Updated November 2020
We are committed to protecting your privacy. Authorized employees within the company on a need to know basis only use any information collected from individual customers for the purposes of filling orders. We might contact you via email or phone with questions about your order and we will use the shipping address you provided to ship your products to you. We will only contact you via email with sales or promotions if you opt in to our email newsletter on your own. We constantly review our systems and data to ensure the best possible service to our customers.
We will not sell, share, or rent your personal information to any third party or use your e-mail address for unsolicited mail. Any emails sent by Grace and Lace, Inc will only be in connection with the provision of agreed services and products. Grace and Lace, Inc takes reasonable measure to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
To fulfill your order, you must provide us with certain information (which you authorized Bigcommerce, our website host, to provide to us), such as your name, email address, postal address, payment information (which is stored and processed by one of our payment providers, Authorize.net or Paypal), and the details of the product that you’re ordering. You also may have chosen to provide us with additional personal information (for a custom order, for example) if you contacted us directly or added notes to your order during checkout.
When you access our website we may also automatically collect information about you (through a number of service providers, listed below under the section titled “Service Providers”).
Log information: We collect log information about your use of the website, including your IP (Internet Protocol) address, web request, access times, pages viewed, web browser, links clicked and the page you visited before navigating to purchase a product. We also collect whether or not you are on a desktop or mobile device.
Our store uses Facebook's Conversions API as well as the Facebook pixel. Data is shared using your web browser and from Shopify's servers, and is sent directly to Facebook's servers. Data sent from server to server can't be blocked by browser-based ad blockers. The information collected includes your name, location, email address and phone number, as well as your browsing behavior in our online store.
We rely on a number of legal bases to collect, use, and share your information, including:
- As needed to provide our services, such as when we use your information to fulfill your order, to settle disputes, or to provide customer support;
- To provide, maintain, improve and promote our products and services;
- To provide and deliver the information, products you request, process transaction and send you related information, including confirmations and receipts;
- To send you technical notices, updates, security alerts, and support and administrative messages;
- To respond to your comments, questions and requests, and provide customer service;
- To communicate with you about products, services, surveys, offers, promotions, rewards and events offered by Grace and Lace, Inc and others, and provide news and information we think will be of interest to you as our customer;
- To monitor and analyze trends, usage and activities in connection with our products and services;
- To personalize and improve our products and provide advertisements, content or features that match user profiles or interests;
- To facilitate contests, sweepstakes and promotions, and process and deliver entries and rewards;
- To link or combine with information we get from others to help understand your needs and provide you with better service; and
- To carry out any other purpose for which the information was collected with your consent.
We are based in the United States and the information we collect is governed by U.S. law. By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.
Information about our customers is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:
Service providers. We engage certain trusted third parties to perform functions and provide services to our shop, such as delivery companies, payment processors, and email marketing services. We will share your personal information with these third parties, but only to the extent necessary to perform these services or if you have given us consent to add you to our email list. See the section below titled “Service Providers”. You may visit these service providers by clicking on their names to view their site and privacy policies.
Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
Compliance with laws. We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce our agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our customers, or others.
Our website offers social sharing features and other integrated tools (such as the Facebook™ "like" button and a Pinterest button), which let you share action you take on our webpages and products with other media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.
Most browsers allow you to refuse to accept cookies.
In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.
Blocking cookies will have a negative impact upon the usability of some websites.
We keep your data for as long as you have an account with us. We also keep some data for security investigation. Most importantly, we have specific obligations for fraud detection and tax reasons. Therefore, we might need to retain certain data even if you ask to delete it.
We may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, we may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If we are deemed to transfer information about you outside of the EU, we rely on Privacy Shield as the legal basis for the transfer. As with existing law, the GDPR requires that certain safeguards be put in place when transferring personal data outside the EU. BigCommerce is based in the US and is a participant in the EU-US Privacy Shield Framework and committed to providing best-in-class service and data protection. You can check its participation in the Privacy Shield here on the official site of The International Trade Administration (ITA), U.S. Department of Commerce.
We use two payment processors at this time, Authorize.net and Paypal.
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. We describe these rights below:
Access. You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.
Change, restrict, delete. You may also have rights to change, restrict my use of, or delete your personal information. Absent exceptional circumstances (like where we are required to store data for legal reasons) We will generally delete your personal information upon request.
Object. You can object to (i) our processing of some of your information based on legitimate interests and (ii) receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
Complain. If you reside in the EU and wish to raise a concern about the use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
If you have any questions about our data privacy practices, you may contact us at firstname.lastname@example.org. Alternately, you may mail us at:
Grace and Lace, Inc - Attn: Data Controller
2000 Windy Terrace Rd, Ste 11A
Cedar Park, TX 78613
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws.
Effective Date: December 2019
Last Reviewed on: December 2019
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (”personal information”). In particular, our website has collected the following categories of personal information from its consumers within the last twelve (12) months:
Category A: Identifiers
Examples: A real name, Internet Protocol address, email address, or other similar identifiers.
Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
Category C: Protected classification characteristics under California or federal law.
Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Personal information does not include:
We obtain the categories of personal information listed above from the following categories of sources:
Use of Personal Information
We may use, or disclose the personal information we collect for one or more of the following business purposes:
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes some of those rights and explains how to exercise them. This is not fully exhaustive and it is not meant to replace legal advice.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us a message on our website at https://www.graceandlace.com/pages/contact. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to [45/90] days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us an electronic message through our website at https://www.graceandlace.com/pages/contact or write us at our address listed on our webpage.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
© 2012-2018 Grace and Lace All rights reserved. Grace and Lace