Revised December 20, 2019
Section 1. Privacy Statement
Section 2. Information We Collect and How We Use It
Our primary goal in collecting information is to provide and improve our Services, to administer your use of the Services (including your Account, if you are an Account holder), and to enable you to enjoy and easily navigate our Services. The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with Diff Eyewear and the requirements of applicable law. Some of the ways that Diff may collect Personal Information include:
- You may provide Personal Information directly to Diff Eyewear through interacting with the Services, making online purchases, participating in surveys, during events such as sweepstakes, and requesting Services or information.
- As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.
2.1 Personal Information. When you join our mailing list, create an account, or make a purchase through our site, your personal information is collected and stored. Basic personal information we collect includes, but is not limited to, your full name, billing address, shipping address, phone number, and email address.
2.2 Shopify. Our store is hosted on Shopify, Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases, and the general Shopify application. They store your data on a secure server behind a firewall.
2.3 Payments. If you choose a direct payment gateway to complete your Diff Eyewear purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After the transaction is complete, your transaction data is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standard Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service or its Privacy Statement.
2.4 Non-Identifying Information. Non-identifying information are solo portions of your personal information that cannot be linked to you when seen alone, for example, your zip code or state. Diff Eyewear uses non-identifying information for statistical measurements to ultimately improve your experience on our site. We may combine your non-identifying information with your personal information to provide services to you, such as delivering product or addressing your inquiries.
2.5 Log Data. When you visit Diffeyewear.com, our servers will automatically record and store information that your browser sends to every website you visit. This information is called log data. Log data can include, but is not limited to, your Internet Protocol (IP) address, browser type, web address you were visiting before coming to Diffeyewear.com, search information, the Diffeyewear.com pages you visited, and duration of time spent on each page. We collect this information to analyze and optimize our site to provide the utmost functionality to you.
Here is a list of cookies that we use. We’ve listed them here so you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc.)
_shopify_visit, no data held, Persistent for 30 minutes from the last visit. Used by our website provider’s internal stats tracker to record the number of visits.
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day. Counts the number of visits to a store by a single customer.
Cart, unique token, persistent for 2 weeks. Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_disgest, unique token, indefinite if the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, set by Google and tracks who visits the store and from where.
2.7 E-Mails. Diff Eyewear collects your email address to provide necessary transaction confirmation notifications. You may also opt-in to be a part of our DIFF Eyewear mailing list. In doing so, we will use your email address to provide promotional or marketing material regarding the launch of new products, events, service, and other items of interest.
Section 3. Information Sharing
The following includes a list of instances in which your personal information may be shared.
3.1 Third-Party Service Providers. At times, Diff Eyewear will employ third-party service providers to assist us in improving our site, supporting our business operations, and assisting us in our marketing campaigns. These services may include website maintenance, database management, website analytics, or payment processing parties, targeted advertising and partnership marketing. In general, these third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services provided to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a Different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
3.3 Google Analytics. Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at. This includes demographics and interests. We will never share this data with anyone outside of Diff Eyewear. This data is only collected so that we can better service our customers.
3.4 Law Enforcement. If we deem it necessary or appropriate, Diff Eyewear will cooperate with law enforcement officials and private parties when asked to disclose any information about you.
3.5 Business Transfer. In the event that Diff Eyewear transfers ownership, we may share your personal information during a merger, acquisition, reorganization, sale of assets, or declaration of bankruptcy.
Section 4. Consent
4.1 Email and Other Campaigns.
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, it is implied that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at privacy@Diffeyewear.com or mailing us at: Attention: Privacy Officer, Diff Eyewear, 19701 Hamilton Avenue, Suite 260, Torrance, CA 90502.
4.2 Text Messages.
Your consent to receive automated text messages from Diff Eyewear is completely voluntary. You may opt-out at any time. You may opt-out from receiving messages at any time by texting “STOP” in response to a text message you received from Diff Eyewear or to Diff Eyewear’s short code 55721. It is your sole responsibility to notify us if you no longer want to receive automated text messages. You waive any rights to bring claims for unauthorized or undesired text messages by failing to opt-out immediately or by failing to follow these instructions. Please allow up to thirty (30) days (or ten (10) business days where required by law) to process any opt-out request. We will send you a SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us unless you opt-in to a Different campaign. As always, message and data rates may apply for any messages sent to you from us and to us from you.
Section 5. Your Account Information
You may edit, update, or delete parts or all of your personal information from your user account at any time. You may edit your account information by logging into your account, or if you wish to delete your account entirely, please contact us at privacy@Diffeyewear.com. Although your account can be deleted an archived copy may remain on file for business records.
Section 6. International Transfer
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and to Processing of your data globally. By providing your Personal Information, you consent to any transfer and Processing in accordance with this Policy.
Section 7. Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional, generally accepted industry standards.
Section 8. Children
In compliance with the Children’s Online Privacy Protection Act, Diff Eyewear will not knowingly collect any information from children under the age of 13 years. If you are under 13, please have your parents or legal guardian enter their information when required. If a parent or legal guardian becomes aware that his or her child has provided his or her personal information without parental consent, please contact privacy@Diffeyewear.com, and we will remove the information from our files. Additionally, if Diff Eyewear becomes aware that a child under the age of 13 has provided us with his or her personal information, we will delete the information from our files.
Section 9. California Do Not Track Disclosure
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this Time, Diff Eyewear does not respond to Do Not Track browser settings or signals. In addition, Diff Eyewear may use third-party advertising companies to collect data and/or serve ads when you visit Diffeyewear.com.
These companies may use information about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. Please keep in mind that your browser settings may not permit you to control the technologies utilized by these third-party companies. If you would like more information about this practice and to know your choices about not having this information used by these companies, visit http://www.networkadvertising.org/choices/.
Section 10. Your California Privacy Rights
This Section applies to any California residents about whom we have collected personal information from any source, including through your use of our Service or by communicating with us electronically, in paper correspondence, or in person. Any terms defined in the California Consumer Protection Act (“CCPA”) have the same meaning when used in this Section 10. This Section only applies to non-California residents as may be required by applicable state law in your state of residence.
10.1 What Personal Information We Collect?
We collect the following categories of personal information from consumers:
a) Identifiers. We collect your name, physical address, e-mail address, phone number, cell phone number, Internet Protocal (IP) address and account name.
b) Information In Customer Records. We collect your name, address, telephone number and cell phone number. If you purchase prescription glasses through our website we will collect your prescription.
c) Legally Protected Characteristics. In some circumstances, usually through a voluntary survey, we collect your age, marital status, gender and familial status.
d) Commercial Information. We collect information on products or services you purchased, obtained, or considered purchasing or other purchasing or consuming histories or tendencies.
e) Internet or Network Activity. We collect information regarding consumer’s interaction with our Internet website. We collect your browser type, web address you were visiting before coming to Diffyeyewear.com, search information, what Diffeyewear.com pages you visited, duration of time spent on each page and whether consumers tried on through our virtual try on tool and how much time a consumer spends on our website.
f) Additional Information. See Section 2 above for additional information on the information we collect and how we use it.
10.2 Sources of Collected Personal Information.
We may collect personal information from the following categories of sources:
- From you, including via our websites, mobile applications, telephone, text message, postal mail, social media, surveys, message boards, or other means;
- Our service providers, which includes customer relationship management providers, analytics providers, hosting providers, systems administrators, and communications delivery services;
- Nonaffiliated companies with which we have a business relationship, which includes our Customers;
- Other third parties, which includes analytics service providers and other websites and mobile applications, online advertising partners, and other data suppliers;
- Employees and job applicants.
10.3 What Do We Do With Your Personal Information?
We use the personal information we collect from you for all of the business purposes outlined in Section 2 above. Diff Eyewear does not, and will not, sell your personal information for monetary or other valuable consideration.
10.4 Who We Share Personal Information With?
We may share your personal information with the following categories of third parties for a business purpose:
- Service Providers or other strategic partners;
- Nonaffiliated companies with which we have a business relationship, such as our Customers;
- Third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business assets or stock (including in connection with any bankruptcy or similar proceedings); and
- Other parties described in Section 3 above.
See Section 3 above for additional information on how we may share your personal information.
10.5 Your Privacy Rights
If you are a California resident, subject to applicable law, you have the following rights under California law with respect to your personal information:
- Right to Know. You may have the right to request what personal information we collect, use, disclose, and/or sell, as applicable and request the information be provided to you in a portable format.
- Right to Delete. You have the right to request the deletion of your personal information that is collected or maintained by us.
- Right to Opt-Out of Sale. We do not sell your personal information but to the extent we were ever to change this policy, you have the right to request to be opted out from any future sales of your personal information by us. This opt-out will not change your preferences with respect to the receipt of marketing and other communications from the Company.
- Right to Non-Discrimination. You have the right not to be denied goods or services, charged Different prices or rates for goods or services, or receive a Differing level of quality of goods or services as a result of exercising the above rights.
10.6 Exercising Your Rights
If you are a California resident and wish to seek to exercise any of the rights in Section 11.5 above, please reach us in one (1) of the following ways:
Attention: Privacy Officer
19701 Hamilton Ave., Suite 260
Torrance, CA 90502
Your request through either email or mail must identify which right(s) you are seeking to exercise (access to your personal information; provide you with your personal information; and/or deletion of your personal information). Your request must also include full name, email address and/or postal address.
You may also authorize someone to exercise the above rights on your behalf provided we can verify that individual is authorized to act on your behalf. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child.
The above rights are subject to our being able to reasonably verify your identity and authority to make these requests. These rights are also subject to various exclusions and exceptions under applicable laws. You may only make a verifiable consumer request for access or data portability twice within a twelve (12)-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
We may deny your deletion request if retaining the personal information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by either mail or electronically. Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your rights. Unless permitted under applicable law, we will not:
- Deny you goods or services.
- Charge you Different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a Different level or quality of goods or services.
- Suggest that you may receive a Different price or rate for goods or services or a Different level or quality of goods or services.
Section 12. Contact