Privacy Policy

Privacy Policy

Effective date: May 30, 2023 

Welcome to Grace and Noelle! This privacy policy ("Privacy Policy") is developed by Grace and Noelle ("graceandnoelle," "Company," "we," "our," or "us"). We sell clothing and other items ("Products") through our website, www.graceandnoelle.com ("Services"). This Privacy Policy applies to users of our Services and for all individuals with whom we interact online or otherwise ("users," "you," or "your"). 

In this Privacy Policy, we use the word “Data” to describe all the information we collect that relates to you and your use of our Services. “Data” is broken into different categories, which are defined throughout this Privacy Policy. We may refer to the different categories separately, but when we use the word “Data,” we mean all the different categories described in this Privacy Policy. Because of the nature of our Services, the term "Data" also includes the information, including personally identifiable information, you gather and process that you upload to the Services. We rely on your compliance with our Terms and Conditions, in which you represent and warrant that you have express permission to process all information you upload to the Services. 

Because Grace and Noelle wants to demonstrate its commitment to our users’ privacy, we are disclosing our practices related to your Data privacy. The Privacy Policy explains the following: 

  • What Data Grace and Noelle collects. 
  • How Grace and Noelle uses the Data. 
  • That Grace and Noelle does not share your Data except in limited circumstances. 
  • What choices and rights are available to you regarding collection, use and distribution of your Data. 
  • Our legal basis for collecting your Data. 

   

Lawful basis for processing 

Many jurisdictions require that we disclose to you the lawful basis for our processing of your Data. We do that throughout this Privacy Policy. In general, our lawful basis for processing your Data is based on your specific consent or your contract with us.  

By accessing or using any of the Services or by otherwise interacting with us online, you consent to our use of your Data as described in this Privacy Policy. If our processing of your Data is based on your consent, you may withdraw your consent at any time, and we will cease collecting your Data. However, in some cases, this may result in your inability to receive partial or full access to the Services. In addition, your withdrawal of consent may not prevent us from retaining and processing Data if we have gathered such Data pursuant to a different lawful basis or to preserve legal claims. For example, if you give your consent for us to process your Data, but we are also required by law to keep your Data, that separate “lawful basis” will still apply, even if you withdraw your consent. 

When you enter into an agreement with us, either by accessing the Services, buying our Products, by executing an agreement in hard copy, or by clicking “I Accept” or similar language online, we will process your Data for the purposes of fulfilling the terms of our contract with you. In that case, our processing of your Data is based on the contract, so your withdrawal of consent will only be effective after the purposes for processing that Data have been fulfilled and after we no longer have a legal obligation to keep that Data. 

In all cases, we will comply with applicable law and we will cease processing your Data after the legal right, obligation, or other lawful basis expires. 

Intended Users 

The Services are directed to persons 18 years of age or older or of children 13 years of age or older who have a parent's, legal guardian's, or other caregiver's consent. Other than for Data collected for the specific purpose of providing the Services to users, we do not knowingly collect Data from users who are under 13. If we become aware that we have gathered Data from a person under 13, except to provide the Services to such person, and except to the extent allowed or required by law, then we will attempt to delete such Data as soon as possible, subject to our obligations under applicable law. If you believe that we have gathered Data from a person under 13 in contravention of this Privacy Policy or applicable law, please contact us at hello@graceandnoelle.com.

 

What information do we collect? 

We collect information from you when you register on our Website, place an order, subscribe to our newsletter, respond to a survey or fill out a form. When ordering or registering on our Website, as deemed appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number or credit card information. You may, however, visit our Website anonymously. 

What do we use your information for? 

Log Files 

Like most standard websites, we use log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. We use a tracking utility that collates data from log files to analyze user movement. 

Communicate Special Offers and Updates 

We send all new members a welcoming email to verify the desire to receive email or other electronic messages from us. Established members will occasionally receive information on products, services, special deals, and a newsletter. Out of respect for the privacy of our users, we present the option to not receive these types of communications. Please see the Choice/Opt-Out section. 

Email Newsletter 

If a user wishes to subscribe to our newsletter, we ask for contact information such as name and email address. Out of respect for our users' privacy, we provide a way for the user to opt out of these communications. Please see the Choice/Opt-Out section. 

Provide Service Announcements 

On rare occasions, it is necessary to send out a strictly service-related announcement. For instance, if our Services are temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account. However, these communications are not promotional in nature and we only send you these messages after you have explicitly signed up for our Services. 

Customer Service 

We communicate with users on a regular basis to provide requested services and with regard to issues relating to their account, we may reply via email or phone. 

Please note, that we never sell your Data to any third person. We only share your Data with third parties to provide you the Services. 

How do we protect your information? 

We implement a variety of security measures to maintain the safety of your Data when you place an order or enter, submit, or access your Data. 

Our Website incorporates physical, electronic, and administrative procedures to safeguard the confidentiality of your Data, including Secure Sockets Layer (“SSL”) for all financial transactions through the Website. We use SSL encryption to protect your Data online, and we also take several steps to protect your Data in our facilities. Access to your Data is restricted. Only employees who need access to your Data to perform a specific job are granted access to your Data. Finally, we rely on third-party service providers for the physical security of some of our computer hardware. We believe that their security procedures are adequate. For example, when you visit the Website, you access servers that are kept in a secure physical environment, behind a locked cage and a hardware firewall. 

While we use industry-standard precautions to safeguard your Data, we cannot guarantee complete security. 100% complete security does not presently exist anywhere online or offline. 

After a transaction, your Data will not be stored on our servers. 

SHARING 

Legal Disclaimer 

Though we make every effort to preserve user privacy, we may need to disclose Data when required by law where we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on us. Where possible, we will notify affected users before disclosing Data in response to a subpoena. 

Business Transitions 

In the event Grace and Noelle goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users’ Data will, in most instances, be part of the assets transferred. 

Links 

Our Website contains links to other sites. Please be aware that we, Grace and Noelle, are not responsible for the privacy practices of any other sites. We encourage our users to be aware when they leave our Website and to read the privacy statements of each and every website that collects personally identifiable information. This Privacy Policy applies solely to information collected by us. 

Choice/Opt-Out 

Users who no longer wish to receive our newsletter or promotional communications may opt out of receiving these communications by clicking on the unsubscribe link inside the email. 

 

Technologies we use 

The technologies we use for automatic Data collection may include the following: 

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services. 
  • Web Beacons. Pages of the Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). 
  • Widgets. We may use technologies such as widgets or APIs to display parts of our Services on sites that are operated by our business partners.  
  • Other Technologies. We may also use device identifiers, local storage, html modifiers, and different types of caching to help us understand the devices and users who access the Services. Those methods include device identifiers that are either hardware-based or software-based, persistent or non-persistent, and which may identify either a device or a software module within a device (such as a web browser).  

Your rights regarding your Data 

Under applicable data protection, privacy, and other laws, you may have certain rights related to your access and control of your Data. Such rights may include the following: 

  1. The right to access, correct, update, or request deletion of your Data.  
  1. The right to object to processing or restrict the processing of your Data (Please note that if you exercise this right, it may limit or eliminate our ability to provide you the Services). 
  1. The right to request portability of your Data. 
  1. The right to opt-out of marketing communications we send you. You can exercise this right by clicking the "Unsubscribe" or "Opt-Out" link found in these communications. 
  1. The right to not be subject to a decision based solely on automated processing, including profiling, known as Automatic Decision Making. Please note that we currently do not employ any Automatic Decision-Making processes in providing the Services. 
  1. The right to submit a complaint to any applicable regulatory authority about our processing activities. 
  1. The right to opt-out of us sharing (as defined in the CPRA) your Data, including for direct marketing purposes, subject to certain legal exceptions. 
  1. The right to limit use, disclosure, and restrict sensitive personal information (as defined in the CPRA). 

We may use additional processes to verify your identity before we reveal or delete any of your Data, including two-factor or two-step authentication measures to ensure we can identify you. 

This list may not include all of your rights under applicable laws. If you believe you have additional rights, please contact us using the methods in this Privacy Policy. 

Further, although we currently do not process Data without consent, if we at any time in the future process Data without your express consent, you may opt-out or withdraw consent at any time. 

Please note that exercising any of the above rights may limit or eliminate our ability to provide you the Services. If so, we may terminate the Services due to such requests. 

We will try to comply with your request(s) as soon as reasonably practicable and at the very least as required under applicable law. Upon receipt of your written request, we will provide you with a copy of your information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. 

Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages while continuing to use the Services. 

Further, you may opt-out or disable certain functions on your particular device, preventing us from collecting Data. If you disable such features, your ability to use and access the Services may be limited. 

 

To exercise any of these rights, or if you have any questions about our processing of your Data, please contact us at hello@graceandnoelle.com 

 

  1. Privacy for EU/UK Residents

The Regulation (EU) 2016/679 (General Data Protection Regulation) made effective in Europe on May 25, 2018 (“GDPR”) requires that we clearly describe to data subjects the data we collect and how we use that data. This Privacy Policy does that and if you have any questions for us regarding our data collection, please contact us at hello@graceandnoelle.com. We comply with the GDPR requirements to the extent they apply to us. 

We are based in the United States. By accessing or using the Services or otherwise providing information to us, you understand that your information will be subject to processing, transfer, and storage in and to the United States. 

Pursuant to the GDPR, residents of the EU (and the EEA, as applicable) have the right to obtain our confirmation of whether we maintain personal information relating to them in the United States. If you are a resident of Europe, upon request from you, we will provide you with access to the Data that we hold about you. Please contact us if you have any questions. 

Further, if you are a resident of the United Kingdom ("UK"), to the extent the GDPR as incorporated into UK law pursuant to s.3 of the European Union (Withdrawal Act) 2018 (as amended, the "UK GDPR") is different than the GDPR, we will follow all supplemental requirements under the UK GDPR and you have all rights as a UK citizen under the UK GDPR. 

  1. Privacy for California Residents

California adopted the California Consumer Privacy Act (“CCPA”), which took effect at the beginning of 2020 and has now adopted the California Privacy Rights Act ("CPRA"), portions of which took effect January 1, 2022. We comply with the requirements of the CCPA and CPRA to the extent they apply to us.   

If you are a California resident, you may request to exercise your rights for any Data we have processed in the 12 months prior to your request. Such request covers any categories, sources, purposes, and, if applicable, third parties to whom we share the Data. Further, you can exercise any of your rights free of discrimination, for example, we cannot increase the price of the Services or decrease the quality of the Services because you exercise your rights. 

For more information, please direct your questions to us at hello@graceandnoelle.com.   

  1. Privacy for Other Jurisdictions

We strive to comply with all data protection and privacy laws in applicable jurisdictions, to the extent such laws apply to us and our Services. We strive to be transparent about our data processing activities and have disclosed our practices throughout this Privacy Policy. If you have any questions about your rights under any applicable data protection and privacy laws, please contact us hello@graceandnoelle.com  

Data retention 

We will keep your Data for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain Data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as account recovery, or if required by law. All retained information will remain subject to the terms of this Privacy Policy. 

Amendment of this Privacy Policy 

We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Unless stated otherwise, our current Privacy Policy applies to all Data that we have about you and your account. The date on which the latest update was made is indicated at the top of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes. 

Your Consent 

By using our Website, you consent to our Privacy Policy.