Privacy Policy – STYLEFAV

Updated: April 17, 2024

Welcome to STYLEFAV! Based in Toronto, Canada, we are committed to protecting the privacy and security of our customers. This Privacy Policy explains how we collect, use, and disclose personal information through our website.

Commitment to Data Protection

We are fully committed to protecting the privacy and security of our customers’ personal information. We understand that data protection is not only a matter of compliance but also of trust. Here is how we ensure the highest standards of data protection:

1. Compliance with Data Protection Laws:

PIPEDA and Global Standards: We adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA) as well as other applicable global data protection regulations such as GDPR for our European customers. This compliance governs how we collect, use, and disclose personal information in the course of commercial activities.
Regular Legal Reviews: Our policies and practices are regularly reviewed by legal experts to ensure ongoing compliance with new and existing data protection laws.

2. Data Protection Principles:

Lawfulness, Fairness, and Transparency: We process all personal data lawfully, fairly, and in a transparent manner. Clear information regarding the use of personal data is provided in this privacy policy.
Purpose Limitation: We collect data only for legitimate purposes as outlined in our privacy policy, and we do not use it in any way that is incompatible with those purposes.
Data Minimization: We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: We keep personal data accurate and up to date, and take every reasonable step to ensure that inaccurate data, with regard to the purposes for which they are processed, are erased or rectified without delay.
Storage Limitation: We retain personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which the personal data are processed.
Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

3. Technical and Organizational Measures:

Security Practices: We employ industry-standard security measures including encryption, firewalls, and secure server facilities to protect personal data from unauthorized access, disclosure, alteration, or destruction.
Employee Training: All employees are required to participate in privacy and security training relevant to their roles to ensure they understand how to handle personal data securely.
Data Breach Protocols: We have established robust procedures to deal with data breaches, should they occur, which include notifying you and any applicable regulator where we are legally required to do so.

4. Accountability:

Data Protection Officer (DPO): We have appointed a Data Protection Officer to oversee compliance with data protection laws and practices. The DPO is responsible for educating the company and its employees on important compliance requirements, conducting audits to ensure alignment, and providing guidance on data protection impact assessments.
Internal Audits: Regular audits are conducted to ensure the effectiveness of our data protection measures and policies.

5. Commitment to Continuous Improvement:

Feedback and Adjustments: We continuously monitor our data protection strategies and make adjustments as needed based on feedback from our users and changes in legislation.

Data Controller

The entity responsible for the collection, processing, and use of your personal data is:

STYLEFAV
Address: 5170 Yonge St, Unit 200, North York, ON, M2N 5P6, Canada
Email: legal@stylefav.com

Your Rights

You have the right to access, correct, delete, or restrict the use of your personal data. You can also object to the processing of your data. Use the contact details above to submit any requests.

Collection, Processing, and Utilization of Personal Data

We collect data such as your name, phone number, address, and email address during account registration. This information facilitates order management, personalized service, and communication.

Customer Accounts: We create a personal account for each customer, which allows you to manage your orders and personal settings.

Third-Party Sign-In: You can sign in using third-party services like Amazon, Google, and Facebook. We only retrieve your email address, first name, and last name from these platforms.

Use of Your Data

We collect and use your personal data to provide, improve, and safely conduct our services. Below are the specific purposes for which your data may be used:

1. Order Processing and Management:

Handling Transactions: We use your personal information such as name, address, and payment details to process and fulfill your orders.
Customer Service: We use your contact information to communicate with you about any issues, updates, or inquiries related to your orders.

2. Account Management:

Registration and Login: We use your login details to create and maintain your account, allowing you secure and personalized access to our website.
Account Updates: We use your information to manage and update your account based on your preferences and interactions.

3. Personalization:

Customized Shopping Experience: We analyze your previous purchases, browsing behavior, and preferences to personalize your experience on our website. This includes recommending products that you might like based on your past activities.
Content Optimization: We use data about how you use our services to tailor the content and layout of our pages, making the site more user-friendly.

4. Marketing and Communications:

Direct Marketing: With your consent, we send promotional messages and newsletters to inform you of new products, special offers, and other information. You can opt-out of receiving these at any time.
Feedback and Surveys: We occasionally ask for feedback or conduct surveys to improve our services. Participation is voluntary, and data collected is used to enhance user satisfaction and service quality.

5. Security and Fraud Prevention:

Monitoring: We monitor transactions and usage to detect and prevent fraudulent or unauthorized activities. This ensures the safety and security of our platform and protects our users.
Compliance and Enforcement: We use data to comply with legal obligations, resolve disputes, and enforce our agreements.

6. Data Analysis and Business Intelligence:

Analytics: We use various analytics tools and methods to gather statistical data on service usage to understand market trends and improve our offerings.
Business Operations: We analyze data to assess the performance of our business, plan our operational strategy, and make informed business decisions.

7. Legal and Regulatory Obligations:

Compliance with Laws: We may process your data to comply with applicable laws, such as tax laws and consumer protection regulations.
Law Enforcement Requests: We may disclose data to law enforcement in response to lawful requests.

8. Enhancing Website Functionality:

Technical Improvements: We use technical data about your device and website usage to fix bugs, troubleshoot problems, and improve the performance and reliability of our website.

Consent and Control:

Consent: Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.
Preference Management: You can manage your preferences and consent through your account settings or by contacting us directly.

Secure Data Transfers and Storage

We are committed to protecting the security and confidentiality of your personal data. We implement a variety of security measures and technologies to ensure the safe transfer and storage of your information.

Data Transfer Security:

Encryption: We use Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols to encrypt data during transmission. This technology creates a protected connection between your browser and our servers, ensuring that all data passed remains private and secure.
Secure Protocols: We utilize only secure versions of protocols to transmit sensitive data, such as HTTPS, which ensures that all data transferred between your web browser and our website is encrypted and protected from eavesdropping.

Data Storage Security:

Data Centers: Our servers are housed in state-of-the-art data centers that are equipped with biometric scanning protocols, round-the-clock surveillance, and secure access controls.
Firewalls: We employ advanced firewall technologies that serve as a barrier between our internal network and the internet, preventing unauthorized access to our networks and sensitive data.
Intrusion Detection Systems (IDS): These systems monitor network traffic for suspicious activity and indications of potential attacks, providing another layer of security against unauthorized data access.

Data Access Controls:

Role-Based Access Control (RBAC): Access to sensitive data is highly restricted, based on the principle of least privilege. Only authorized personnel with a legitimate need to access specific data for the purpose of their job responsibilities are granted access.
Authentication Measures: We enforce strong authentication and password policies to ensure that only authorized personnel can access our systems. Multi-factor authentication (MFA) is used where appropriate to provide an additional layer of security.
Regular Audits: We conduct regular security audits and reviews to identify and mitigate potential vulnerabilities in our systems and processes. These audits help ensure that our security measures remain robust and effective.

Data Integrity and Availability:

Backup Systems: Regular backups of data are performed to ensure data integrity and availability. These backups are stored securely and are accessible only by authorized personnel.
Disaster Recovery Plans: We have comprehensive disaster recovery procedures in place to ensure the continuity of our services and the protection of our data in the event of a cyber attack or natural disaster.

Compliance and Continuous Improvement:

Regulatory Compliance: We comply with relevant data protection regulations and standards that govern the security of personal data. Compliance helps ensure that our security measures are aligned with industry standards.
Continuous Improvement: We are committed to continuously improving our security practices. We keep abreast of the latest security technologies and threats and update our security measures accordingly.

Training and Awareness:

Employee Training: All employees are required to undergo security training as part of their onboarding process, and we provide ongoing security awareness training to ensure that our team understands the importance of data security and how to protect sensitive information.

Payment Processing

We prioritize the security and confidentiality of your payment transactions. To ensure the highest level of security, all payment processing is handled by reputable third-party payment service providers (PSPs). Below, we detail how these PSPs manage your payment information and the steps we take to safeguard your data:

1. Third-Party Payment Service Providers:

No Direct Collection: We do not collect or store your credit card or payment account details. This information is directly processed by our third-party PSPs, who specialize in the secure online capture and processing of payment transactions.
Trusted Partners: Our PSPs are carefully selected based on their compliance with stringent security standards, including PCI DSS (Payment Card Industry Data Security Standard).
Examples of Our Payment Service Providers Include:
- Stripe: Handles credit/debit card, Apple Pay, Google Pay, and other digital wallet transactions. Stripe’s security practices are detailed in their Privacy Policy.
- Afterpay: Provides installment payment services, allowing you to pay for purchases over time. Details on how Afterpay protects your information can be found in their Privacy Policy.
- Sezzle: Facilitates installment payments. Information on their data protection measures is available in the Sezzle Privacy Policy.

2. Payment Data Security:

Encryption and Data Security: All payment data processed by our PSPs is encrypted and securely transmitted over SSL/TLS. This ensures that your sensitive information is protected from interception or misuse during transmission.
Compliance and Audits: We regularly verify that our PSPs adhere to the required security standards and regulations. This includes conducting audits to ensure ongoing compliance with security best practices and legal requirements.

3. Data Use and Purpose:

Transactional Integrity: The payment information processed by our PSPs is used solely for the purpose of completing the transactions you initiate. We do not use this data for any other purpose without your explicit consent.
Fraud Prevention and Monitoring: To safeguard against fraud and unauthorized transactions, our PSPs may use payment data to conduct risk assessments and security checks.

4. Consumer Rights and Support:

Transparency: You have the right to receive clear and comprehensive information about how your payment data is being used and protected.
Support: If you have any concerns or questions regarding your payment transactions, or if you encounter any issues, please feel free to contact our customer service team at customerservice@stylefav.com.

Shipping & Delivery

The privacy and security of your personal information during the shipping and delivery process are of paramount importance. This section outlines how we handle and protect your personal data shared with our shipping partners.

1. Sharing Information with Shipping Partners:

To ensure the successful delivery of your order, we share necessary personal data with our shipping partners. This typically includes your name, shipping address, and contact information.
Purpose of Data Sharing: The information provided to shipping partners is solely for the purpose of processing and delivering your orders. It enables them to:
- Coordinate delivery logistics.
- Provide tracking updates directly to you.
- Contact you if there are any issues during the shipping process.

2. Our Shipping Partners: We partner with various trusted logistics companies to handle deliveries, including:

Canada Post Corporation
Deutsche Post AG (DHL)
FedEx Corporation
Purolator Inc.
TFI International Inc. (Canpar)
Uber Technologies Inc.
United Parcel Service, Inc. (UPS)

Each of these partners has its own privacy policy detailing how they protect personal data:

3. Data Security and Confidentiality Agreements:

We require all shipping partners to adhere to strict data security and confidentiality standards. They are contractually obligated to protect your information and use it only for the purposes of fulfilling delivery services.

4. Customer Rights:

Access and Control: You have the right to access and control the personal information we share with our shipping partners. If you wish to inquire about or update the information shared, please contact us directly.

Third-Party Advertising

We engage with third-party advertising companies to provide personalized advertising experiences on our platform and across other websites. This section outlines our relationships with these advertisers, how your data is used, and the controls you have over your information.

1. How We Use Third-Party Advertisers:

Ad Networks and Exchanges: We partner with advertising networks and exchanges to deliver relevant, targeted ads. These entities use technologies like cookies, web beacons, and other tracking mechanisms to collect information about your activities across various online services and websites over time.
Retargeting: We employ retargeting technologies to show you advertisements based on your previous interactions with our website. For example, if you viewed a product on STYLEFAV, you might see advertisements for that product or similar items on other websites.

2. Data Collection and Usage:

Information Collected: Third-party advertisers collect data such as device identifiers, browser types, browsing information, and demographic data. This data is usually non-personally identifiable unless linked directly by you.
Purpose: This collected information helps advertisers understand user preferences and behavior, allowing them to deliver ads that are more relevant and tailored to individual interests, thus enhancing your online advertising experience.

3. Control Over Your Information:

Cookie Management: You can control and manage cookies through your browser settings. Disabling cookies may limit your use of certain features or functions on our website and other websites.
Opting Out: You can opt out of targeted advertising from many networks through tools provided by entities such as the Digital Advertising Alliance in the USA (DAA WebChoices Tool).
Ad Settings: Services like Google and Facebook offer settings to manage your ad preferences on their platforms, allowing you to adjust how your data is used for advertising purposes.

4. Third-Party Advertising Partners:

Google Ads (Doubleclick): Google uses cookies to show ads based on your past visits to our website. You can manage your Google ad settings and opt-out by visiting Google Ads Settings.
Facebook Advertising: Facebook uses information based on your activity on our website to target ads when you are on Facebook or a platform powered by Facebook advertising. Adjust your ad preferences through Facebook Ad Preferences.
TikTok Advertising: TikTok collects data from our website to target ads and measure ad performance on its platform. This involves using cookies and similar technologies to track user interactions. You can learn more and manage your preferences through TikTok’s Privacy Policy.

5. Security and Confidentiality:

We ensure that all our third-party advertising partners adhere to strict data confidentiality and security standards. They are prohibited from using, sharing, or retaining your personal data for any purposes other than those agreed upon.

Cookies and Tracking Technologies

We utilize cookies and other tracking technologies to enhance your browsing experience, understand user behavior, and manage and optimize our website. This section explains what cookies are, how we use them, and how you can manage your preferences.

What are Cookies? Cookies are small text files stored on your device (computer, tablet, smartphone, etc.) when you visit a website. They are used to remember your preferences, login details, and browsing history, making your interactions faster and more personalized.

Types of Cookies We Use:

Essential Cookies: These cookies are necessary for the website to function properly. They enable basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Performance Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve the way our website works, understanding what interests our users, and measuring site performance.
Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
Targeting Cookies: These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They work by uniquely identifying your browser and internet device.

How We Use Tracking Technologies:

Analytics: To analyze the use of our website, we use tracking tools like Google Analytics. These tools gather information about how many visitors we have, which pages are visited the most, and how users move around the site.
Personalization: To provide a personalized shopping experience, cookies help remember your preferences and settings, so you don’t have to set them up every time you visit.
Advertising: We use cookies to collect data about your browsing habits and preferences to target advertising to your interests. This involves analyzing this data to make the advertisements more relevant to you.

Managing Cookies: You have the right to decide whether to accept or reject cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. Here’s how you can manage your settings:

Browser Settings: You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. The steps to do this are different for each browser, so look at your browser’s Help menu for more information.
Third-Party Tools: Various third-party tools are available online to help you manage the collection and sharing of your site visit data.

Data Breach Notification

In the event of a data breach that affects your personal information, we are committed to responding swiftly and effectively to mitigate any potential harm. Our data breach notification protocol is designed to comply with applicable data protection laws and ensure transparency and responsibility.

Breach Identification and Assessment: Upon discovering a suspected data breach, we will promptly initiate an investigation to determine the nature and extent of the breach. We will assess the sensitivity of the affected data and the potential impact on affected individuals.

Containment and Remediation: Once a breach is confirmed, our immediate priority is to contain it and prevent further unauthorized access to or loss of data. We will take appropriate steps to secure our systems, which may include temporarily disabling affected systems, enhancing security measures, and collaborating with cybersecurity professionals.

Notification Process: If the breach poses a risk to your personal rights and freedoms, we will notify you without undue delay after becoming aware of the breach. The notification will provide:

A description of what occurred, including the date and time of the breach, if known.
The types of information that were involved.
The likely consequences of the breach.
Measures taken by us to address the breach.
Measures you can take to mitigate any potential adverse effects.
Contact information where you can obtain more information and assistance.

Communication Channels: Notifications will be communicated through appropriate channels, which may include direct communication via email, notices on our website, or through public announcements, depending on the nature and scope of the breach.

Regulatory Notification: If required by law, we will also notify the relevant data protection authorities within the timeframe stipulated by applicable regulations. This notification will include details about the extent of the breach, affected data, any potential impacts on individuals, and the actions taken by us to address the breach.

Post-Incident Review: After managing a data breach, we will conduct a thorough review of the incident and our response to it. This review will help us improve our data protection and breach response processes. We will implement changes as needed to enhance our data security measures and prevent future breaches.

Commitment to Transparency: We are committed to maintaining transparency in all aspects of our data handling practices. In the event of a data breach, we pledge to provide clear, timely, and effective communication to ensure that all affected parties are informed and supported.

Changes to Our Privacy Policy

We may update this policy from time to time. Any changes will be posted on our website with the revision date.

Contact Us

If you have questions about this policy or need to contact our Privacy Officer, please use the information provided above.