Privacy policy

1. Introduction

Welcome to Ponchocho (a brand of Duckee Designs LLC), an online store committed to protecting the privacy of our customers. This Privacy Policy is designed to inform you about how Ponchocho collects, uses, shares, and protects your personal information when you visit our website and use our services. We understand the importance of your privacy and are dedicated to maintaining the confidentiality and security of your personal data. This policy outlines our practices in accordance with applicable data protection laws and regulations, demonstrating our commitment to ensuring a safe and trustworthy shopping experience. It is important to us that you understand how we handle your information, and this policy serves to provide clarity on our data processing activities. By using our website, you consent to the practices described in this Privacy Policy. This document will cover the types of information we collect, how we collect it, how we use it, who we share it with, our data retention practices, the security measures we implement, your privacy rights, our use of cookies and other tracking technologies, our policy on third-party links and children's privacy, how we update this policy, and how you can contact us with any questions. Privacy policies are a legal necessity in many regions, including the European Union under the General Data Protection Regulation (GDPR) and in the United States under laws like the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). Shopify, the platform that hosts our store, also strongly recommends that merchants have a privacy policy. Adhering to these legal requirements not only ensures compliance but also builds trust with our valued customers and provides a framework for legal protection.  

 

2. What Information Do We Collect?

  • Information You Provide Directly:
    • When you create an account on our website, place an order, or fill out a contact form, you may provide us with personal identification information such as your name, email address, and phone number. Providing this information is generally voluntary, although some details may be necessary to process your orders effectively.  
    • For order processing and delivery, we collect your shipping and billing addresses. This information is essential to ensure that your purchases reach you and that payments are processed correctly.  
    • To process your transactions, we collect payment information, which may include your credit card details, payment card number, and expiration date. It is important to note that payment information is sensitive and requires robust protection. We strive to ensure the security of your payment details and may utilize PCI DSS compliant third-party payment processors.  
    • For account management purposes, you will create a username and password. These credentials help us to secure your account and personalize your experience.  
    • Any communications and messages exchanged between you and Ponchocho's, such as through customer support inquiries or feedback submissions, are also collected. This allows us to effectively address your concerns and improve our services.  
  • Information Collected Automatically:
    • When you visit our website, we automatically collect certain information about your device, including your IP address, browser type, device ID, and operating system. This data is often captured as soon as you access our site. Collecting this information aids in website functionality, security, and analytics.  
    • As you navigate our website, we track your browsing history, search queries, and website interactions, such as the pages you visit, the time you spend on each page, and referral data. Tools like Google Analytics may be used to collect this data. This information helps us to improve our website's functionality, personalize your user experience, and conduct targeted advertising where appropriate and with your consent.  
    • We also collect cookie data and data from other tracking technologies, the details of which are provided in Section 8 of this policy.  
    • If applicable and with your explicit consent, we may collect location data from your device.  
  • Information Received from Third Parties:
    • In order to provide our services effectively, we may receive information from third-party service providers, such as payment processors, shipping companies, and marketing platforms. Shopify, our platform provider, also receives information from its partners and service providers. It is important to understand that Ponchocho remains responsible for the protection of your personal information even when it is processed by these third parties.  
    • If you choose to link your social network accounts with our website, we may receive information from those platforms.  

3. How Do We Collect Your Information?

We collect your information through various methods, including:

  • Direct Interactions: You directly provide us with your information when you interact with our website, such as when you create an account, place an order, subscribe to our newsletter, or contact our customer support team.  
  • Automated Technologies: We utilize automated technologies like cookies, web beacons, and pixels to collect information as you browse our website. More detailed information about these technologies can be found in Section 8.  
  • Third-Party Service Providers: Our service providers, such as those involved in payment processing and shipping, may provide us with information necessary for the fulfillment of your orders.  
  • Social Media Platforms: If you opt to connect or log in to our website using your social media credentials, the respective platforms may share certain information with us.  

Transparency is paramount in our data collection practices, and we are committed to providing you with notice at the point of data collection. Informing you about how your data is collected fosters trust and aligns with the principles of many data privacy regulations.  

 

4. How Do We Use Your Information?

We use the information we collect for various purposes, including:

  • To process your orders and ensure their successful fulfillment, which includes sending order confirmations, arranging for shipping, and managing the delivery process.  
  • To effectively manage your account on our website and provide you with comprehensive customer support when you need assistance.  
  • To communicate with you regarding your purchases, address your inquiries, and keep you informed about important updates related to your orders and our services.  
  • To send you marketing communications, such as newsletters and promotional offers, but only when we have obtained your consent to do so, as required by applicable laws. Email addresses are commonly used for sending order confirmations, shipping updates, and marketing content. We ensure that you have clear options to opt-out of receiving marketing communications at any time.  
  • To personalize your experience on our website by providing tailored content and product recommendations that may be of interest to you. This personalization is based on your purchase history and browsing patterns. While we aim to enhance your shopping experience through personalization, we maintain transparency about the data we use for this purpose.  
  • To analyze how our website is used, allowing us to improve its functionality, enhance our services, and optimize the overall customer experience through data analysis and website analytics.  
  • To implement measures for detecting and preventing fraudulent activities and to ensure the security and integrity of our website and the services we offer.  
  • To fulfill our legal obligations and respond to any lawful requests from regulatory or law enforcement authorities.  

Our data usage practices adhere to the principle of purpose limitation, meaning that we only use your data for the specific purposes that were disclosed to you when the information was collected. This principle, particularly emphasized in GDPR, mandates that personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a way that is incompatible with those initial purposes.  

 

5. Who Do We Share Your Information With?

We may share your information with certain third parties who assist us in providing our services:

  • Third-Party Service Providers:
    • We utilize payment processors such as Shopify Payments to securely process your transactions.  
    • Shipping companies like USPS, FedEx, and UPS are engaged to facilitate the delivery of your orders.  
    • Our website is hosted by a hosting provider, Cloudlfare.  
    • We may employ analytics providers to help us understand website traffic and user behavior.  
    • With your consent, we may share de-identified general data information with advertising partners for the purpose of targeted advertising. It is important to note that these third-party service providers are contractually obligated to protect your personal data and are permitted to use it only for the specific purposes for which it was shared. Disclosing these third parties is a requirement under various data privacy laws.  
  • Shopify: As the provider of our e-commerce platform, Shopify may also collect and process your personal information on our behalf. We encourage you to review Shopify's privacy policy for a comprehensive understanding of their data handling practices.  
  • Legal Compliance and Protection: We may disclose your personal information if we are legally required to do so, in order to enforce our website policies, or to protect our rights, property, or safety, as well as the rights, property, or safety of others.  

Please be assured that Ponchocho does not sell your personal information to third parties for their marketing purposes unless we have explicitly stated otherwise and obtained your consent to do so. Addressing the common concern about the sale of personal data directly is a key aspect of building and maintaining customer trust.  

 

6. Data Retention

Our general principle is to retain your personal data only for as long as it is necessary to fulfill the purposes for which it was collected. This aligns with the GDPR's emphasis on the principle of storage limitation. The specific retention periods for different types of data are as follows:  

 

  • Order data and transaction history are typically retained for a period necessary to comply with accounting, tax, and other legal obligations, which may range from 5 to 10 years. Legal requirements, such as tax regulations, often mandate these retention periods. Providing the legal basis for retaining this data helps you understand its necessity.  
  • Customer account information is generally retained as long as your account remains active. Following account deactivation, we may retain your information for a period of time to address any potential inquiries or facilitate account reactivation, for example, for approximately 2 years.  
  • Your preferences for receiving marketing communications are retained until you choose to opt-out.
  • Website analytics data is kept for a duration necessary for analysis and to help us improve our website and services, which may range from 6 months to 2 years.  
  • Payment information is typically retained only for the duration required to process the transaction. However, tokenized or masked elements may be stored for a longer period for security and tracking purposes.  

The determination of these retention periods is based on various criteria, including legal obligations, our business needs, and the duration of our relationship with you. We also want to remind you that you have the right to request the deletion of your personal data, subject to certain exceptions, as outlined in Section 7. It is important for us to have a well-defined data retention policy and schedule in place. This ensures that we comply with relevant regulations, minimize risks associated with retaining data for too long, and maintain efficient data management practices.  

 

7. Security of Your Information

Ponchocho's, along with our platform provider Shopify, implements a variety of security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Shopify maintains a comprehensive information security program that includes technical and organizational safeguards. We utilize encryption technologies, such as Secure Sockets Layer (SSL/TLS), to secure the transmission of data between your browser and our servers. For payment processing, Shopify adheres to the highest industry standards and is PCI DSS Level 1 compliant, ensuring the secure handling of your payment details. We also recommend that you take steps to protect your own information, such as using strong and unique passwords for your account and enabling two-factor authentication if it is offered. While we are committed to protecting your personal information, it is important to acknowledge that no method of data transmission over the internet or electronic storage is entirely foolproof, and therefore, we cannot guarantee absolute security. It is also important to understand that security is a shared responsibility. While Shopify provides a secure platform, we, as the store owner, also need to implement and maintain security best practices to protect your customer data. This shared responsibility model ensures a more robust security posture for your information.  

 

8. Your Privacy Rights

Under applicable data privacy laws, you have certain rights regarding your personal data. For instance, if you are a resident of the European Union, the GDPR grants you specific rights, and if you are a resident of California or Colorado, the CCPA and CPA provide you with certain rights as well. These rights may include:  

  • Right to Access: You have the right to request information about the personal data we collect from you and how we process it.  
  • Right to Rectification: You can request that we correct any inaccurate or incomplete personal data we hold about you.  
  • Right to Erasure (Right to be Forgotten): Under certain circumstances, you have the right to request the deletion of your personal data.  
  • Right to Restrict Processing: You may have the right to request that we limit the processing of your personal data in specific situations.  
  • Right to Data Portability: In some cases, you can request to receive your personal data in a structured, commonly used, and machine-readable format and have it transmitted to another controller.  
  • Right to Object: You have the right to object to the processing of your personal data in certain situations, such as for direct marketing purposes.  
  • Right to Opt-Out of Sale or Sharing: If applicable under laws like CCPA and CPA, you have the right to opt out of the sale or sharing of your personal information for targeted advertising.  
  • Right to Limit Use and Disclosure of Sensitive Personal Information: Under certain regulations like CCPA and CPA, you may have the right to direct us to limit the use and disclosure of your sensitive personal information for specific purposes.  

To exercise any of these rights, please contact us using the information provided in Section 13. We will need to verify your identity before processing your request. If you believe that your privacy rights have been violated, you also have the right to lodge a complaint with a supervisory authority.  

To help you understand your rights better, the following table provides a summary of key privacy rights under GDPR and CCPA:

Right GDPR Applicability CCPA Applicability CPA Applicability Description
Right to Access Yes Yes Yes You have the right to know what personal data is collected and how it is used.
Right to Rectification Yes Yes Yes You can request the correction of inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten) Yes Yes Yes You can request the deletion of your personal data under certain circumstances.
Right to Restrict Processing Yes No Yes You can request the limitation of the processing of your personal data in specific situations.
Right to Data Portability Yes Yes Yes You have the right to receive your personal data in a portable format and transmit it to another controller.
Right to Object Yes No Yes You can object to the processing of your personal data in certain situations, including for direct marketing.
Right to Opt-Out of Sale or Sharing No Yes Yes You have the right to opt out of the sale or sharing of your personal information for targeted advertising.
Right to Limit Use of Sensitive Information No Yes Yes You can direct businesses to only use your sensitive personal information for limited purposes.

9. Cookies and Other Tracking Technologies

Our website uses cookies, which are small text files that are stored on your device when you visit certain websites. These cookies serve various purposes, including enhancing your user experience by remembering your preferences, improving website functionality, enabling website analytics, and facilitating targeted advertising. We may use different types of cookies, such as strictly necessary cookies that are essential for the website to function, functional cookies that remember your choices, performance cookies that help us analyze website usage, and advertising cookies that are used for personalized advertising. In addition to cookies, we may also utilize other tracking technologies like web beacons, pixels, and similar tools to gather information about your interactions with our website.  

 

In compliance with data privacy regulations such as GDPR and the ePrivacy Directive, we obtain your consent before using non-essential cookies, typically through a cookie banner that appears when you first visit our website. This banner allows you to manage your cookie preferences and opt-out of certain types of cookies. You can also typically control or disable cookies through your browser settings. We may also use third-party cookies, placed by providers of analytics or advertising services, to assist us in these functions. Our full Cookie Policy, which provides detailed information about the specific cookies we use, their purposes, and how you can manage your preferences, is easily accessible. You can usually find a link to this policy in the footer of our website and within the cookie consent banner. Ensuring the accessibility of our Cookie Policy promotes transparency and empowers you to make informed decisions about your consent.  

 

10. Third-Party Links

The Ponchocho website may contain links to other websites or online services provided by third parties that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of these external websites and services. We encourage you to carefully review the privacy policies of any third-party websites you visit, as their practices may differ from ours.  

 

11. Children's Privacy

Ponchocho is committed to protecting the privacy of children. Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under this age. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately using the information provided in Section 13, and we will take steps to remove the information from our systems. If we do collect personal information from children, we will follow the procedures outlined in applicable laws, such as obtaining parental consent as required by COPPA in the United States.  

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the features of our website and services. When we make material changes to this policy, we will notify you by posting a prominent notice on our website or by sending you an email to the email address associated with your account. The effective date of the most recent version of this Privacy Policy will be stated at the beginning of the document. We encourage you to review this policy periodically to stay informed about how we are protecting your personal information.   

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to contact us. You can reach us at:

support@ponchocho.com