Data Protection - 🎁 Christmas Deals: Winter Fashion for Men & Women On Sale

Operational Privacy Policy of My Store

This policy outlines how data protection is integrated into the daily operations of my store, your trusted source for Canadian winter apparel.

Data Collection Throughout the Customer Journey

Browsing Phase: We use analytics cookies to understand browsing patterns, such as which winter gear categories (e.g., men’s vs. women’s, extreme cold vs. mild winter) are most popular. This informs our inventory planning.

Checkout Phase: We collect personal and shipping data to create an order and ship it. This data is entered into our order management system.

Post-Purchase Phase: We use your contact information to send shipping confirmations, tracking updates, and customer satisfaction surveys. With consent, we add you to our mailing list for promotions.

Cookie-Driven Site Optimization
Our use of cookies is directly tied to business improvement. Performance cookies help us identify and fix technical errors quickly. Functionality cookies allow us to test new website features, like a “gift finder” quiz, to enhance user experience. Advertising cookies help us manage the effectiveness and cost-efficiency of our digital ad spend.

Data Processing for Logistics and Fulfillment
Your shipping address and phone number are essential data points shared with our fulfillment center and shipping carriers (e.g., Canada Post, UPS). This data is processed to generate shipping labels and facilitate delivery updates. We process this data under the legal basis of “performance of a contract.”

Internal Data Access and Training
Access to customer data within my store is on a need-to-know basis. Our customer service team can access order details to help with returns or inquiries. Our marketing team can access aggregated data for reporting. All employees are trained on data privacy and confidentiality.

Data Retention Schedule
We have a clear data retention schedule:

Order Data: Retained for 7 years for tax and financial auditing purposes.

Customer Service Communications: Retained for 3 years to handle potential follow-ups.

Inactive Account Data: Accounts inactive for 4 years are scheduled for anonymization.

Cookie Data: Retention periods vary by cookie type, as detailed in our cookie preference center.

Incident Response Plan
In the unlikely event of a data breach, we have a defined incident response plan. This includes internal reporting, investigation, and, where legally required, notification to the relevant authorities and affected individuals.

Continuous Review
This policy is reviewed annually or whenever significant changes to our operations occur, ensuring our practices remain current and compliant.