Privacy Policy
PRIVACY POLICY
Last updated and effective date: January 2023
CLA Santa Ana Corporation (collectively, “CLA”, “we”, “us,” “our”) is committed to protecting individual privacy and maintaining the trust of our customers. (collectively, “Customers”). It is important to us that we provide transparency regarding our collection, use, and disclosure of the personal information of our Customers. This includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. We refer to this information as “personal information” throughout this Privacy Policy (“Policy”).
To help us meet our commitment to protecting your personal information, we have created this Policy. This Policy governs data protection matters for our Embellish website located at embellish.com (“Website”). This Privacy Policy, along with our Terms of Use, form an integral and binding part of our relationship with you.
By providing personal information to us or by using our Website, you agree to our collection, use, disclosure, and storage of personal information as described in this Privacy Policy. This Policy describes how we use, share, and protect the personal information of individuals who use our Website. It also describes your rights and choices regarding the use, access to, and correction of personal information.
- What Our Privacy Policy Covers
This Policy describes how we use, share, and protect the personal information of our Customers. It also describes the rights and choices regarding use, access to, and correction of personal information available.
Our Website may include links to websites and/or applications operated and maintained by third-parties. Please note that we have no control over the privacy practices of websites or applications that we do not own. We encourage you to review the privacy practices of those third-parties.
- What Personal Information We Collect
The types of personal information we obtain about you depends on how you interact with us and our products. When we use the term “personal information,” we are referring to information that identifies, relates to, describes, or can be associated with you. The following are the categories and specific types of personal information that we collect:
Personal Identifiers
Including your full name, address, email, phone number, date of birth, username, signature, social media handles, or other similar identifiers.
Device Information and Other Unique Identifiers
Including device identifier, internet protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifier, or similar unique identifiers.
Internet or Other Network Activity
Including browsing or search history, and information regarding your interactions with our Website, emails, or advertisements.
Geolocation Data
Including information that permits us to determine your location, such as if you manually provide location information.
Payment Information
Including credit or debit card numbers
Commercial Information
Including products you have purchased, returned, exchanged, or considered, and preferences
Customer Content
Including your communications with us and any other content you provide (such as social media profiles, photographs, images, videos, survey responses, comments, product reviews, testimonials, and other content).
Audio and Visual Information
Including photographs, images, videos, and recordings of your voice (such as when we record customer service calls for quality assurance).
Inferences
Inferences drawn from or created based on any of the information identified above.
- How We Collect Personal Information
We collect personal information about you from various sources. For example, we collect and obtain information:
Directly from you
We collect personal information that you voluntarily submit to us, such as when you register for an account or create a profile, or contact us.
We collect personal information you provide, such as when you make a purchase, register for an account or create a profile, contact us, respond to a survey, RSVP for an event, participate in a sweepstakes, contest, or other similar campaign or promotion, or sign up to receive emails or text messages.
Using cookies and other automatic data collection technologies
When you visit our Website, open or click on emails we send you, or interact with our advertisements, we or third-parties we work with automatically collect certain information using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools. For more information, please see “Cookies and Similar Tracking Technologies” section below.
From our Third-Party Partners
We obtain information from third-parties that we have partnered with and other third-parties we choose to collaborate or work with. For example, if you have given CLA permission to store your Payment Information, your credit card issuer may provide us with updated Payment Information (including credit card number and expiration date) in connection with the credit card issuer’s account updater service.
From Social Media
If you interact with us on social media in connection with CLA or our Website, we collect information that you share with us, or that the social media platforms share with us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.
From Other Sources
For example, we may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.
- Cookies and Tracking Technologies
We and our third-party service providers (such as advertising and analytics providers) use cookies, web beacons, clear GIF, pixels, internet tags, and other similar tracking technologies (collectively, “tracking technologies”) to gather information when you interact with our Website and email communications. Some tracking technologies help us maintain the security of our Website and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions. These tracking technologies are “required” because we need them for the websites to work properly. We don’t provide the option to opt-out of these tracking technologies, but you can remove these “required” tracking technologies by modifying your browser settings. Please note, some features of our Website may not be available to you as a result.
We permit third-parties to use tracking technologies on our Website for analytics to understand how visitors interact with our Website. For example, we use Google Analytics to evaluate website traffic and usage data to help us improve our products and services. For more information about how Google collects and processes data visit https://policies.google.com/technologies/partner-sites. For more information about how to opt out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/, and for Adobe please visit https://www.adobe.com/privacy/opt-out.html.
We also permit third-parties to use tracking technologies on our Website for advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third-parties use their technology to provide advertising about products and services tailored to your interests which may appear either on our Website or on other websites. This is sometimes referred to as third-party behavioral advertising.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
Name |
Function |
_ab |
Used in connection with access to admin. |
_secure_session_id |
Used in connection with navigation through a storefront |
cart |
Used in connection with shopping cart |
cart_sig |
Used in connection with checkout |
cart_ts |
Used in connection with checkout. |
checkout_token |
Used in connection with checkout |
secret |
Used in connection with checkout |
secure_customer_sig |
Used in connection with customer login |
storefront_digest |
Used in connection with customer login |
_shopify_u |
Used to facilitate updating customer account information |
Reporting and Analytics
Name |
Function |
_tracking_consent |
Tracking preferences |
_landing_page |
Track landing pages |
_orig_referrer |
Track landing pages |
_s |
Shopify analytics |
_shopify_fs |
Shopify analytics |
_shopify_s |
Shopify analytics |
_shopify_sa_p |
Shopify analytics relating to marketing & referrals |
_shopify_sa_t |
Shopify analytics relating to marketing & referrals |
_shopify_y |
Shopify analytics |
_y |
Shopify analytics |
- How We Use Personal Information
In general, personal information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your personal information in the following ways:
Providing Products
We use your personal information to provide the Website and products and create, maintain, and otherwise manage your account or profile.
We use your personal information to provide products, such as to fulfill your orders and/or complete the transactions you request; process your payments; provide you receipts and order updates; send notifications to you related to your account, purchases, returns, exchanges, and subscriptions; and create, maintain, and otherwise manage your account or profile, including offering functionalities such as easy checkout and the ability to save your preferences and transaction history and to provide a forum for discussion, asking questions, posting photos and reviews, and sharing experiences.
Depending on the products you purchase, the categories of information used for these purposes may include Basic Identifying Information, Payment Information, and Commercial Information.
Communicating With You
We use your personal information to communicate with you, such as to send security or maintenance advisories, respond to and/or follow-up on your requests, inquiries, issues or feedback, and to provide customer service.
Marketing and Promotional Purposes
We use personal information for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications by email, text message or postal mail (such as trend alerts, promotions, new product launches, and event invitations); to show you advertisements for products tailored to your interests on social media and other websites; and to administer our sweepstakes, contests, and other similar promotions.
Analytics and Personalization
We use personal information to conduct research and analytics, including to improve our product offerings; to understand how you interact with our Website, advertisements, and communications with you to determine which of our products are the most popular, and to improve our Website, and marketing campaigns; to personalize your experience, to save you time when you visit our Website, and to customize the marketing and advertising that we show you; to create a more personalized experience for you when you visit our stores; to better understand our Customers’ needs, and to provide personalized recommendations about our products.
Security and Fraud Prevention
We use personal information to detect, investigate, prevent, and take action against potential malicious, deceptive, fraudulent, or illegal activity, including attempts to manipulate or violate our policies, procedures, and terms and conditions, security incidents, and harm to the rights or property of CLA and our users, employees, or others.
Legal Obligations
We use personal information to comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
Core Business Functions
We use personal information to support core business functions, including to maintain records related to business process management; loss and fraud prevention, and to collect amounts owing to us; and to provide and maintain the functionality of our Website, including identifying and repairing errors or problems.
- How We Share Personal Information
We disclose personal information only to the third-parties as indicated below, in addition to any specified disclosures described elsewhere in this Policy:
Business Affiliates
We may share your personal information with our business affiliates, including any affiliated companies, subsidiaries, sister companies. Our business affiliates process personal information as our service providers, where necessary to provide the Website and products that you have requested, including to administer our Website, or in other circumstances with your consent or as permitted or required by law.
Service Providers
We may share your personal information with third-party service providers for business or commercial purposes. Your personal information may be shared so that they can provide us with services, including customer support, data analytics, advertising, marketing, and data processing so that we can provide the Website to you. We share your personal information with these service providers only so that they can provide us with services, and we prohibit our service providers from using or disclosing your personal information for any other purpose. Our third-party service providers are subject to strict confidentiality obligations.
We share certain personal information with third-parties that perform services to support our core business functions and internal operations including: fulfilling orders, delivering packages, complying with your request for the shipment of products to or the provision of services by a third-party intermediary, sending postal mail, emails and text messages, analyzing customer data, providing marketing assistance, administering ratings and reviews, supporting beacons, processing credit card and debit card payments, investigating fraudulent activity, conducting customer surveys, and providing customer service.
Professional Advisors
We may share your personal information with our professional advisors, including legal, accounting, or other consulting services for purposes of audits or to comply with our legal obligations.
Third-Party Partners
We may share your personal information with third-parties that we have partnered with to jointly create and offer a product, service, or joint promotion. If you decide to obtain a product or service that is offered by any of our third-party partners, the personal information that you provide will be shared with us and them. Any use of your information by our third-party partners is not governed by this Privacy Policy, but by the third-party’s own privacy policy.
Business Transfers
We may disclose personal information to a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of CLA’s assets, whether as a going concern or as part of bankruptcy, liquidation, receivership, or similar proceeding in which personal information held by CLA are among the assets to be transferred.
Law Enforcement and Legal Request
We may disclose personal information to comply with applicable legal and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.
Enforcement of Legal Rights
We may disclose personal information to the extent they are necessary to enforce or protect our rights, privacy, safety or property, and/or that of our affiliates, you or others, including enforcing our Terms of Use and any other agreements (such as for billing and collection purposes and fraud prevention).
- Personal Information of Minors
We do not knowingly collect personal information from children under the age of sixteen (16) without authorization by a holder of parental responsibility. If you believe that we may have collected personal information from or about a child under the age of sixteen (16) without such authorization, please contact us at support@embellish.zendesk.com.
- How We Protect Personal Information
We take the protection of your personal information seriously. CLA employees who have access to your personal information are made aware of the importance of keeping it confidential. We care about the security of the information and use various administrative, and technological safeguards to preserve the integrity and security of all information collected through our Website.
However, no data security measures can guarantee complete security; we also depend on you to take common sense steps to ensure your personal information remains secure. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Website.
- How Long We Retain Personal Information
In general, we retain your personal information for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In the event that you make a verifiable request to delete your personal information and no exceptions apply, we will no longer retain your personal information. Please note that in many circumstances we are required to retain all, or a portion, of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes.
The criteria used to determine our retention periods includes, without limitation:
- The length of time we have an ongoing relationship with you and provide the Website to you;
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
- Your Privacy Rights
Depending on where you reside or applicable law, you may exercise the rights described below. Please note that some of the rights may vary depending on your country, state, or province of residence.
Accessing, Updating, Correcting, and Deleting Personal Information
You may have the right to request (1) access to and receive details about the personal information we maintain about you and how we process it; (2) update your personal information or correct any inaccuracies; (3) receive a copy of your personal information that we have collected and processed; (4) or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. There may be limitations to these rights based on your specific circumstances and applicable law.
You can submit a privacy rights request by emailing support@embellish.zendesk.com.
Identity Verification
For us to process certain privacy rights requests, we will need to verify your identity to confirm that the request came from you. This is done to protect your identity and personal information. We may contact you by phone, email, or user portal to verify your request. Depending on your request, we will ask for information such as your name, and an email address that you have used with CLA, or other personal information that you have previously provided to us. For certain requests, we may also ask you to provide other details but in no event will we ever attempt to collect any sensitive personal information such as any financial/banking information or your Driver’s License, Social Security, or Passport numbers.
- Transmission of Information to Other Countries
CLA is located in the United States.
If you submit personal information to CLA your personal information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. By submitting your personal information to us you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence including, but not necessarily limited to, the United States.
- Information for California Residents
This section of our Privacy Policy is specifically for California residents and explains how we collect, use, and disclose personal information relating to California residents covered by the California Consumer Privacy Act (“CCPA”). The CCPA defines “personal information” as any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Categories of Personal Information We Collect and Our Purposes for Collection and Use
You can find a list of the categories of personal information that we collect in Section 2 above. For details regarding the sources form which we obtain personal information, please see Section 3 above. We collect and use personal information for the business or commercial purposes described in Section 5 above.
CLA does not collect any sensitive personal information for any individuals.
Categories of Personal Information Disclosed and Categories of Recipients
We disclose the following categories of personal information for business or commercial purposes to the categories of recipients listed below:
- We share Personal Identifiers with: service providers, third-parties, advertising networks, and social media networks.
- We share Internet or Other Network Activity with: service providers, third-parties, advertising networks, and social media networks.
- We share Payment Information with: service providers who process payments.
- We share Commercial Information with: service providers, third-parties, advertising networks, and social media networks.
- We share Customer Content with: service providers who help administer our programs, such as Community or product reviews, and social media networks.
- We share Inferences with: service providers who help administer marketing and personalization.
For more information on how your information is shared, please see the “How We Share Your Personal Information" section. We may also need to share any of the above categories of information pursuant to reasons described in the “How We Share Your Personal Information” section.
Sale of Personal Information / Do Not Sell
CLA does not sell, trade, or rent out personal information for compensation that would constitute a sale under California law, nor have we done so in the preceding 12 months. In the event that CLA sells, trades, or rents out personal information that would constitute a sale, CLA will provide disclosures in this section of the Policy as well as the option to opt out of the sale of personal information using global privacy controls.
Our use of tracking technologies may be considered a “sale” under California law. You can opt-out of being tracked by these third parties by clicking “Do Not Sell My Personal Information” link at the bottom of our website and selecting your preferences, or by broadcasting the global privacy control signal. Please note that your use of our website may still be tracked by CLA and/or our service providers. We do not knowingly sell the personal information of consumers under 16 years of age.
Categories of personal information disclosed that may be considered a “sale” under California law: Basic Identifying Information, Device Information and Other Unique Identifiers, Internet or Other Network Activity.
Categories of third parties to whom personal information was disclosed that may be considered a “sale” under California law: advertisers and marketing partners, data analytics providers, and social media networks.
Retention of Personal Information
CLA retains personal information for only as long as necessary to provide you with access to the Website and the products or until you have made a verifiable request to delete your personal information, unless a longer retention period is required or permitted by law. Please note that in many circumstances we are required to retain all, or a portion, of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes.
The criteria used to determine our retention periods includes, without limitation:
- The length of time we have an ongoing relationship with you and provide the Website to you;
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Your California Rights
California residents are entitled to contact us to request information about whether we have disclosed personal information to third-parties for direct marketing purposes. Currently, CLA does not disclose personal information to third-parties for direct marketing purposes. Upon receipt of such a request by a California resident, we will either (1) respond with a confirmation that we have not disclosed any personal information to third-parties in the previous calendar year; or (2) if our practices have changed, we will provide the categories of personal information that has been shared in the past 12 months and categories of third-parties to whom such personal information was disclosed, whichever is relevant.
California residents have the right to:
- Request disclosure of the categories and specific pieces of personal information that CLA has collected about you;
- Request disclosure of the categories of third-party sources, if any, from which CLA has collected personal information about you;
- Disclosure of the business or commercial purpose(s) for which your personal information has been collected by CLA;
- Receive a list of the categories of third-parties with whom CLA has shared your personal information;
- Request that CLA delete any personal information that it has collected from you (subject to exceptions);
- Request that CLA correct any inaccurate personal information held about you;
- Opt out of the sharing or disclosure of your personal information and sensitive personal information to third-parties; and
- Not be discriminated against by CLA (e.g., charged different rates, provided different levels of service, denied goods or services, or suggested any of the preceding) for exercising any of the individual rights granted above.
To exercise any of your rights as a California resident, you can submit a request to support@embellish.zendesk.com.
Before complying with your request, we will need to verify that it is you that is making the request. To accomplish this, you may be requested to (1) confirm specific personal information that we already know about you; or (2) provide us with appropriate identification and documentation. California residents are limited to two requests for personal information per 12-month period. Only you or an authorized agent may make a verifiable data subject request related to your personal information.
The verifiable data subject request must provide sufficient information and documentation to allow us to verify that you (or an authorized agent) are the person about whom we collected personal information. We will not provide you with personal information if we cannot verify your identity and/or authority to make the data subject request and confirm the personal information belongs to you or the represented individual. Making a verifiable data subject request does not require you to create an account with us. We use personal information provided in a verifiable data subject request solely to verify the requestor's identity or authority to make the request.
We will acknowledge receipt of your data request within 10 days. We will respond to a verifiable data subject request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period. If you have an account with us, we will deliver our response to the email address for that account. If you do not have an account with us, we will deliver our response by US mail or electronically at the email address in your request, at your option. All disclosures we provide will only cover the 12-month period preceding the verifiable employee request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable data subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Right to Non-Discrimination
We do not discriminate against any California residents who exercise any of their rights described in this Policy.
- Information for EU Residents
This section of the Policy applies only to Customers who use the Website from a country that is a Member State of the European Union ("EU Customers") and supplements the information in the Privacy Policy.
CLA is the data controller for processing of personal information or personal data as defined under applicable data protection law. For purposes of this Policy, personal information and personal data are used synonymously.
Under the General Data Protection Regulation ("GDPR") (and subject to any relevant exceptions) you have the right to access, correct, change, delete, restrict, exercise your right to data portability, or object to the processing of personal information.
Legal Basis for Processing
We process personal information for the purposes set out in this Privacy Policy, as described above. Our legal bases to process personal information includes processing that is:
- Necessary for the performance of the contract between you and CLA (for example, to provide you with the products you request and to identify and authenticate you so you may use the Website);
- Necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement);
- Necessary for our legitimate interests (for example, to manage our relationship with you and to improve the Website and our products); and
- Based on consent by our customers (for example, to communicate with you about our products and provide you with marketing information), which may subsequently be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You are not required, as a necessity to enter into a contract, to provide us with personal information for processing as described above.
Your EU Rights
As an individual residing in, or located in, the European Union or European Economic Area, you can exercise your GDPR rights. We may first request verification of your identity prior to facilitating the exercise of your rights.
If you wish to confirm that CLA is processing your personal information, or to have access to the personal information CLA may have about you, please contact us at support@embellish.zendesk.com.
You may also request information about: the purpose of the processing; the categories of personal information concerned; who else outside CLA might have received the data from CLA; what the source of the information was (if you didn’t provide it directly to CLA); and how long it will be stored. You have a right to correct (rectify) the record of your personal information maintained by CLA if it is inaccurate. You may request that CLA erase that data or cease processing it, subject to certain exceptions. You may also request that we cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how CLA processes your personal information. When technically feasible, CLA will—at your request—provide your personal information to you or transmit it directly to another controller.
Reasonable access to your personal information will be provided at no cost upon request made to the CLA at support@embellish.zendesk.com. If access cannot be provided within a reasonable time frame, the we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.
For questions or complaints concerning the processing of your personal information, you can email us at support@embellish.zendesk.com. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority.
- Communicating With Us
If you have any questions or complaints related to our practices with respect to the collection, use, or disclosure of personal information, or if you would like to update your information, please contact us at support@embellish.zendesk.com.
- Updates to the Privacy Policy
It is our intent to post any changes we make to our Privacy Policy on this page, with a notice that it has been updated on our main homepage. If we make material changes to how we treat your personal information, we will notify you through a notice on the homepage. The date that this Privacy Policy was last revised is listed at the top of the page. You are responsible for visiting our website and this Privacy Policy to check for any changes.