WitchStore is committed to protecting the privacy of our customers. This privacy policy explains how we collect, use, and disclose personal information that we collect through our website. Our store is located in Quebec, Canada, and therefore we comply with Quebec’s privacy laws as well as the federal privacy laws of Canada.
We also prefer policies to be understandable, and so we’ve tried to adapt this policy so that most people will understand what we mean rather than
Who we are
Our website address is: https://witchstore.ca.
WitchStore.ca is a property of 9517-0932 Québec inc.
What personal data we collect and why we collect it
We may collect personal information from you when you purchase products or services from our website, sign up for our newsletter, comment on products or services, review products or services, or contact us.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
When you use a contact form, the data is not kept on the website, but rather converted to an email and sent as a message to someone on our team. Those emails are retained in the inbox until the purpose of your communication is fulfilled, then archived for 5 years. After 5 years, they are deleted.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
We use Google Analytics and Attribution to better understand how our website is used and to improve the website and customer experience. Google Analytics and Attribution uses cookies to collect information about how you use our website, such as the pages you visit and the amount of time you spend on each page. This information is used to generate reports for us about website traffic and user behavior.
Google Analytics and Attribution collects only non-personal information, such as your IP address and browser type, and does not identify you personally. We collect attribution information using an internal Customer Data Platform and add behavioral data, socio-demographic data, and combine it with any personal information that we collect internally to create a user profile and segment classification. Google Analytics data may be added to our internal data to fill in gaps in attribution analyses. This profile is used to better understand our clients’ needs and improve our products and services, as well as optimize marketing budgets.
You can opt-out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
Who we share your data with
We use the personal information that we collect to process your orders, to communicate with you about your orders and our products and services, to send you our newsletter if you have subscribed, and to improve our website and customer service. We do not share your personal information with third parties, except as required by law or as necessary to process your orders and provide our services.
Google Analytics stores and processes data on Google’s servers.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. Contact information is also retained indefinitely, until an account is deleted from the website. Behavioral and segmentation data is retained for one year, after which it is only available as an archived data point.
For users that register on our website, we also store the personal information they provide in their user profile, and send this information to our internal contact management system and our internal customer data platform. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes
Where we send your data
Google Analytics data rests on Google’s servers and is used to draw statistical reports about web site usage.
We use internal servers to analyze visitors’ and customers’ navigation and purchasing patterns, attribution and segmentation.
Visitor comments may be checked through an automated spam detection service, and data may be passed to our internal servers for further processing.
Your contact information
Your contact information is stored in the system for so long as you have an account. On deleting your account that data is stored for an additional 7 years, after which it is deleted. Order information, including your personally identifiable information is stored in our main system, our customer data platform, our contact management system, and our accounting system for 7 years, then it is deleted.
Additional information
How we protect your data
We take reasonable steps to protect the personal information that we collect from unauthorized access, use, and disclosure. We use secure servers and encryption to protect your personal information during transmission.
What data breach procedures we have in place
Should we suspect that a data breach has occurred, it will be investigated internally by our CTO, then, in the case that it is confirmed, or in the event our CTO is unable to confirm or dismiss the possibility, it will also be verified externally by an independent forensic. Please note that even should our database ever be exposed, we do not store any credit card information, and all transactions are securely processed by Stripe on their own systems.
Should a data breach be confirmed, we will advise our clients that their information has been breached, and what information may have been exposed. We will also advise our clients a recommended course of action to mitigate the impact of the breach.
We will also put out a public communiqué indicating that we have suffered a breach, without revealing the specific individuals impacted, or specific details regarding the breached data.
What third parties we receive data from
So far we have not yet received third party data, however we are planning to implement third party data in the near future. When that happens, this policy will be updated, and all users will be advised.
What automated decision making and/or profiling we do with user data
So far we are not using any tools do make decisions or profile using user data. Should that change, we will update this policy and advise all users.
Changes to this Privacy Policy
We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on our website. We encourage you to review this privacy policy periodically to stay informed about our privacy practices.
Contact Us
If you have any questions or concerns about our privacy policy, please contact us at crone@witchstore.ca.
