Effective May 23, 2018
2. Who we are
DecanterEngraving.com (the “Website”) is owned and operated by nGrave Solutions, LLC a company headquartered in the State of New York in the United States (“we” “us” the “Company”). Our Website offers custom engraved crystal decanters and barware (“Products”) and related services (“Services”) for both individual retail and business clients.
3. What data we collect and why we collect it
Information you provide to us
Media Files – When using our Services, you may provide various media file(s) containing logos, signatures, images or other forms of content (“Artwork”) to be used for engraving. We do not use data from Artwork provided for anything except for providing a digital rendering (“Proof”) for you review and approval and for creating the personalized product based on the artwork proof you approved. By uploading or otherwise submitting any media files, you you confirm that you have permission to use the Artwork contained in the file.
Information we collect from other sources
Transaction Data – includes details about payments to and from you and other details of products and services you have purchased from us.
Profile Data – includes your username and password, purchases or orders made by you, preferences, feedback and survey responses, as well as any profile data which we have added (for example, using analytics and profiling).
Technical Data – includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Usage Data – includes information about how you use our website, products and services.
Tracking Data – includes information we or others collect about you from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers.
Marketing and Communications Data – includes your preferences in receiving direct marketing (such as newsletters, promotional emails) from us your communication preferences.
4. How is your data collected?
We use different methods to collect data from and about you including through:
Direct interactions – This includes personal data you provide when you:
- order our products or services;
- create an account on our website;
- create designs for products on our website;
- engage with us on social media;
- sign up to receive our newsletter or promotional emails;
- enter a competition, promotion or survey;
- leave comments or reviews on our products or services.
Automated technologies or interactions – As you interact with us, including using our Website, we may automatically collect technical data about your equipment, browsing actions and patterns. We may also collect Tracking Data when you use our website, or when you click on one of our adverts (including those shown on third party websites).
Third parties or publicly available sources -We may receive personal data about you from various types of third parties, including:
- Technical Data and/or Tracking Data from analytics providers, advertising networks and search information providers;
- Contact and Transaction Data from providers of payment and fraud prevention services; or
- Data from any third parties who are permitted by law or have your permission to share your personal data with us, such as via social media or review sites
5. How we use your personal data?
- Where we need to perform the contract we are about to enter into or have entered into with you. For example, when you purchase our products, that’s a contract.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we carry out fraud screening as part of the check-out process.
- Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
We may use various technologies to collect and store information when you use our Website and Services, and this may include using cookies and/or similar tracking technologies, such as pixels.
For example, we use web beacons in the emails we send on your behalf. These web beacons track certain behavior such as whether the email sent through the Services was delivered and opened and whether links within the email were clicked. They also allow us to collect information such as the recipient’s IP address, browser, email client type and other similar details. We use this information to measure the performance of your email campaigns, and to provide analytics information and enhance the effectiveness of our Services. Reports are also available to us when we send email to you, so we may collect and review that information.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
7. Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
8. Who we share your data with
We may share personal data with the following categories third parties:
- Suppliers and service providers (such as technology service providers, payment processing and fraud prevention providers, manufacturers and post and courier services);
- nGrave Solutions, LLC group companies;
- auditors and professional advisers like bankers, lawyers, accountants and insurers; and
- government, regulators and law enforcement.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
9. Payment Information
We uses third party payment processors Authorize.net, Briantree and PayPal to process payments made for products and services via the Website. All online payments are conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Your credit/debit card details are communicated directly from your browser via a secured (SSL encrypted) connection to these payment processors and as such, nGrave Solutions never receives or stores your full payment information. This means that the payment form is either off-site or displayed in a frame on the payment page.
After submitting payment, from our payment processors we do receive and store transactional information on the type of payment used (Visa, Amex, Mastercard, PayPal etc.) and in the case of credit card payments, the last 4 digits of the card number used. For PayPal we only store the tokens required to identify the transaction with PayPal, issue refunds and identify transactions made using PayPal.
10. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Third-party links
12. How long we retain your data
We will only keep your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, and Transaction Data) for six years after they stop being customers for tax purposes.
We offer the option to our customers to re-order previously ordered personalized Products. To be able to facilitate re-order requests, Artwork used in the original production process is stored indefinitely, unless otherwise requested by the customer.
In some circumstances you can ask us to delete parts or all your data; see Your legal rights below for further information.
14. What rights you have over your data
If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:
- The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data we hold about you;
- The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate;
- The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
- The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
- The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making.
If you wish to exercise any of the rights set out above, please contact us via email at [email protected] .
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
15. How to contact us about privacy
If you have general inquires about our products and services, or this Website in general, please contact our customer support team here.