Privacy & Security
Updated January 24, 2020
Essential information we collect
In operating our store, it is essential for us to capture some information about your device, such as your IP address and information related to your visit when you browse our store. For example, this might include time-stamp, the last page or product you visited, the indication that you logged in.
We do that in order to:
- remember who you are after you log in so that you do not need to authenticate at each click;
- monitor if our website is running with the high performance we are dedicated to providing;
- let you browse between products without having to start back from the home page at each click;
- remember if you put something in your shopping cart before you decide to checkout;
- and control that your data is processed securely.
Order information you expressly provide
If you buy something from our store, we will need more specific information about you. To fully process your order and ship the merchandise you selected, we need your personal data such as your first and last name, your email address and your shipping and billing address. We also use your contact and order information to send you communication related to the processing of your order. We will ask you to provide this information in our “checkout page” before letting you finalize your purchase with the payment.
If you have started to buy one of our products, but have not completed the purchase, you may have provided partial information, such as your email. In that case, we might send you an email to remind you about your interest. If you are not comfortable in receiving further emails of this kind, we will give you a simple opportunity to opt-out. Your privacy means a lot to us and we will stop sending you these communications right away.
If you have completed a purchase, we will send you an email to ask you to review the product you bought. We want to be sure that whether you love your purchase or have a complaint, you can share your opinion with other customers.
We also use some specific information related to your visit, such as the timestamp of your visit, the page or the product you viewed, where you are coming from (if you came to our store because you clicked on an advertisement or you just opened our direct link). This is very similar to the “essential information,” but we use it to provide you with a personalized experience. The information on your visit provides us with insights on your interests and allows us to send you relevant communications. We capture this information through cookies, called a "beacon," that we allow you to block.
Other uses of personal data
We also use your email to send communications via a third party about our store via newsletters, but always require you confirm your subscription before sending you any emails like this. We use your email to send marketing automations via a third party to you based on your past purchase history, past interaction with previous emails and physical location. Your data is held privately and not shared with any other companies.
Another reason we may collect your email is if you wish to be notified when an out of stock product is returned to full stock. This is voluntary and we will not use your email from this action for any other reason than to notify you when products are back in stock.
We use Google, Facebook and social media channels to collect your information and to share relevant advertisements and promotional material to you.
Analyzing trends and statistics for internal use
How do we process your order information? We use an external provider to run our store, BigCommerce. BigCommerce is based in the US and is a participant in the EU-US Privacy Shield Framework and committed to providing best-in-class service and data protection. You can check its participation in the Privacy Shield here on the official site of The International Trade Administration (ITA), U.S. Department of Commerce. 11305 Four Points Drive / Building II, Third Floor / Austin, TX 78726
Through BigCommerce, we also use other, highly specialized external providers to provide the most competitive services. For example:
Payment: Our store is PCI-DSS compliant (a very strict industry standard with requirements for the security of credit card information), but we want to use accredited companies to process your credit card information. We use Paypal and First Data to process all payments at our store.
Shipping: We integrate with Efulfillment Services to fulfill your orders.
Other ways we collect and analyze general purchasing data is via Google Analytics and Search Console.
How can you control your personal data?
If you are one of our customers who is in the EU, and we are specifically selling our products to the Member State where you are located, you have specific rights that we are honored to enforce without undue delay: Access, Correct, Erasure, Port, Object. If you cannot exercise your choice on your account age or if you do not have an account with us, please reach out to us, at the contact details at the bottom of this page. We will be more than happy to help.
How long do we keep your data?
We keep your data for as long as you have an account with us. We also keep some data for security investigation. Most importantly, we have specific obligations for fraud detection and tax reasons. Therefore, we might need to retain certain data even if you ask to delete it.
Do we have any legal obligations when handling your data?
Many. We might need to share your personal information to comply with applicable tax or legal obligations and even fraud detection.
Who can you reach out to for privacy matters or a complaint?
You can contact us at:
Updated September 2020
We respect your privacy and are committed to protecting and securely managing all of the personal information that you choose to share with us. During your online visit, you may be required to share personally identifiable information, such as your first and last name, physical address, telephone number or e-mail address. We collect this information in order to facilitate the delivery of services and/or the completion of an order with The Eczema Company. We will never sell, share, or rent your personally identifiable information to third parties in ways different from what is disclosed in this statement.
We automatically receive and record information on our server logs from your browser including your IP address, cookies, and the page(s) you visited. This information is not considered personally identifiable information and cannot be used to identify any individual. Despite this, this information, again, will not be sold shared or rented to third parties in ways different from what is disclosed in this statement.
We process all credit card payment transactions through PayPal and First Data (through Authorize.net as a payment gateway), which are highly secure payment processors. PayPal and First Data host and handle all the payment information; we do not handle any sensitive financial data on our server. Your financial information will never be saved in our system. All payment transactions are encrypted to ensure privacy of your credit card information. Your personal information and payment information is always secure. We use the industry standard Secure Sockets Layer (SSL) as an extra measure of security on top of that provided by PayPal. We use SSL to make sure that your data is always encrypted, secure, and protected.
Using Your Information
The personally identifiable information that you share with us is used for internal purposes such as:
- Order history, status, tracking, and confirmation
- E-mail newsletters designed to inform you of new products, services, and offers
- Analyzing trends and statistics for internal use
As stated above, none of your personally identifiable information will be sold, shared, or rented to third parties. However, we may utilize and share aggregated demographic information with our marketing agents in order to analyze sales trends. This aggregated demographic information is in no way linked to an individual's personal information, and in no way can be used to single out or identify any individual.
Third Party Sites
When shopping at The Eczema Company you may come across links to other websites from our partner networks and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for. Please check these policies before you submit any personal data to these websites. We use re-marketing and other advertising services. This means we use third-party vendors, including Google, to collect cookies and display our ads via other sites across the internet based on someone's previous visits to our store. To opt out of these ads, please visit here.
If you have any questions or concerns about your privacy or security, please contact us.