Who We Are
Cotton & Flax is a home decor company that creates handmade textiles for your home. Right now we do this with an online store, blog, workshops and events in our San Diego studio, and email newsletter where we share updates. Our mission is to help you create a home you love with decor that reflects your values.
Why We Collect and Use Your Information
We use your information for a couple of purposes:
To enable us to provide you with our Services, and to improve and promote our Services;
To create and administer your account, contact you, and customize your experience on Cotton & Flax (for example, to show you emails that we think may interest you based on your previous email or website activity); and
To track and analyze use of the Services so that we can improve how Cotton & Flax is performing and provide users with the best experience possible.
To verify compliance with applicable legal requirements and our policies.
We process personal data because this is necessary for the performance of the contract between you and us, for our compliance with our legal obligations and for the purpose of our legitimate interests. In particular, our legitimate interests are our commercial company interest (e.g. to improve our products and services), our interest to make use of direct marketing, our interest to prevent fraud and our interest to report possible criminal acts or threats to competent authorities. Some of the personal data that we process is required for us to meet our legal obligations, for example we cannot create an account for you if you choose not to share your personal data with us.
What Types of Information Do We Collect and Receive and How?
We collect information in the following ways:
Information you provide by completing forms on Cotton & Flax, such as our newsletter sign-up forms, surveys, or other forms
Details of any requests, activity, or transactions you make through the Services. Cotton & Flax partners with other companies (such as MailChimp and Shopify) for email marketing and payment processing. The payment information you submit is collected and used by Shopify in accordance with their privacy policies. Cotton & Flax doesn’t store your payment information;
Information about your activity on and interaction with Cotton & Flax, including use of our website (such as your IP address, the type of device or browser you use, and your actions on the Site) and email newsletter (such as what links you click and if and when you open the email) — we use Google Analytics and MailChimp for gathering this data;
Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem);
Information that you submit on or to Cotton & Flax in the form of comments, contributions to discussions, or messages to other users;
We may collect other types of personal data if required under applicable law or if necessary for the purposes listed above. We will then inform you and ensure that there is a valid legal basis for doing so.
You may decline to provide us with your information and ask that your information be removed. However, this will limit your ability to register for an account or use our Services. For example, if you decline, you may not receive our email newsletter. You may review, change or remove your information through your account settings.
We collect certain personal data by using cookies, including similar technologies such as local storage when you visit the website.
- To gather website statistical data to analyze how our users use the website, such as which pages are visited, how long pages were visited and the paths taken by visitors to our website as they move from page to page. These cookies are placed by the domain https://cottonandflax.com;
- To provide authentication for any upcoming products where log-in is required so that we can keep you logged in between sessions. The information collected using local storage is stored on your browser and persists after your browser is closed.
How Do We Protect Your Data and Who Else Receives Your Information?
First and foremost, we make sure to encrypt and pseudonimze any personally identifiable information so that it’s not seen by the public.
In some cases, we may share basic information like your first name, last name initial, and home state with the public. For example, if we announce you as the winner of a giveaway in our newsletter, we may write “Congratulations to Jane D. (KS) on winning our giveaway!”. In these instances, we will ask you for consent to display this information. We may share your social media handle(s) in our communications if you have meaningfully interacted with us or our Services. For example, if you win a giveaway on Instagram, we may write, “Congratulations to @janedoe on winning our giveaway!” We do not ask for explicit consent to display this type of information as you are interacting in a public forum with us and other users of the service, using a public profile name.
We may also share certain communications you send to us (for example, an email message or comment about how much you liked the newsletter). We typically scrub these communications of any personally identifiable information such as your email address or full name.
The following data will not be publicly displayed or revealed to other users, unless you grant us explicit consent:
- Any payment information you provide;
- Your email address;
- Your mailing address;
- Your IP address;
- Any other private profile information, in accordance with your account settings and profile; and
- Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem).
In some instances, we may also share your information to the following parties and for the following reasons:
- Competent public authorities or other third parties, if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others.
- Service providers under contract who help with our business operations. We employ these companies and people to perform tasks on our behalf and need to share your information with them to provide products and services to you.
- Our affiliates and promotional partners, so they can offer you special products, services, discounts, tickets, and other items or services. Likewise, we may receive information from such affiliates and promotional partners to offer our Users special items or services. We ask for your explicit consent in sharing your personal information with these parties. We do not sell personal information to third parties. The data that is usually shared with affiliates and promotional partners is in aggregate and not at an individual level (for example, we may share that “most of our email newsletter subscribers love home decor items”).
- We may also transfer your personal data in the event that we sell or transfer all or a portion of our business or assets on a need to know basis. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal data you have provided to us in a manner that is consistent with applicable law and this Privacy Statement.
We do not sell, rent or trade your personal information.
You have a right to a copy of the information we have about you. Contact us at firstname.lastname@example.org for more information. You can modify or delete certain information associated with your account (such as your name, mailing address, etc.) by emailing us at any time.
We retain your data for the shortest amount necessary to provide you with our Services. Typically, we will retain most of the personal data for the duration of your use of the website and Services. Note that even after the deletion of your account, we still retain information about your past activity with the email newsletter, but your personal information will be non-identifiable.
How We Work With Third-Parties
As noted above, we may share your information with certain trusted third-party services and brand partners (example: MailChimp who helps us deliver the newsletters, or when we partner with payment processors, or use Google Analytics to help us understand how our site is being used and how to attract more customers). When we share data with third-party services that support our delivery of the our Services, we require that they use your information only for the purposes we’ve authorized, and that they protect your personal information at least to the same standards we do. We do not release or sell private and personally identifiable information. For example, we may release statistics on the geographical makeup of our audience, but we do not release the names and other information of who lives where — you will remain anonymous.
Because Cotton & Flax is a US-based company, your information will be collected and processed in the United States. The United States has its own laws governing data protection and government access to information. The rules that protect your personal information under United States law may be different than in your home country.
Data transfers outside the EEA
We may transfer the personal data we obtain to third parties in countries outside the European Economic Area (EEA). The laws in those countries may not offer an adequate level of data protection. In particular, personal data may be transferred to the United States.
When we transfer your personal data outside the EEA, we will protect your personal data as described in this Privacy Statement and in accordance with applicable law, such as by entering into the European Commission’s Standard Contractual Clauses for the transfer of personal data to a processor located outside of the European Union.
Users residing in certain countries, including the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information. While these rights are not applicable globally, all users can manage their personal information, as further described below, in their account settings. A link to your account settings can be found at the bottom of every email we send you.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You can request a downloadable copy of your personal data from Cotton & Flax by contacting us using the information provided below.
Additional Rights for EEA Users
If You live in the European Economic Area, or a similar international area, You may have additional privacy rights available to You under applicable laws. We will process Your requests in accordance with applicable data protection laws. If You would like to exercise any of the below rights, please contact email@example.com so that we may consider Your request in accordance with applicable law:
- Right not to provide or withdraw consent: You have the right not to provide or withdraw Your consent at any time.
- Right of access: You may have the right to access the Personal Data that You provided Us.
- Right of erasure: You may have the right to the erasure of Personal Data that We hold about You.
- Right to object to processing: You may have the right to request that Cotton & Flax stop processing Your Personal Data and/or to stop sending You marketing communications.
- Right to rectification: You may have the right to require Us to correct any of Your Personal Data.
Our Policy on Children
People under 18 (or the legal age in your jurisdiction) are not permitted to use our services on their own. We do not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to register for an account or use our Services. If you believe that a child has provided us with personal information, please contact us at firstname.lastname@example.org. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it.
If you have questions about this policy, or about the site, please contact us at: email@example.com. We’ll make every effort to resolve your concerns.