your questions about the Site or our products. Our third-party live chat software provider will collect information about you and share it with us. This collection may also include the number of chats you have had with us, the pages you have visited on the Site, the time you spend on each page, your location, and your IP address. This information may be saved indefinitely in a profile specific to you.

    8. Invite a Friend and E-Gift Cards. You may be able to share an electronic gift card, your wish list, or other information with a friend by using our Referral feature. We will generally not store friend’s email addresses when you use this feature.

    9. Sensitive or Special Category Information. We will not process any personal data that includes Sensitive or Special Category Information, such as information that reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic data, data concerning health or data concerning sexual life or criminal convictions.

    10. Technical Information. Similar to other web sites, we may collect some information automatically and store it in log files. We may use Google Analytics or other third-party analytics providers to collect this information about the Site. This collection may include your IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, cookie information, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time. We collect this Technical Information in order to better understand our customer base, to more efficiently operate our business, to promote our products and services, and to improve the quality of the Site.

    11. We may automatically collect Technical Information using various mechanisms, including but not limited to:

      Cookies. A cookie is a small text file that is stored on a computer for record-keeping purposes. Our third-party analytics providers use cookies to record information about your activities on the Site and to “remember” you when you return to the Site. Some cookies remain on your computer until you delete them. Others, like session ID cookies, expire when you close your browser. We do not control the use of cookies by third parties. 

      We typically use the following types of cookies:

      • Essential Cookies: Cookies that are strictly necessary to enable you to move around our websites or to provide certain basic features.

      • Preferences: Cookies to enhance the functionality of the website by storing your preferences

      • Statistics: Cookies that monitor the popularity of sections of our website

      • Marketing: Cookies that track users and display advertisements relevant to them

      Pixels (aka web beacons/web bugs/javascript). PPixels are tiny graphics with a unique identifier that are used to track the online movements of web users. Unlike cookies, which are stored on a computer’s hard drive, pixels are small graphics that are about the size of the period at the end of the sentence that are embedded invisibly on web pages or in HTML- based emails. We or our third-party analytics providers may place pixels on the Site that track what other websites you visit (both before and after visiting the Site). We do not control the use of pixels by third parties.

      Google Analytics uses cookies and pixels in order to collect demographic and interest-level information and usage information from users that visit the Site, including but not limited to information about the pages where users enter and exit the Site and what pages users view on the Site, time spent, browser, operating system, and IP address. Cookies and pixels allow Google to recognize a user when a user visits the Site and when the user visits other websites. Google uses the information it collects from the Site and other websites to share with us and other website operator’s information about users including, but not limited to, age range, gender, geographic regions, general interests, and details about devices used to visit websites and purchase items. We do not link information we receive from Google with any of your personally identifiable information. For more information regarding Google’s use of cookies, pixels, and collection and use of information, please review Google’s Privacy Policy.

  4. INFORMATION USE AND PURPOSE. We may use your personal information for the following purposes:

    1. For account administration: to fulfil our terms and conditions with you, to manage and administer your Account and the Site and to provide you with information about changes to your account information or our terms and conditions and policies

    2. For communications purposes: for our legitimate business interests, to respond to your requests and inquiries, including through Live Chat

    3. For marketing purposes: for our legitimate business interests or using your consent, to send you marketing emails, surveys, or newsletters to notify you about products or services that may be of interest to you or that you have requested

    4. For orders: to fulfil our terms and conditions with you, to fulfil your orders for products, including personalized products

    5. For personalisation services: to fulfil our terms and conditions with you, we may use, modify, distribute, adapt and reproduce your User Content or personal information to provide you a more personalized experience and products

    6. For competitions: to fulfil our terms and conditions with you, to allow you to participate in sweepstakes, contests and similar promotions

      • For sharing purposes: to fulfil our terms and conditions with you, to share your wish list and other content with other users or on social media platforms

      • For technical purposes: for our legitimate business interests, to monitor Site usage and improve the Site’s appearance and features to improve the user experience

      • For internal business purposes: for our legitimate business interests, to resolve disputes, to detect and protect against errors, fraud, and criminal activity, to assist law enforcement, to enforce this Policy and the Terms, or, for any other purpose described in this Policy or that we describe to you at the time of collection

  5. INFORMATION RETENTION. We will retain your information for the following stated periods. Reference to the duration of the customer relationship typically relates to as long as you have an active account with Erin Condren:

    1. Identity Information: Duration of the customer relationship or two years maximum (whichever is the longer)

    2. Account, Login, Purchase and Shipping Information: Account and Login details – Duration of the customer relationship, Purchase and Shipping information - Duration of the customer relationship or up to seven years maximum for tax purposes

    3. Product History and Interests Information: Duration of the customer relationship

    4. Product Personalization Information: Duration of the customer relationship

    5. Customer Service Requests: Duration of the customer relationship or two years maximum (whichever is the longer)

    6. Live Chat information: Duration of the customer relationship or two years maximum (whichever is the longer)

    7. Technical Information: Cookies and IP Addresses – Up to 13 months


    1. Parent companies and affiliates. We may share your Personal Data with our parent companies and/or affiliates for purposes consistent with this Privacy Policy. Our parent companies and affiliates will be bound to maintain that Personal Data in accordance with this Privacy Policy.

    2. Agents, consultants, and service providers. We may share your Personal Data with our contractors and service providers who process Personal Data on behalf of EC (as our “agents”) to perform certain business-related functions. These companies may include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers, and others. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions.

    3. Business transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, or similar event, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of EC (or our assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy.

    4. Wishlist. If you create a “wish list” on the Site, it will be publicly accessible to any other users who enter your account-related email address in the “View Friend’sWishlist” search box. If you do not want someone to access your wish list, do not share your Account-related email address with them.

    5. Aggregated or de-identified data. We may disclose aggregated or de-identified information for any purpose. For example, we may share aggregated or de-identified information with prospects or partners for business or research purposes. Once Personal Data is in an aggregated form, for purposes of this Privacy Policy, it becomes Non-Personal Data.

    6. Legal requirements. We may disclose your Personal Data if required to do so by law in order to, for example, respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect or defend our rights, interests or property or that of third parties, (iii) prevent or investigate possible wrongdoing in connection with the Sites, (iv) act in urgent circumstances to protect the personal safety of users of the Sites or the public, or (v) protect against legal liability.

    7. We remain liable for the processing of your personal data when transferred onwards to a third party who acts as an agent on our behalf, including where that agent acts contrary to Privacy Shield Principles and/or the GDPR. In order to ensure their compliance, we require our agents to commit to respecting a similar level of the protection of personal data to that under the Privacy Shield Principles and/or the GDPR in their contracts with us. We will never transfer your personal data to any companies other than those and for the purposes listed in this section.

  7. PRIVACY SHIELD. Where you are an EEA citizen, we may transfer your personal data outside the European Economic Area (EEA), including from the EU and Switzerland, to EC’s offices and servers in the USA.

    For this purpose, we are in the process of certifying with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield as set forth by the U.S. Department of Commerce and the Federal Trade Commission regarding the collection, use, and retention of personal information transferred from the European Union [and Switzerland] to the United States. Additionally, we may also transfer personal data from the USA and EEA to our third-party hosting and IT service providers. For this purpose, we ensure that such parties have agreed EU-approved Standard Contractual Clauses with EC.

  8. INFORMATION SECURITY MEASURES. We have implemented appropriate organizational, technical, and administrative measures to protect Personal Data within our organization, including security controls to prevent unauthorized access to our systems. We also exercise care in facilitating the transmission of information between your device or computer and the third-party servers that operate and store information for the Site. Where necessary, we also enter into agreements with any third-party providers involved in hosting or storing personal data to ensure they meet similar security standards.

    While we take reasonable steps to secure your Personal Data from loss, misuse, interference and unauthorized access, modification and disclosure, you should be aware no security procedures or protocols are ever guaranteed to be completely secure from intrusion or hacking, and there is therefore always some risk assumed by sharing Personal Data online. Ifyou have reason to believe that your account has been compromised, please contact us at privacy@erincondren.com.


    1. This Site is not Intended for use by Children. EC is committed to protecting the privacy and safety of children. This Site is a general audience site and children under the age of 13 are prohibited from using or registering for an Account on the Site. We will not knowingly collect any information from children under the age of 13; nor will we send any email correspondence to children under the age of 13. We may ask for your birth date during the registration process in order to verify your age. If we learn that we have collected information from a child under the age of 13, we will remove that information immediately and delete it from our servers. Children under the age of 13 should always ask their parents or guardians before providing their information online. If you believe information from a child under the age of 13 has been submitted to the Site, please notify us at: privacy@erincondren.com.

    2. California Minors. We may provide Site users the ability to publicly post information, for example by submitting user testimonials or other User Content. If you are a California resident under age 18 and you are unable to remove publicly-available User Content that you have submitted to us, you may request removal by contacting us at: privacy@erincondren.com. When requesting removal, you must be specific about the information or User Content you want removed and provide us with specific information, such as the URL for each page where the information is located, so that we can find it. We are not required to remove any User Content or information that: (1) federal or state law requires us or a third party to maintain; (2) the User Content or information was not posted by you; (3) we anonymize the User Content or information so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the User Content or information. Removal of your user content or information from this Site does not ensure complete or comprehensive removal from our systems or those of our service providers. We are not required to delete the User Content or information posted by you; our obligations under California law are satisfied so long as we anonymize the User Content or information or render it invisible to other users and the public.

  10. CALIFORNIA SHINE THE LIGHT LAW. California Civil Code Section 1798.83 permits California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed personal information (as defined under that statute) of that California resident, for direct marketing purposes in the preceding calendar year and the categories of that kind of personal information that was disclosed to them. If you are a California resident and you wish to make such a request, you may do so by contacting us at: privacy@erincondren.com.

  11. YOUR RIGHTS. Under certain circumstances, and particularly for EU and Swiss citizens, you have the following rights in relation to your personal data:

    • Request access to your personal data - This enables you to receive a copy of the personal data we process about you and to check that we are lawfully processing it.

    • Request correction of your personal data - This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

    • Request erasure of your personal data - This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

    • Object or opt-out to processing of your personal data, including where it is no longer necessary for the original processing purpose or it is to be used for a purpose that is materially different from the purpose(s) for which it was originally collected, as specified above.

    • Request restriction of processing your personal data - This enables you to ask us to suspend the processing of your personal data in specific circumstances, for example, when you challenge the accuracy of the data we hold.

    • Request transfer of your personal data to you or to a third party - We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine- readable format.

    • Opt-out of the disclosure (onward transfer) of your personal data to a third party, including where it is to be transferred internationally, unless required to be sent to our agent(s) for the provision of our services to you, by relevant legislation, court order, supervisory authorities or pursuant to litigation.

    You can exercise your rights sending us an email at privacy@erincondren.com.

    We will make good faith efforts to resolve requests to correct inaccurate information except where the request is unreasonable, requires disproportionate technical effort or expense, jeopardizes the privacy of others, or would be impractical. We may not be able to provide you with all your information if your account is closed or terminated for any reason. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Additionally, we may not be able to delete your Personal Data except by also deleting your user account.

  12. OPT-OUT FROM OUR NEWSLETTER: We may send you marketing emails, surveys, or newsletters to notify you about products or services that may be of interest to you. If you would like to stop receiving marketing emails from us, please click on the unsubscribe link at the bottom of any marketing email you receive. You may also opt-out by contacting us at privacy@erincondren.com.

    If you opt-out, you will continue to receive service-related emails. Any non-service related email you receive from us will include an unsubscribe link that will allow you to opt-out of receiving future emails. Please note that it may take up to forty-eight (48) hours for us to process an unsubscribe request. Even after you opt out of all electronic communications, we will retain your Personal Data in accordance with this Privacy Policy, although we will no longer use it to contact you.

  13. OPT-OUT OF COOKIES. If you want to avoid this Site placing Cookies on your browser, you can revisit our Cookie Policy and opt-out from the relevant Cookies. You may set your browser settings to attempt to reject cookies or manually delete the Cookies using your browser settings and may still use the Site.

    If you would like to opt out of Google Analytics tracking, please visit the following link: Google Analytics Opt-out Browser Add-on.

  14. “DO NOT TRACK” SETTINGS. Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, EC does not respond to Do Not Track browser settings or signals. In addition, we deploy cookies on our Sites. Cookies may be used by us to collect information about you and your Internet activity, even if you have turned on the Do Not Track signal. As such, the only way to completely “opt out” of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser to delete and disable cookies and other tracking/recording tools.

  15. PRIVACY QUESTIONS. If you have any questions, requests, concerns, or suggestions regarding this privacy policy and your privacy rights, please contact us at privacy@erincondren.com.. If we fail to respond to or address your request, you have the right to complain to your local data protection authority.

  16. PRIVACY SHIELD QUERIES. In compliance with the Privacy Shield Principles, EC commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact EC at privacy@erincondren.com. if you have questions about our Privacy Shield compliance. We will respond to your complaint or inquiry within 45 days of receipt.

    EC has further committed to refer unresolved Privacy Shield complaints to JAMS an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit JAM for more information or to file a complaint using this link. This service will be provided at no cost to you.

    You may have the option to use a binding arbitration mechanism for the resolution of your complaint under certain circumstances, provided you have a) raised your compliant directly with EC and provided us the opportunity to resolve the issue; b) made use of the independent dispute resolution mechanism with JAMS above; c) and raised the issue through your relevant data protection authority and allowed the Department of Commerce an opportunity to resolve the complaint at no cost to you. The binding arbitration will be handled by the International Centre for Dispute Resolution’s American Arbitration Association, available here.

    EC is also subject to the jurisdiction of the Federal Trade Commission (FTC) and the Department of Commerce in the United States. In relation to a Privacy Shield complaint, you can make your complaint directly with the Federal Trade Commission and Department of Commerce regardless of whether you are a US, EU or Swiss citizen.