SHOP.DITA.NET
GDPR AND PRIVACY POLICIES

INTRODUCTION

Across all Dita's websites we treat your privacy and data with utmost care and respect. The below text details our policies and procedures for handling your data. This statement is specifically for the SHOP.DITA.NET website. Please visit Dita's other websites and find the "GDPR"/Privacy links on them to get a specific statement for the website you are interested in.

GENERAL DATA PROTECTION REGULATION ("GDPR")

On the 25th of May 2018 the EU "GDPR" regulations come into force. While Dita's websites and businesses are located in the USA "GDPR" mandates that all businesses worldwide comply with it's regulations if any processing of data from citizens in the EU takes place. Since many of Dita's fans and customers of the shop are located in the EU we have decided to comply fully with the regulations. Non-EU customers also benefit from this legislation which puts customer privacy and security at the heart of everything we do.

LAWFUL BASIS FOR PROCESSING

At SHOP.DITA.NET the information we collect and process from you is necessary solely so that we can fulfil the contract between us and supply you with the goods you purchase. Your data is not used for anything else other than this.

INFORMATION COLLECTED

SHOP.DITA.NET does not track or collect personal information about website visitors until a purchase is made. At this point SHOP.DITA.NET collects payment and shipping information in order to fulfil contracts visitors enter into when making a purchase.

This information will include all the data you enter at the shops checkout page. That includes, your name and address details, contact details (email and optionally phone number if you choose to enter it). Also your credit card details.

INFORMATION USAGE

Information you enter during checkout is used:
SHOP.DITA.NET may use the information and data submitted by customers for any other purposes related to SHOP.DITA.NET's business that are compatible with the purposes for which your information was collected - i.e. with the goal of fulfilling your order. We do not use your personal information for any profiling or marketing purposes. Neither do we share your data with any other third party apart from our card processor - eprocessingnetwork.com.

At this time we also do not run any mailing lists so your email is only used for the purposes of order fulfillment and is not kept or stored in any way beyond the period needed to fulfill the purchase contract and any refund/exchange that arises as a result of it.

THIRD PARTIES

Other than eProcessingNetwork.com who process our transactions we do not share customer data with anyone else.

ACCESS TO YOUR DATA

In compliance with "GDPR" you have and may exercise the following rights with regard to your data:

"WE", "US" and "OUR" refer to SHOP.DITA.NET in the following

If you would like to exercise any of these rights, please contact us by email at privacy@dita.net. Include information so we can identify your data (ideally an order number but if not then an email or name will suffice).

RETENTION

Personal identifying information on customers is kept for as short a time as is possible to fulfill purchase contracts and deal with any issues involving refunds, exchanges or other disputes. In real terms this means approximately 6 months as banks will entertain refunds over that time but no longer. Once 6 months have passed customer data is wiped from our systems.

DATA SECURITY

We take security very seriously. As soon as we save customer data it is encrypted using an RSA asymmetric public key 4096 bits in length. In order to decrypt the data a private key is required. The private key is not stored on the server but offline locally. As such we feel your data is safe even in the worst case scenario of a data breach. Should a data breach occur which may affect your data we shall of course inform you as required by "GDPR".

Any data transmitted to our third party, eProcessingNetwork.com, is done so using TLS v1.2 - which is the best modern symmetric encryption method currently available.

No customer data is ever "in the clear" but always encrypted at the best level possible.

The web server itself is in a secure facility in Dallas, Texas. The facility is guarded 24/7 and access is strictly controlled. More information about physical server security can be found here.

USE OF COOKIES / TRACKING

SHOP.DITA.NET uses no cookies to track anything. The server software uses a cookie for session management. This cookie is used internally by the server software and we do not make use of it for anything.

SHOP.DITA.NET employs no tracking technology and neither do we profile customers.

AMENDMENTS

This policy may be amended from time to time as we seek ever closer/greater compliance with emerging privacy standards.

PRIVACY QUESTIONS OR COMPLAINTS

Address all questions, queries, complaints to privacy@dita.net


Last Revision: 23rd May 2018






Copyright © 2018 Dita Von Teese. All Rights Reserved.