Effective Date: 28th October 2024

Last Updated: 28th October 2024

    EU-U.S. DATA PRIVACY FRAMEWORK POLICY

  • INFORMATION ABOUT THE EU-U.S. DATA PRIVACY FRAMEWORK. This policy applies to personal data processed in the course of the EU-U.S. Data Privacy Framework, to which Erin Condren has committed. Erin Condren complies with the EU- U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Erin Condren has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Erin Condren has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the EU-U.S. DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

  • SCOPE. Erin Condren is a retailer based in the U.S. but with operations worldwide. This policy applies to personal data that Erin Condren has received from customers or website users located in the European Economic Area, Switzerland and the United Kingdom.

  • DATA PROCESSED: Erin Condren collect and process personal data of our website users and customers through the Erin Condren website. Data collected through our website may include website users’ IP address, browser type, browsing history and Cookie ID. Data collected on our customers may include their name, address, phone number, email address, username and password, purchase history and billing information and may also include information on their interests in our products. Such data may be transferred to us by the act of visiting or registering at account on our website and will be stored on our U.S. databases, as well as collected via cookies and other methods online from visitors to our website or websites of our marketing partners.

  • PURPOSES OF DATA PROCESSING. Erin Condren processes personal data for purposes related to the operation of our website and the provision of Erin Condren products to customers. If you are a website user or Erin Condren customer, this includes for the purposes of administering your Erin Condren account, to respond to your requests and inquiries, to notify you about products or services that may be of interest to you, to fulfil your orders for products, and to observe user activity, trends and interests on our website and e-commerce platform.

  • DATA PRIVACY FRAMEWORK PRINCIPLES: Erin Condren complies with the following EU-U.S. DPF Principles, UK Extension of the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles to personal data we process:

    • ACCESS: Erin Condren customers and website users have the right to access the personal data an organization holds about them. If such personal data is inaccurate or processed in violation of the DPF Principles, these individuals may also request that personal data be corrected, amended, or deleted.


    • CHOICE: Erin Condren customers and website users have the right to opt out of a) disclosures of their personal data to third parties not identified at the time of collection or subsequently authorised, and b) uses of personal data for purposes materially different from those disclosed at the time of collection or subsequently authorised.


    • SECURITY: Erin Condren takes reasonable and appropriate measures to protect the personal data of its customers and website users from loss, misuse, unauthorised access, disclosure, alterative and destruction.


    • DATA INTEGRITY AND PURPOSE LIMITATION: Erin Condren is responsible for limiting our collection of the personal data of its customers and website users to what is necessary for accomplishing the purposes which are disclosed, and compatible purposes. We also ensure that personal data we collect is accurate, complete, current and reliable for its intended uses, and that personal data of customers and website users retained only for as long as is necessary to accomplish the purposes we disclose, and compatible purposes.


    • ONWARD TRANSFER: Erin Condren may transfer personal data to our parent companies, subsidiaries and affiliates as necessary for our business purposes. Erin Condren may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, as required by law. To the extent permitted, Erin Condren will inform relevant customers or website users before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.


      Erin Condren also uses a limited number of third-party service providers to assist us in providing our services to customers. These contractors and service providers may include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers, and others. In order to ensure the compliance of third parties with the DPF Principles, we require our contractors and service providers to commit to respecting a similar level of the protection of personal data to that under the DPF Principles in their contracts with us, and notify us if they can no longer provide this service. We make sure that our third parties that are contractors and service providers are subject to confidentiality agreements and are handling your personal data solely under our instructions. With our contractors and service providers, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except for the purposes specified above.


      Erin Condren remain liable for the processing of your personal data when transferred onwards to a third party who acts as an agent on our behalf (including our contractors and service providers), including where that agent acts contrary to DPF Principles.


    • RECOURCE, ENFORCEMENT AND LIABILITY: In compliance with the EU-U.S. DPF Principles, including the UK Extension of the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, Erin Condren commit to resolve complaints about your privacy and Erin Condren’s collection or use of personal data transferred to the United States pursuant to this policy. Further information on how to direct inquiries and complaints about Erin Condren’s compliance with the DPF Principles can be found below.

  • YOUR RIGHTS. EU, UK, and Swiss individuals have rights, under certain circumstances, to access personal data about them, request that personal data be corrected, amended, or deleted and to limit use and disclosure of their personal data, as outlined above. With our Data Privacy Framework self-certification, Erin Condren has committed to respecting those rights. To exercise your rights under the DPF Principles, please contact us at: privacy@erincondren.com

  • INQUIRIES AND COMPLAINTS. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Erin Condren commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Erin Condren at: privacy@erincondren.com . We will respond to your inquiry or complaint within 30 days.

  • ALTERNATIVE DISPUTE RESOLUTION. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF}, Erin Condren commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS ,an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

  • BINDING ARBITATION. If neither Erin Condren nor our alternative dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. The binding arbitration will be handled by the International Centre for Dispute Resolution’s American Arbitration Association. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

  • JURISDICTION. The Federal Trade Commission has jurisdiction over Erin Condren’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). In relation to a DPF complaint, you can make your complaint directly with the Federal Trade Commission and Department of Commerce regardless of whether you are a US, EU or Swiss individual.