Privacy Policy

SECTION 1: HOW WE HANDLE YOUR INFORMATION?

At Shimmer, safeguarding your personal data is a priority. This Privacy Policy ("Policy") explains how we, as data controllers, collect, use, disclose, and process the personal information of our customers in compliance with the Personal Data Protection Act (PDPA). It applies to all personal data under our management or oversight, including data handled by third-party organizations we work with.

When you make a purchase from our store, we collect certain personal details such as your name, address, and email address. Furthermore, as you navigate our site, we automatically gather your device’s internet protocol (IP) address, which helps us better understand your browser and operating system preferences.

If you consent, we may use your information to send you updates about our store, introduce new products, or share other relevant announcements.

SECTION 2: CONSENT

How Is Consent Obtained?
When you provide personal details—such as completing a transaction, verifying a credit card, placing an order, arranging a delivery, or initiating a return—we assume your consent to collect and use that information solely for the purpose it was provided. For additional uses, such as marketing, we will explicitly request your consent or give you the option to opt out.

How Can You Withdraw Consent?
If you change your mind after agreeing to share your information, you can revoke your consent at any time. This includes withdrawing permission for us to contact you or continue collecting, using, or sharing your data. Simply reach out to us via email to make this request.

SECTION 3: DISCLOSURE OF INFORMATION
We may disclose your personal data if required by law or if you breach our Terms of Service.

SECTION 4: ENSURING ACCURACY OF PERSONAL DATA
We are committed to maintaining the accuracy and completeness of the personal data collected by us or on our behalf. Reasonable measures will be taken to ensure that the information is up-to-date and accurate.

SECTION 5: SECURITY MEASURES FOR PERSONAL DATA
The security of your personal data is a priority. While we employ commercially reasonable methods to safeguard your information, no system of transmission or electronic storage is entirely secure. Therefore, while we strive to protect your data, absolute security cannot be guaranteed.

SECTION 6: RETENTION OF PERSONAL DATA 
We retain personal data only for as long as necessary to fulfill its intended purpose or to comply with legal obligations. Once the data is no longer required, it will either be anonymized or securely disposed of.

SECTION 7: INTERNATIONAL TRANSFERS OF PERSONAL DATA
If your personal data is transferred outside of the United States, we will ensure that it is protected in accordance with the Personal Data Protection Act (PDPA) by maintaining a comparable level of data protection. This includes transferring data to our global offices for purposes related to your submission or to a successor entity as part of a business or asset transfer.

SECTION 8: THIRD-PARTY SERVICES
We work with third-party providers who handle your information only as needed to deliver their services. For instance, payment gateways may have separate privacy policies governing the data required for transactions. We encourage you to review their privacy policies to understand how your personal information will be managed. If these providers operate in jurisdictions outside your own, your information may be subject to the laws of that jurisdiction.

SECTION 9: SECURITY 
We prioritize the protection of your personal information and follow industry best practices to prevent unauthorized access, misuse, loss, alteration, or destruction. Credit card details are encrypted using Secure Socket Layer (SSL) technology and stored with AES-256 encryption. While no online or electronic storage method is completely secure, we adhere to PCI-DSS standards and implement additional security measures to safeguard your data.

SECTION 10: COOKIES
We use cookies to enhance your experience. Below are the cookies we utilize, along with their purposes:

  • _session_id: A unique token for session tracking, storing referrer and landing page details.
  • _shop_visit: Tracks website visits, persistent for 30 minutes.
  • _shop_uniq: Counts individual customer visits, expires at midnight the next day.
  • cart: Stores cart contents, persistent for 2 weeks.
  • _secure_session_id: A unique sessional token.
  • storefront_digest: An indefinite token used to verify visitor access if the shop is password-protected.

You have the option to opt out of cookies if desired.

SECTION 11: AGE OF CONSENT 
By using our site, you confirm that you are of the legal age of majority in your state or province of residence, or that you are of majority age and have provided consent for your minor dependents to use the site.

SECTION 12: UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy at any time, and changes take effect immediately upon being posted. Significant changes will be highlighted here to keep you informed about the information we collect, how it is used, and any changes in disclosure practices. If our business is acquired or merges with another company, your information may be transferred to continue providing services to you.

QUESTIONS OR CONCERNS
If you wish to access, correct, amend, or delete your personal information, register a complaint, or need more details, please reach out to our Privacy Compliance Officer at support@shimmer.com.