Our Privacy Policy

Effective Date: 10/04/23

Last Updated: 10/04/23

EC Design LLC (“EC,” “we,” “us,” or “our”) is committed to protecting your privacy and compliance with all relevant legislation, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) and California Civil Code, where they apply to the residents of California. This Privacy Policy (“Policy”) describes how we collect, use, store, process, and share your information in relation to www.erincondren.com (the “Site”). This Policy is part of and incorporated into the Site Terms & Conditions (“Terms”), governing your use of the Site. Parts of the Terms affect this Policy, so be sure to review the Terms prior to using the Site. Capitalized terms not defined herein have the definitions set forth in the Terms.

  • CHANGES TO THIS POLICY. EC reserves the right to revise this Policy from time to time by updating it and posting it at https://www.erincondren.com/privacy-policy, with the new Policy taking effect on the date of posting. We will directly inform you if any substantial changes take place.

  • APPLICABILITY OF THIS POLICY. This Policy covers our treatment of information that is gathered by the Site, including personally identifiable information or personal data and non-personally identifiable information or non-personal data. In order to access certain features, such as registering for an Account, making a purchase, registering to receive marketing updates from us or interacting with our Live Chat feature, you may be asked to provide personally identifiable information, such as your name, address, phone number, email address, and billing information. This Policy does not apply to information collected by third party Linked Sites, including third party websites or services. We have no control over and no responsibility or liability for any third-party collection, use, disclosure, or retention of your information and that collection, use, disclosure, and retention is not subject to this Policy. Please review the privacy policies of any Linked Sites you may access.

  • INFORMATION COLLECTION. We collect the following types of personal information:

    • Identity Information. We will collect personal information from you if you sign/up register on the EC website for an account or make a purchase, register to receive our newsletter or interact with our live chat feature. This information may consist of your name, email address, postal address and telephone number and demographic information such as age and gender. We will use this for the administration of your account.

    • Account, Login, Purchase and Shipping Information. We will collect personal information from you if you create an account on the Site (“My Account”), which will include Login details, including your username and password. If you make a purchase, you will be asked to provide some information about yourself, including credit card information and potentially the names and addresses to whom purchases are shipped (if applicable).

    • Payment Information. Payments information, including bank details and card details, will be handled through PayPal or CyberSource, our third-party payment processor. EC does not access or store your credit card information. PayPal or CyberSource will collect and may retain your credit card information in order to process your payment. We do not control PayPal or CyberSource or their use of your information. Please also see the “Affiliated Entities and Service Providers” section below.

    • Product History, Viewing History and Interests Information. When you make a purchase or save certain products, we will also store information on your orders, any “Wishlist” of products that you create, or products you save as “Favorites.” We may also use this information to observe interactions and user trends on our e-commerce platform.

    • Product Personalization Information. The Site may allow you to voluntarily submit content created by you in connection with your purchase of personalized products. For example, you may provide text selected by you, or your photos or other images (“User Content”). We will collect and store User Content for the duration of our relationship with you, or up to two years. Even if you remove or delete your User Content, copies may remain in cached or archived areas of the Site. We may also collect additional personal information from you if you elect to upload User Content from a third-party website or application (e.g., Facebook, Instagram, or Flickr, etc.).

    • Customer Service Requests. The Site may provide functionality which allows you to voluntarily submit request or inquiry forms, including, for example, requests for help with the Site or requests for product information. The Site may also allow you to submit suggestions or comments. These forms may require that you share Identity information, in addition to an order number, a description of your comment or question, or a photo related to your comment or question. Any personal communications that you or a third party voluntarily submits to us in any format, including by email, postal mail, online form, or any other method of communication, may be collected and stored for the duration of our relationship with you, or up to two years.

    • Live Chat Information. The Site may allow you to instantly “chat” with an EC agent in your browser in order to answer your questions about the Site or our products. Our third-party live chat software provider (Kustomer) will collect information about you and share it with us. This collection may also include the number of chats you have had with us, the pages you have visited on the Site, the time you spend on each page, your location, and your IP address. This information may be saved for the duration of our relationship with you or up to two years.

    • Invite a Friend and E-Gift Cards. You may be able to share an electronic gift card, your Wishlist, or other information with a friend by using our Referral feature. We will generally not store friend’s email addresses when you use this feature.

    • Special Category Information. We will not process any personal data that includes Sensitive or Special Category Information, such as information that reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic data, data concerning health or data concerning sexual life or criminal convictions.

      Sensitive Personal Information (SPI). Under the CCPA/CPRA Sensitive Personal Information (SPI), we will not process any personal data that includes Sensitive Personal Information, such as information that reveals Social Security Numbers and driver’s license numbers, financial account information (credit/debit card numbers in combination with required access codes), precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership, genetic data and biometric information concerning your health or sexual orientation.

    • Technical Information. Similar to other web sites, we may collect some information automatically indirectly from you and store it in log files. We may use Google Analytics or other third-party analytics providers to collect this information about the Site. This collection may include your IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, cookie information, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time. We collect this Technical Information in order to better understand our customer base and user interests, to more efficiently operate our business, to promote our products and services, and to improve the quality of the Site.

    • We may automatically collect Technical Information indirectly from you using various mechanisms, including but not limited to Cookies. This is covered in the Cookies section below.

  • INFORMATION USE AND PURPOSE. We may use your personal information for the following purposes:

    • For account administration: to fulfil our terms and conditions with you, to manage and administer your Account and the Site and to provide you with information about changes to your account information or our terms and conditions and policies

    • For communications purposes: for our legitimate business interests, to respond to your requests and inquiries, including through the Live Chat feature

    • For marketing purposes: for our legitimate business interests or using your consent, to send you marketing emails, surveys, or newsletters to notify you about products or services that may be of interest to you or that you have requested

    • For orders: to fulfil our terms and conditions with you, to fulfil your orders for products, including personalized products

    • For personalisation services: to fulfil our terms and conditions with you, we may use, modify, distribute, adapt and reproduce your User Content or personal information to provide you a more personalized experience and products

    • For user interests: To observe user activity, trends and interests on our e-commerce platform

    • For competitions: to fulfil our terms and conditions with you, to allow you to participate in sweepstakes, contests and similar promotions

      • For sharing purposes: to fulfil our terms and conditions with you, to share your Wishlist and other content with other users or on social media platforms

      • For technical purposes: for our legitimate business interests, to monitor Site usage and improve the Site’s appearance and features to improve the user experience

      • For internal business purposes: for our legitimate business interests, to resolve disputes, to detect and protect against errors, fraud, and criminal activity, to assist law enforcement, to enforce this Policy and the Terms, or, for any other purpose described in this Policy or that we describe to you at the time of collection

      • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

    • We do not generally sell your personal data to any third parties and do not provide any financial incentives in relation to the collection, deletion and sale of your personal data. Where we share your personal data with service providers, we ensure that this is necessary for our purposes and that such service providers are limited from disclosing or selling such personal data.

    • However, we may share personal data collected through certain cookies with third parties (third party cookies), which is commonly referred to as a ‘sale’ of information under the CCPA/CPRA. You can opt-out to this through the Do Not Sell My Personal Information link through this page or our Cookie Preferences Center.

  • INFORMATION RETENTION.

    We will retain your information for the following stated periods. Reference to the duration of the customer relationship typically relates to as long as you have an active account with Erin Condren:

    Type of Data Retention Period Justification
    Identity Information e.g., Name, e-mail address, postal address, telephone number Duration of the customer relationship or two years maximum (whichever is the longer) To ensure we keep up to date with users’ interests
    Contact Data (e.g., Email address, postal address telephone number, customer service requests Duration of the customer relationship or two years maximum (whichever is the longer) To keep in contact with our customers / suppliers
    Customer Age Duration of the customer relationship or two years maximum (whichever is the longer) Understanding the demographics of our clients
    Account, Login, Purchase and Shipping Information Duration of the customer relationship or two years maximum (whichever is the longer) To facilitate customer orders and provide customer service support.
    Purchase/ Shipping Information / Invoice / receipt data Duration of the customer relationship/7 years from the last transaction (whichever is the longer) To comply with the contract for the sales of goods and comply with legal obligations around tax and financial law.
    Cookie ID, Operating system, IP Address See Cookies Section To ensure the operation of our website and to keep up to date with users’ interests.
    Pages visiting, activity, time spent on each page Duration of the customer relationship To ensure the operation of our website and to keep up to date with users’ interests.
    Browsing History, Location Details Duration of the customer relationship or two years maximum (whichever is the longer) To ensure the operation of our website and to keep up to date with users’ interests.
    Customers ‘’friends’ email addresses Duration of the customer relationship or two years maximum (whichever is the longer) Providing services to users and expanding our client base
    Personal information contained in complaints and queries 7 years from date of contact To maintain records of our correspondence
  • INFORMATION DISCLOSURE.
    We may share your Personal Data with, or disclose your Personal Data to, the following categories of third parties. We will only share such Personal Data with third parties that are our service providers and do not sell your personal information to any third parties within the meaning under the CCPA/CPRA:

    • Parent companies, subsidiaries, and affiliates. We may share your Personal Data with our parent companies, subsidiaries, and/or affiliates for purposes consistent with this Privacy Policy. Our parent companies, subsidiaries, and affiliates will be bound to maintain that Personal Data in accordance with this Privacy Policy.

    • Agents, consultants, and service providers. We may share your Personal Data with our contractors and service providers who process Personal Data on behalf of EC (as our “agents”) to perform certain business-related functions. These companies may include our marketing agencies, marketing tools (Kustomer - USA, Mailchimp - USA, Sailthru – USA), e-commerce event tracking (North Beam – USA), database service providers (Mailchimp – USA, Oracle - USA), backup and IT service providers (Arsenal Tech – USA, India), email service providers and others. When we engage another company to perform such functions, we may provide them with such Personal Data as your name, contact information, customer demographic profile and interests, purchase history, content of your queries and personalised products and our platform browsing information, in connection with their performance of specific functions.

    • Business transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, or similar event, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of EC (or our assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy.

    • Wishlist. If you create a “Wishlist” on the Site, it will be publicly accessible to any other users who enter your account-related email address in the “View Friend’s Wishlist” search box. If you do not want someone to access your Wishlist, do not share your Account-related email address with them.

    • Aggregated or de-identified data. We may disclose aggregated or de-identified information for any purpose. For example, we may share aggregated or de-identified information with prospects or partners for business or research purposes. Once Personal Data is in an aggregated form, for purposes of this Privacy Policy, it becomes Non-Personal Data.

    • Legal requirements. We may disclose your Personal Data if required to do so by law in order to, for example, respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect or defend our rights, interests or property or that of third parties, (iii) prevent or investigate possible wrongdoing in connection with the Sites, (iv) act in urgent circumstances to protect the personal safety of users of the Sites or the public, or (v) protect against legal liability.

    • We remain liable for the processing of your personal data when transferred onwards to a third party who acts as an agent on our behalf (including our contractors and service providers), including where that agent acts contrary to the GDPR.

    • In order to ensure the compliance of third parties with GDPR and CCPA/CPRA, we require our contractors and service providers to commit to respecting a similar level of the protection of personal data to that under GDPR or CCPA/CPRA in their contracts with us. We make sure that our third parties that are contractors and service providers are subject to confidentiality agreements and are handling your Personal Data solely under our instructions. With our contractors and service providers, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except for the purposes specified above.

    • We will never transfer your personal data to any companies other than those and for the purposes listed in this section.

  • INTERNATIONAL TRANSFERS

    In addition to our local systems, the information that you provide to us may be stored in our secure servers which are located in California (USA), outside the United Kingdom (UK) and European Economic Area (EEA). We may transfer data outside of the UK/EEA, to other countries. In particular:

    • We also use third-party hosting and IT service providers with data centres in the US, which may involve transferring data to these regions
    • Additionally, we may also transfer personal data to our clients, partners and third-party hosting and IT service providers, typically in the US

    For this purpose, where required, we typically conduct a transfer impact assessment of any dataflows before the transfer takes place, which involves considering the risk of using certain providers or providing access to data to foreign jurisdictions, and what measures we have in place to ensure the security of any personal data we share. On top of this, where we share or transfer the personal data of EU or UK citizens, we typically ensure the following safeguards are in place:

    • Adequacy decisions adopted by the European Commission and/or the Information Commissioner’s Office
    • EU-approved Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) between our legal entities and third parties

    We may also transfer personal data to some of our third-party partners in the course of the provision of our services, which may be located outside the UK or EEA. Where data is transferred to the US we will ensure that such parties have EU-approved Standard Contractual Clauses with us, which allows us to legally transfer your personal data to them.

  • INFORMATION SECURITY MEASURES. We have implemented appropriate organizational, technical, and administrative measures to protect Personal Data within our organization, including security controls to prevent unauthorized access to our systems. We also exercise care in facilitating the transmission of information between your device or computer and the third-party servers that operate and store information for the Site. Where necessary, we also enter into agreements with any third-party providers involved in hosting or storing personal data to ensure they meet similar security standards.

    While we take reasonable steps to secure your Personal Data from loss, misuse, interference and unauthorized access, modification and disclosure, you should be aware no security procedures or protocols are ever guaranteed to be completely secure from intrusion or hacking, and there is therefore always some risk assumed by sharing Personal Data online. If you have reason to believe that your account has been compromised, please contact us at privacy@erincondren.com.

  • CHILDREN’S PRIVACY.

    • This Site is not Intended for use by Children. EC is committed to protecting the privacy and safety of children. This Site is a general audience site and children under the age of 16 are prohibited from using or registering for an Account on the Site. We will not knowingly collect any information from children; nor will we send any email correspondence to them. We may ask for your birth date during the registration process in order to verify your age. If we learn that we have collected information from a child under the age of 16, we will remove that information immediately and delete it from our servers. Children under the age of 16 should always ask their parents or guardians before providing their information online. If you believe information from a child has been submitted to the Site, please notify us at: privacy@erincondren.com.

    • California Minors. We may provide Site users the ability to publicly post information, for example by submitting user testimonials or other User Content. If you are a California resident under age 18 and you are unable to remove publicly-available User Content that you have submitted to us, you may request removal by contacting us at: privacy@erincondren.com. When requesting removal, you must be specific about the information or User Content you want removed and provide us with specific information, such as the URL for each page where the information is located, so that we can find it. We are not required to remove any User Content or information that: (1) federal or state law requires us or a third party to maintain; (2) the User Content or information was not posted by you; (3) we anonymize the User Content or information so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the User Content or information. Removal of your user content or information from this Site does not ensure complete or comprehensive removal from our systems or those of our service providers. We are not required to delete the User Content or information posted by you; our obligations under California law are satisfied so long as we anonymize the User Content or information or render it invisible to other users and the public.

  • YOUR RIGHTS. Under certain circumstances (for EU, UK and Swiss citizens) you have the following rights in relation to your personal data:

    • Request access to your personal data - This enables you to receive a copy of the personal data we process about you and to check that we are lawfully processing it.

    • Request correction of your personal data - This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

    • Request erasure of your personal data - This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

    • Object or opt-out to processing of your personal data, including where it is no longer necessary for the original processing purpose or it is to be used for a purpose that is materially different from the purpose(s) for which it was originally collected, as specified above.

    • Request restriction of processing your personal data - This enables you to ask us to suspend the processing of your personal data in specific circumstances, for example, when you challenge the accuracy of the data we hold.

    • Request transfer of your personal data to you or to a third party - We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.

    • Opt-out of the disclosure (onward transfer) of your personal data to a third party, including where it is to be transferred internationally, unless required to be sent to our agent(s) for the provision of our services to you, by relevant legislation, court order, supervisory authorities or pursuant to litigation.

    You can exercise your rights by contacting us at privacy@erincondren.com.

    We will make good faith efforts to resolve requests to correct inaccurate information except where the request is unreasonable, requires disproportionate technical effort or expense, jeopardizes the privacy of others, or would be impractical. We may not be able to provide you with all of your information if your account is closed or terminated for any reason. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Additionally, we may not be able to delete your Personal Data except by also deleting your user account.

  • CALIFORNIA RESIDENTS’ RIGHTS. If you are a Californian resident, you have the following rights in relation to your personal information:

    • Request information about the processing of your personal data and access it – This enables you to receive information on the processing of your personal data and a copy of personal information we hold about you in a commonly used format. This applies to information we have processed over the last 12 months.

    • Request rectification of your personal information – This enables you to correct and rectify inaccurate data that may be held about you. You can also request Erin Condren to complete any incomplete data, or to record a supplementary statement.

    • Request deletion of your personal information – This enables you to ask us to delete personal data where there is no good reason for us to keep it, unless the law allows us to. This applies to information we have processed over the last 12 months.

    • Request information about the processing of your personal data in relation to our data selling and disclosure practices - This enables you to receive information on the personal data we have collected about you and shared with our service providers. You are also entitled to know which of your personal information has been sold and to whom, however, please note that we do not engage into selling any of your personal information to other companies.

    • Request information on the disclosure of personal data for direct marketing purposes - This enables you to receive information on the third parties to whom we have disclosed your information and the categories of disclosed personal data, which has been shared for direct marketing purposes.

    • Request to opt-out of sharing your sharing personal information whether or not money or service is exchanged as a result of you sharing this information. Opt-out requests specifically to email direct marketing must be fulfilled within ten business days of receiving the request as, per the CAN-SPAM Act. No further direct marketing emails should be sent after this time.

    • Request to opt-out from the sale of personal data to other companies – This enables you to cease any selling of your personal information. Please note that we are not engaged in selling any of your personal information to other companies.You can opt-out to any sale of your personal data through the following link: Do Not Sell My Personal Information. You can also use the Cookie Preferences Center to opt-out of any sale of your personal data through cookies without detriment or preventing you from accessing Erin Condren website content.Request not to be subject to decisions based solely on automated processing (including profiling), if the decision produces legal effects concerning you or similarly significantly affects you. Erin Condren shall make all attempts not to conduct automated decision-making. However, if such automated decision making occurs, you will be allowed to opt out in accordance with the CCPA/CPRA.

    • Not to be discriminated as our consumer when you exercise any of the aforementioned rights. This means that, in an event of any of your request to us, we will not engage in or suggest any discrimination against you, in particular, we will not deny our services to you, we will not charge you differently, and we will not provide different level or quality of services to you, unless such difference is reasonably related to the value provided to you or you have agreed to enter into a financial incentives programme with us.

  • CCPA/CPRA RIGHTS: To exercise your CCPA/CPRA rights as described above, you have the right to make a verifiable request twice within a 12-month period. You may submit a verifiable consumer request to us by either:

    Only you, or a person registered with the California Secretary of State that you authorise to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

    Your verifiable consumer request must:

    • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
    • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your Erin Condren account where the request relates to personal information associated with that account.

    We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

  • OPT-OUT FROM OUR NEWSLETTER: We may send you marketing emails, surveys, or newsletters to notify you about products or services that may be of interest to you. If you would like to stop receiving marketing emails from us, please click on the unsubscribe link at the bottom of any marketing email you receive. You may also opt-out by contacting us at privacy@erincondren.com.

    If you opt-out, you will continue to receive service-related emails. Any non-service related email you receive from us will include an unsubscribe link that will allow you to opt-out of receiving future emails. Please note that it may take up to forty-eight (48) hours for us to process an unsubscribe request. Even after you opt out of all electronic communications, we will retain your Personal Data in accordance with this Privacy Policy, although we will no longer use it to contact you. Opt-out requests specifically to email direct marketing will be fulfilled within ten business days of receiving the request as, per the CAN-SPAM Act.

  • OPT-OUT OF COOKIES. If you want to avoid this Site placing Cookies on your browser, you can revisit our Cookie Preferences Center and opt-out from the relevant Cookies. You may set your browser settings to attempt to reject cookies or manually delete the Cookies using your browser settings and may still use the Site.

    If you would like to opt out of Google Analytics tracking, please visit the following link: Google Analytics Opt-out Browser Add-on.

  • “DO NOT TRACK” SETTINGS. o Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, EC does not respond to Do Not Track browser settings or signals. In addition, we deploy cookies on our Sites. Cookies may be used by us to collect information about you and your Internet activity, even if you have turned on the Do Not Track signal. As such, the only way to completely “opt out” of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser to delete and disable cookies and other tracking/recording tools.

  • PRIVACY QUESTIONS. If you have any questions, requests, concerns, or suggestions regarding this privacy policy and your rights, please contact our Data Protection Officer at privacy@erincondren.com. If we fail to respond to or address your request, you have the right to complain to your local data protection authority.

  • EU REPRESENTATIVE. The General Data Protection Regulation (GDPR) requires organisations that are not established in the European Union (EU) to designate a representative in the EU if they are subject to the GDPR for example offering products or services to EU citizens. Erin Condren may undertake processing activities to which the GDPR applies, for this reason we have appointed a representative to act on our behalf.

    Erin Condren does not have an establishment in the European Union, therefore we have appointed a local representative based in Ireland who you may address any issues and/or queries you may have relating to our processing of your personal data and/or this Privacy Notice more generally. Our EU representative will also deal with data subject rights requests for EU citizens and enquiries by EU supervisory authorities on Erin Condren’s behalf.

    Our EU representative is Gemserv Ireland. Our EU representative can be contacted directly by emailing them at the following address eurepresentative@gemserv.com .


    EU-U.S. DATA PRIVACY FRAMEWORK POLICY

  • INFORMATION ABOUT THE EU-U.S. DATA PRIVACY FRAMEWORK. This policy applies to personal data processed in the course of the EU-U.S. Data Privacy Framework, to which Erin Condren has committed. Erin Condren complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Erin Condren has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Erin Condren has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the EU-U.S. DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

  • SCOPE. Erin Condren is a retailer based in the U.S. but with operations worldwide. This policy applies to personal data that Erin Condren has received from customers or website users located in the European Economic Area, Switzerland and the United Kingdom.

  • DATA PROCESSED: Erin Condren collect and process personal data of our website users and customers through the Erin Condren website. Data collected through our website may include website users’ IP address, browser type, browsing history and Cookie ID. Data collected on our customers may include their name, address, phone number, email address, username and password, purchase history and billing information and may also include information on their interests in our products. Such data may be transferred to us by the act of visiting or registering at account on our website and will be stored on our U.S. databases, as well as collected via cookies and other methods online from visitors to our website or websites of our marketing partners.

  • PURPOSES OF DATA PROCESSING. Erin Condren processes personal data for purposes related to the operation of our website and the provision of Erin Condren products to customers. If you are a website user or Erin Condren customer, this includes for the purposes of administering your Erin Condren account, to respond to your requests and inquiries, to notify you about products or services that may be of interest to you, to fulfil your orders for products, and to observe user activity, trends and interests on our website and e-commerce platform.

  • DATA PRIVACY FRAMEWORK PRINCIPLES: Erin Condren complies with the following EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles to personal data we process:

    • ACCESS: Erin Condren customers and website users have the right to access the personal data an organization holds about them. If such personal data is inaccurate or processed in violation of the DPF Principles, these individuals may also request that personal data be corrected, amended, or deleted.


    • CHOICE: Erin Condren customers and website users have the right to opt out of a) disclosures of their personal data to third parties not identified at the time of collection or subsequently authorised, and b) uses of personal data for purposes materially different from those disclosed at the time of collection or subsequently authorised.


    • SECURITY: Erin Condren takes reasonable and appropriate measures to protect the personal data of its customers and website users from loss, misuse, unauthorised access, disclosure, alterative and destruction.


    • DATA INTEGRITY AND PURPOSE LIMITATION: Erin Condren is responsible for limiting our collection of the personal data of its customers and website users to what is necessary for accomplishing the purposes which are disclosed, and compatible purposes. We also ensure that personal data we collect is accurate, complete, current and reliable for its intended uses, and that personal data of customers and website users retained only for as long as is necessary to accomplish the purposes we disclose, and compatible purposes.


    • ONWARD TRANSFER: Erin Condren may transfer personal data to our parent companies, subsidiaries and affiliates as necessary for our business purposes. Erin Condrenmay also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, as required by law. To the extent permitted, Erin Condren will inform relevant customers or website users before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.


      Erin Condren also uses a limited number of third-party service providers to assist us in providing our services to customers. These contractors and service providers may include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers, and others. In order to ensure the compliance of third parties with the DPF Principles, we require our contractors and service providers to commit to respecting a similar level of the protection of personal data to that under the DPF Principles in their contracts with us, and notify us if they can no longer provide this service. We make sure that our third parties that are contractors and service providers are subject to confidentiality agreements and are handling your personal data solely under our instructions. With our contractors and service providers, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except for the purposes specified above.


      Erin Condren remain liable for the processing of your personal data when transferred onwards to a third party who acts as an agent on our behalf (including our contractors and service providers), including where that agent acts contrary to DPF Principles.


    • RECOURCE, ENFORCEMENT AND LIABILITY: In compliance with the EU-U.S. DPF Principles, including the UK Extension of the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, Erin Condren commit to resolve complaints about your privacy and Erin Condren’s collection or use of personal data transferred to the United States pursuant to this policy. Further information on how to direct inquiries and complaints about Erin Condren’s compliance with the DPF Principles can be found below.

  • YOUR RIGHTS. EU, UK, and Swiss individuals have rights, under certain circumstances, to access personal data about them, request that personal data be corrected, amended, or deleted and to limit use and disclosure of their personal data, as outlined above. With our Data Privacy Framework self-certification, Erin Condren has committed to respecting those rights. To exercise your rights under the DPF Principles, please contact us at: privacy@erincondren.com

  • INQUIRIES AND COMPLAINTS. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Erin Condren commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Erin Condren at: privacy@erincondren.com . We will respond to your inquiry or complaint within 30 days.

  • ALTERNATIVE DISPUTE RESOLUTION. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF}, Erin Condren commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS ,an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a complaint. The services of JAMS are provided at no cost to you.

  • BINDING ARBITATION. If neither Erin Condren nor our alternative dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. The binding arbitration will be handled by the International Centre for Dispute Resolution’s American Arbitration Association. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

  • JURISDICTION. The Federal Trade Commission has jurisdiction over Erin Condren’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). In relation to a DPF complaint, you can make your complaint directly with the Federal Trade Commission and Department of Commerce regardless of whether you are a US, EU or Swiss individual.


COOKIES POLICY


COOKIES. A cookie is a small text file that is stored on a computer for record-keeping purposes. Our third-party analytics providers use cookies to record information about your activities on the Site and to “remember” you when you return to the Site. Some cookies remain on your computer until you delete them. Others, like session ID cookies, expire when you close your browser. We do not control the use of cookies by third parties.

We typically use the following types of cookies:

  • Strictly Necessary Cookies: Cookies that are strictly necessary to enable you to move around our websites or to provide certain basic features

  • Functional: Cookies that are used to enhance the functionality of the website, including by storing your preferences

  • Performance: Cookies that track visitor statistics and user traffic that allow us to monitor the popularity of sections of our website

  • Targeting: Cookies that are used to track users across pages or websites to build up a user profile and display advertisements relevant to them


These cookies can be further categorised as follows:

Type of cookie Example Category Purpose Retention period
Erin Condren     To provide certain basic website functionalities  
  ex_vib_b_desktop     1 month
  OptanonConsent Strictly Necessary To allow user consent for cookies to be collected  
  OptanonAlertBoxClosed   To record user interaction with the cookie banner 1 year
Cloudflare __cfduid Strictly Necessary Cloudflare security cookie, used to detect malicious website visitors. Session
Amazon; Amazon Pay amazon-pay-abtesting-apa-migration

amazon-pay-abtesting-new-widgets

apay-status-v2

session-token

ubid-main

AWSALB
Strictly Necessary Used to enable Amazon Pay and other Amazon functionalities. Session

1 year

20 years

7 days
Olark Livechat _oklv
_okgid
okbk
_wcsid
_ok
hblid
Functional Cookies set by Olark Live Chat software to provide functionality for instant messaging communications with visitors or maintain message history across pages. Session

2 years
Survey Monkey ep202

ep203

CX_229912892

SM_COOKIE
Functional Cookie is used for survey and questionnaire functionality in a website. 90 days

7980 years
TryInteract ___tld___
ajs_group_id
ajs_user_id
ajs_anonymous_id
Targeting Used to track visitors across multiple websites and assign visitors into segments for website advertising. Session

1 year
Hotjar _hjCachedUserAttributes

_hjid


mt.v
Performance Used to track users’ behaviour across website pages and provide statistics on usage. Session

1 year

5 years
Google Adsense _gcl_au Targeting Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. 90 days
Criteo cto_tld_test

criteo_write_test

uid
Targeting Identifies users to allow profiling and targeted advertising. Session

13 months

7980 years
Facebook _fbp


fr
Targeting Used by Facebook to deliver a series of advertisement products such as real time bidding. 90 days

7980 years
Youtube YSC

VISITOR_INFO1_LIVE
Targeting Used to track users’ viewing of videos. Session

7980 years
Bing MUID; MUIDB Targeting This cookie is used as an identifier to allow user tracking. 7980 years
Doubleclick test_cookie


IDE
Targeting Used by Doubleclick for third party advertising. 7980 years
Atlas Solutions ATN

AA003
Targeting Cookie set by Atlas Solutions that is used to track users for targeted advertising. 7980 years
Google Analytics _gid

_ga
Performance Used for collecting analytics/statistics on user visits to a website. 1 day

2 years
North Beam _gid

_nb_sp_
Performance Used for collecting analytics/statistics on user visits to our e-commerce platform 1 years

For a more detailed summary, please visit our Cookie Preferences Center using the link in the bottom-left of the screen.