1. User’s Acknowledgment
2. The type of personal information we collect
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit card information, or other details to help you with your experience. We will store this information for as long as needed or asked to be removed by the individual themselves.
3. When do we collect information, and How do we use your information
We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, open a Support Ticket, enter information on our site, and when you provide us with feedback on our products or services.
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To personalize your experience and allow us to deliver the type of content and product offerings you are most interested in.
- To improve our website to serve you better.
- To allow us to better service you in responding to your customer service requests.
- To administer a contest, promotion, survey, or other site feature.
- To quickly process your transactions.
- To ask for ratings and reviews of services or products.
- To follow up with them after correspondence (email or phone inquiries)
4. Data collection on our website
We collect personal information directly when you provide it to us, automatically as you navigate through the Sites, or through other people when you use services associated with the Sites. When you provide it to us when you complete user registration and submit a support (or pre-purchase) request, we also collect your personal information, subscribe to a newsletter, email list, submit feedback, fill out a survey, or send us a communication.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site. We use permanent cookies to enable users who have not logged in to store certain website settings in their browser (like dismissing the cookie bar or disabling features like Youtube videos or Google Analytics tracking)
If you leave a comment on our site, you may opt-in to save your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
4.2. Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files.” These are:
Browser type and browser version
- Operating system used
- Referrer URL
- The hostname of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
4.3. Registration on this website
You can register on our website to access additional functions offered here. The input data will only be used to use the respective site or service you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
5. How we keep your personal information secure
Our website is scanned regularly for security holes and known vulnerabilities to make your visit to our site as safe as possible. We use regular malware scanning services. Your personal information is contained behind secured networks. It is only accessible by a limited number of persons who have special access rights to such systems and must keep the information confidential. Besides, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order, enters, submits, or accesses their information to maintain your personal information’s safety. All transactions are processed through a gateway provider and are not stored or processed on our servers.
6. Third-party access to your data
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners; we have to share limited data to provide the services you expect. Please see below:
6.1. Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies.” These are text files stored on your computer, which allow an analysis of the website’s use by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize its website and its advertising. If you would like to opt-out of Google Analytics monitoring your behavior on our site, please use this link: Google Analytics Opt-out.
6.2. Google AdSense
We have implemented the following:
- Remarketing with Google AdSense
- Google Display Network Impression Reporting
- Demographics and Interests Reporting
- DoubleClick Platform Integration
We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt-out by visiting the Network Advertising Initiative Opt-Out page or using the Google Analytics Opt-Out Browser Add-on.
Our website uses plugins from YouTube, which is operated by Google. The pages’ operator is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior with your personal profile directly. You can prevent this by logging out of your YouTube account. This constitutes a justified interest, according to Art. 6 (1) (f) GDPR. Further information about handling user data can be found in the data protection declaration on YouTube.
6.4. Google Fonts
6.8. Font Awesome
7. Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
While we make every effort to preserve your privacy, personal information may be disclosed when required by law. We have a good-faith belief that such action is necessary to comply with a judicial proceeding, court order, or legal process.
8. COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 18, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under 13.
9. Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States. The concepts they include have played a significant role in developing data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
To be in line with Fair Information Practices, we will take the following responsive action should a data breach occur:
- We will notify you via email within 3 business days.
We also agree to the Individual Redress Principle, which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires that individuals have enforceable rights against data users and that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
10. CAN-SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address to:
- Send information, respond to inquiries, and/or other requests or questions.
- Send information and updates about work orders.
- Send you additional information related to your product and/or service.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be under CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If you would like to unsubscribe from receiving future emails at any time, you can email us at firstname.lastname@example.org or follow the instructions at the bottom of each email, and we will promptly remove you from ALL correspondence.
11. Who has access to your data
If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself. If you are a client with a registered account, your personal information can be accessed by:
- Our system administrators.
- When they (to provide support), they need to get information about the client accounts and access.
12. How long we retain your data
If you complete a purchase on our website, our system automatically creates an account to store your order data and create your subscription. This account information is stored indefinitely to keep accurate records of any data we are obliged to keep for administrative, legal, or security purposes. If you fill out one of our contact forms, your data is stored in our website database indefinitely. Additionally, this information is stored in our website backups for no longer than 90 days.
13. Our security measure
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization. In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users, and will attempt to reset passwords if needed.
14. What data breach procedures we have in placeThe third-party services that we use to store data are equipped to monitor unauthorized access and share any known system breaches. These third-party services include paypal.com, stripe.com, and Google.com. Additionally, if, at any point, Tibetan Paper & Handicraft becomes aware of a data breach through one of the third parties listed above, or by our own measures, we will immediately contact all affected parties and also take immediate action by the rules and regulations of the authority having jurisdiction.
15. Notification of Changes