PRIVACY POLICY
Effective Date 09/16/2024
This Privacy Policy of Shayna Cox Photography (the “Company,” “we,” “us,” or “our”), describes how your personal information is collected, used, and shared when you use our services (“Services”), such as when you: (a) visit our website at www.shaynacoxphotography.com, or (b) engage with us in any other related way, including sales, marketing, or events. Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services.
WHAT PERSONAL INFORMATION WE COLLECT
When you visit, use, or navigate our Services, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse our website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to our website, and information about how you interact with our website. We refer to this automatically collected information as Device Information.
We collect Device Information using the following technologies:
- Cookies. Cookies are data files that are placed on your device or computer and often include an anonymous unique identifier.
- Log Files. Log files track actions occurring on our website, and collect data including your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.
Also, when you make a purchase or attempt to make a purchase from us, we collect certain information about you, including your name, billing address, shipping address, payment information (including credit card numbers and security codes, email address, and phone number), usernames, and passwords. We may also collect the other following information: __________________________________________________________________
____________________________________________________________________________.
We may collect data necessary to process your payment if you make purchases, such as your payment instrument number, and security code associated with your payment instrument. All payment data is stored by Stripe or Venmo and you may access their privacy policy at ________________________________________.
Collectively, the above is called “Order Information.”
By “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.
WHAT LEGAL BASES WE RELY ON TO PROCESS YOUR INFORMATION
We only process your Personal Information when we believe it is necessary and we have a valid legal reason to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If you are located in the EU, the following section applies to you:
The General Data Protection Regulation (GDPR) requires us to explain the valid legal bases we rely on in order to process your Personal information. As such, we may rely on the following legal bases to process your Personal Information:
- Consent. We may process your information if you have given us permission (i.e. consent) to use your Personal Information for a specific purpose. You can withdraw your consent any time. If we are relying on your consent to process your Personal Information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the contact details in the contact us section below. However, note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- Legal Obligations. We may process your Personal Information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.,
- Vital Interest. We may process your Personal Information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situation involving potential threats to the safety of any person.
HOW WE USE YOUR PERSONAL INFORMATION
We use the Order Information that we collect generally to fulfil any orders placed through our website (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you.
- Screen our orders for potential risk or fraud.
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our website.
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. We also use Google Analytics to help us understand how our customers use our website. For information on how Google uses your information, you can access their privacy policy at https://policies.google.com/privacy?hl=en.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful requests for information we receive, or to otherwise protect our rights.
THIRD-PARTY WEBSITES
To be able to provide our services to you and to run our business, we share data with third parties from the following categories:
- Third parties that are involved in processing purchases. For example, web shop systems, payment service providers, manufacturers, warehouses, order packers, logistics companies, etc.
- Third parties that provide professional services to us. For example, advertising partners, marketing agencies, business consultants, web hosting providers, etc.
- Law enforcement and other government authorities. For example, tax offices and customs.
The Services may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party website, services, or applications. The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this privacy policy. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly to respond to your questions.
TRANSFER OF INFORMATION INTERNATIONALLY
We may transfer, store, and process your information in countries other than your own. Our servers are located in (n/a). If you are accessing our Services from outside this location, then please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your Personal Information in and other countries. If you are a resident of the EU, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your Personal Information in accordance with this privacy notice and applicable law.
HOW WE KEEP YOUR INFORMATION SAFE
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any Personal Information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we do our best to protect your Personal Information, transmission of Personal Information to and from our Services is at your own risk. You should only access the Services within a secure environment.
YOUR RIGHTS (GDPR)
In some regions, such as the EU, you have certain rights under applicable data protection laws. These include: the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and rights in relation to automated decision making and profiling. You can make such a request by contacting us in the “Contact Us” section below.
HOW LONG WE KEEP YOUR INFORMATION
We only keep your Personal Information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. No purpose in this notice will require us to keep your Personal Information for longer than the period of time in which users have an account with us.
CHILDREN’S PRIVACY
We do not solicit any Personal Information from children. If you are not 18 or older, you are not authorized to use our website. Parents should be aware that there are parental control tools available online that you can use to prevent your children from submitting information online without parental permission or from accessing material that is harmful to minors.
COOKIES
What are Cookies?
A cookie is a small file with information that your browser stores on your device. Information in this file is typically shared with the owner of the website in addition to potential partners and third parties to that business. The collection of this information may be used in the function of the website and/or to improve your experience.
How we use Cookies.
To give you the best experience possible, we use the following types of cookies:
- Strictly necessary. As a web application, we require certain cookies to run our service.
- Preference. We use preference cookies to help us remember the way you like to use our Services. Some cookies are used to personalize content and present you with a tailored experience. For example, location could be used to give your services and offers in your area.
-
How to Control you Cookies.
So long as the cookie is not strictly necessary, you may opt in or out of cookie use at any time.
CHANGES
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If you have questions and/or require more information, do not hesitate to contact us.
CONTACT US
If you have questions or comments about this Privacy Policy, you can contact us as follows:
Email: shayancoxphotography@gmail.com Phone: _________________________
Address: __________________________________________________________________
CALIFORNIA RESIDENTS
This privacy notice section is for California residents and applies solely to all visitors, users, and others who reside in the State of California.
Categories of Personal Information Collected
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information that we may collect or may have been collected from California residents within the last twelve (12) months. Please note that the categories and examples provided in the list below are those defined in the California Consumer Privacy Act (the “CCPA”). This does not mean that all examples of that category of personal information were in fact collected by us, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if you provided such personal information directly to us.
Category A: Identifiers. Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver's license number, passport number, or other similar identifiers.
Collected? Yes.
Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
Collected? Yes.
Category C: Protected classification characteristics under California or federal law. Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Collected? No.
Category D: Commercial information. Examples: Records and history of products or services purchased or considered.
Collected? Yes.
Category E: Biometric information. Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
Collected? No.
Category F: Internet or other similar network activity. Examples: Interaction with our Service or advertisement.
Collected? Yes.
Category G: Geolocation data. Examples: Approximate physical location.
Collected? No.
Category H: Sensory data. Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
Collected? No.
Category I: Professional or employment-related information. Examples: Current or past job history or performance evaluations.
Collected? No.
Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
Collected? No.
Category K: Inferences drawn from other personal information. Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Collected? No.
Under CCPA, personal information does not include: (a) Publicly available information from government records, (b) Deidentified or aggregated consumer information, (c) Information excluded from the CCPA's scope, such as: (i) Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data (ii) Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Sources of Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from You. For example, from the forms you complete on our Service, preferences you express or provide through our Service, or from your purchases on our Service.
- Indirectly from You. For example, from observing your activity on our Service.
- Automatically from You. For example, through cookies we or our Service Providers set on your Device as you navigate through our Service.
- From Service Providers. For example, third-party vendors to monitor and analyze the use of our Service, third-party vendors for payment processing, or other third-party vendors that we use to provide the Service to you.
Use of Personal Information for Business Purposes or Commercial Purposes
We may use or disclose personal information We collect for "business purposes" or "commercial purposes" (as defined under the CCPA), which may include the following examples:
- To operate our Service and provide you with our Service.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our Service.
- To fulfill or meet the reason you provided the information. For example, if you share your contact information to ask a question about our Service, We will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- For internal administrative and auditing purposes.
- To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.
Please note that the examples provided above are illustrative and not intended to be exhaustive. If we decide to collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes we will update this Privacy Policy.
Disclosure of Personal Information for Business Purposes or Commercial Purposes
We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:
- Category A: Identifiers
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
- Category D: Commercial information
- Category F: Internet or other similar network activity.
Please note that the categories listed above are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact disclosed, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.
When we disclose personal information for a business purpose or a commercial purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Sale of Personal Information
As defined in the CCPA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for valuable consideration. This means that we may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit. Please note that the categories listed below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been shared for value in return. We may sell and may have sold in the last twelve (12) months the following categories of personal information:
- Category A: Identifiers
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
- Category D: Commercial information
- Category F: Internet or other similar network activity
Sharing of Personal Information
We may share your personal information identified in the above categories with the following categories of third parties: Service Providers; Payment processors; Our affiliates; Our business partners; Third party vendors to whom you or your agents authorize us to disclose Your personal information in connection with products or services we provide to you.
Sale of Personal Information of Minors Under 16 Years of Age
We do not knowingly collect personal information from minors under the age of 16 through our Service, although certain third-party websites that we link to may do so. These third-party websites have their own terms of use and privacy policies and we encourage parents and legal guardians to monitor their children's Internet usage and instruct their children to never provide information on other websites without their permission. We do not sell the personal information of Consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by contacting us. If You have reason to believe that a child under the age of 13 (or 16) has provided us with personal information, please contact us with sufficient detail to enable us to delete that information.
Your Rights under the CCPA
The CCPA provides California residents with specific rights regarding their personal information. If You are a resident of California, you have the following rights:
- The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
- The right to request. Under CCPA, you have the right to request that we disclose information to you about our collection, use, sale, disclosure for business purposes and share of personal information. Once we receive and confirm your request, we will disclose to you: (a) The categories of personal information we collected about you (b) The categories of sources for the personal information we collected about you (c) Our business or commercial purpose for collecting or selling that personal information (d) The categories of third parties with whom we share that personal information (e) The specific pieces of personal information we collected about you (f) If we sold your personal information or disclosed your personal information for a business purpose, we will disclose to you: (i) The categories of personal information categories sold (ii) The categories of personal information categories disclosed (iii) The right to say no to the sale of Personal Data (opt-out). You have the right to direct us to not sell your personal information. To submit an opt-out request please contact us.
- The right to delete Personal Data. you have the right to request the deletion of your Personal Data, subject to certain exceptions. Once We receive and confirm your request, we will delete (and direct our Service Providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our Service Providers to: (a) Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you. (b) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. (c) Debug products to identify and repair errors that impair existing intended functionality. (d) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law. (e) Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.). (f) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent. (g) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us. (h) Comply with a legal obligation. (i) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your consumer's rights, including by: (a) Denying goods or services to you (b) Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties (c) Providing a different level or quality of goods or services to you (d) Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your CCPA Data Protection Rights
In order to exercise any of your rights under the CCPA, and if you are a California resident, you can contact us in accordance with the “Contact Us” section in this Privacy Policy. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your personal information. Your request to us must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it we cannot respond to your request or provide you with the required information if we cannot: (a) Verify your identity or authority to make the request and (b) confirm that the personal information relates to you.
We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice. Any disclosures we provide will only cover the 12-month period preceding the verifiable request's receipt. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
Do Not Sell My Personal Information
You have the right to opt-out of the sale of your personal information. Once we receive and confirm a verifiable consumer request from you, we will stop selling your personal information. To exercise your right to opt-out, please contact us. The Service Providers we partner with (for example, our analytics or advertising partners) may use technology on the Service that sells personal information as defined by the CCPA law. If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the instructions below.
Please note that any opt out is specific to the browser you use. You may need to opt out on every browser that you use.
Websites. You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:
- The NAI's opt-out platform: http://www.networkadvertising.org/choices/
- The EDAA's opt-out platform http://www.youronlinechoices.com/
- The DAA's opt-out platform: http://optout.aboutads.info/?c=2&lang=EN
The opt out will place a cookie on your computer that is unique to the browser you use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.
Mobile Devices. Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:
- "Opt out of Interest-Based Ads" or "Opt out of Ads Personalization" on Android devices
- "Limit Ad Tracking" on iOS devices
You can also stop the collection of location information from Your mobile device by changing the preferences on Your mobile device.
Privacy Policy Updates.
We may update this Privacy Policy from time to time, so you should review it periodically. When we change this Privacy Policy, we will update the Effective Date at the top of this Policy. If we materially change our Policy, we will notify you of such changes by posting them on this page and/or by a notification within our Services or via an email. Changes to this Policy are effective when they are posted on this page. Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Privacy Policy.
Do Not Track.
We do not track our customers over time and across third party websites to provide targeted advertising and therefore we do not respond to Do Not Track (DNT) signals. Third parties that have content embedded on our website may set cookies on a user’s browser and/or obtain information about the fact that a web browser visited a specific website from a certain IP address. Third parties cannot collect any other personally identifiable information from our website unless you provide it to them directly.