Privacy

This Privacy Policy describes how Leo & Mila (“we” or “us”), a California corporation, protects your data and respects your privacy. Any questions or concerns with respect to your data or privacy should be directed to customerservice@leoandmila.com

1. Applicability of this Privacy Policy

This Privacy Policy applies to shopping at Maya Leo & Mila online or otherwise visiting or browsing our website located at LeoAndMila.com (the “Website”), creating an account on the Website, purchasing products on the Website, and any other interactions (e.g., sales inquiries, customer service, etc.) you may have with us, whether you contact us or we contact you (collectively, the “Services”).

By visiting the Website, accessing or using the Services, or interacting with any aspect of our business, you accept the terms of this Privacy Policy and expressly consent to and agree that we may collect, process, store, access, and disclose data, including Personal Data, disclosed by you or collected automatically from you for the purposes and in the manner described in this Privacy Policy.

 2. Links to Third Party Websites

Our Website may contain links to other websites operated and maintained by third parties (“Third Party Websites”). We have no control over Third Party Websites. You access such linked Third Party Websites at your own risk. You should always read the privacy policy (and such other terms and conditions) of any linked Third Party Website before sharing any data with them.

3. Data We Collect and Receive

We generally collect the minimum data necessary to make the Website and our Services available to you and to personalize your shopping experience. To the extent data is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection laws, it is referred to as “Personal Data.” If you have any questions about your Personal Data, please contact us at customerservice@leoandmila.com

You can choose not to provide us with your Personal Data. If you choose to do this, you can continue to use the Website and browse its pages, but we will not be able to process transactions or fulfill product purchases without Personal Data. The data we collect may depend on how you interact with the Website and our Services.

When you visit or browse the Website, we may collect:

Your Internet Protocol (“IP”) address used to connect to the Internet;

Metrics of the device or computer you used to access the Website, including the make, model, operating system, browser, connectivity data, general location, and any errors or event failures;

Your online browsing activity and behavior, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time), cookie number, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), search terms and results, products viewed, products added to a shopping cart, contents of an abandoned shopping cart, and purchases completed (if any).

When you place an order through the Website or Services, we may collect:

Your personal details provided, including name, company (if applicable), email address, shipping address, and phone number;

Your order details, including the product(s) purchased, special instructions (if any), quantity, price, discounts (if any), shipping method, shipping cost, tax amounts, and total purchase amount;

Your payment details, including credit card information (card type, number, name, expiration, cvv), billing address (if different), and phone number (if different).

When you create an account on the Website, we may collect:

Your account login information, including your username (or email address) and password;

Your personal details provided (optional), including name, company (if applicable), email address, shipping address, and phone number;

Your order history, such as each order submitted, date submitted, and order details, including the product(s) purchased, special instructions (if any), quantity, price, discounts (if any), shipping method, shipping cost, tax amounts, total purchase amount, and order and shipping status;

Your settings and preferences on the Website.

When you contact us or we contact you about our products and Services, we may collect:

Your personal details provided, including name, username (if any), and contact information (for example, email address, shipping address, and phone number);

Your order details, including the product(s) purchased, special instructions (if any), quantity, price, discounts (if any), shipping method, shipping cost, tax amounts, and total purchase amount;

Content of our communications, whether by phone, mail, email, chat, social media, or any other channel of communication;

Your feedback and contributions to customer surveys or product reviews.

 When you opt-in to marketing messages, we may collect:

Your email address;

Your personal details provided (optional), including name, username (if any), and contact information (for example, shipping address and phone number);

Details of the emails and other digital marketing communications we send to you, including whether or not you viewed the communication, if you clicked on any links in the communication, and if you utilized any offers or promotions in the communications;

Your settings and preferences for marketing communications.

4. How and Why We Use Data

We use data, including Personal Data, in furtherance of our legitimate interests in operating our business and providing the Website and Services, to perform contractual obligations, and/or pursuant to your express consent for a specific purpose. Specifically, we may use your Personal Data for these purposes and legal bases:

Provide the Website. To make the Website available to you, analyze and monitor usage, identify your preferences, personalize your shopping experience, and to track performance, security, and technical issues.

Process and Deliver Products You Order. To receive and handle orders, process payments, and track and deliver the products you order.

Improve the Websites and Services. To analyze preferences, trends, and statistics, and otherwise improve the Website and Services.

Customer Support. To respond to your questions and requests and otherwise provide customer support to you.

Service Communications. To communicate with you about your order, such as order confirmation, order and shipping status, and delivery confirmation.

Security Purposes. To maintain adequate security and help prevent and investigate security risks, fraud, and any other misuse or abuse of the Website and Services.

Legal Obligations. To comply with legal obligations as required by applicable law, regulations, or legal process.

Marketing Communications. To provide specific relevant marketing, promotional, and other information about new products, offers, and updates.

Purposes For Which We Seek Your Consent. For a specific purpose that we communicate to you and you expressly consent to. When you consent to our processing your Personal Data for a specified purpose (such as for marketing communications), you may withdraw your consent at any time and we will stop processing your Personal Data for that purpose.

5. How We Share and Disclose Data

We do not sell or share your Personal Data with third parties for their own commercial uses. Except as described in this Privacy Policy, we will not share or disclose your Personal Data for any purpose other than to the extent necessary to perform the Services, unless you expressly consent to any other use or disclosure. Specifically, we may share and disclose data with respect to:

Rendering the Services. Our employees and contractors may have access to your Personal Data on a need to know and confidential basis to the extent necessary to render the Services.

Third Party Service Providers. We contract with third parties to perform business functions and services for us to render the Services (“Third Party Service Providers”). We may share or disclose your data, including Personal Data, with Third Party Service Providers to the limited extent necessary to let them perform business functions and services for us or on our behalf in connection with the provision of the Website and Services; provided that such Third Party Service Providers process data in a manner consistent with this Privacy Policy and applicable data protection laws and will not use or disclose Personal Data for any other purpose. You may request a list of our current Third Party Service Providers by contacting us at customerservice@leoandmila.com

Changes to Our Business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), we may share or disclose your data, including Personal Data, in connection therewith, subject to standard confidentiality obligations.

  Protection of Rights. We may disclose your data, including Personal Data, to protect and defend our rights and property, including intellectual property rights, and to ensure compliance with applicable laws and enforce legitimate third party rights, including intellectual property and privacy rights of others.

Legal Compliance. If we are compelled by law, such as to comply with a subpoena, court order, or other lawful process, or in response to a lawful request by public authorities to meet national security or law enforcement requirements, we may disclose your data, including Personal Data, if we reasonably believe disclosure is required by applicable law, regulations, or legal process.

Safety and Security. We may disclose your data, including Personal Data, to protect your safety and security; to protect the safety, security, and property of our customers; to protect our safety, security, and property; and to protect the safety, security, and property of our employees, agents, representatives, and contractors.

Aggregated or De-identified Data. If data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use or disclose such aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data for business or research purposes, such as statistical analysis, to research trends and predictive analysis, or to develop or improve the Website and Services.

Your Consent. We may disclose your data, including Personal Data, to third parties when we have your express consent to do so.

 6. Retention

We will retain data, including Personal Data, for the period necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. For example, we may need to keep your Personal Data for our legitimate business interests, to conduct audits, resolve disputes, comply with (and demonstrate compliance with) contractual and legal obligations. Whereas, your Personal Data shared for direct marketing purposes will be kept with us until you notify us (by opting out) that you no longer wish to receive marketing communications from us.

 7. Security Measures

We believe in providing a safe and secure experience for all of our customers. We maintain physical, technical, and administrative procedures to safeguard and secure the data we collect, process, and store. All of the data we collect is stored on secure servers of trustworthy cloud-based Third Party Service Providers. Payment transactions are undertaken by PCI DSS compliant Third Party Service Providers and will be encrypted using industry standard SSL technology. We work hard to protect your Personal Data in our custody and control from loss, misuse, and unauthorized access, use, disclosure, modification, or destruction. However, no data transmission over the Internet can be guaranteed to be completely secure. No security measures are perfect or impenetrable. We cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur. As such, you acknowledge and agree that you provide your Personal Data at your own risk. If you believe your privacy has been breached, please contact us immediately at customerservice@leoandmila.com

 8. No Sensitive Personal Data

We do not intentionally collect, process, or store, and we request that you do not post, upload, store, display, transmit, or submit Sensitive Personal Data on or through the Website or Services. “Sensitive Personal Data” includes, but is not limited to, any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic or biometric data; or data concerning health, sex life, or sexual orientation.

9. No Children’s Data

The Website is not directed to or intended for children without parental or guardian consent. We do not intentionally collect, process, or store Personal Data from any person under 13 years of age. In the event we discover we have inadvertently collected, processed, or stored Personal Data from a person under 13 years of age, we will promptly take the appropriate steps to delete such data or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”).

 10. Cookies

When you visit or browse our Website, we send one or more cookies to your computer or other device. We may also use cookies in emails that you receive from us. A cookie is a small data file that is placed on the hard drive of your computer when you visit a website. A session cookie expires immediately when you end your session (i.e., close your browser). A persistent cookie stores information on the hard drive so when you end your session and return to the same web site at a later date the cookie information is still available. We use cookies to improve the quality of, and personalize your experience with, our Website and Services, such as: to remind us of who you are; estimate our audience size; track visits to and sales at our Website; process your order; tailor our advertising to suit your personal interests; remind you of products you added to your shopping cart; track your status in our promotions, contests, and sweepstakes; and/or analyze your visiting patterns.

If you would like to opt out of accepting cookies altogether, you can generally set your browser to not accept cookies or to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. You may also use commonly available tools in your browser to remove cookies which may have been placed onto your computer. You can find more detailed information about how you can manage cookies through your browser’s help function. However, certain features of our Website may not work if you delete or disable cookies.

We also use Google Analytics on our Website to collect usage data, to analyze how users use the Website, and to provide advertisements to you on other websites. For more information about how to opt out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.

11. Marketing Communications

We want to communicate with you only if you want to hear from us. Marketing communications are optional. You must expressly opt-in to receive marketing communications. If you elected to receive marketing communications from us and prefer to no longer receive any marketing communications from us, you may opt-out at any time by using the unsubscribe link located in our emails or by sending an email to customerservice@leoandmila.com

 Opt-out requests may take up to thirty (30) days to be effective.

12. International Data Transfers

12.1 Location of Processing

Maya Brenner Designs has its headquarters in the United States. We and our Third Party Service Providers primarily process and store data in connection with the Website and Services in the United States and Canada. However, our Services are global and all data, including Personal Data, may be processed and stored in any country where we have operations or where we engage Third Party Service Providers. We may transfer data, including Personal Data, to countries outside of your country of residence, which may have data protection laws that are different from those of your country. Legal authorities, courts of law, or government agents in those other countries may be entitled to access your Personal Data pursuant to local law. We will take measures to ensure that your Personal Data remains protected to the standards described in this Privacy Policy and that any such transfers comply with applicable data protection laws.

12.2 EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

To comply with European Union and Swiss data protection laws, we have self-certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union member countries and Switzerland to the United States. We adhere to the Privacy Shield principles of: notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability. With respect to Personal Data of European Union and Swiss individuals received by us pursuant to Privacy Shield, we may be liable for onward transfers to third parties, unless we prove that we are not responsible for the event giving rise to the damage. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield principles, the Privacy Shield principles shall govern with respect to Personal Data transferred from the European Union member countries and Switzerland to the United States. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). To view our certification, see the Privacy Shield List. To learn more about Privacy Shield, please visit www.privacyshield.gov.

We are committed to investigate and attempt to resolve complaints and disputes regarding our collection, use, or disclosure of Personal Data in compliance with Privacy Shield. European Union individuals and Swiss individuals with questions or complaints regarding the collection, use, or disclosure of their Personal Data or this Privacy Policy should first contact us at  customerservice@leoandmila.com.

We will respond to any such inquiries or complaints within forty-five (45) days.

We are further committed to refer unresolved Privacy Shield-related complaints to JAMS, an independent dispute resolution provider located in the United States. If you do not receive a timely acknowledgement of your Privacy Shield-related complaint from us, or if we have not satisfactorily resolved your complaint or addressed your concern, please contact JAMS to file your complaint, at no cost to you. To contact JAMS and/or learn more about JAMS dispute resolution services, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/eu-us-privacy-shield. Under certain limited situations, as a last resort, you may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

13. Your Rights

Individuals located in certain countries and jurisdictions have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to exercise your rights and request certain actions with respect to your Personal Data.

13.1 General Privacy Rights

We are committed to maintain accurate information that you share with us and will use commercially reasonable efforts to allow you to access your Personal Data. Upon request, we will provide you with information about whether we store any of your Personal Data. To request this information or if you wish to access, modify, or remove your Personal Data, please contact us at customerservice@leoandmila.com.

 We will endeavour to respond to all reasonable written requests to access, modify, or remove Personal Data in a timely manner within thirty (30) days.

13.2 GDPR Rights

Individuals located in the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom, have certain statutory rights under the General Data Protection Regulation (EU) 2016/679 of the European Parliament (“GDPR”). To the extent that our processing of your Personal Data is subject to the GDPR, we rely on our legitimate interests set forth in this Privacy Policy and your consent to process your Personal Data. If you are located in the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom, you may have the right to exercise additional rights available to you under applicable laws, including:

Right to Erasure (aka “Right to be Forgotten”). You may have a broader right to erasure of Personal Data that we hold about you, such as, for example, if it is no longer necessary in relation to the purposes for which it was originally collected or we do not have a legal reason to continue to process and hold it. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions, or to comply with our legal obligations.

Right to Restrict Processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances, such as, for example, where you believe that the Personal Data we hold about you is inaccurate or unlawfully held. We may be permitted to store the data but not further process it. We may need to keep just enough data to make sure we respect your request in the future.

Right to Data Portability. You may have the right to be provided with a copy of your Personal Data held by us, and to the extent technically possible, we can transfer the data to another data controller for you. We will not do so to the extent that this involves disclosing data about any other individual.

Right to Object to Processing. You may have the right to request that we stop processing your Personal Data, such as for the purpose of direct marketing, scientific and historical research, or for a task in the public interest.

Right to Lodge a Complaint. You may also have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.

If you are entitled to and would like to exercise your GDPR rights, please contact us at (e-mail). We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. We will endeavor to respond to all reasonable written requests in a timely manner within thirty (30) days.

14. NOTICE TO california residents

We do not disclose Personal Data to third parties for any third parties’ direct marketing purposes, unless you affirmatively consent to such disclosure. Since we provide our California customers with this notice, pursuant to Section 1798.83(c)(2) of the California Civil Code, we are in compliance with California’s “Shine the Light” law and are not obligated to provide California users with the names and addresses of third parties that received Personal Data from us for such third parties’ direct marketing purposes during the preceding calendar year.

15. Enforcement

We will actively monitor our relevant privacy and security practices to verify adherence to this Privacy Policy. Any agents, contractors, service providers, or other third parties subject to this Privacy Policy that we determine to be in violation of this Privacy Policy or applicable data protection laws will be subject to disciplinary action up to and including termination of such services. If you believe there has been a violation of this Privacy Policy or applicable data protection laws, please contact us at customerservice@leoandmila.com.

16. Changes to this Privacy Policy

We may change, modify, or update this Privacy Policy from time to time, in whole or in part, in our sole discretion. We encourage you to visit this page at MilaAndLeo.com to stay informed about our privacy practices and review our most current Privacy Policy. Any changes, modifications, or updates to this Privacy Policy will become effective immediately upon such posting.

17. Contact Leo & Mila

We encourage you to contact us with any questions, complaints, or requests with respect to your Personal Data, this Privacy Policy, and/or our privacy practices.

 You may contact us at:

Email: customerservice@leoandmila.com

Last Updated: 09/30/19