Privacy Policy
This Privacy Policy describes how Dotti (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit, subscribe or make a purchase from the Site.
Contact
After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at hello@getdotti.com.
Collecting Personal Information
When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.
- Device information
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processor Shopify.
- Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
- Order information
- Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor Shopify.
- Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number).
Children
Our Services are not designed for children. If you have reason to believe that a child has provided personal data to us, please email hello@getdotti.com.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Behavioural Advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- GOOGLE - https://www.google.com/settings/ads/anonymous
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
Lawful basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Retention
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
Automatic decision-making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
- Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.
Selling Personal Information
The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) and the Shine the Light law (Cal. Civ. Code § 1798.83) afford consumers residing in California certain rights with respect to their personal data. If you are a California resident, this section applies to you.
California Consumer Privacy Act
The CCPA requires us to disclose the following information with respect to our collection, use, and disclosure of personal data. In the preceding 12 months, we have collected the following categories of personal data: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet or electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory, or similar information; inferences; and other categories of personal data that relates to or is reasonably capable of being associated with you. We collect personal data for the business or commercial purposes.
Disclosure of Personal Data: In the preceding 12 months, we have disclosed the following categories of personal data for business to the following categories of recipients: In the preceding 12 months, we have disclosed the following categories of personal data for business to the following categories of recipients:
Category of Personal Data |
Categories of Recipients |
Identifiers |
Advertising networks, marketing partners, data analytics providers, market research platform, payment processors, fulfilment partners, customer support partners, Internet service providers, operating systems and platforms, other users, fraud prevention partners, cloud service providers, technical maintenance and system security providers |
Commercial Information |
Data analytics providers, advertising networks, marketing partners, market research platform, payment processors, fulfilment partners, customer support partners, and fraud prevention partners, cloud service provider |
Characteristics of Protected Classifications under state or federal law, such as age |
Advertising networks, marketing partners, market research platform, other users, customer feedback platforms |
Internet or other electronic network activity |
Advertising networks, marketing partners, data analytics providers, Internet service providers, operating systems and platforms, cloud service providers, fraud prevention partners, technical maintenance and system security providers |
Geolocation data |
Advertising networks, marketing partners, data analytics providers, Internet service providers, operating systems and platforms |
Audio, electronic, visual, or similar information |
Customer support partners, market research platform, facility security partners |
Inferences |
Advertising networks, data analytics providers, customer support partners, fraud prevention partners, cloud service providers |
Sale of Personal Data: California law requires that we provide transparency about personal data we "sell," which for the purposes of the CCPA broadly means scenarios in which we have shared personal data with third parties in exchange for valuable consideration. Dotti does not sell your personal data to other companies for money; however, we do allow our advertising partners to collect certain information to show you ads that are targeted to your interests, which may be considered a “sale” in California. In the preceding 12 months, we have allowed our advertising partners to collect identifiers, commercial information, and Internet or other electronic network activity information for targeted advertising purposes. You have the right to opt out of having your information used for targeted advertising at any time on www.getdotti.com. We do not knowingly sell personal information about consumers under the age of 16.
Your Rights: In addition to the right to opt out of sales explained above, subject to certain limitations, California consumers have the right to (1) request to know more about the specific pieces and categories of personal data we collect, use, sell and disclose, (2) request deletion of their personal data, and (3) not be discriminated against for exercising their rights. You may make a request to know more about or delete your personal data by emailing hello@getdotti.com. We will verify your request by contacting you after receiving your request to verify your identity. Please note that we may retain certain information as required or permitted by applicable law. If you request to delete your personal data, certain of our products and services may no longer be available to you.
If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
Notice of Financial Incentives: We offer various financial incentives. For example, we may provide discounts or other benefits to customers who sign up to receive our marketing emails. When you participate in a financial incentive, we collect personal data from you, such as identifiers like your name and email address. You can opt into a financial incentive by following the sign-up instructions, and you have the ability to opt-out of the incentive by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. The value of your personal data is reasonably related to the value of the offer or discount presented to you.
Shine the Light: California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes or to opt out of such sharing. We do not share your personal data with third parties for their own direct marketing purposes.
Your rights
GDPR
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
[Be sure to check this list against Shopify’s current list of cookies on the merchant storefront: https://www.shopify.com/legal/cookies ]
Cookies Necessary for the Functioning of the Store
Name |
Function |
Duration |
_ab |
Used in connection with access to admin. |
2y |
_secure_session_id |
Used in connection with navigation through a storefront. |
24h |
_shopify_country |
Used in connection with checkout. |
session |
_shopify_m |
Used for managing customer privacy settings. |
1y |
_shopify_tm |
Used for managing customer privacy settings. |
30min |
_shopify_tw |
Used for managing customer privacy settings. |
2w |
_storefront_u |
Used to facilitate updating customer account information. |
1min |
_tracking_consent |
Tracking preferences. |
1y |
c |
Used in connection with checkout. |
1y |
cart |
Used in connection with shopping cart. |
2w |
cart_currency |
Used in connection with shopping cart. |
2w |
cart_sig |
Used in connection with checkout. |
2w |
cart_ts |
Used in connection with checkout. |
2w |
cart_ver |
Used in connection with shopping cart. |
2w |
checkout |
Used in connection with checkout. |
4w |
checkout_token |
Used in connection with checkout. |
1y |
dynamic_checkout_shown_on_cart |
Used in connection with checkout. |
30min |
hide_shopify_pay_for_checkout |
Used in connection with checkout. |
session |
keep_alive |
Used in connection with buyer localization. |
2w |
master_device_id |
Used in connection with merchant login. |
2y |
previous_step |
Used in connection with checkout. |
1y |
remember_me |
Used in connection with checkout. |
1y |
secure_customer_sig |
Used in connection with customer login. |
20y |
shopify_pay |
Used in connection with checkout. |
1y |
shopify_pay_redirect |
Used in connection with checkout. |
30 minutes, 3w or 1y depending on value |
storefront_digest |
Used in connection with customer login. |
2y |
tracked_start_checkout |
Used in connection with checkout. |
1y |
checkout_one_experiment |
Used in connection with checkout. |
session |
Reporting and Analytics
Name |
Function |
Duration |
_landing_page |
Track landing pages. |
2w |
_orig_referrer |
Track landing pages. |
2w |
_s |
Shopify analytics. |
30min |
_shopify_d |
Shopify analytics. |
session |
_shopify_s |
Shopify analytics. |
30min |
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
30min |
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
30min |
_shopify_y |
Shopify analytics. |
1y |
_y |
Shopify analytics. |
1y |
_shopify_evids |
Shopify analytics. |
session |
_shopify_ga |
Shopify and Google Analytics. |
session |
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Complaints
As noted above, if you would like to make a complaint, please contact us by e-mail at hello@getdotti.com.